Re: [PLUG] Exim oops (vs Postfix?)

Rich Kulawiec via plug on 7 Sep 2019 01:03:59 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Exim oops (vs Postfix?)

From: Rich Kulawiec via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Exim oops (vs Postfix?)
Date: Sat, 7 Sep 2019 04:03:53 -0400
Reply-to: Rich Kulawiec <rsk@gsp.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/1.5.23 (2014-03-12)

On Fri, Sep 06, 2019 at 04:57:55PM -0400, JP Vossen via plug wrote:
> On 9/6/19 2:51 PM, Rich Kulawiec via plug wrote:
> >
> >1. There are use cases for postfix -- and for sendmail, exim, and courier.
> 
> I'd agree with everything but sendmail, and there are other valid choices.
> Sendmail used to be abysmal for both security and configuration. 

That's ancient history.  *Everything* was abysmal for both security
and configuration.  (See, for example, "rlogin" et.al.)

(There was also a concerted sendmail-bashing effort on Usenet a couple
of decades ago, driven by someone who wrote a competing but dysfunctional
MTA, some of whose lingering after-effects are still with us.)

> If the m4 config thing made sense 30+ years ago, it doesn't anymore for
> KISS reasons if nothing else. 

Have you configured sendmail lately?  It's not nearly as necessary
to be m4-proficient as it once was.  Oh, it certainly helps, and
anyone who's serious about being a system admin should know m4
(like awk and make and sed and other fundamental tools) but it's
quite possible to construct production-quality sendmail configurations
without it.

> You can argue a
> "significant investment in a complicated config" but I'll say it would
> be more secure, more maintainable, more extensible and better for you
> and the internet to bite the bullet and migrate to Postfix.

There are reasons to use different MTAs in different places, and I *am*
running postfix in the places where it makes sense to do so, having
bitten that bullet a very long time ago.  (As I sometimes point out,
this it not my first day on the job.)  But I'm also running sendmail
and courier in other places -- no exim at the moment, except in a test
environment.  None of them are issue-free, thanks to the persistence
and ingenuity of attackers. ;)

What would be better for the Internet would be for people running any
of these MTAs to read RFC 2142, implement it, and *pay attention* to
what they receive as a result so that when problems occur, as they
inevitably will, there's a viable mechanism for telling them.
Unfortunately, this is not the case, even at some allegedly competent
allegedly professional operations; see, for example, this recent discussion:

	really amazon?
	https://mailman.nanog.org/pipermail/nanog/2019-July/102277.html

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Exim oops
  - From: jeff via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Exim oops
  - From: Alan McConnell via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Exim oops
  - From: jeff via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Exim oops (vs Postfix?)
  - From: JP Vossen via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Exim oops (vs Postfix?)
  - From: Rich Kulawiec via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Exim oops (vs Postfix?)
  - From: JP Vossen via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] LiLu Linux "ransomware"
Next by Date: [PLUG] [plug-announce] Tue Sep 10 - PLUG North - "Apache Guacamole" by Keith Perry (7pm at CoreDial)
Previous by thread: Re: [PLUG] Exim oops (vs Postfix?)
Next by thread: [PLUG] LiLu Linux "ransomware"
Index(es):
- Date
- Thread