RE: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: John Horne
Date:  
To: exim-users
Subject: RE: [Exim] Does Exim have security problems?
On 28-Aug-00 at 00:34:59 Mustapha Mahfouz wrote:
> When at a gathering of admins a few days ago, I mentioned that I am
> thinking of moving to exim (sendmail is getting very slow on my machine,
> and I am worried about it's security) I got laughed at by almost everyone,
> most of them are running Qmail, and they send that if I am more concerned
> [snipped]

Can I ask how many of those people have actually run exim? Was it tested
before they chose qmail?

> about security I'd better install qmail, or leave sendmail instead of
> installing exim as "qmail is well designed, and has a superb security
> design that addreses sendmails security issues blah blah", also some stuff
> was mentioned about a 1000$ unclaimed reward for anyone that cracks qmail.
>

So no-one mentioned about support then? We chose not to use qmail because we
had heard bad things about the author and that support for it was quite
poor. We chose Exim because it seemed to have such good support via the
mailing list, and its author being actively involved in that list, and the
good docs. If Exim did have a security problem then I'm pretty sure that
Philip Hazel would be addressing it as soon as possible. Support for
security and configuration problems was a consideration in our choice of MTA.

The problems that you have mentioned are, as far as I remember, somewhat old
hat now (in other words there haven't been any (known) security problems with
Exim for a long time :-))

John.

------------------------------------------------------------------------
John Horne, University of Plymouth, UK           Tel: +44 (0)1752 233914
E-mail: jhorne@???
PGP key available from public key servers