[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postfix as default MTA?



In article <19990705133925.B568@wonderland.linux.it>, md@linux.it (Marco
d'Itri) wrote:

>The author of exim does not agree.

Wrong. The author just doesn't state that it is secure - he hadn't  had it
as first design goal in his mind, when he did build exim. It nontheless is
quite good designed and has many things done especially because of
security issues. The main difference with postfix being that exim relies
on a suid program that gives up root rights as soon as possible and
postfix relies on non-suid programs but suid directories. The main
argument is that you can control data better than you can control
programs, so it is better to have suid data (directories) and not suid
programs. But there is a way to do suid programs right, and as far as I am
able to check it, exim does it this way. Yes, there is a the possibility
of flaws in the code that is executed up to the setuid call, I am aware of
that. But there still is the school of programmers that think that if you
keep that part fairly small, you can control enough of it to get a secure
environment.

And regarding performance of monolithic designs: you all are aware that we
are talking about choosing the default MTA on a linux system, are you?
Under linux the process spawning is much less an issue than in other
systems, due to it's special design (copy on write and all that stuff).
Actually I have done much bad with exim on very  underpowered machines,
and while it did bring my system to a grinding halt, that wasn't due to
the exim processes being spawned, but due to the highly disc-bound nature
of MTAs. And postfix wouldn't cure that problem, either.

Exim might not be designed for security and performance in the first place
- but it did gain on both fronts. I consider it a major choice for MTA in
both fields. Especially since most security issues nowadays are connected
with anti-relaying and misuse of resources, and exim gives a lot features
in that field. And they are easy to set up and to use. So up to now I
still think it is the right choice for default MTA.

Keep in mind that I don't say other MTAs aren't usefull or good - it's
just that I don't think any of them being the better choice for default
MTA at the moment, that's all. Of course all this is just my $0.02. And
since I am not an official debian developer, when it comes down to voting
my voice doesn't count.

bye, Georg

-- 
http://www.westfalen.de/hugo/



Reply to: