Re: default MTA for sarge

To: debian-devel@lists.debian.org
Subject: Re: default MTA for sarge
From: Tore Anderson <tore@linpro.no>
Date: Wed, 16 Jul 2003 02:20:07 +0200
Message-id: <[🔎] uiu7k6jcog8.fsf@echo.linpro.no>
In-reply-to: <[🔎] 20030715230114.GP7728@taz.net.au> (Craig Sanders's message of "Wed, 16 Jul 2003 09:01:14 +1000")
References: <[🔎] 20030713083151.GA12971@dragon.kitenet.net> <[🔎] 20030714064911.GA20753@taz.net.au> <[🔎] 1058207147.32166.15.camel@rock.grep.be> <[🔎] 20030714230129.GA7728@taz.net.au> <[🔎] 20030715002434.GE17851@hoiho.nz.lemon-computing.com> <[🔎] 20030715141259.GM7728@taz.net.au> <[🔎] uiu4r1nj0ob.fsf@echo.linpro.no> <[🔎] 20030715230114.GP7728@taz.net.au>

* Craig Sanders

 > actually, the whole thing runs as root and drops priviledges or changes
 > UID as needed.  that's good, but it is potentially exploitable.

  Indeed, it runs as root for as long time as it need to create a listening
 TCP socket and setuid() to mail.  From that point on, it runs as a
 nonprivileged user.  (Orelse 'ps' must be lying to me.)  Something tells me
 that Postfix, and every other daemon that intends to listen on a privileged
 port must do the same.

  And as for the potential exploit in setuid() -- reversing it? -- I'm sure
 the kernel guys would like to know just how you intend to go about
 exploiting it.  The manual page says it's impossible, see.

* Craig Sanders

 >>  > exim is certainly not fast, and while it may be adequate for tiny mail
 >>  > systems with trivial loads, it doesn't scale up to large mail systems -
 >>  > which is an important point, debian is better off with a default MTA
 >>  > that can handle any load thrown at it.

* Tore Anderson

 >>   This is, of course, bullshit.  Care to support your claims with anything
 >>   meaningful?

* Craig Sanders

 > http://www-dt.e-technik.uni-dortmund.de/~ma/postfix/bench2.html
 >
 > on the same hardware, with the same test loads, postfix is 2-5 times faster
 > than exim.

  Congratulations, you've successfully proved that a guy with his own
 Postfix fan-page and who's been hacking some on Postfix itself is capable
 of setting up Postfix to run 2-5 times faster than Exim.  Please, forgive
 me my lack of enthusiasm.

  It didn't take me long to Google up a similar comparsion whose conclusion
 was the opposite of the one you found -- but it's utterly irrelevant;  the
 setup matters much more than the MTA itself.

  I get paid to run a mail system using Exim, which does between 1.5M and
 2M deliveries per day, so I do have enough first-hand experience with Exim
 to see that your assertion that "[Exim] doesn't scale up to large mail
 systems" is quite simply a false and ignorant one.

 > yes, and postfix is simple to configure and simple to understand.

  Probably very true.

 > exim, however isn't.

  I beg to differ -- and I'm certain there's many who agree with me.  Your
 impression isn't at all universal, you know.

-- 
Tore Anderson

Reply to:

Follow-Ups:
- Re: default MTA for sarge
  - From: Ralf Hildebrandt <Ralf.Hildebrandt@charite.de>

References:
- default MTA for sarge
  - From: Joey Hess <joeyh@debian.org>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Wouter Verhelst <wouter@grep.be>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Nick Phillips <nwp@nz.lemon-computing.com>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Tore Anderson <tore@linpro.no>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: default MTA for sarge
Next by Date: Re: default MTA for sarge
Previous by thread: Re: default MTA for sarge
Next by thread: Re: default MTA for sarge
Index(es):
- Date
- Thread