Re: [Exim] Question about exims security vs qmail?

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: Ian Southam, Kalum Somaratna aka Grendel
CC: exim-users
Subject: Re: [Exim] Question about exims security vs qmail?
At 03:34 PM 7/8/00 +0100, Ian Southam wrote:
>On Fri, Jul 07, 2000 at 06:52:23PM +0600 Kalum Somaratna aka Grendel wrote :
>
>> The only question I have to ask is how good is exims security? qmail as we
>> all know has a reward for anyone cracking it, which has never being


>All I can say is that it has never posed any problems for us here and we

run a
>many exim servers and process a *lot* of mail - and our mail
>systems are small fry compared to some here (like freeserve for instance).


>We have run Exim since version 2.02 and I can only recall one security report
>against the program and, to my knowledge that was never exploited.


it's kind of a complicated issue.

the security model behind qmail (and postfix, for that matter ) is quite
strong. a model alone isn't good enough, but in the case of qmail (and
postfix) the code appears to implement the model quite well, resulting in
the promised level of security.

exim's design came from a different place; it doesn't have the strong
security model, but from practical experience, those of us who have run it
for quite some time (since 1.62 in my case) have not had security issues
with it. exim doesn't really have the "exploit of the week" thing going
that drove many of us away from sendmail (along with performance problems
with large mailing lists and insane configuration files, the other two
major sendmail downsides).

so most of us think exim is pretty safe, based on practical experience, but
if you're looking for the security blanket of a well defined security
model, then perhaps qmail or postfix is the correct mailer for you.

richard

-- 
Richard Welty                 rwelty@???
Any type of UBE (Unsolicited Bulk EMail) to this account
is unwanted.
Join the fight against spam: http://www.cauce.org/