It seems it is easy to give all guaranties on a product like qmail or others
(read first the gpl !!! or others commercial products licenses, you will see
what i mean).
In fact, any developer does it maximum to maintain a 'bug' or 'hole' free
program and enhance it as does Davide.
It is the 'responsability' of users to feedback problems he detects and if
possible corrections, and more there are and more can be 'stable' or bug
free a program !!!
So i (and i suppose all others current Xmail users) encourage you to install
and test Xmail as i actually does on a "test" server and use also the
add-on's developped by other users to test them !!
As a result of my tests, i will soon switch our current mail server to
XMail. I did not find any fonctionnal problem, just some start configuration
problem at this time.
So test and feedback (even with qmail) !!!
Francis
-----Message d'origine-----
De : Davide Libenzi [mailto:[EMAIL PROTECTED]]
Envoyé : lundi 19 février 2001 18:17
À : [EMAIL PROTECTED]
Cc : XMail Mailing list
Objet : Re: [xmail] Is xmail ready for production use ?
On 19-Feb-2001 [EMAIL PROTECTED] wrote:
> qmail author give some guaranties about security, sendmail is known as
badly
> secured but main
> linux distributions dont forgive it (same for bind)...
> Is your code was audited specifically for security ? ( carefully checked i
> mean )
SecurityFocus has reviwed XMail finding a buffer overflow attack point in
0.58,
that was fixed two hours later by issuing 0.59.
The current version ( fixed in 0.68 ) has a possible buffer overflow in CTRL
server, but before to attack the buffer, You've to be logged in :)
The new version has a byte range checking for commands that block ( by
dropping
the connection ) hacker attacks if sent bytes are out of RFC char range.
>> About help, yes i like to have the tools section of XMail filled of
useful
>> tools ( configurators, installers, external modules, ... ), that are what
>> makes
>> a mail server more usable.
>
> I think i'll give a try to xmail, so if i found some external tools are
> needed, i will develop them.
> Do u have any orientation about languages to use or not to use ? ( i think
> about Perl/C/C++ with portability thinking )
> Since xmail run on NT/Unix, using VB restrict tools to NT, perhaps a
warning
> about this should appear somewhere.
Use the language you feel more confortable with, it's up to you.
Maybe C/C++ ( if written in portable way ), Perl and Tcl are pretty portable
with recompilation ( C, C++ ) or with the installation of interpreters (
Perl
and Tcl are available for both Unix and Win32 ).
- Davide
