[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New free secure open source IBM mailer aka Vmailer aka Postfix
On Thu, 24 Dec 1998, Shachar Tal wrote:
> Hi,
> On Thu, 24 Dec 1998, Peter L. Peres wrote:
>
> >
> > Is this a Chameleon ? How many times can an email program change names and
> > stay the same (?) thing ?
> >
> > http://www.postfix.org
>
> Vmailer (which is now named postfix) is a secure (not so, but it claims to
> be one) drop-in replacement for sendmail. It is purely UNIX as of now, and
> is written by Wietse Venema, who is infamous for cursing Dan J. Bernstein
> (the author of qmail) about every concept he has put in qmail. You can
> read all about the bugs and design flaws in the BUGTRAQ list archives. One
> such design flaw, for example, enables a malicious local user on the MTA
> machine to delete other users' email.
hmm, I think you got that wrong. a malicious local user could cause email
that is queued not to be delivered.
while you may argue about about it's security against qmail, I don't take
that as a too serious problem, because I have very limited local shell
users but YMMV.
however, postfix does have some really nice features, it is fast, has a
easy and intuitive configuration, and all this *while maintaining
compatibility with sendmail*.
--Asher