Re: postfix in qmail out proftpd in pureftpd
* I found you in a search and thought you could help. I am unable to get in touch with the webmaster at qmail. If you can answer this question it would be greatly appreciated. Many thanks for your help. diane We have been receiving mail from several people being sent under different screen names and we think they are all from the same person. When checking the internet details of each mail we find same information in all of them which is the line below. Does this mean that all of the mails are originating from the same person? Does the uid 60001 signify the qmail user? Thank you for your help. Received: (qmail 77869 invoked by uid 60001); 23 Mar 2006 21:21:02 This is just an indication that the message has been processed by qmail. It can be forged easily and by itself does not provide any information regarding who actually sent the message. debian-security, the mailing list you posted to, deals with security in the Debian Operating System. This mailing list is not related to qmail in any way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: postfix in qmail out proftpd in pureftpd
I found you in a search and thought you could help. I am unable to get in touch with the webmaster at qmail. If you can answer this question it would be greatly appreciated. Many thanks for your help. diane "We have been receiving mail from several people being sent under different screen names and we think they are all from the same person. When checking the "internet details" of each mail we find same information in all of them which isthe line below. Does this mean that all of the mails are originating from the same person? Does the "uid 60001" signify the qmail user? Thank you for your help. Received: (qmail 77869 invoked by uid 60001); 23 Mar 2006 21:21:02"
Re: postfix in qmail out proftpd in pureftpd
Hi, Dorneles Treméa écrivait : This is just 'more wood into fire'[1], but take a look at: http://www.geocrawler.com/mail/msg.php3?msg_id=9506623list=513 Just looks like: oh yes, they are rules (say RFC) telling we should drive on the right side of the road, but I discovered that for some Good Reasons (TM), it's better to drive on the left side! So let's do it, invite other people to do it with us, but never tell them what problem they could face. I just *hate* people of that kind... (those telling let's do it against the rules, not those driving on the left side by their country rules ;)) Creating a new protocol can be a Good Thing (TM again), as long as it doesn't disturb existing ones and it is *well* documented. J.C. msg07300/pgp0.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
Hi, Dorneles Treméa écrivait : This is just 'more wood into fire'[1], but take a look at: http://www.geocrawler.com/mail/msg.php3?msg_id=9506623list=513 Just looks like: oh yes, they are rules (say RFC) telling we should drive on the right side of the road, but I discovered that for some Good Reasons (TM), it's better to drive on the left side! So let's do it, invite other people to do it with us, but never tell them what problem they could face. I just *hate* people of that kind... (those telling let's do it against the rules, not those driving on the left side by their country rules ;)) Creating a new protocol can be a Good Thing (TM again), as long as it doesn't disturb existing ones and it is *well* documented. J.C. pgpOKg6foNMru.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
Hi people, http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html waaa... thanks a lot for those informations :-) perhaps you know a qmailadmin for postfix? (i searched a lot and find none, like for your qmail-bugs file :-P) wait a moment! This is just 'more wood into fire'[1], but take a look at: http://www.geocrawler.com/mail/msg.php3?msg_id=9506623list=513 :-) [1] Sorry, it's a brazilian expression... Can someone send me a decent translation with same sense? []'s -- Dorneles Treméa Caxias do Sul - RS - Brasil +55 54 9114 9312 - UIN: 2413568 X3ng Web Technology http://www.x3ng.com.br -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/IT d- s:-: a23 C+++ UBL$ P--- L++ E-- W+++ N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+ tv+ b(++) DI+ D++ G e++ h r+++ y+++** --END GEEK CODE BLOCK-- msg07266/pgp0.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
Hi people, http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html waaa... thanks a lot for those informations :-) perhaps you know a qmailadmin for postfix? (i searched a lot and find none, like for your qmail-bugs file :-P) wait a moment! This is just 'more wood into fire'[1], but take a look at: http://www.geocrawler.com/mail/msg.php3?msg_id=9506623list=513 :-) [1] Sorry, it's a brazilian expression... Can someone send me a decent translation with same sense? []'s -- Dorneles Treméa Caxias do Sul - RS - Brasil +55 54 9114 9312 - UIN: 2413568 X3ng Web Technology http://www.x3ng.com.br -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/IT d- s:-: a23 C+++ UBL$ P--- L++ E-- W+++ N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+ tv+ b(++) DI+ D++ G e++ h r+++ y+++** --END GEEK CODE BLOCK-- pgpeoQXLSUFSb.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
On Wed, 2002-10-02 at 18:19, WebMaster wrote: there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) Speaking as one of the core team for ProFTPD I'd welcome another ftpd in the distribution. I feel that picking to and sticking to a single daemon for a given service is one of the failings of the more commercial distros. However sweeping statements about security are rarely helpful and just as rarely accurate. Mark Lowes -- The Flying Hamster [EMAIL PROTECTED] http://www.korenwolf.net/ Time is an illusion perpetrated by the manufacturers of space! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
WebMaster wrote: (pureftpd is more secure than proftpd) it s because we can read on pureftpd.org: the number of root exploits found since the very first released version is zero we can t read things like that on postfix.org and proftpd.org You definitly need to check out vsftpd then. It's got very secure it it's _name_, so it must be secure! -- see shy jo, who finds it a find and well-designed ftp server nontheless pgpoRVY4GwurI.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
hello Joey, You definitly need to check out vsftpd then. It's got very secure it it's _name_, so it must be secure! good joke :-) i do not just read what is written on web sites... is openbsd a secure distrib? there is one alternative to proftpd in this distrib: pureftpd! ;-) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
hello Bastian, http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html waaa... thanks a lot for those informations :-) perhaps you know a qmailadmin for postfix? (i searched a lot and find none, like for your qmail-bugs file :-P) thanks in advance Ivan Rambeau FranceOnLine
postfix in qmail out proftpd in pureftpd
hello, when i posted this question to debian-user-french i had no (good) answers. perhaps somebody here could explain me why: there is a .deb for postfix and not for qmail? (qmail is more secure than postfix) there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) thanx in advance for your answers ;-) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
Ivan, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. The .debs can be found at http://smarden.org/pape/Debian I don't know about pureftpd so can't comment. =) Regards. Kourosh On Wed, Oct 02, 2002 at 07:19:50PM +0200, WebMaster wrote: hello, when i posted this question to debian-user-french i had no (good) answers. perhaps somebody here could explain me why: there is a .deb for postfix and not for qmail? (qmail is more secure than postfix) there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) thanx in advance for your answers ;-) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
WebMaster wrote: hello, when i posted this question to debian-user-french i had no (good) answers. perhaps somebody here could explain me why: there is a .deb for postfix and not for qmail? The license, or lack thereof does not allow binary redistribution which alters the way qmail is installed via source. Thus there are source packages of qmail which work just fine. (qmail is more secure than postfix) That is false. Please do not propagate that myth. Qmail can most certainly be installed in an insecure or poor manner. there is a .deb for proftpd and not for pureftpd? Many people have started to create debs for pureftpd (myself included) and for one reason or another stopped. I believe there are .debs for it, they are just not in the main debian archives. check the pureftpd website. (pureftpd is more secure than proftpd) Blanket statements such as this are generally worthless. -David Ulevitch (a happy qmail and pureftpd user all add) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote: hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) google - debian dfsg Jesse -- Jesus Climent | Unix System Admin | Helsinki, Finland. web: www.hispalinux.es/~data/ | pumuki.hispalinux.es -- Please, encrypt mail sent to me: GnuPG ID: 86946D69 FP: BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69 -- Registered Linux user #66350 Debian 3.0 Linux 2.4.20 Look at my fingers: four stones, four crates. Zero stones? ZERO CRATES! --Zorg (The Fifth Element) msg07157/pgp0.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 19:19, WebMaster wrote: there is a .deb for postfix and not for qmail? djb knows it better then the rest of the globe so you may not redistribute binaries of his free/open sw. you have this package that migh help you: qmail-src - Source only package for building qmail binary package (qmail is more secure than postfix) ... (pureftpd is more secure than proftpd) bah! (c)Dogbert - -- Unix IS user friendly...It's just selective about who its friends are. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mzIOEyTmlrVpUvwRAibHAJ9xTvyHhWWOBc9EQRIVXpmv0rVCgwCghNbw dKrzuNMhvIFgIw879GP6t0s= =wXVX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote: hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) Ivan Rambeau FranceOnLine On the first page there is a link to a page that talks about why there are no official .deb packages. Apparently DJB, the author of qmail and other tools, has a license that doesn't allow distribution of modified packages. Since the software DJB writes doesn't adhere to the FHS, i.e. certain files are kept in places other than where the FHS would put them, the software can't be distributed as an official .deb. That's my understanding of it. There have been numerous discussions about this on the qmail lists and other places and I'm sure if you did a Google search you'll probably find plenty of them. For more qmail info, inlcuding links to the .deb page, go to www.qmail.org. Regards. Kourosh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
