Thank you for the explanation... :) I do have some specific config questions, but I'll read through the wiki first.
Also, is there a basic post-install walk through that shows how to configure things like log rotation, mailbox quotas, auto-updates of signatures, etc... plus what ever else is needed to set up the server for "hands free" use. Thanks again, David --- Jake Vickers <[EMAIL PROTECTED]> wrote: > Dave wrote: > > What exactly are the "licensing issues" that > prevent > > qmail from simply being folded in to the CentOS or > > Ubuntu disrabutions? > > > > I'm a little uneasy running a sevrer that requires > a > > kludge to keep automatically up to date. > > > > Also, the QM Toaster kit seems to force the use of > PHP > > and MySQL. (... Both items that are hard to > secure > > and I would rather keep off this low-volume > server.) > > > The writer of the software (Bernstein) requires that > it be distributed > as source code so that you know you're getting > EXACTLY what he wrote, > which is secure. If you read on his site, he's had a > running reward for > anyone who could find a security hole in his > software. It's never been > claimed as far as I know. I am not aware of any > security patches > released for QMail itself since the early 90's, > which means that no one > has found any. > You *COULD* give out RPMs if Bernstein gives you > permission, but I know > several people that have asked (repeatedly in some > cases) but he does > not answer any of those emails. As such, we use > patches to add > functionality to the whole affair, much as everyone > else does. Yahoo! > runs a patched version of QMail for their whole > email system, if that > gives you any reassurance to it's stability and > security. > The PHP and MySQL portions are pretty secure, and I > have not heard of > too many security problems with either. If you're > really worried, I'd > suggest bocking incoming connections on port 3306, > which will stop > outside people from accessing MySQL, and then > shutting down Apache > (httpd). It's not needed for anything if you're not > using webmail as all > of the commands can be run from the command line. > Then there's no real > need to update anything besides spamassassin or > clamav if you even > decide to use those, and then it's usually only for > updates for rules > and virus signatures. If you don't use those there's > no need to update > Toaster anymore (in theory) since the code itself > hasn't changed (even > the patches) in a long time for security reasons - > only for features. > If it's still that much of a concern you may look at > having someone else > run your email, and allow them to deal with updates > and security issues. > I (as well as several other people on this list, > like Erik) run servers > like this as part of our businesses so we try and > stay on top of all the > latest/greatest updates and patches. > Hope that helps some. > ____________________________________________________________________________________ Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
