On 30 November 2007, Geoff Steckel <[EMAIL PROTECTED]> wrote: > Liviu Daia wrote: > > On 30 November 2007, Amarendra Godbole <[EMAIL PROTECTED]> > > wrote: > >> Please note that postfix does not undergo the rigorous code scrub > >> that sendmail goes through. > > [...] > > > > Will you please cut the crap? Thank you. > > > > Unlike Sendmail, Postfix was written from scratch with security > > in mind. It had only one published security flaw since its first > > public release in 1998. The author, Wietse Venema, is also the > > author of SATAN and tcpwrappers. He knew one or two things about > > writing secure code long before OpenBSD came into existence. The > > objections people occasionally have against Postfix are related to > > its license, not the code quality. > > I have seen several installations of Postfix go catatonic due to > spam overload, large messages, mailing list expansions, and other > undiagnosed problems. These were run by Postfix lovers, so I have > always assumed that the installation was correct. In the one case I > saw tested replacing Postfix with Sendmail resulted in no further > problems. > > Given this anecdotal history I would suggest not running Postfix in a > large production environment.
Well, the point I was trying to make was about Postfix code being audited. But since I'm never the man to turn down a pissing contest, here we go: I have seen several installations of Sendmail go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Sendmail lovers, so I have always assumed that the installation was correct. In the many cases I saw tested replacing Sendmail with Postfix resulted in no further problems. Given this anecdotal history I would suggest not running Sendmail in a large production environment. A story just as valid as yours. :) Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia