Re: [exim] Exim and Postfix

Góra strony
Delete this message
Reply to this message
Autor: Niels Dettenbach
Data:  
Dla: exim-users
Temat: Re: [exim] Exim and Postfix
Am Mittwoch, 28. August 2019, 10:12:36 CEST schrieb Viktor Dukhovni via Exim-
users:
> So the key architectural difference is that Postfix is not
> a single monolithic program, but a collection of programs
> that handle various aspects of message processing. Monolithic
> programs are more difficult to secure.

No.

The "regular" EXIM setup includes the building from sources after Your
customized configuration what to build into that monolith. While exim
potentially offers a large amount of features and interfaces, in practice only
a few of them are required in a typical setup and if you build "your" Exim
byself, only these code/functionality is part of the monolith.

This allows to minimize the amount and surface of any security related access
vectors. But even if you use pre-built binaries with "the most options
active" there is no real difference between monolithic or multilithic MTAs
regarding security, because most emails are processed by multiple / all
"similiar" parts just over multiple binaries/processes (which typically are
not really "more secured" against each other). Just parts of "process-
communication" is "just" external - i.e. over sockets.

And even with exim you get multiple binaries for different administrative
tasks.

That the most Linux distros today prefer (or based on) binary distribution
(and the most (end-)users use that way for installation of their exim) is
another topic...

just my .02$



niels.

--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---