thanks a lot for all your answers ;-) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
so to you a reward is proof of security ? :-] lol, of course not :-P (i searched vulnerabilies and exploits and fine none) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
Hello withoutrealname, WebMaster wrote: well, the software is just about one year old, right? so there probably aren't a lot of people who use it, so there aren't lot of attacks. just wait one and two years and there probably will be some bugs. no qmail... i was talking about pureftpd. qmail itself perhaps had no securityproblems, but other programs, e.g. vpopmail or vchkpw. Regards, Ralf Dreibrodt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In message [EMAIL PROTECTED], Ralf Dreibrodt writes: Hello withoutrealname, WebMaster wrote: well, the software is just about one year old, right? so there probably aren't a lot of people who use it, so there aren't lot of attacks. just wait one and two years and there probably will be some bugs. qmail... i was talking about pureftpd. qmail itself perhaps had no securityproblems, but other programs, e.g. vpopmail or vchkpw. Excatly. IMHO, qmail has avoided many security bugs because it's feature-poor. Many new features that are provided as standard in other mail servers are unsupported patches to stock qmail. Thus qmail avoids some of the holes that appear in other servers because they are adding features instead of standing still. However, the underlying design concepts of qmail are quite solid, which is why postfix uses a similar architecture. That said, they're both very good mail servers, just with slightly different focuses. - -- Ted Cabeen http://www.pobox.com/~secabeen[EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] I have taken all knowledge to be my province. -F. Bacon [EMAIL PROTECTED] Human kind cannot bear very much reality.-T.S.Eliot[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE9m1ReoayJfLoDSdIRApKZAJwP9KqBuiOq691o50sb5nPt2wL/OgCbBdh7 RdHnc1K6kY9Jbu6NRxjx4yk= =U9Vc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
On Wednesday, 02 October 2002, at 19:19:50 +0200, WebMaster wrote: there is a .deb for postfix and not for qmail? (qmail is more secure than postfix) Redistribution terms for qmail prevent it from being packaged in binary form whenever the binary is not the exact result of a compilation from the original sources the author releases. You can't change the resulting binary in any form or shape, but you can't modify the layout of files on the filesystem neither. The Debian Policy says some things must go somewhere, so qmail is not available as a .deb as a precompiled binary. BUT you can get it officially from non-free: apt-get install qmail-src And compile it and create the resulting debianized .deb with just: build-qmail and a couple of simple answers to simple questions. The same goes for ucspi-tcp, djbdns and daemontools, all from Daniel J. Bernstein, if memory serves. there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) There are no official pureftpd packages for a very simple reason: nobody took the software and made a Debian package from it, taking responsibility for it, its releases, bugs, complaints, updates, etc. That is, a nice pureftpd software looks for a Debian maintainer still not under loads of work, for a long, stable, relationship :-) Hope to be right :) -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
On Wednesday, 02 October 2002, at 20:21:26 +0200, jernej horvat wrote: so to you a reward is proof of security ? :-] At least not for me. But a reward offered 5 years ago that not only hasn't been awarded, but even has not even been asked for, maybe is a proof of a piece of software without grave bugs in 5 years. Facts are facts, opinions are worthless ;-) PS: flames no, please, if you would like DJB burn in an eternal flame, please choose a better place to vent. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote: On Wednesday, 02 October 2002, at 20:21:26 +0200, jernej horvat wrote: so to you a reward is proof of security ? :-] At least not for me. But a reward offered 5 years ago that not only hasn't been awarded, but even has not even been asked for, maybe is a proof of a piece of software without grave bugs in 5 years. http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html bastian -- Captain's Log, star date 21:34.5... msg07175/pgp0.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
hello Joey, You definitly need to check out vsftpd then. It's got very secure it it's _name_, so it must be secure! good joke :-) i do not just read what is written on web sites... is openbsd a secure distrib? there is one alternative to proftpd in this distrib: pureftpd! ;-) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
