Am Mittwoch, 28. August 2019, 10:12:36 CEST schrieb Viktor Dukhovni via Exim- users: > So the key architectural difference is that Postfix is not > a single monolithic program, but a collection of programs > that handle various aspects of message processing. Monolithic > programs are more difficult to secure. No.
The "regular" EXIM setup includes the building from sources after Your customized configuration what to build into that monolith. While exim potentially offers a large amount of features and interfaces, in practice only a few of them are required in a typical setup and if you build "your" Exim byself, only these code/functionality is part of the monolith. This allows to minimize the amount and surface of any security related access vectors. But even if you use pre-built binaries with "the most options active" there is no real difference between monolithic or multilithic MTAs regarding security, because most emails are processed by multiple / all "similiar" parts just over multiple binaries/processes (which typically are not really "more secured" against each other). Just parts of "process- communication" is "just" external - i.e. over sockets. And even with exim you get multiple binaries for different administrative tasks. That the most Linux distros today prefer (or based on) binary distribution (and the most (end-)users use that way for installation of their exim) is another topic... just my .02$ niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
