On Wed, Aug 13, 2014 at 12:35 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
On Wed, 2014-08-13 at 18:32 +0200, Timothy Murphy wrote:
If I had to read a book in order to install and configure postfix I
would go back to sendmail.
No one really wants to revert to Sendmail - do they ?
Sendmail exists forever. Postfix emerged a bit later, and postfix was written with security in mind. In case of sendmail on [huge] binary does everything, including listening to external port. There are quite likely multible bugs in large code.
That was true when postfix was initially written, but subsequently, the sendmail has been audited more thoroughly than any other piece of code you are likely to use (certainly more than openssl, which everyone used to trust...) and split into submissioin and delivery processes with milter hooks to let additional processing steps run as different, non-root users. While anything can have undiscovered bugs, at this point I don't think it is fair to say that one is any more secure than the other.
Usually postfix comes more or less decently configured as a trivial mail server (both in case of CentOS rpm, and from postfix vendor if you download tarball and build it yourself
But likewise, the rpm-packaged sendmail comes with a configuration that only needs a few tweaks to the readable sendmail.mc file for most common uses. And MimeDefang lets you do anything more complex in perl. I haven't seen anyone here claim to have hooked MimeDefang to postfix but it should be theoretically possible now that postfix supports milters.