hello Bastian, http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html waaa... thanks a lot for those informations :-) perhaps you know a qmailadmin for postfix? (i searched a lot and find none, like for your qmail-bugs file :-P) thanks in advance Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
postfix in qmail out proftpd in pureftpd
hello, when i posted this question to debian-user-french i had no (good) answers. perhaps somebody here could explain me why: there is a .deb for postfix and not for qmail? (qmail is more secure than postfix) there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) thanx in advance for your answers ;-) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
WebMaster wrote: hello, when i posted this question to debian-user-french i had no (good) answers. perhaps somebody here could explain me why: there is a .deb for postfix and not for qmail? The license, or lack thereof does not allow binary redistribution which alters the way qmail is installed via source. Thus there are source packages of qmail which work just fine. (qmail is more secure than postfix) That is false. Please do not propagate that myth. Qmail can most certainly be installed in an insecure or poor manner. there is a .deb for proftpd and not for pureftpd? Many people have started to create debs for pureftpd (myself included) and for one reason or another stopped. I believe there are .debs for it, they are just not in the main debian archives. check the pureftpd website. (pureftpd is more secure than proftpd) Blanket statements such as this are generally worthless. -David Ulevitch (a happy qmail and pureftpd user all add)
Re: postfix in qmail out proftpd in pureftpd
hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote: hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) google - debian dfsg Jesse -- Jesus Climent | Unix System Admin | Helsinki, Finland. web: www.hispalinux.es/~data/ | pumuki.hispalinux.es -- Please, encrypt mail sent to me: GnuPG ID: 86946D69 FP: BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69 -- Registered Linux user #66350 Debian 3.0 Linux 2.4.20 Look at my fingers: four stones, four crates. Zero stones? ZERO CRATES! --Zorg (The Fifth Element) pgpAqF5QIh33H.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 19:19, WebMaster wrote: there is a .deb for postfix and not for qmail? djb knows it better then the rest of the globe so you may not redistribute binaries of his free/open sw. you have this package that migh help you: qmail-src - Source only package for building qmail binary package (qmail is more secure than postfix) ... (pureftpd is more secure than proftpd) bah! (c)Dogbert - -- Unix IS user friendly...It's just selective about who its friends are. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mzIOEyTmlrVpUvwRAibHAJ9xTvyHhWWOBc9EQRIVXpmv0rVCgwCghNbw dKrzuNMhvIFgIw879GP6t0s= =wXVX -END PGP SIGNATURE-
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote: hello Kourosh, There are .debs for qmail. The debs are not official because qmail apparently doesn't adhere to Debain Policy. what do you mean by debian policy? (under gnu/gpl?) Ivan Rambeau FranceOnLine On the first page there is a link to a page that talks about why there are no official .deb packages. Apparently DJB, the author of qmail and other tools, has a license that doesn't allow distribution of modified packages. Since the software DJB writes doesn't adhere to the FHS, i.e. certain files are kept in places other than where the FHS would put them, the software can't be distributed as an official .deb. That's my understanding of it. There have been numerous discussions about this on the qmail lists and other places and I'm sure if you did a Google search you'll probably find plenty of them. For more qmail info, inlcuding links to the .deb page, go to www.qmail.org. Regards. Kourosh
Re: postfix in qmail out proftpd in pureftpd
hello David, if i wrote this: (qmail is more secure than postfix) it s because we can read on qmail.org: In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail... My offer still stands. Nobody has found any security holes in qmail. and this: (pureftpd is more secure than proftpd) it s because we can read on pureftpd.org: the number of root exploits found since the very first released version is zero we can t read things like that on postfix.org and proftpd.org :-P
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote: In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail... My offer still stands. Nobody has found any security holes in qmail. snip it s because we can read on pureftpd.org: the number of root exploits found since the very first released version is zero we can t read things like that on postfix.org and proftpd.org If your criteria for judging the security of a piece of software are based solely on what you read on the web sites distributing that software, then why aren't you running OpenBSD? After all, they have on their web page One remote hole in the default install, in nearly 6 years!, and Debian does not have that. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpG8zG464ror.pgp Description: PGP signature
