Re: Postfix/Exim Security

From: Seth Arnold (
Date: 12/12/01

Date: Wed, 12 Dec 2001 11:28:12 -0800
From: Seth Arnold <>

On Tue, Dec 11, 2001 at 04:17:48PM -0500, Ryan M Harris wrote:
> What are the specific problems with security on exim/postfix? Our decision
> has come down to security, since I have looked at both. It seems that exim
> has more features, but that may mean that it has less security (typically).
> Is this the case? (you may also wish to give me your reasons for liking one
> or the other, or you may want to throw another name in the mix)

Heh, you might not like to hear this, but I think both mailers would be
fine choices, even from a security perspective. I don't recall security
problems in exim, and the only security problem with postfix that I
recall didn't seem that impressive to me -- resource exhaustion. I think
I'd put more faith in there not being any new discovered problems in
postfix, but that is based mostly on Wietse's reputation. :)

Perhaps the deciding factor would be a feature in one or the other that
you need, or their documentation. I've not looked at setting up a
postfix system before, but it looks pretty straightforward. Exim's docs
could probably be published in a volume as large as's sendmail
book. :) (And yes, this is both good at bad. I was overwhelmed with the
sheer amount of documentation available on exim, but if you ever have
problems with it, chances are good the documentation can help. :)

In short -- I consider it a toss-up. Exim might work better for stranger
email setups, but for most people, postfix might be easier to configure.


Join the fight against terrorism by giving up your liberties today!