[CentOS] Ultra simple mail server config?
John Summerfield
debian at herakles.homelinux.org
Tue Jan 23 23:50:45 UTC 2007
Peter Serwe wrote:
>> I don't see any patches to fix security problems, but I am not
>> prepared to believe there are no security problems. There are patches
>> to fix standards non-compliance (eg RFC 1870 and RFC 2821) and nobody
>> can distribute source with them preapplied. Instead, they must
>> distribute patch alone or source-plus-patch.
> Well, ya know it's kinda funny. The author has had a cash prize for
> anybody to find a security
> hole in qmail for the better part of a decade, and as much as a lot of
> people have gotten really
> intimate with the qmail source code (as evidenced by the sheer number of
> patches), nobody
> has EVER been able to find one and claim the prize. I think that's as
> close to being able to
> believe there aren't any issues as any software I've ever seen.
I saw that. Who's the judge of what constitutes a security bug? You and
I are very likely to disagree in some cases, even where we agree on a
definition.
I do value standards compliance, and I think that something like:
yum install postfix spamassassin dovecote
beats downloading the source, patching, installing binaries (in /var?
really!) and taking it on myself to verify it all fits together.
_I_ don't want development tools on my mail gateway, and if I really
wanted to build from source I'd probably be using gentoo. or building
RHEL myself.
Actually, I do, sort of, on one box:-) Both.
> Certainly Bill Gates would
> be substantially poorer had he ever made that claim, and backed it with
> cash over the same
> time period.
>
> </rant> :D
I also saw his comments re the author of postfix. OTOH, at
www.postfix.org I could find nothing bad about qmail or its author. If
Dan didn't propagate the alleged slanders, hardly anyone would know
about them.
I also saw his comments re the future of qmail:
http://cr.yp.to/qmail/future.html
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the CentOS
mailing list