Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Nov 2002 20:09:37 +0100
From:      Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
To:        Joe Kelsey <joek@mail.flyingcroc.net>
Cc:        mark@imptech.net, freebsd-ports@FreeBSD.ORG
Subject:   Re: Qmail setup
Message-ID:  <m34ramtxji.fsf@merlin.emma.line.org>
In-Reply-To: <3DD11F4B.2030401@mail.flyingcroc.net> (Joe Kelsey's message of "Tue, 12 Nov 2002 07:33:31 -0800")
References:  <3DD11F4B.2030401@mail.flyingcroc.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Joe Kelsey <joek@mail.flyingcroc.net> writes:

> I recommend that if you are installing qmail, just bite the bullet and
> install ucspi-tcp and daemontools also.  You should also throw out
> inetd.

There is no need to get rid of inetd. FreeBSD has one of the few good
inetd implementations, it is linked against tcp_wrappers, it allows
absolute clients per service limits, it allows these per-ip, and it
allows the traditional "maximum NEW clients per unit of time" limit. 

The default configuration is bad, see my PR at
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33670 but anyone
operating an inetd-based server will have to pay as much attention to
the configuration as anyone operating a qmail server (misconfigure
rcpthosts and be in DEEP trouble).

Of course, you're free to use tcpserver instead,

> I recommend that you never run inetd again.  It is almost as buggy as
> sendmail.

Prove your point or drop dead.


And while you're claiming bugs in inetd, I'm documenting qmail bugs and
disadvantages at http://mandree.home.pages.de/qmail-bugs.html -- these
include a remote memory exhaustion attack that's been unfixed in a stock
qmail install for four years. (The fix is simple: use resource limits.)

If you need an MTA with a modular approach and which is to be considered
"pretty secure", have a look at Postfix (in the NetBSD base system, BTW)
instead.

Exim does not share this modular concept, but has had much less security
vulnerabilities reported than Sendmail, and -- as Postfix -- is a
smoother install than qmail is.

Courier is yet another alternative, with well-reputated mail filter, web
mailer and imapd/pop3d modules that are available separately. (I've
never tried Courier as a whole though.)

-- 
Matthias Andree

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m34ramtxji.fsf>