From owner-freebsd-security Wed Jan 31 22:16:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from hawk.prod.itd.earthlink.net (hawk.prod.itd.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id ACCC037B67D; Wed, 31 Jan 2001 22:15:53 -0800 (PST) Received: from pavilion (user-33qts7c.dialup.mindspring.com [199.174.240.236]) by hawk.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id WAA24675; Wed, 31 Jan 2001 22:15:28 -0800 (PST) Message-ID: <001701c08c16$5e989140$0101a8c0@pavilion> From: "Richard Ward" To: "Christopher Farley" , "Fenix" Cc: , References: <01020104192002.01203@xs4some.net> <20010131235613.A7019@northernbrewer.com> Subject: Re: sendmail vs. postfix question Date: Thu, 1 Feb 2001 01:15:22 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's very true. One of the features that stand out in the "Sendmail = verses Postfix" war is that Postfix doesn't "need" root. With some = modification, neither does Sendmail. Though many won't take the time to = do this, it's one of the reasons Sendmail is deemed one of the most = insecure "common" daemons. I prefer Sendmail over Postfix simply because = I was brought up on to the Internet running Sendmail, it feels more like = home. I do however have Postfix running on my local machine, and with = keeping up-to-date on mailing lists such as this, none are a huge threat = to my network. I would have to agree, doing anything in Sendmail takes some reading, = though for the basic e-mail setup, there's little need to bring out = O'Reilly. Both Sendmail and Postfix have a home on my network, I suppose = it's just how much time you want to put in to it that depicts which MTA = you will be running on your next computer. Just my two cents. -- Richard Ward, CEO richard@neonsky.net Neonsky Internet Services 877 249 6707 - US/Canada ----- Original Message -----=20 From: Christopher Farley To: Fenix Cc: ; Sent: Thursday, February 01, 2001 12:56 AM Subject: Re: sendmail vs. postfix question > Fenix (fenix@xs4some.net) wrote: >=20 > > I have a little question about sendmail vs. postfix .... > > Are there any known recent problms with sendmail security ? > > what about postfix ? >=20 > Sendmail is a large, monolithic, complicated program that runs as > root. Historically, it has been responsible for some of the most > notorious and widespread security holes on the Internet, but I > don't believe there are any (known) gaping holes in it today. > Sendmail configuration is complicated and arcane -- it is the > subject of one of the thickest books in the O'Reilly catalog. > Actually, configuring sendmail is not that bad once you understand > it -- you edit a human-readable config file which is processed by > the m4 macro processor to build the much less human-readable > sendmail.cf file. However, if you are like I am, and infrequently > make configuration changes to your mail server, it may take more than = a > few minutes of grepping documentation to make even a tiny change. >=20 > Postfix has a different architecture, but strictly conforms to the > 'sendmail api'. That is to say that Postfix is more or less designed > to be a drop-in replacement for Sendmail. Postfix is actually > several small, specialized daemons that do not run as root (!), > which has some positive security implications. Configuration of > Postfix is very easy; there is no m4 macro processing here! I have > always been able to make it do what I need it to do, although my > needs aren't very great. According to my ISP (visi.com), Postfix > outperforms Sendmail.=20 >=20 > --=20 > Christopher Farley > www.northernbrewer.com >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message