Rich Kulawiec via plug on 7 Sep 2019 01:03:59 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Exim oops (vs Postfix?)

On Fri, Sep 06, 2019 at 04:57:55PM -0400, JP Vossen via plug wrote:
> On 9/6/19 2:51 PM, Rich Kulawiec via plug wrote:
> >
> >1. There are use cases for postfix -- and for sendmail, exim, and courier.
> I'd agree with everything but sendmail, and there are other valid choices.
> Sendmail used to be abysmal for both security and configuration. 

That's ancient history.  *Everything* was abysmal for both security
and configuration.  (See, for example, "rlogin"

(There was also a concerted sendmail-bashing effort on Usenet a couple
of decades ago, driven by someone who wrote a competing but dysfunctional
MTA, some of whose lingering after-effects are still with us.)

> If the m4 config thing made sense 30+ years ago, it doesn't anymore for
> KISS reasons if nothing else. 

Have you configured sendmail lately?  It's not nearly as necessary
to be m4-proficient as it once was.  Oh, it certainly helps, and
anyone who's serious about being a system admin should know m4
(like awk and make and sed and other fundamental tools) but it's
quite possible to construct production-quality sendmail configurations
without it.

> You can argue a
> "significant investment in a complicated config" but I'll say it would
> be more secure, more maintainable, more extensible and better for you
> and the internet to bite the bullet and migrate to Postfix.

There are reasons to use different MTAs in different places, and I *am*
running postfix in the places where it makes sense to do so, having
bitten that bullet a very long time ago.  (As I sometimes point out,
this it not my first day on the job.)  But I'm also running sendmail
and courier in other places -- no exim at the moment, except in a test
environment.  None of them are issue-free, thanks to the persistence
and ingenuity of attackers. ;)

What would be better for the Internet would be for people running any
of these MTAs to read RFC 2142, implement it, and *pay attention* to
what they receive as a result so that when problems occur, as they
inevitably will, there's a viable mechanism for telling them.
Unfortunately, this is not the case, even at some allegedly competent
allegedly professional operations; see, for example, this recent discussion:

	really amazon?

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --