From owner-freebsd-questions Wed Jan 31 21:56:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.nbrewer.com (unknown [208.42.68.70]) by hub.freebsd.org (Postfix) with ESMTP id 28F9937B491; Wed, 31 Jan 2001 21:56:15 -0800 (PST) Received: by mail.nbrewer.com (Postfix, from userid 1009) id D6C76590; Wed, 31 Jan 2001 23:56:13 -0600 (CST) Date: Wed, 31 Jan 2001 23:56:13 -0600 From: Christopher Farley To: Fenix Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: sendmail vs. postfix question Message-ID: <20010131235613.A7019@northernbrewer.com> Mail-Followup-To: Christopher Farley , Fenix , freebsd-security@freebsd.org, freebsd-questions@freebsd.org References: <01020104192002.01203@xs4some.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01020104192002.01203@xs4some.net>; from fenix@xs4some.net on Thu, Feb 01, 2001 at 04:19:20AM +0100 Organization: Northern Brewer, St. Paul, MN Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Fenix (fenix@xs4some.net) wrote: > I have a little question about sendmail vs. postfix .... > Are there any known recent problms with sendmail security ? > what about postfix ? Sendmail is a large, monolithic, complicated program that runs as root. Historically, it has been responsible for some of the most notorious and widespread security holes on the Internet, but I don't believe there are any (known) gaping holes in it today. Sendmail configuration is complicated and arcane -- it is the subject of one of the thickest books in the O'Reilly catalog. Actually, configuring sendmail is not that bad once you understand it -- you edit a human-readable config file which is processed by the m4 macro processor to build the much less human-readable sendmail.cf file. However, if you are like I am, and infrequently make configuration changes to your mail server, it may take more than a few minutes of grepping documentation to make even a tiny change. Postfix has a different architecture, but strictly conforms to the 'sendmail api'. That is to say that Postfix is more or less designed to be a drop-in replacement for Sendmail. Postfix is actually several small, specialized daemons that do not run as root (!), which has some positive security implications. Configuration of Postfix is very easy; there is no m4 macro processing here! I have always been able to make it do what I need it to do, although my needs aren't very great. According to my ISP (visi.com), Postfix outperforms Sendmail. -- Christopher Farley www.northernbrewer.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message