Hi,
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
junji linux registered user #253162
Send instant messages to your online friends http://uk.messenger.yahoo.com
Jun Salen wrote:
Hi,
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
this issue has been covered a few times on the list, I suggest you start with a search through the achieves.
short answer: use yum ( which in turn uses rpm ).
Hi,
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
junji linux registered user #253162
Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
with yum you will have the security updates for the current postfix version
if you compile from source you'll need to keep up with the security releases and patch or recompile the new versions
Leonel
Jun Salen wrote:
Hi,
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
You can compile from source if the RHEL4 postfix package does not suit your needs (source compiles of latest postfix offers more featues for example or get you mysql database support).
Other than that I do not see any other advantage. Disadvantages to either method...none besides the rpm not offering the other features available. postfix has not had a security problem since one issue in version 1.x which is perhaps not too surprising given that Wietse is also the author of tcp_wrappers so you do not need to keep track of security holes unlike sendmail.
On Wednesday 06 December 2006 19:18, Feizhou wrote:
Other than that I do not see any other advantage. Disadvantages to either method...none besides the rpm not offering the other features available. postfix has not had a security problem since one issue in version 1.x which is perhaps not too surprising given that Wietse is also the author of tcp_wrappers so you do not need to keep track of security holes unlike sendmail.
I'm going to play devil's advocate here and mention that just because the postfix package itself hasn't had any security exploit, doesn't mean that some of the required libraries it uses haven't allowed it to be exploited in the past. I see that in some cases postfix builds against zlib, and there's been exploits based on that in the past.
I'm not trying to say that postfix is insecure, just that saying it IS secure and will continue to be so just because it has a good track record doesn't exactly promote the best behavior be new administrators that may not be as security aware as they should be in this job (I understand your point though). Let's promote more security conscious and paranoid system administrators through saying that every process that allows public access be strictly audited on a regular basis. It truly will make the world a better place.
Kevan Benson wrote:
On Wednesday 06 December 2006 19:18, Feizhou wrote:
Other than that I do not see any other advantage. Disadvantages to either method...none besides the rpm not offering the other features available. postfix has not had a security problem since one issue in version 1.x which is perhaps not too surprising given that Wietse is also the author of tcp_wrappers so you do not need to keep track of security holes unlike sendmail.
I'm going to play devil's advocate here and mention that just because the postfix package itself hasn't had any security exploit, doesn't mean that some of the required libraries it uses haven't allowed it to be exploited in the past. I see that in some cases postfix builds against zlib, and there's been exploits based on that in the past.
I'm not trying to say that postfix is insecure, just that saying it IS secure and will continue to be so just because it has a good track record doesn't exactly promote the best behavior be new administrators that may not be as security aware as they should be in this job (I understand your point though). Let's promote more security conscious and paranoid system administrators through saying that every process that allows public access be strictly audited on a regular basis. It truly will make the world a better place.
I don't see a problem here. Unless you make a static compile of postfix, upgrading the libraries that it uses will automatically fix the problem. If there is a version conflict due to the new libraries, that will give an automatic signal to rebuild when postfix refuses to run.
I, therefore, stand by my previous statements. Unless postfix itself manages to get a security hole, there is nothing to worry about if building against system libraries that are covered by RHEL/Centos.
On Thu, 7 Dec 2006 00:57:39 +0000 (GMT) Jun Salen nokijun@yahoo.com wrote:
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
The Wiki lists some cons/pros:
http://wiki.centos.org/PackageManagement/SourceInstalls
Your standard modus operandi should be installing from the CentOS repositories with yum. It is the only thing that is supported and well-tested. It is also the only way to automatically get security updates for Postfix from the CentOS project through yum.
There are exceptions to the rule, but you'll know when you encounter them :^).
-- Daniel
Your standard modus operandi should be installing from the CentOS repositories with yum. It is the only thing that is supported and well-tested. It is also the only way to automatically get security updates for Postfix from the CentOS project through yum.
Just on this point, I want to say that I have not seen a security update on postfix in years.
On Thu, 2006-12-07 at 07:50 +0100, Daniel de Kok wrote:
On Thu, 7 Dec 2006 00:57:39 +0000 (GMT) Jun Salen nokijun@yahoo.com wrote:
Need some advice on installing postfix in CentOS4. Which is better, installing by yum or rpm -i or by compiling from source code? What are the advantages and/or disadvantages of each. Thanks.
The Wiki lists some cons/pros:
http://wiki.centos.org/PackageManagement/SourceInstalls
Your standard modus operandi should be installing from the CentOS repositories with yum. It is the only thing that is supported and well-tested. It is also the only way to automatically get security updates for Postfix from the CentOS project through yum.
There are exceptions to the rule, but you'll know when you encounter them :^).
---- If you want latest Postfix - get rpms from Simon Mudd...he's been making them available forever
You get the SRPM and rebuild with extras that you want.
Craig
-
Craig White -
Daniel de Kok -
Feizhou -
Jun Salen -
Karanbir Singh -
Kevan Benson -
leonelīŧ enelserver.com