Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Cliff Sarginson (cliffraggedclown.net)
Date: Thu Feb 01 2001 - 09:12:04 CST
I want to endorse the comments below.
The author of Postfix has produced a realy solid, fast and
secure mail system. You may be interested to know he also
authored tcp-wrappers and the (in)famous satan program.
He also personally answers many of the questions on the
postfix-userspostfix.org mailling list.
browse the archives on deja if you are curious..
> I once was faced with the same dilemma as you were. I finally decide to the
> Postfix way have not regretted my decision one bit. It was the easiest and
> fastest configuration I had experienced, a definite plus over Sendmail. From
> my first experience with Sendmail I always been displeased with how arcaic
> it is, especially if you need to make changes. Postfix's configuration file
> is very user-friendly- you don't have to be a rocket scientist to make
> changes. Straight and to the point. You can also find an abundance of
> support on the author's site. It's really based on personal preference.
> I hope my two cents helps you
> ----- Original Message -----
> From: "Dragos Ruiu" <drkyx.net>
> To: "Christopher Farley" <chrisnorthernbrewer.com>; "Fenix"
> Cc: <freebsd-securityfreebsd.org>; <freebsd-questionsfreebsd.org>
> Sent: Thursday, February 01, 2001 3:22 AM
> Subject: Re: sendmail vs. postfix question
> > On Wed, 31 Jan 2001, Christopher Farley wrote:
> > > Fenix (fenixxs4some.net) wrote:
> > >
> > > > I have a little question about sendmail vs. postfix ....
> > > > Are there any known recent problms with sendmail security ?
> > > > what about postfix ?
> > >
> > > Sendmail is a large, monolithic, complicated program that runs as
> > > root. Historically, it has been responsible for some of the most
> > > notorious and widespread security holes on the Internet, but I
> > > don't believe there are any (known) gaping holes in it today.
> > > Sendmail configuration is complicated and arcane -- it is the
> > > subject of one of the thickest books in the O'Reilly catalog.
> > > Actually, configuring sendmail is not that bad once you understand
> > > it -- you edit a human-readable config file which is processed by
> > > the m4 macro processor to build the much less human-readable
> > > sendmail.cf file. However, if you are like I am, and infrequently
> > > make configuration changes to your mail server, it may take more than a
> > > few minutes of grepping documentation to make even a tiny change.
> > >
> > > Postfix has a different architecture, but strictly conforms to the
> > > 'sendmail api'. That is to say that Postfix is more or less designed
> > > to be a drop-in replacement for Sendmail. Postfix is actually
> > > several small, specialized daemons that do not run as root (!),
> > > which has some positive security implications. Configuration of
> > > Postfix is very easy; there is no m4 macro processing here! I have
> > > always been able to make it do what I need it to do, although my
> > > needs aren't very great. According to my ISP (visi.com), Postfix
> > > outperforms Sendmail.
> > >
> > Postfix performance exceeds sendmail performance on equivalent boxes in
> all my
> > experiences in terms of just about any metric you care to use, and I use
> > exclusively these days. As anecdotal evidence, once when I configured it
> on a
> > very fast machine and sent a lot of mail through it, I had a large ISP
> call up
> > and complain that I was DoSing their mail server.... It was just postfix
> > its normal, speedy, efficient self, and they had some NT lameware mail
> > As far as security, given how much I rely on it, I recently(last year)
> > to re-audit its code, and after a couple of days spent looking for format
> > strings and other stuff I decided to discontinue the audit... Mr. Venema's
> > is so rigorous that it even passes _internal_ data between routines
> > filtering and cleaning functions (how paranoid is that :-) if that's any
> > indication of how it's built up.
> > I personally think very highly of it. (Besides, I really would be fine
> > if I never have to look at another arcane sendmail ruleset ever
> > again... :-P )
> > cheers,
> > --dr
> > --
> > Dragos Ruiu <drdursec.com> dursec.com ltd. / kyx.net - we're from the
> > gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
> > CanSecWest/core01: March 28-30, Vancouver B.C. ------------^
> > Speakers: Renaud Deraison/Nessus Attack Scanner, Martin
> Roesch/Snort/Advanced IDS,
> > Ron Gula/Enterasys/Strategic IDS, Dug Song/Arbor Networks/Monkey in the
> > RFP/Whisker2.0 and other fun, Mixter/2XS/Distributed Apps, Theo
> > K2/w00w00/ADMutate, HD Moore/Digital Defense/Making NT Bleed, Frank
> > Matthew Franz/Cisco/Trinux/Security Models, Fyodor/insecure.org/Packet
> > Lance Spitzner/Sun/Honeynet Fun, Robert Graham/NetworkICE/IDS Technology
> > Kurt Seifried/SecurityPortal/Crypto: 2-Edged Sword, Dave
> > Sebastien Lacoste-Seris & Nicolas Fischbach/COLT
> > SSH Deployment, Jay Beale/MandrakeSoft/Bastille-Linux/Securing Linux
> > To Unsubscribe: send mail to majordomoFreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message