Slashdot Mirror

← Back to Stories (view on slashdot.org)

Postfix: A Secure and Easy-to-Use MTA

Posted by Hemos on from the learn-more-about-it dept.

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."

11 of 374 comments (clear)

  1. That businessmodel is better! by Anonymous Coward · · Score: 0, Funny

    1) Get hacked every other day.
    2) ?
    3) Switch from sendmail to postfix.
    4) Secure!

  2. i'd like to point something out by andy666 · · Score: 2, Funny

    windows users don't have to worry about this!

    hahaha

    (it's a joke ok ? i use unix.....)

  3. Lucky I'm on windows by Mhumble · · Score: 5, Funny

    Phew lucky I'm running exchange and don't have these damn sendmail SECURITY fixes to worry about ;)

  4. Re:heh. by capt.Hij · · Score: 5, Funny

    the department of homeland security is issuing security advisories now?

    Do they do anything else?

  5. This is big news by Anonymous Coward · · Score: 1, Funny
    And for folks who didn't know that Postfix has advantages over Sendmail, here's a wrapup of other recent events:

    Japan surrenders; war over
    JFK Assassinated in Dallas
    Moon landing a success
    Wall falls, Berlin united

    Slashdot. For up-to-the-minute news.

  6. isnt' now the time to find your favorite spammers by Anonymous Coward · · Score: 0, Funny

    email server, and well, make it stop serving email?

  7. aMy postfix is extremely secure by Gyorg_Lavode · · Score: 3, Funny

    My postfix installation is extremely secure, I can't get it to receive any email at all. If anyone could help me unsecure it by teaching it to deliver mail to my computer, could they shoot me an email? (bassettgabriel @qwest.net). I'm not a system administrator, just a guy w/ linux at home and the simple setup just isn't working for some reason.

    --
    I do security
  8. two great stories that go great together by knick · · Score: 2, Funny

    A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics.

    Of course, they were too busy upgrading/patching Sendmail.

  9. Re:heh. by clckwrkMalChick · · Score: 4, Funny

    yeap, and it's the same homeland security that after buying that issued this warning. I suppose I should be glad they're looking out, because you and I both know that the terrorists might come into the country next through the finger exploit.

    --

    -=-=-=-=-=--=-=-=-=-=-=-
    What would Yossarian do?
  10. Re:Milters? by dipipanone · · Score: 4, Funny

    No one will answer you....

    Probably because nobody can be bothered to respond to such an imbecilic remark. Sendmail and postfix are Mail Transport Agents, not Groupware. If you wanted to compare Exchange with a Linux equivalent, then there have been umpteen threads here in the past on the topic. This one, for example. Personally, I like this one but it isn't free. (At least not free as in beer. It's built on top of similar software to the free ones though.)

    But do go on comparing apples with oranges if you wish. It doesn't hurt anyone, and it gives many of us a sense of smug superiority.

    I can not complain about having to patch sendmail for the same

    I'm so sorry, but you seem to be reading an imaginary slashdot thread in your own head, as opposed to this one, which is about the security holes in Sendmail and how using Postfix may be a better approach because of what a pain it is to keep it updated?

    Perhaps you'd like to share your imaginary one with the rest of us and entertain us all some more?

  11. Not on any decent linux distros by buchanmilne · · Score: 2, Funny
    Is Sendmail still used because it ships as the default mailer with almost every flavor of Unix?


    Yes. Yes it is.

    No, SuSE and Mandrake have been shipping Postfix by default for a few years (Mandrake at least since 7.1). Of course, sendmail is still available and supported (pity, otherwise there may be space for other secure mail servers ...).

    I think it's only the Redhat users who get an insecure MTA by default ...

    It seems Debian may have also seen the light ...