[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New free secure open source IBM mailer aka Vmailer aka Postfix



On Thu, 24 Dec 1998, Shachar Tal wrote:

> Hi,
> On Thu, 24 Dec 1998, Peter L. Peres wrote:
> 
> > 
> > Is this a Chameleon ? How many times can an email program change names and
> > stay the same (?) thing ?
> > 
> > http://www.postfix.org
> 
> Vmailer (which is now named postfix) is a secure (not so, but it claims to
> be one) drop-in replacement for sendmail. It is purely UNIX as of now, and
> is written by Wietse Venema, who is infamous for cursing Dan J. Bernstein
> (the author of qmail) about every concept he has put in qmail. You can
> read all about the bugs and design flaws in the BUGTRAQ list archives. One
> such design flaw, for example, enables a malicious local user on the MTA
> machine to delete other users' email. 
hmm, I think you got that wrong. a malicious local user could cause email
that is queued not to be delivered.

while you may argue about about it's security against qmail, I don't take
that as a too serious problem, because I have very limited local shell
users but YMMV. 
however, postfix does have some really nice features, it is fast, has a
easy and intuitive configuration, and all this *while maintaining
compatibility with sendmail*.

--Asher