Liviu Daia wrote:
On 30 November 2007, Amarendra Godbole <[EMAIL PROTECTED]>
wrote:
Please note that postfix does not undergo the rigorous code scrub that
sendmail goes through.
[...]
Will you please cut the crap? Thank you.
Unlike Sendmail, Postfix was written from scratch with security in
mind. It had only one published security flaw since its first public
release in 1998. The author, Wietse Venema, is also the author of
SATAN and tcpwrappers. He knew one or two things about writing secure
code long before OpenBSD came into existence. The objections people
occasionally have against Postfix are related to its license, not the
code quality.
I have seen several installations of Postfix go catatonic due to spam
overload, large messages, mailing list expansions, and other undiagnosed
problems. These were run by Postfix lovers, so I have always assumed
that the installation was correct. In the one case I saw tested
replacing Postfix with Sendmail resulted in no further problems.
Given this anecdotal history I would suggest not running Postfix in a
large production environment.
geoff steckel
