In message <[EMAIL PROTECTED]>, jon schatz write s: > On Tue, 2001-12-11 at 13:17, Ryan M Harris wrote: > > What are the specific problems with security on exim/postfix? > > the big problem that djb rants about is the world writable mail drop > directory. djb's take can be found here: > > http://cr.yp.to/maildisasters/postfix.html > > wietse's take is here: > > http://www.postfix.org/security.html >
This can be overcome by using a local MTA, such as Courier Maildrop, that uses DJB's Maildir. This should take care of DJB's objections. I have mostly duplicated Robin Whittle's setup: http://www.firstpr.com.au/web-mail/RH71-Postfix-Courier-Maildrop-IMAP/ and I suggest you read this through if you want to use Postfix, and also Ralf Hildebrandt's Postfix stuff (don't be put off by the HP-UX stuff -- the configs are platform-independent): http://www.stahl.bau.tu-bs.de/~hildeb/postfix/ I've set up Sendmail, qmail, and Postfix, all from scratch, and let me tell ya, they all involve about the same time to get off the ground, but Postfix is so much easier to reconfigure once you do have it running. Postfix, with Courier Maildrop, and Courier IMAP/POP3 on RedHat 7.2 is what I'm running right now, with great success. In the last couple of weeks, there were patches to Postfix released that fixed a DoS vulnerability. Cheers, --Dave
