On Thu Apr 26, 2001 at 08:17:35PM -0400, Dan Swartzendruber wrote:
> At 04:37 PM 4/26/2001 -0700, John Wolford wrote:
> > > > As I find qmail more secure and faster (and other things...) then
> > sendmail or postfix,
> > > wouldn't Mandrakesoft include it in their distributions?
>
> for my edification: why is qmail more secure than postfix?
Well, let me try to give my reasons for believe qmail to be more
secure. To my knowledge, it has never had a root exploit. At the
very least, it has been many *many* years since, if it ever did (I
have no idea). postfix has had, not so long ago, some security
issues, and sendmail is just no contest.
It also segments itself in terms of users and delivery processes.
qmail uses 5 uids and 2 gids for various components of the mail
system, where sendmail runs as root and postfix as the user postfix.
By doing this (as annoying as it may sound), qmail ensures that if one
part of the server is compromised, the damage is minimized to one
single component of a multi-component server. This makes it difficult
to do any real damage even if a flaw is found in qmail.
I also stand by a product that has had a cash reward offered for
anyone who can hack into it. The $1000 reward has never been
collected. That gives me some assurance that qmail is secure.
On a side note, to prove that qmail is scalable and can handle an
extremely high load, some of the sites using qmail: Hotmail, Usa.net,
address,.com, rediffmail.com, colonize.com, yahoo! mail, network
solutions, ohio state univ, xoom.com, onelist.com, listbot,
uswest.net, netzero, paypal, bla bla bla... there are many others.
So it scales well, is secure, and in light of that I don't know why
anyone would want to use (in my mind) an inferior MTA. I don't think
I'm biased, having used postfix and sendmail (the only one I haven't
is exim, out of the "major" players), and qmail was the easiest to
configure and the fastest to use. I use it on my domain-hosting
servers and I use it as a local MTA on my laptop. It's versatile and
works well.
The only negative thing about qmail is the anal license, which is what
prevents us from shipping it. Other than that, qmail is a brilliant
piece of software.
On a side note, the arguments for djbdns are the same except there is
no similarly secure alternative.
--
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
- Danen Consulting Services www.danen.net, www.freezer-burn.org
- MandrakeSoft, Inc. Security www.linux-mandrake.com
Current Linux kernel 2.4.3-20mdk uptime: 1 day 20 hours 43 minutes.
PGP signature
