qmail or postfix?

Andres Perera andres.p at zoho.com
Wed Feb 2 04:37:16 UTC 2011

On Tue, Feb 1, 2011 at 11:26 PM, Jarrod Slick <jarrod at e-sensibility.com> wrote:
> Calling qmail more secure is pretty much just echoing conjecture at this
> point.  Sure, it was designed to be secure (years and years ago) and the
> original author even held a contest with a monetary reward for anyone who
> could find a vulnerability -- that said, AFAIK that person no longer
> maintains the project.  It requires lots of third party patches to be as
> functional as postfix, so to what extent these patches counteract the
> original coder's (apparent) secure coding practices is open to debate.

that would be besides the point. having the ability to patch up freebsd doesn't
grant me the authority of claiming that my work is the official version, or
atleast doesn't guarantee that i'll have an audience for my claim

> If you know of any specific problems with postfix that would substantiate
> your claim I encourage you to inform the project's maintainers.  From
> personal experience I can say that I've run a postfix config for years
> without problems.  Also, in most networks I don't think the MTA is a very
> prominent attack vector; people are probably much more likely to get in
> through that old wordpress installation you've been meaning to upgrade for 6
> months (for instance).

you seem to be confused by what i posted

i don't have an explicit example (e.g., buffer overflow) to show that qmail is
more secure. it has to do with the design principles of each and how the system
is layed out. while it's true that postfix is partitioned, qmail goes a little
further than that by taking a big dump on libc

that's not to say that postfix is inherently insecure

More information about the freebsd-questions mailing list