Re: default MTA for sarge

To: debian-devel@lists.debian.org
Subject: Re: default MTA for sarge
From: Craig Sanders <cas@taz.net.au>
Date: Wed, 16 Jul 2003 09:01:14 +1000
Message-id: <[🔎] 20030715230114.GP7728@taz.net.au>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] uiu4r1nj0ob.fsf@echo.linpro.no>
References: <[🔎] 20030713083151.GA12971@dragon.kitenet.net> <[🔎] 20030714064911.GA20753@taz.net.au> <[🔎] 1058207147.32166.15.camel@rock.grep.be> <[🔎] 20030714230129.GA7728@taz.net.au> <[🔎] 20030715002434.GE17851@hoiho.nz.lemon-computing.com> <[🔎] 20030715141259.GM7728@taz.net.au> <[🔎] uiu4r1nj0ob.fsf@echo.linpro.no>

On Tue, Jul 15, 2003 at 04:59:32PM +0200, Tore Anderson wrote:
>  > while (AFAIK) there are no current exploits for exim, that is more by
>  > accident or luck than by design - the monolithic mail daemon running as
>  > root design is inherently insecure.
> 
>   I'd trust Philip Hazel's ability to write good code without luck being
>  involved;  and as far as I know even the Postfix guys relies on one of
>  his software packages (libpcre).

yes, he's a good and careful programmer and i trust his code too.  even a good
programmer can only do so much with an inherently flawed design.

>   And about the 'running as root' issue;  come again?  Andreas' packages runs
>   the exim daemon as the 'mail' user per default, and I cannot remember any
>   exim package in Debian that behaved differently.

actually, the whole thing runs as root and drops priviledges or changes UID as
needed.  that's good, but it is potentially exploitable.

>  > exim is certainly not fast, and while it may be adequate for tiny mail
>  > systems with trivial loads, it doesn't scale up to large mail systems -
>  > which is an important point, debian is better off with a default MTA that
>  > can handle any load thrown at it.
> 
>   This is, of course, bullshit.  Care to support your claims with anything
>   meaningful?  In my experience, the storage performance or backend database
>   performance is more likely to become the bottleneck anyway, not the MTA.

http://www-dt.e-technik.uni-dortmund.de/~ma/postfix/bench2.html

on the same hardware, with the same test loads, postfix is 2-5 times faster
than exim.

as for the scalability issue, particularly telling is the observation that
"exim cannot handle multiple simultaneous incoming connections well, it's much
faster with 5 clients than with 20. Other MTAs don't exhibit this behaviour."

> Not that performance under very high load should be a very important
> factor in choosing the default MTA anyway -- simplicity should be.

yes, and postfix is simple to configure and simple to understand.

exim, however isn't.  it's configuration still looks and feels pretty much like
smail, and nobody ever accused smail of being simple and easy to configure.
clumsy and awkward, generally....."simple" only relative to sendmail.cf

craig

Reply to:

Follow-Ups:
- Re: default MTA for sarge
  - From: Steve Lamb <grey@dmiyu.org>
- Re: default MTA for sarge
  - From: Tore Anderson <tore@linpro.no>
- Re: default MTA for sarge
  - From: Josip Rodin <joy@srce.hr>

References:
- default MTA for sarge
  - From: Joey Hess <joeyh@debian.org>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Wouter Verhelst <wouter@grep.be>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Nick Phillips <nwp@nz.lemon-computing.com>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Tore Anderson <tore@linpro.no>

Prev by Date: Re: mplayer
Next by Date: Re: default MTA for sarge
Previous by thread: Re: default MTA for sarge
Next by thread: Re: default MTA for sarge
Index(es):
- Date
- Thread