Am Dienstag, 10. Dezember 2002 19:22 schrieb Yves Duret: > not queueing mail means no mail written on a hard disk, wich means you > can loose mail with a machine crash..
This package is no more vulnerable to losing mail because of a machine crash than postfix is. postfix can lose mail if the machine crashes at just the right time. While I haven't specifically looked at this package... I would guess it relays the mail immediately and if there is a failure returns an error code that the MUA will pick up... On Wed, Dec 11, 2002 at 08:59:11AM +0100, Martin Fahrendorf wrote: > So, where is the avantage of this package? Nevertheless you need a > mailserver and postfix is capable of SMTP-AUTH, TLS and many more. And > postfix is known to be stable and secure. This just runs with the permissions of the user who injects the mail. Without all the other stuff that makes it need special permissions. Thus there is no possibility for this to have privilege escalation issue, worst case scenario in this case is you manage to crash the program. You can't say the same of postfix. postfix has access to things like spool files, user mailboxes, etc... If it has a single buffer overflow in it, then a user on the box could exploit that to escalate privileges. Frankly a program like this would be ideal for situations where you have a mailhub that receives inbound mail for a server... that server then uses fetchmail to download the mail and place it into a users spool. Then you use something like this program to feed outbound email into the mailhub to get queued and sent. Most end users do not need a full fledged MTA on their desktop boxes either for that matter. As soon as I get around to looking at this, I intend to stop using postfix on my desktop machines if it fits the bill (which it sure seems like it does). I looked into nullmailer a while back and wasn't really happy with it so I just kept using postfix. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org "If you're not making any mistakes, you're flat out not trying hard enough." - Jim Nichols
