JP Vossen via plug on 6 Sep 2019 13:58:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Exim oops (vs Postfix?)

On 9/6/19 2:51 PM, Rich Kulawiec via plug wrote:
On Fri, Sep 06, 2019 at 12:45:50PM -0400, JP Vossen via plug wrote:
What I'd like to know is why anyone would ever use anything other than

1. There are use cases for postfix -- and for sendmail, exim, and courier.

I'd agree with everything but sendmail, and there are other valid choices. Sendmail used to be abysmal for both security and configuration. If the m4 config thing made sense 30+ years ago, it doesn't anymore for KISS reasons if nothing else. It is a hell of a lot better than it used to be, but there's still no *good* reason to use it. You can argue a "significant investment in a complicated config" but I'll say it would be more secure, more maintainable, more extensible and better for you and the internet to bite the bullet and migrate to Postfix.

2. Appropriately configuring an MTA in the contemporary environment requires
far more knowledge and experience than it did 20 years ago.  One of the
factors to consider is the likelihood of success based on the expertise
of the person doing the work.  In other words, even if MTA X was the
supposed "best" choice based on objective criteria, a person who has
vastly more experience with MTA Y might be better off (and *we* might
be better off) deploying MTA Y.

That's a good point, I agree.

3. Exim is a good choice for people who are working their way up the
learning curve and lack significant MTA experience.  See previous point.

There I disagree. Exim has a much worse security record than Postfix, and thus Exim is much more likely to come to a bad end, especially for newbies. Postfix looks more complicated, because it's all segmented. But the practical reality is that's more secure and the *config* is still... Well, I can't really say "simple" due to #2, but it's...not all that bad.

4. There are operations with significant expertise and significant
investments in MTAs other than postfix.  Some of those are quite solid
and there's simply no good reason to migrate them.  (Conversely, there
are operations which quite clearly lack expertise, and in such cases,
it really doesn't matter which MTA they're running: they're going to
pose problems for the rest of us.)

Again, a good point.  I was generalizing for this list.

5. MTA monocultures are not a particularly good idea.  A pointed lesson
in that was taught on November 2, 1988.

Yup, I agree. I'd even say all or at least most monoculture is bad. But I'm not worried about it, no matter how much *I* think everyone should use Postfix, there is zero chance everyone will. :-)

--  -------------------------------------------------------------------
JP Vossen, CISSP | |
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --