On Wednesday 06 December 2006 19:18, Feizhou wrote:
Other than that I do not see any other advantage. Disadvantages to either method...none besides the rpm not offering the other features available. postfix has not had a security problem since one issue in version 1.x which is perhaps not too surprising given that Wietse is also the author of tcp_wrappers so you do not need to keep track of security holes unlike sendmail.
I'm going to play devil's advocate here and mention that just because the postfix package itself hasn't had any security exploit, doesn't mean that some of the required libraries it uses haven't allowed it to be exploited in the past. I see that in some cases postfix builds against zlib, and there's been exploits based on that in the past.
I'm not trying to say that postfix is insecure, just that saying it IS secure and will continue to be so just because it has a good track record doesn't exactly promote the best behavior be new administrators that may not be as security aware as they should be in this job (I understand your point though). Let's promote more security conscious and paranoid system administrators through saying that every process that allows public access be strictly audited on a regular basis. It truly will make the world a better place.