Re: idea: switch default MTA from exim4 to postfix (wheezy+1)
On Thu, 2012-11-01 at 22:48, Hideki Yamane wrote:
> Hi,
>
> Now we are using Exim as default MTA, but I doubt whether it'd be best
> choice since several critical security vulnerabilities has found this
> two or three years.
>
> Yes, it's often that such vulnerability has been found for software (of
> course), however, other MTA like postfix has less vulnerabilities than
> Exim.
>
> So I suggest switch from Exim to Postfix for default MTA.
>
>
> Pros)
> - Postfix has less vulnerabilities than Exim during years
> If we choose postfix for default, probably it's more secure than using
> Exim ***by default***. It's good for our users.
>
> Exim: 8 DSAs and 13 CVEs and some high and remote vulns as NVD severity
> http://security-tracker.debian.org/tracker/source-package/exim4
> and http://security-tracker.debian.org/tracker/source-package/exim
>
> Postfix: 3 DSAs and 10 CVEs and no high vulns since its first release
> http://security-tracker.debian.org/tracker/source-package/postfix
>
>
> Cons)
> - well, maybe I didn't get it ;) If you want to continue to use Exim, you
> can do it via apt-get.
>
> Please let me know your idea for this.
Should be done 10 years ago, IMHO. Why wait?
OT: and same for bind and use dbndns (djbdns).
--
Kind regards, Milan
Reply to: