[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: POP3 and SMTP server for an ISP

On Sat, Feb 17, 2001 at 08:42:04AM -0800, Jeremy C. Reed wrote:
> On Fri, 16 Feb 2001, [iso-8859-2] Litzler Mihály wrote:
> > Okey, what do you think about the security of exim?
> I couldn't find any Exim advisories or incident or Vulnerability notes at

There are none.

> I found a July 1997 BugTraq posting for a very old version of Exim (posted
> by Qmail's author).

Go figure. :)

> You can't really easily search the SecurityFocus website for Exim --
> because the headers are indexed AND many emails were sent by Exim :)
> This subject of "security of exim" has been discussed on the exim-users
> mailing lists various times and it always reports that there has been very
> few security issues, no known exploits and a bunch of testimonials for
> using Exim.

Yup. I've been using Exim since way before it was part of Debian. I've
*never* had a problem.

> I use exim because: 1) simple, easy-to-understand syntax; 2) extremely
> detailed documentation, FAQ and examples; 3) friendly mailing list; 4)
> friendly author/developer; 5) many testimonials; 6) no known security
> issues; 7) numerous capabilities, such as anti-relaying features,
> filtering, mail routing control, etc.; 8) it was default with Debian :)
> I have read several testimonials of Exim like: "we use an old SparcStation
> 20 to ship around 60,000 emails a day and according to the exim stats 98%
> of those are shipped in under a minute." And "have used exim to cope with
> the mail for freeserve (3 million users) and we never had any problems
> with it." And "processed several hundred thousand messages a day across
> 7000+ virtual domains."

Well, another testimony is that I use Exim on the SMTP gateway machine
for bnl.gov, and it uses an extensive filter to look for 'nasties', 
does the black-list blocking, along with our own long list of unsavory
sites, subjects and content filtering. Nominal traffic is about 1.5-2.0
GB/day, each way. All mail for the site goes through this box. It's
handled up to about 20GB in a single day, and the load on the box never 
went above .10. This is a PIII-500 with 512MB RAM. *Way* overkill for
what it's handling. 

Someday in the near future (6-10 months) we'll be upgrading the WAN
connection from OC-3 to OC-12. It may be a little more loaded at that
point, but I doubt it.


   >> Tim Sailer (at home)             ><  Coastal Internet, Inc.          <<
   >> Network and Systems Operations   ><  PO Box 671                      <<
   >> http://www.buoy.com              ><  Ridge, NY 11961                 <<
   >> tps@unslept.com/tps@buoy.com     ><  (631) 924-3728                  <<

Reply to: