Re: idea: switch default MTA from exim4 to postfix (wheezy+1)
On Thu, 2012-11-01 at 12:03, Axel Caspard wrote:
> I am curious to know why you would like to see bind replaced with dbndns?
The same as for exim: security records.
> ----- Original Message -----
> From: "Milan P. Stanic" <mps@arvanta.net>
> To: debian-security@lists.debian.org
> Sent: Thursday, 1 November, 2012 10:53:19 AM
> Subject: Re: idea: switch default MTA from exim4 to postfix (wheezy+1)
>
> On Thu, 2012-11-01 at 22:48, Hideki Yamane wrote:
> > Hi,
> >
> > Now we are using Exim as default MTA, but I doubt whether it'd be best
> > choice since several critical security vulnerabilities has found this
> > two or three years.
> >
> > Yes, it's often that such vulnerability has been found for software (of
> > course), however, other MTA like postfix has less vulnerabilities than
> > Exim.
> >
> > So I suggest switch from Exim to Postfix for default MTA.
> >
> >
> > Pros)
> > - Postfix has less vulnerabilities than Exim during years
> > If we choose postfix for default, probably it's more secure than using
> > Exim ***by default***. It's good for our users.
> >
> > Exim: 8 DSAs and 13 CVEs and some high and remote vulns as NVD severity
> > http://security-tracker.debian.org/tracker/source-package/exim4
> > and http://security-tracker.debian.org/tracker/source-package/exim
> >
> > Postfix: 3 DSAs and 10 CVEs and no high vulns since its first release
> > http://security-tracker.debian.org/tracker/source-package/postfix
> >
> >
> > Cons)
> > - well, maybe I didn't get it ;) If you want to continue to use Exim, you
> > can do it via apt-get.
> >
> > Please let me know your idea for this.
>
> Should be done 10 years ago, IMHO. Why wait?
>
> OT: and same for bind and use dbndns (djbdns).
--
Kind regards, Milan
Reply to: