* Ask Bjoern Hansen ([EMAIL PROTECTED]) wrote : > On Wed, 2 Jul 2003, James Duncan Davidson wrote: > > > By changing their id after they launch as root. setuid. Pretty common > > thing to do. See man setuid. > > With qmail it's even more separated. There's a small program that > opens the port and then drops root. The smtpd itself never has any > special access. > > The qmail mail system is one of the most beautiful pieces of > software around; making another mail system without looking at qmail > carefully is silly. > To some extent I'd agree. However, there is a distinct lack of defensive programming in qmail *itself*. So while the security aspects are totally laudable, and there are definitely a lot of good ideas, you shouldn't go looking at qmail as the be all and end all of mail servers. (For people wanting specific pointers, /var/qmail/queue/lock/trigger is an accident waiting to happen; and we've seen qmail-send just silently stop delivering mail a few times. Also, having individual mails tied to inodes is an absolute nightmare for disaster recovery. Oh, and the way the remote queues can get hung up waiting because a site has fallen off the net is a pain. (Yes, I can keep going like this for some time ;-) )) And the fact it isn't Free really really bugs me. Mind you, we do run qmail on ~300 servers, so I guess we are a limit case for seeing qmail break in weird and wonderful ways. So I guess this email is "take all the paranoia from qmail you can, but then look at postfix too." :-) Cheers -Thom
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
