On Monday 25 April 2005 16:44, Ronny wrote: > Yet another one please tighten up. ;-)
I chatted with Phil on these exploits, and he actually explained in detail ( which I missed because I don't know how to write anything more than helloworld.c) but in the end first of all you had to be using some pretty obscure features to trigger these exploits and none of these could actually give root access to the attacker. Secondly they were fixed within 24 hours of the release of the advisories. The other really nice thing I have found about exim is the friendliness of the author. Even before I met him in Lome and subsequent workshops, it was always easy to get responses form him once you asked questions on the exim mailing list. ANyone who has ever run qmail and had a run in with Dan Bernstein can appreciate how important this is. However the main reason I use exim in larger installations is because of ease of configuration for complex setups. Example: I had a spam problem one time while working for a certain ISP. Customers were infected with trojans and viruses and kept sending spam outbound. I needed to solve the following problems: 1. The queue kept filling up and becoming to big to be manageable. The mail server could thus be unresponsive for hours while crunching thru all this undeliverable mail that kept being deferred and thus legitimate mail could hardly be sent 2. I needed to be able to restrict relaying by BOTH ip address AND envelope sender. restricting by ip alone didn't help because it was internal users misbehaving, and using e-mail alone would not help because then anyone form anywhere could pretent to be sending from a legitimate address on my domain and abuse my service. I thus tried qmail which failed miserably. It would collapse with the loads and could not do number two. It could restrict relay by ip address OR e-mail address but not do both i.e. make sure both match BEFORE allowing relaying. I then tried postfix which had the same problems. So I tried exim. Exim most importantly could solve problem number 2 and also has a very useful way it handles queues. It has a system for freezing undeliverable messages and unfreezing them and retrying them at precalculated intervals. This helped because these frozen mesages were not on the active queue and thus did not affect delivery of legitimate mail. I could also look through the qeueue for frozen messages and delete specifically those messages that I knew were spam or even automate it using a simple bash script. I have to say that even with 100,000 messages on the queue, all my mail kept going at a steady rate and arriving instantly without requiring me to double or triple my cpu power and ram. Noah. -- Noah. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ "coffee does not make you nervous. your own inadequacies do that. coffee merely increases your perception of your own inadequacies." --Rob Austein _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
