From owner-freebsd-security Thu Feb 1 3:32:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.kyx.net (s216-232-31-82.bc.hsia.telus.net [216.232.31.82]) by hub.freebsd.org (Postfix) with ESMTP id D1B6C37B491; Thu, 1 Feb 2001 03:32:15 -0800 (PST) Received: from smp.kyx.net (unknown [10.22.22.45]) by mail.kyx.net (Postfix) with SMTP id 911111DC03; Thu, 1 Feb 2001 03:37:24 -0800 (PST) From: Dragos Ruiu Organization: kyx.net To: Christopher Farley , Fenix Subject: Re: sendmail vs. postfix question Date: Thu, 1 Feb 2001 03:22:20 -0800 X-Mailer: KYX-CP/M [version core00-mail-92] Content-Type: text/plain Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org References: <01020104192002.01203@xs4some.net> <20010131235613.A7019@northernbrewer.com> In-Reply-To: <20010131235613.A7019@northernbrewer.com> MIME-Version: 1.0 Message-Id: <01020103331409.27656@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 31 Jan 2001, Christopher Farley wrote: > Fenix (fenix@xs4some.net) wrote: > > > I have a little question about sendmail vs. postfix .... > > Are there any known recent problms with sendmail security ? > > what about postfix ? > > Sendmail is a large, monolithic, complicated program that runs as > root. Historically, it has been responsible for some of the most > notorious and widespread security holes on the Internet, but I > don't believe there are any (known) gaping holes in it today. > Sendmail configuration is complicated and arcane -- it is the > subject of one of the thickest books in the O'Reilly catalog. > Actually, configuring sendmail is not that bad once you understand > it -- you edit a human-readable config file which is processed by > the m4 macro processor to build the much less human-readable > sendmail.cf file. However, if you are like I am, and infrequently > make configuration changes to your mail server, it may take more than a > few minutes of grepping documentation to make even a tiny change. > > Postfix has a different architecture, but strictly conforms to the > 'sendmail api'. That is to say that Postfix is more or less designed > to be a drop-in replacement for Sendmail. Postfix is actually > several small, specialized daemons that do not run as root (!), > which has some positive security implications. Configuration of > Postfix is very easy; there is no m4 macro processing here! I have > always been able to make it do what I need it to do, although my > needs aren't very great. According to my ISP (visi.com), Postfix > outperforms Sendmail. > Postfix performance exceeds sendmail performance on equivalent boxes in all my experiences in terms of just about any metric you care to use, and I use it exclusively these days. As anecdotal evidence, once when I configured it on a very fast machine and sent a lot of mail through it, I had a large ISP call up and complain that I was DoSing their mail server.... It was just postfix being its normal, speedy, efficient self, and they had some NT lameware mail relay.... As far as security, given how much I rely on it, I recently(last year) decided to re-audit its code, and after a couple of days spent looking for format strings and other stuff I decided to discontinue the audit... Mr. Venema's code is so rigorous that it even passes _internal_ data between routines through filtering and cleaning functions (how paranoid is that :-) if that's any indication of how it's built up. I personally think very highly of it. (Besides, I really would be fine if I never have to look at another arcane sendmail ruleset ever again... :-P ) cheers, --dr -- Dragos Ruiu dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc http://cansecwest.com CanSecWest/core01: March 28-30, Vancouver B.C. ------------^ Speakers: Renaud Deraison/Nessus Attack Scanner, Martin Roesch/Snort/Advanced IDS, Ron Gula/Enterasys/Strategic IDS, Dug Song/Arbor Networks/Monkey in the Middle, RFP/Whisker2.0 and other fun, Mixter/2XS/Distributed Apps, Theo DeRaadt/OpenBSD, K2/w00w00/ADMutate, HD Moore/Digital Defense/Making NT Bleed, Frank Heidt/@Stake, Matthew Franz/Cisco/Trinux/Security Models, Fyodor/insecure.org/Packet Reconaissance, Lance Spitzner/Sun/Honeynet Fun, Robert Graham/NetworkICE/IDS Technology Demo, Kurt Seifried/SecurityPortal/Crypto: 2-Edged Sword, Dave Dittrich/UW/Forensics, Sebastien Lacoste-Seris & Nicolas Fischbach/COLT Telecom/Securite.Org/Kerberized SSH Deployment, Jay Beale/MandrakeSoft/Bastille-Linux/Securing Linux To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message