idea: switch default MTA from exim4 to postfix (wheezy+1)

[Hideki Yamane <henrich@debian.or.jp>]

Hi,

 Now we are using Exim as default MTA, but I doubt whether it'd be best
 choice since several critical security vulnerabilities has found this
 two or three years.

 Yes, it's often that such vulnerability has been found for software (of
 course), however, other MTA like postfix has less vulnerabilities than
 Exim.

 So I suggest switch from Exim to Postfix for default MTA.


Pros)
 - Postfix has less vulnerabilities than Exim during years
   If we choose postfix for default,  probably it's more secure than using
   Exim ***by default***. It's good for our users.

   Exim: 8 DSAs and 13 CVEs and some high and remote vulns as NVD severity
     http://security-tracker.debian.org/tracker/source-package/exim4 
     and http://security-tracker.debian.org/tracker/source-package/exim
         
   Postfix: 3 DSAs and 10 CVEs and no high vulns since its first release
     http://security-tracker.debian.org/tracker/source-package/postfix


Cons)
 - well, maybe I didn't get it ;) If you want to continue to use Exim, you
   can do it via apt-get.

 Please let me know your idea for this.
 Thanks.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane