Re: [tlug] Mail Server

[Matt Doughty <wyndigo@example.com>]

On Wed, Oct 01, 2003 at 01:25:42PM +0900, Blomberg David wrote:
> Geez no one can take a joke around here.  I can think of one reason why
> QMail would be listed as more secure. (it is only so so valid) QMAIL is

I used to have a sense of humor, but I think I pawned it for enough
money to get a cup of ramen or something. ;)
Ask anyone who knows me, I may seem ornery and krufty but if you really
get to know you will realize I'm really much worse than all that. :) 

> a holy hell to install (due to having to compile and go through the
> whole set up makes you learn the mail server) sure any competent person
> will learn their mail server Postfix or QMail but too many people just
> install Postfix and don't have a clue how it runs, hence it is most
> likely insecure. (if you don't know it then you cannot claim it is
> secure, because you jsut don't know)  anyway actually I prefer Postfix
> but QMail is no sloth either.  (For that matter BSD is technically
> better than Linux in my book but due to licensing Linux is king and many
> have not even heard of BSD-QMails source only license is making sure
> that Postfix will be sendmails replacement)  
> -- 

heh, I don't run Linux unless I absolutely have to. I converted over to 
NetBSD some time back. As for the whole more secure discussion, not to
be overly pedantic, but those aren't security issues.  Mostly because by
default Postfix is securely installed. It doesn't run as root, and you
would have to really work at it to make it do so. The code is very
heavily audited, and was designed with security in mind.  The most likely
thing that will happen is someone will accidentally open relay for their
subnet, and while that certainly isn't desirable It isn't a security issue
for the server in question. Generally bad defaults become a security issue
when they expose insecure services that admin isn't aware of, ie RH's 
tendency to leave login, rsh, ftp open by default enabled in inetd,
something I understand they have resolved in more recent releases.

Postfix's default install doesn't leave a server open to compromise, and
there is nothing to suggest default QMail install is any less vulnerable
to compromise than a default Postfix install.

As for why Postfix will replace Sendmail as opposed to QMail:

1. it's config files are more akin to Sendmail's easing the transition.
2. most third party additions to sendmail work with postfix with minimal
   tweaking.
3. Binary distributions are not an issue with Postfix.

I'm not clear on what you think the QMail's license is but it is a
very different animal from the BSD license which is the least restrictive
OSD license I am aware of.

--Matt