[CentOS] Recommend Mail Server
Robert Moskowitz
rgm at htt-consult.com
Tue Nov 24 15:43:02 UTC 2009
Timo Schoeler wrote:
> thus Robert Moskowitz spake:
>
>> Timo Schoeler wrote:
>>
>>> thus Eero Volotinen spake:
>>>
>>>
>>>>> Probably not, or someone would have found them in the last five years.
>>>>>
>>>>>
>>>> Probably yes, it's hard to security audit complex software packages.
>>>>
>>>>
>>> Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA
>>> (when it hits the streets for production). That does NOT mean that it is
>>> scalable (well, yet to prove).
>>>
>>>
>>>
>>>>>> At least I don't want to run software with poor security track on my
>>>>>> public servers.
>>>>>>
>>>>>>
>>>>> So you don't run the Linux kernel? Wade through the changelog sometime. Or
>>>>> BIND? it is unrealistic to think large software packages don't have bugs or
>>>>> that they won't be found and fixed over time.
>>>>>
>>>>>
>>>> I usually prefer softwares with good security track. Anyway kernel is
>>>> not usually exposed directly to internet,
>>>>
>>>>
>>> An IP stack which is part of the kernel *is* (more or less) directly
>>> exposed to the internet as long as there's the appropriate cable
>>> connected to that machine.
>>>
>> I am working on Smart Grid and am hearing talk about we can secure the
>> Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a
>> presentation on this at the 802 meeting last week. Sometimes I feel like
>> I am beating on mush...
>>
>
> Ah, you're talking of 802.1x? Nothing funnier than marketing guys
> telling you how to secure and run your network. ;)
Worst. 802.1X is admission control. It is NOT Layer 2 security. 802.1AE,
802.11i CCMP are examples of Layer 2 security. Now 802.1X tends to run a
Key Management System to provide keying for Layer 2 security.
More information about the CentOS
mailing list