Re: [exim] Exim vs. Qmail on Security

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] Exim vs. Qmail on Security
They just don't have the same purpose at all.

Qmail is very fast but has nearly _no_ features. It uses untrusted
processes to deliver mail which may be seen as secure. It is somewhat
buggy in the deliver process, even without patches applied. It is not
really maintained anymore by its creator, and has a very controversed
licensing scheme.

Exim is very stable, has nearly all the features one would need to
filter or deliver mail. It has a well known and well accepted licensing
scheme.

I would say, if you want to deliver spam, use qmail. If you want a mail
server, use exim.

As for the security, I am not aware of more security problems in one or
the other.

So, indeed, qmail is very secure in its basic redistribution form
(without patches applied), but is useless nowadays in this form (no
auth, no filtering, nothing). All the insecurity can come from the
patches that are applied to it to make it somewhat useful.

Marc Perkel wrote:
> I'm in a discussion with someone who thinks that Qmail is very secure.
> He is not familiar with Exim and I am not familiar with Qmail. However
> over the years working with Exim I haven't seen and security problems.
> So - Exim vs. Qmail - which is more secure? or are they both secure?
>
>
>


--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100