Slashdot Mirror

← Back to Stories (view on slashdot.org)

Postfix: A Secure and Easy-to-Use MTA

Posted by Hemos on from the learn-more-about-it dept.

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."

8 of 374 comments (clear)

  1. Milters? by itsjpr · · Score: 5, Insightful

    Does postfix have milters? Sendmail is popular for a reason.

  2. I can feel the flames... by Crayon+Kid · · Score: 5, Insightful

    ...because the article poster had to mention Postfix. Now someone's gonna say "qmail", someone else will say "exim", someone will say "fuck you, sendmail all the way" and what could have been a nice debate about the full-of-security-holes-dinosaurs of open source will be spent in 500 messages worth of flamewar. Sigh.

    --
    i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
  3. sendmail for legacy by Harald+Paulsen · · Score: 5, Insightful
    I can see that some ISPs have a need for sendmail due to legacy UUCP-customers (yes, someone still uses UUCP), but the world should really move on with regards to MTAs. Postfix, qmail and Exim are all good alternatives. Perhaps linux-distributions should offer other mailers as standard, that would probably get the ball rolling.

    As for myself, I switched to postfix several years ago and haven't looked back even once.

    --
    Harald
  4. Re:Or try qmail - unbroken since v1.03 (1998) by KeithH · · Score: 5, Insightful

    What can you do with sendmail that you can't to with qmail? There is a a very large set of mature additions and patches to qmail that permit just about anything you may wish to undertake with your mail server.

    On the point of qmail being cumbersome: I disagree - what could be simpler than adding a single line to your rcpthosts file? Maintaining qmail is trivial. However, I'll agree that the author's terse documentation makes it seem quite foreign but compared to sendmail it is positively didactic. There are also many other resources available which supplement the original docs.

  5. Re:Or try qmail - unbroken since v1.03 (1998) by Anonymous Coward · · Score: 5, Insightful

    I've considered qmail a few times, but Dan is such an abrasive prick that I just couldn't bring myself to use his software (the same can be said of Theo and OpenBSD). Check back through the qmail archives for some of his abusive responses to participants in the various qmail lists. Wietse, on the other hand, is easy to get along with, fixes things in a timely manner and operates in a much more respectful manner. Postfix is simple, secure, and well supported. Also, it doesn't require that you install all the author's other tools in order to have a functioning MTA.

  6. Re:Or try qmail - unbroken since v1.03 (1998) by The+Original+Yama · · Score: 5, Insightful

    qmail is supposedly very secure in its default state. Aren't you compromising that security when you add third-party patches? I would think that these patches, since they are not part of qmail proper, have received nowhere near the scrutiny that sendmail (or postfix, exim, etc.) have received. Doesn't that defeat the main reason for using qmail?

    --
    OLPC Australia
  7. Re:heh. by autechre · · Score: 5, Insightful

    Is this the same Department of Homeland Security that recently signed a contract with Microsoft to provide their software? And they're complaining about Sendmail?

    http://slashdot.org/article.pl?sid=03/07/16/1634 25 0&mode=thread&tid=103&tid=99

    On the other hand, maybe they'll train their sights on BIND next.

    --
    WMBC freeform/independent online radio.
  8. This is all just FUD by BrokenHalo · · Score: 5, Insightful
    Sure, sendmail has had holes found in it from time to time. But we should remember that it has been a very *long* time, and for most people it has been stable as a rock. And I have never yet met anyone whose system has been compromised as a result of these holes. We also shouldn't forget that whenever bugs have been found, they have been fixed immediately (if not before).

    Compare this to the antics of "that corporation" who is quite content to leave bugs as "undocumented features". Could be this FUD is just a reaction to that "insecure by design" mudslinging.