Re: postfix in qmail out proftpd in pureftpd
thanks a lot for all your answers ;-) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
so to you a reward is proof of security ? :-] lol, of course not :-P (i searched vulnerabilies and exploits and fine none) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
hello Ralf, well, the software is just about one year old, right? so there probably aren't a lot of people who use it, so there aren't lot of attacks. just wait one and two years and there probably will be some bugs. no As of October 2001, more than 70 reachable IP addresses are running qmail as their SMTP server qmail was born in 1996, two years before postfix ;-) Ivan Rambeau FranceOnLine
Re: postfix in qmail out proftpd in pureftpd
Hello withoutrealname, WebMaster wrote: well, the software is just about one year old, right? so there probably aren't a lot of people who use it, so there aren't lot of attacks. just wait one and two years and there probably will be some bugs. no qmail... i was talking about pureftpd. qmail itself perhaps had no securityproblems, but other programs, e.g. vpopmail or vchkpw. Regards, Ralf Dreibrodt
Re: postfix in qmail out proftpd in pureftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In message [EMAIL PROTECTED], Ralf Dreibrodt writes: Hello withoutrealname, WebMaster wrote: well, the software is just about one year old, right? so there probably aren't a lot of people who use it, so there aren't lot of attacks. just wait one and two years and there probably will be some bugs. qmail... i was talking about pureftpd. qmail itself perhaps had no securityproblems, but other programs, e.g. vpopmail or vchkpw. Excatly. IMHO, qmail has avoided many security bugs because it's feature-poor. Many new features that are provided as standard in other mail servers are unsupported patches to stock qmail. Thus qmail avoids some of the holes that appear in other servers because they are adding features instead of standing still. However, the underlying design concepts of qmail are quite solid, which is why postfix uses a similar architecture. That said, they're both very good mail servers, just with slightly different focuses. - -- Ted Cabeen http://www.pobox.com/~secabeen[EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] I have taken all knowledge to be my province. -F. Bacon [EMAIL PROTECTED] Human kind cannot bear very much reality.-T.S.Eliot[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE9m1ReoayJfLoDSdIRApKZAJwP9KqBuiOq691o50sb5nPt2wL/OgCbBdh7 RdHnc1K6kY9Jbu6NRxjx4yk= =U9Vc -END PGP SIGNATURE-
Re: postfix in qmail out proftpd in pureftpd
On Wednesday, 02 October 2002, at 19:19:50 +0200, WebMaster wrote: there is a .deb for postfix and not for qmail? (qmail is more secure than postfix) Redistribution terms for qmail prevent it from being packaged in binary form whenever the binary is not the exact result of a compilation from the original sources the author releases. You can't change the resulting binary in any form or shape, but you can't modify the layout of files on the filesystem neither. The Debian Policy says some things must go somewhere, so qmail is not available as a .deb as a precompiled binary. BUT you can get it officially from non-free: apt-get install qmail-src And compile it and create the resulting debianized .deb with just: build-qmail and a couple of simple answers to simple questions. The same goes for ucspi-tcp, djbdns and daemontools, all from Daniel J. Bernstein, if memory serves. there is a .deb for proftpd and not for pureftpd? (pureftpd is more secure than proftpd) There are no official pureftpd packages for a very simple reason: nobody took the software and made a Debian package from it, taking responsibility for it, its releases, bugs, complaints, updates, etc. That is, a nice pureftpd software looks for a Debian maintainer still not under loads of work, for a long, stable, relationship :-) Hope to be right :) -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
Re: postfix in qmail out proftpd in pureftpd
On Wednesday, 02 October 2002, at 20:21:26 +0200, jernej horvat wrote: so to you a reward is proof of security ? :-] At least not for me. But a reward offered 5 years ago that not only hasn't been awarded, but even has not even been asked for, maybe is a proof of a piece of software without grave bugs in 5 years. Facts are facts, opinions are worthless ;-) PS: flames no, please, if you would like DJB burn in an eternal flame, please choose a better place to vent. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
Re: postfix in qmail out proftpd in pureftpd
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote: On Wednesday, 02 October 2002, at 20:21:26 +0200, jernej horvat wrote: so to you a reward is proof of security ? :-] At least not for me. But a reward offered 5 years ago that not only hasn't been awarded, but even has not even been asked for, maybe is a proof of a piece of software without grave bugs in 5 years. http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html bastian -- Captain's Log, star date 21:34.5... pgpykBLSL2S0m.pgp Description: PGP signature