RE: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Paul Walsh
Date:  
To: Mustapha Mahfouz
CC: Exim Users
Subject: RE: [Exim] Does Exim have security problems?
At the risk of perpetuating this thread....

If Exim were as riddled with security flaws as some would have us believe,
why haven't we been flooded with CERT Advisories? I just tried a search on
the CERT web site and the only reference I found to Exim was in Advisory
2000-04 and that was only to point the reader in the direction of a solution
to the "Love Bug".

We used to run a version of PP but found it a chore to configure, so I asked
around and Exim seemed to be the preferred choice of MTA for UK
Universities. Partly because of this wide user-base within the same sector
and partly because it's easy to install, easy to configure, the
documentation is excellent and the author is on the exim-users list, we
chose to switch to Exim.

It's far easier to get Exim up and running on different UNIX platforms than
it is to get sendmail working properly. At one time we had Sequent's
DYNIX/ptx, IBM's AIX and Sun's Solaris, all with different ways of
implementing sendmail and that abomination called sendmail.cf. Once a basic
Exim configuration was up and running we replaced sendmail on the AIX and
Solaris boxes (didn't bother with the Sequent as it was going out of service
anyway) and haven't looked back since.

The advantage of having Phil on the exim-users list is that he is willing to
take on board comments/suggestions about the software and he certainly
doesn't appear to suffer from an inflated ego, nor does he sit in an ivory
tower finding fault with others.

As a previous contributor has suggested, try out the various MTAs as see
which suits your needs and is easiest to configure/maintain/upgrade/fix then
go for it.

Good luck.

Paul Walsh

Senior Systems Programmer, Information Services,
University of Central England, BIRMINGHAM B42 2SU, UK
Tel: +44 (0)121 331 5708    Fax: +44 (0)121 356 2875






> -----Original Message-----
> From: Mustapha Mahfouz [mailto:m-mahfouz@gmx.co.uk]
> Sent: 30 August 2000 00:51
> To: Nigel Metheringham
> Cc: Mustapha Mahfouz; exim-users@???
> Subject: Re: [Exim] Does Exim have security problems?
>
>
> On Tue, 29 Aug 2000, Nigel Metheringham spoke,
>
>
> > The answer from Philip (who is on holiday this week) to Thomas H.
> > Ptacek's critique in 97 can be found at this URL
> >
> http://www.exim.org/pipermail/exim-users/Week-of-Mon-19970127/001289.h
> > tml
>
> Thank you for this info. I am allready reading it.
>
> Best Wishes,
> Mustapha Mahfouz
>
>
> --
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>