[WBEL-users] Postfix or Sendmail

[Eric B.]

I researched both Sendmail and Postfix about 6 years ago and at the time had
come to the conclusion that Postfix was better designed against hacking
since it would not give a hacker access to root if it was cracked.  I liked
the dual processing used for mail handling; on daemon running as non-root in
its own little world that hands off the mail to another process that is
internal only.  So if anyone managed to hack the external daemon, it would
only get to the non-root chroot world of the system.

However, this opinion is over 6 years old.  I too and examining them both
now as I need to install new servers and need to find something for email.
>From my understanding (although I haven't done a whole lot of research
recently), Sendmail has fixed all these security issues by making it more
Postfix like and by running it as a non root process.  Someone can correct
me if I am mistaken.  One of the things I like about Sendmail is that I
quickly found a patch to allow it to store it's email in a DB - something I
plan to do as I expect it to be easier to handle data replication and
clustering using MySQL clustering (being released April 14).  I haven't
found anything that will allow me to hook Postfix into a DB.

Additionally, with a quick persual of the net, I quickly found AV and
anti-spam solutions for Sendmail, but not as easily for Postfix.  Again,
perhaps I am just looking in the wrong section.

As for which is easier to administer?  I personally feel that Postfix is
somewhat more straightforward, although Sendmail has become much easier
recently thanks to tools like Webmin.  Configuring Sendmail from the M4
files used to be a pain in the ass.....

In a nutshell, I am personally leaning towards Sendmail right now only
because it is much easier to find addons, and a DB connector for it, and am
experimenting with it right now.  Would love to hear someone tell me that I
can find the same things for Postfix though.

Eric


I know Sendmail in the past had major weaknesses with attacks being able to
compr
"Joe Klemmer" <klemmerj@webtrek.com> wrote in message
news:1080845127.29437.42.camel@emperor.webtrek.com...
> On Thu, 2004-04-01 at 09:45, John Hinton wrote:
>
> > The big guy on the block always gets blindside punches. Sendmail more
> > bugs? Or sendmail more people trying to break in and finding the holes?
> > It could be argued that sendmail has been more thoroughly tested against
> > intrusion. Look at Microsoft...
>
> The difference between Sendmail and, for example, Postfix is that
> Sendmail was designed and built in such a way that buffer overruns or
> stack smashing can potentially lead to root compromises.  My
> understanding of Postfix and qmail are that they are designed such that
> should an overrun happen you can't get root access.  Thus it doesn't
> matter how many people are trying to break into any of them.
>
> > I'm personally sort of hoping that Linux never makes it to mainstream,
> > or we'll be the ones 'everyone' is trying to crack.
>
> Linux will never have the same kind of security situation as MS does
> even if everyone in the world switched to it.  The design of Linux is
> such that it will never be vulnerable to the kinds of security holes
> that MS software is.  By definition it will always be safer.  This
> doesn't mean it's immune by any means.  It's just that the level of
> exploits will be lower and of a different nature.
>
> -- 
> Joe "Kuramarujo" Klemmer | Current rank: Maegashira 15
> http://www.webtrek.com/~klemmerj/sumo.html