On Thu, Nov 1, 2012 at 2:48 PM, Hideki Yamane
<henrich@debian.or.jp> wrote:
Hi,
Now we are using Exim as default MTA, but I doubt whether it'd be best
choice since several critical security vulnerabilities has found this
two or three years.
Yes, it's often that such vulnerability has been found for software (of
course), however, other MTA like postfix has less vulnerabilities than
Exim.
So I suggest switch from Exim to Postfix for default MTA.
Pros)
- Postfix has less vulnerabilities than Exim during years
If we choose postfix for default, probably it's more secure than using
Exim ***by default***. It's good for our users.
Exim: 8 DSAs and 13 CVEs and some high and remote vulns as NVD severity
http://security-tracker.debian.org/tracker/source-package/exim4
and http://security-tracker.debian.org/tracker/source-package/exim
Postfix: 3 DSAs and 10 CVEs and no high vulns since its first release
http://security-tracker.debian.org/tracker/source-package/postfix
Cons)
- well, maybe I didn't get it ;) If you want to continue to use Exim, you
can do it via apt-get.
Please let me know your idea for this.
Thanks.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 20121101224846.52575d79119986677704776f@debian.or.jp" target="_blank">http://lists.debian.org/[🔎] 20121101224846.52575d79119986677704776f@debian.or.jp