Re: SMTP and POP3 with ssl + login/password
Quoting Scott Moynes (smoynes@nexus.carleton.ca):
> * Michael Marziani (michaelm@kw.com) wrote:
>> There have been no security hacks to qmail for over 3 years.
>> Sendmail certainly can't say that.
>
> Depends what your definition of "security hacks" is.
> http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
FYI: One qmail fan (I'm -not- one) posted a rejoinder here:
http://www.geocrawler.com/mail/msg.php3?msg_id=9506623&list=513
Summary: Some items supposedly wrong, some supposedly don't matter,
most are acknowledged to be actual qmail violations of RFCs and/or
interferences with common practices (but that the qmail fan argues
against).
Ted Cabeen's comment in this space is hereby acknowedged -- about qmail
avoiding many security bugs unless patched/extended, and then being
subject to them. See also comments on qmail feature-poverty here:
http://www.courier-mta.org/history.html
Odd that qmail people characteristically compare only against sendmail.
Even Dan: "qmail is a modern SMTP server which [sic] makes sendmail
obsolete..." (near top of qmail home page). Aren't the more-natural
security comparisons qmail/postfix (modular) and exim/sendmail/courierd
(monolithic)?
My attempt at relatively dispassionate MTA-comparison notes:
http://linuxmafia.com/~rick/linux-info/mtas
--
Cheers,
Rick Moen FORTH heart if honk then.
rick@linuxmafia.com
Reply to: