Re: [Exim] Question about exims security vs qmail?

Top Page
Delete this message
Reply to this message
Author: Yann Golanski
Date:  
To: Kalum Somaratna aka Grendel
CC: exim-users
Subject: Re: [Exim] Question about exims security vs qmail?
On Fri, Jul 07, 2000 at 06:52:23PM +0600, Kalum Somaratna aka Grendel wrote:
> The only question I have to ask is how good is exims security? qmail as we
> all know has a reward for anyone cracking it, which has never being
> claimed, so it is secure.


No, it means no one has found an expoite yet. There is NO such thing as
a 100% secure system. If you believe anyone who says otherwise, well, I
have this bridge I'd like to sell...

> So how does exim compare with qmail in this
> respect? I ask this because in a article called "life with qmail" it's
> authour while comparing other packages said that "exim was not very
> secure"??
>
> Is this true?


No.

There were some bugs withins exim, but they all were either DoS related
(a free working fine under solaris and crashing under exim, etc...) or
small oddites. There never was a root exploite, and if exim is ran as an
unpriviledged user, then there is no chance of buffer overflow and the
link.

> Any help is much appreciated as exim seems to be quite good, from the
> manual I read, so I need the above doubts to be clarified.


We at Planet (now energis quared... just don't ask okay?) have used exim
to cope with the mail for freeserve (3 million users) and we never had
any problems with it. The only major outage we had was due to a horrible
hardware failure of a seagate disk. Even seagate are not sure what was
going on there -- two head will write to the other's domain and report
the data as written to their own domain was the last I heard.

-- 
        Please use PGP when replying to this message
Dr Yann Golanski                            Internet Systems Developer
PGP: http://www.kierun.org/pgp/key-planet   Mailmaster for the Planet Online