Am Mittwoch, 28. August 2019, 10:12:36 CEST schrieb Viktor Dukhovni via Exim-
users:
> So the key architectural difference is that Postfix is not
> a single monolithic program, but a collection of programs
> that handle various aspects of message processing. Monolithic
> programs are more difficult to secure.
No.
The "regular" EXIM setup includes the building from sources after Your
customized configuration what to build into that monolith. While exim
potentially offers a large amount of features and interfaces, in practice only
a few of them are required in a typical setup and if you build "your" Exim
byself, only these code/functionality is part of the monolith.
This allows to minimize the amount and surface of any security related access
vectors. But even if you use pre-built binaries with "the most options
active" there is no real difference between monolithic or multilithic MTAs
regarding security, because most emails are processed by multiple / all
"similiar" parts just over multiple binaries/processes (which typically are
not really "more secured" against each other). Just parts of "process-
communication" is "just" external - i.e. over sockets.
And even with exim you get multiple binaries for different administrative
tasks.
That the most Linux distros today prefer (or based on) binary distribution
(and the most (end-)users use that way for installation of their exim) is
another topic...
just my .02$
niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP:
https://syndicat.com/pub_key.asc
---