[CentOS] Recommend Mail Server

Tue Nov 24 15:43:02 UTC 2009
Robert Moskowitz <rgm at htt-consult.com>

Timo Schoeler wrote:
> thus Robert Moskowitz spake:
>   
>> Timo Schoeler wrote:
>>     
>>> thus Eero Volotinen spake:
>>>   
>>>       
>>>>> Probably not, or someone would have found them in the last five years.
>>>>>       
>>>>>           
>>>> Probably yes, it's hard to security audit complex software packages.
>>>>     
>>>>         
>>> Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA 
>>> (when it hits the streets for production). That does NOT mean that it is 
>>> scalable (well, yet to prove).
>>>
>>>   
>>>       
>>>>>> At least I don't want to run software with poor security track on my 
>>>>>> public servers.
>>>>>>         
>>>>>>             
>>>>> So you don't run the Linux kernel?  Wade through the changelog sometime.   Or 
>>>>> BIND?  it is unrealistic to think large software packages don't have bugs or 
>>>>> that they won't be found and fixed over time.
>>>>>       
>>>>>           
>>>> I usually prefer softwares with good security track. Anyway kernel is 
>>>> not usually exposed directly to internet,
>>>>     
>>>>         
>>> An IP stack which is part of the kernel *is* (more or less) directly 
>>> exposed to the internet as long as there's the appropriate cable 
>>> connected to that machine.
>>>       
>> I am working on Smart Grid and am hearing talk about we can secure the 
>> Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a 
>> presentation on this at the 802 meeting last week. Sometimes I feel like 
>> I am beating on mush...
>>     
>
> Ah, you're talking of 802.1x? Nothing funnier than marketing guys 
> telling you how to secure and run your network. ;)

Worst. 802.1X is admission control. It is NOT Layer 2 security. 802.1AE, 
802.11i CCMP are examples of Layer 2 security. Now 802.1X tends to run a 
Key Management System to provide keying for Layer 2 security.