From owner-freebsd-ports Tue Nov 12 11: 9:50 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F39D137B401 for ; Tue, 12 Nov 2002 11:09:48 -0800 (PST) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00EB243E6E for ; Tue, 12 Nov 2002 11:09:44 -0800 (PST) (envelope-from ma@dt.e-technik.uni-dortmund.de) Received: from m2a2.yi.org (krusty.dt.e-technik.uni-dortmund.de [129.217.163.1]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id BCC56A3831 for ; Tue, 12 Nov 2002 20:09:41 +0100 (CET) Received: by merlin.emma.line.org (Postfix, from userid 500) id E94095EC20; Tue, 12 Nov 2002 20:09:37 +0100 (CET) To: Joe Kelsey Cc: mark@imptech.net, freebsd-ports@FreeBSD.ORG Subject: Re: Qmail setup References: <3DD11F4B.2030401@mail.flyingcroc.net> In-Reply-To: <3DD11F4B.2030401@mail.flyingcroc.net> (Joe Kelsey's message of "Tue, 12 Nov 2002 07:33:31 -0800") From: Matthias Andree Date: Tue, 12 Nov 2002 20:09:37 +0100 Message-ID: User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.1 (i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Joe Kelsey writes: > I recommend that if you are installing qmail, just bite the bullet and > install ucspi-tcp and daemontools also. You should also throw out > inetd. There is no need to get rid of inetd. FreeBSD has one of the few good inetd implementations, it is linked against tcp_wrappers, it allows absolute clients per service limits, it allows these per-ip, and it allows the traditional "maximum NEW clients per unit of time" limit. The default configuration is bad, see my PR at http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33670 but anyone operating an inetd-based server will have to pay as much attention to the configuration as anyone operating a qmail server (misconfigure rcpthosts and be in DEEP trouble). Of course, you're free to use tcpserver instead, > I recommend that you never run inetd again. It is almost as buggy as > sendmail. Prove your point or drop dead. And while you're claiming bugs in inetd, I'm documenting qmail bugs and disadvantages at http://mandree.home.pages.de/qmail-bugs.html -- these include a remote memory exhaustion attack that's been unfixed in a stock qmail install for four years. (The fix is simple: use resource limits.) If you need an MTA with a modular approach and which is to be considered "pretty secure", have a look at Postfix (in the NetBSD base system, BTW) instead. Exim does not share this modular concept, but has had much less security vulnerabilities reported than Sendmail, and -- as Postfix -- is a smoother install than qmail is. Courier is yet another alternative, with well-reputated mail filter, web mailer and imapd/pop3d modules that are available separately. (I've never tried Courier as a whole though.) -- Matthias Andree To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message