Re: [Exim] Question about exims security vs qmail?

Página Inicial
Delete this message
Reply to this message
Autor: Alan Thew
Data:  
Para: Exim List
Assunto: Re: [Exim] Question about exims security vs qmail?
just my 2p worth but qmail's model doesn't seem a million miles from PP
and AFAIK, there was never an exploit for PP...

-- 
Alan Thew                                       alan.thew@???
Computing Services,University of Liverpool      Fax: +44 151 794-4442


On Sat, 8 Jul 2000, Richard Welty wrote:

> At 03:34 PM 7/8/00 +0100, Ian Southam wrote:
> >On Fri, Jul 07, 2000 at 06:52:23PM +0600 Kalum Somaratna aka Grendel wrote :
> >
> >> The only question I have to ask is how good is exims security? qmail as we
> >> all know has a reward for anyone cracking it, which has never being
>
> >All I can say is that it has never posed any problems for us here and we
> run a
> >many exim servers and process a *lot* of mail - and our mail
> >systems are small fry compared to some here (like freeserve for instance).
>
> >We have run Exim since version 2.02 and I can only recall one security report
> >against the program and, to my knowledge that was never exploited.
>
> it's kind of a complicated issue.
>
> the security model behind qmail (and postfix, for that matter ) is quite
> strong. a model alone isn't good enough, but in the case of qmail (and
> postfix) the code appears to implement the model quite well, resulting in
> the promised level of security.
>
> exim's design came from a different place; it doesn't have the strong
> security model, but from practical experience, those of us who have run it
> for quite some time (since 1.62 in my case) have not had security issues
> with it. exim doesn't really have the "exploit of the week" thing going
> that drove many of us away from sendmail (along with performance problems
> with large mailing lists and insane configuration files, the other two
> major sendmail downsides).
>
> so most of us think exim is pretty safe, based on practical experience, but
> if you're looking for the security blanket of a well defined security
> model, then perhaps qmail or postfix is the correct mailer for you.
>
> richard
>
> -- 
> Richard Welty                 rwelty@???
> Any type of UBE (Unsolicited Bulk EMail) to this account
> is unwanted.
> Join the fight against spam: http://www.cauce.org/

>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>