Slashdot Mirror

← Back to Stories (view on slashdot.org)

Qmail At 10 Years — Reflections On Security

Posted by kdawson on from the eliminating-code dept.

os2man writes "Qmail is one of the most widely used MTAs on the Net and has a solid reputation for its level of security. In 'Some thoughts on security after ten years of qmail 1.0' (PDF), Daniel J. Bernstein, reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming. A good read for anyone involved in secure development."

9 of 304 comments (clear)

  1. license by raffe · · Score: 4, Informative
    The good thing is that is easy to work with and works really good. The bad thing is that the license is NOT FOSS. Sure, you can see the code and modify it but....from authors site:

    If you want to distribute modified versions of qmail (including ports, no matter how minor the changes are) you'll have to get my approval. This does not mean approval of your distribution method, your intentions, your e-mail address, your haircut, or any other irrelevant information. It means a detailed review of the exact package that you want to distribute.
    1. Re:license by Znork · · Score: 5, Informative

      "The good thing is that is easy to work with and works really good."

      I'd heard that it was really good too. Then I noticed that if I wanted IPv6 support I'd have to patch and compile it myself. Thanks for playing, but there are more modern secure MTA's available.

      "The bad thing is that the license is NOT FOSS."

      Yep, and that's probably why qmail ends up lacking in some areas. Perhaps it could be called a security feature, but I prefer spending time learning applications that dont depend on some single person for having any future at all.

    2. Re:license by Russ+Nelson · · Score: 4, Informative

      No documentation?? Every executable has a man page, even executables that the system runs (e.g. qmail-local or qmail-remote).
      His licensing isn't poorly explained. But then again, you can't run 'man' so no wonder you couldn't Google for "djb licensing" and find http://cr.yp.to/distributors.html
      Your third allegation was true until the publication of this PDF which you obviously didn't read since it included a dedication of qmail to the public domain.
      The binaries aren't "mixed in with the mail spool". Binaries are in /var/qmail/bin, the queue is in /var/qmail/queue.

      1 for 4. 25%. That's a failing grade in every school I know of.

      --
      Don't piss off The Angry Economist
  2. Good article by BadAnalogyGuy · · Score: 5, Informative

    I don't mean to be flippant, but this is a really good article. That it appears on Slashdot gives me a lot of hope that this site isn't just a hangout for system administrators but also for software engineers.

    The concepts Bernstein discusses regarding increasing security are very interesting, if not exactly obvious. Fix bugs immediately. Reduce LOCs to reduce the probability of bugs. And execute as much code as possible in untrusted mode. His discussion of running untrusted code in "prisons" is interesting, and I wonder what, if any, accomodation for this type of programming Windows has.

    It was really nice to see software engineering presented here for once. Thanks kdawson... kdawson? No way!

    1. Re:Good article by Ed+Avis · · Score: 5, Informative

      You're misunderstanding Alan Cox's message. The way djb is suggesting is to chroot() to somewhere empty and then drop root privileges so you can't chroot() again.

      (It's really unfortunate that you have to be root to chroot() to start with.)

      --
      -- Ed Avis ed@membled.com
  3. Re: It works really well? was: license by Anonymous Coward · · Score: 3, Informative

    The good thing is that is easy to work with and works really good.
    Amazingly, this is already flamebait. Yes, some people like it. No, other people absolute despise the djb-preferred way of doing things. Me, I'm one of those heretical djb-dislikers. I'm not saying you can't have your preferences, though; I am pointing out they're not universal. If you want the lowdown on large-scale qmail deployments today, ask NANAE.
  4. One of the most widely used ??? by inflex · · Score: 3, Informative

    Where did the submitter get their information from for saying that it's one of the most widely used mail servers ? I suppose if you "widen" your limits a fair way it could come in as being moderately popular.

    Sendmail, Postfix, Exchange... sure, they're up there in the high levels.

    Anyhow, would love to see a site/page showing the breakdown of mail servers around the net.

  5. Re:The patches make it still worthwhile by gmack · · Score: 3, Informative

    Not even close to true. Postfix Admin does everything vpopmail does and more. I used to run qmail+qmail for years several years before I switched over and I can tell you Postfix Admin does a better job.

  6. Re:Qmail going public domain? by Russ+Nelson · · Score: 4, Informative

    I can confirm this. djb send me, John Levine and Dave Sill (prominent qmail book authors) an email saying that he was going to put qmail into the public domain.

    --
    Don't piss off The Angry Economist