RE: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Brian K. West
Date:  
To: exim-users
Subject: RE: [Exim] Does Exim have security problems?
I have to agree with this. This thread is a waste of time. This is turning
into a "My MTA is better than your MTA." Match. And it seems to be counter
productive.
If you wish to talk about buggy software go talk about wu-ftpd that whole
program is a bug. Granted Qmail and Sendmail are both great software but
they lack the ease of configuration and flexibility that exim has. As far
as running as root... I run my whole mail system as user exim.. even the
popper runs as exim.. never even touches root privileges, since the whole
mail system is virtual(ie. User do not have a real login at all). I auth my
popper off mysql and also route mail with mysql.. seems to be quite fast.

Later,
Brian


It is easier to fix Unix than to live with NT.

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org]On Behalf
Of Yann Golanski
Sent: Tuesday, August 29, 2000 9:05 AM
To: Mustapha Mahfouz
Cc: Marilyn Davis; exim-users@???
Subject: Re: [Exim] Does Exim have security problems?

Just a general note:
The current version of Exim is 3.161... Bringing a security bug dating
from version 1.6x is not only ridiculous, but time wasting.

On Tue, Aug 29, 2000 at 06:51:50PM +0600, Mustapha Mahfouz wrote:
> But unlike you when I discusses MTA's with my collegues all of them seemed
> to say that for 100% security there is only one MTA and thats Qmail blah
> blah, then they go to explain why modular designs are much better than
> monolithic designs like sendmail and exim, and how exim is much more worse
> than sendmail regarding security etc.qmails authour has a 1000$
> reward and etc etc..until I wonder what is truth and what is untruth.


Qmail is a good MTA, but because of its modular nature it can take a lot
of CPU resources and thus CPU is a bottle neck for it. As with
everything else, you might find it better than exim for your need. At
the end of the day, use the right tool for the right job.

> I unfortunately am getting laughed at unlike you with harsh comments like
> "exim has low secuirity, what are the major sites that run Exim blah
> balh", but I am quite serious about trying to install exim, I had a look
> at the single config file and it looks good, much more easier to configure
> than sendmail and very well documented too, also the installation appears
> to be very straightforward too.


Well, since two years there has been NO security holes found in exim --
not one. As for major sites using it, try freeserve, UK's largest ISP.
All our UNIX boxes at Energis Squared run exim and have been for a long
long time. I know that pretty much all the other ISPs in the UK use exim
at one stage or at another and many private companies do so as well.

--
                Please use PGP when replying to this message
Dr Yann Golanski                            Internet Systems Developer
PGP: http://www.kierun.org/pgp/key-planet   Mailmaster for the Planet Online