Date: Sun, 11 Feb 2001 10:05:18 -0500 From: Carroll Kong <damascus@home.com> To: "Dominic Marks" <dominic_marks@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <4.2.2.20010211100158.00c95840@netmail.home.com> In-Reply-To: <F55PFTg4bPYkAOt67zL00011da9@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:39 AM 2/11/01 +0000, Dominic Marks wrote: >Hello, > >I'd really appreciate some opinions on the performance of some daemons. >I'm trying to assess which is the best choice to offer both security and >performance under FreeBSD 4.2. Apache seems like a pretty defacto choice >for HTTP which I'm very happy with but I'm a little less sure what choose >on others, in particular for ftp and mail servers. > >FTP Options: >1. proFTPd - Seems secure and has "enterprise" features >2. wu-Ftpd - Good security (bad History) excellent performance >3. ftpd - Dodgy security? Doesn't seem to be used very much > >Mail Options: >1. Qmail - Secure, written for FreeBSD (Qwest?), Fast, Configurable >2. Sendmail - Industry standard, works fine, big user base >3. Postfix - Secure, quite light on system resources, growing support > >I'd appreciate some feedback on any of these, any comments you might have >would be very helpful, or perhaps links to articles on this subject. > >Many thanks >Dominic Marks Try ncftpd for ftp options. I suppose being closed source it has "security" by obscurity, but the author is fairly responsive in fixing bugs so any security flaws are fixed very fast. His track record seems to be pretty good. ftpd is also good if configured properly, although I am not sure if you can use virtual users. (I never used ftpd extensively as you can tell.) For mail, I suggest either qmail or postfix. Sendmail just has a bad record, so if you can avoid it sure. If you cannot, fine, roll with it. As for apache, be careful of what language you allow for CGIs. That is really going to be the major factor in security. I used to think PHP was great stuff, but it has a fairly bad track record. I am thinking of rolling my PHP scripts to Perl since at least Perl in itself is secure. (not to say using Perl guarantees any level of security; you need good secure programming practices for that). -Carroll Kong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010211100158.00c95840>