I believe a major part of the reason why Postfix and Exim have moved to the top is because their creators/developers are open to the users. DJB likes to hangout on the lists of other MTAs to criticise them but rarely responds to criticism of qmail and other projects he runs. The exploits you note were fixed quickly and as reported on the Exim list, require the user to perform some unusual operations.
On 4/25/05, Ronny <[EMAIL PROTECTED]> wrote: > Yello ? > Just curious trying to find a good ePostman/mailer for my offsite box in > the US/UK. Does exim have these features > like ;Any number of users or domains, > virus scanning, > spam filtering > integrated webmail access > integrated WAP support > fast browser based administration tools. > And all relevant RFC protocols POP3, SMTP, IMAP4, LDAP, HTTP, TLS/SSL. > Will be glad to hear form you or Phil since you are so close to him > Thanks > But liked the bit "I thus tried qmail which failed miserably" let the > qmail guys not read this ;-) > Ronny > > > Noah Sematimba wrote: > > On Monday 25 April 2005 16:44, Ronny wrote: > > > Yet another one please tighten up. ;-) > > I chatted with Phil on these exploits, and he actually explained in detail > ( which I missed because I don't know how to write anything more than > helloworld.c) > but in the end first of all you had to be using some pretty obscure features > to trigger these exploits and none of these could actually give root access > to the attacker. > > Secondly they were fixed within 24 hours of the release of the advisories. > The > other really nice thing I have found about exim is the friendliness of the > author. Even before I met him in Lome and subsequent workshops, it was > always > easy to get responses form him once you asked questions on the exim mailing > list. ANyone who has ever run qmail and had a run in with Dan Bernstein can > appreciate how important this is. > > However the main reason I use exim in larger installations is because of > ease > of configuration for complex setups. > Example: > > I had a spam problem one time while working for a certain ISP. Customers > were > infected with trojans and viruses and kept sending spam outbound. I needed > to > solve the following problems: > > 1. The queue kept filling up and becoming to big to be manageable. The mail > server could thus be unresponsive for hours while crunching thru all this > undeliverable mail that kept being deferred and thus legitimate mail could > hardly be sent > 2. I needed to be able to restrict relaying by BOTH ip address AND envelope > sender. restricting by ip alone didn't help because it was internal users > misbehaving, and using e-mail alone would not help because then anyone form > anywhere could pretent to be sending from a legitimate address on my domain > and abuse my service. > > I thus tried qmail which failed miserably. It would collapse with the loads > and could not do number two. It could restrict relay by ip address OR e-mail > address but not do both i.e. make sure both match BEFORE allowing relaying. > > I then tried postfix which had the same problems. > > So I tried exim. Exim most importantly could solve problem number 2 and also > has a very useful way it handles queues. It has a system for freezing > undeliverable messages and unfreezing them and retrying them at > precalculated > intervals. This helped because these frozen mesages were not on the active > queue and thus did not affect delivery of legitimate mail. I could also look > through the qeueue for frozen messages and delete specifically those > messages > that I knew were spam or even automate it using a simple bash script. > > I have to say that even with 100,000 messages on the queue, all my mail > kept > going at a steady rate and arriving instantly without requiring me to double > or triple my cpu power and ram. > > Noah. > > > > -- > *************************************************************************** > / ''We can't become what we need to be by remaining what we are''\ > \ ,, ,,/ > *************************************************************************** > > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > -- JFL _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
