Re: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Yann Golanski
Date:  
To: Mustapha Mahfouz
CC: Marilyn Davis, exim-users
Subject: Re: [Exim] Does Exim have security problems?
Just a general note:
The current version of Exim is 3.161... Bringing a security bug dating
from version 1.6x is not only ridiculous, but time wasting.

On Tue, Aug 29, 2000 at 06:51:50PM +0600, Mustapha Mahfouz wrote:
> But unlike you when I discusses MTA's with my collegues all of them seemed
> to say that for 100% security there is only one MTA and thats Qmail blah
> blah, then they go to explain why modular designs are much better than
> monolithic designs like sendmail and exim, and how exim is much more worse
> than sendmail regarding security etc.qmails authour has a 1000$
> reward and etc etc..until I wonder what is truth and what is untruth.


Qmail is a good MTA, but because of its modular nature it can take a lot
of CPU resources and thus CPU is a bottle neck for it. As with
everything else, you might find it better than exim for your need. At
the end of the day, use the right tool for the right job.

> I unfortunately am getting laughed at unlike you with harsh comments like
> "exim has low secuirity, what are the major sites that run Exim blah
> balh", but I am quite serious about trying to install exim, I had a look
> at the single config file and it looks good, much more easier to configure
> than sendmail and very well documented too, also the installation appears
> to be very straightforward too.


Well, since two years there has been NO security holes found in exim --
not one. As for major sites using it, try freeserve, UK's largest ISP.
All our UNIX boxes at Energis Squared run exim and have been for a long
long time. I know that pretty much all the other ISPs in the UK use exim
at one stage or at another and many private companies do so as well.

-- 
        Please use PGP when replying to this message
Dr Yann Golanski                            Internet Systems Developer
PGP: http://www.kierun.org/pgp/key-planet   Mailmaster for the Planet Online