Author: Renaud Allard Date: To: Marc Perkel CC: exim-users Subject: Re: [exim] Exim vs. Qmail on Security
They just don't have the same purpose at all.
Qmail is very fast but has nearly _no_ features. It uses untrusted
processes to deliver mail which may be seen as secure. It is somewhat
buggy in the deliver process, even without patches applied. It is not
really maintained anymore by its creator, and has a very controversed
licensing scheme.
Exim is very stable, has nearly all the features one would need to
filter or deliver mail. It has a well known and well accepted licensing
scheme.
I would say, if you want to deliver spam, use qmail. If you want a mail
server, use exim.
As for the security, I am not aware of more security problems in one or
the other.
So, indeed, qmail is very secure in its basic redistribution form
(without patches applied), but is useless nowadays in this form (no
auth, no filtering, nothing). All the insecurity can come from the
patches that are applied to it to make it somewhat useful.
Marc Perkel wrote: > I'm in a discussion with someone who thinks that Qmail is very secure.
> He is not familiar with Exim and I am not familiar with Qmail. However
> over the years working with Exim I haven't seen and security problems.
> So - Exim vs. Qmail - which is more secure? or are they both secure?
>
>
>