Marc Dirix wrote: >> Being a newer package it doesn't have any or as many inherited >> vulnerabilities from old versions. > > That's odd, one would think a old package has had the maximum amount of > debugging and vulnerabilities patched. New code, new bugs.
It's not the /new/ that's making postfix more secure, but the cumulated wisdom of years of security research leading to a very different design. Wietse Venema, who wrote postfix with the explicit intent to build a *secure* replacement for sendmail, has a very impressive track-record in the security field. He is the guy who wrote tcp-wrappers (/etc/hosts.allow and friends), and scared the bejeezers out of half the sysadmins in the world with the first opensource security scanners (satan) he co-authored back in the early nineties. And that's just his two most famous projects from before postfix. -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl