Mircea MITU wrote:
You're right, those are silly reasons. But I, for one, I see two major reasons to make this switch, from sendmail to postfix as the MTA of choice:
- SANS Top Vulnerabilities, U5. Mail Transport Service
- The very first thing done by the almost all the people I know after a
RH/Fedora install, is rpm -e sendmail
I really wonder how many subscribers are still using Sendmail.
For the record, I do. I see no reason I should switch to something else.
-- Nils O. Selåsdal www.utelsystems.com
Nils O. Selåsdal wrote:
Mircea MITU wrote:
You're right, those are silly reasons. But I, for one, I see two major reasons to make this switch, from sendmail to postfix as the MTA of choice:
- SANS Top Vulnerabilities, U5. Mail Transport Service
- The very first thing done by the almost all the people I know after a
RH/Fedora install, is rpm -e sendmail
I really wonder how many subscribers are still using Sendmail.
It's a very well known variable these days, and still is the reference implementation. I don't like sendmail myself, but postfix is pretty complex as well.
For the record, I do. I see no reason I should switch to something else.
-- Nils O. Selåsdal www.utelsystems.com
On 2004-11-02 (Tuesday) 04:48, Z wrote:
I don't like sendmail myself, but postfix is pretty complex as well.
Not that complex. I spent about a week to get sendmail working almost the way I wanted it to. With postfix I can make much more complicated things in a few hours (and it's not only me)... I want to mention that postfix's security record is much better, it is faster and eats less resources too!
On Sat, 2004-11-06 at 00:19, Doncho N. Gunchev wrote:
On 2004-11-02 (Tuesday) 04:48, Z wrote:
I don't like sendmail myself, but postfix is pretty complex as well.
Not that complex. I spent about a week to get sendmail working
almost the way I wanted it to. With postfix I can make much more complicated things in a few hours (and it's not only me)...
Because you know Postfix, and don't know sendmail. With m4 sendmail is not so difficult to configure.
I want to mention that postfix's security record is much better,
Not true.
Just look to the past two years.
The historical security record of sendmail is poor, but to compare it with the security record of tools that does not even exists when those security holes appeared is not fair.
Of course if I code tomorrow "foomail" will have a better security record than Postfix.
it is faster and eats less resources too
Did you benchmarked this, or are those simply your intuitions ?
I readed third party benchmarks of sendmail vs Postfix vs Qmail, and Postfix had the worst results.
I also readed benchmarks from Postfix advocates and Postfix had the best results. You can find this benchmark in lots of Postfix sites, the same benchmark I mean.
But well, what I'd like to ask is: What's wrong with current fedora's MTA management ?
You can use Postfix, you can use sendmail, you can switch betwen them ... What's the problem then ?
Are you advocating to delete sendmail ??
Are you proposing any other MTA management scheme better than current fedora's one ?
If you'll not do it, this thread is simply a waste of time.
Le samedi 06 novembre 2004 à 13:08 +0100, Iago Rubio a écrit :
On Sat, 2004-11-06 at 00:19, Doncho N. Gunchev wrote:
On 2004-11-02 (Tuesday) 04:48, Z wrote:
I don't like sendmail myself, but postfix is pretty complex as well.
Not that complex. I spent about a week to get sendmail working
almost the way I wanted it to. With postfix I can make much more complicated things in a few hours (and it's not only me)...
Because you know Postfix, and don't know sendmail. With m4 sendmail is not so difficult to configure.
When I first needed a MTA I spent a few hours banging my head on sendmail config because it was the default then. Then I saw the light and got postfix from powertools, and was done in half the time I had already spent on sendmail. I don't know how anyone can even suggest sendmail conf problems are due to people knowing postfix better, when sendmail was there first and was used by almost everyone once.
I want to mention that postfix's security record is much better,
Not true.
Just look to the past two years. The historical security record of sendmail is poor, but to compare it with the security record of tools that does not even exists when those security holes appeared is not fair.
postfix has been there for six years. That's enough for a meaningful security record history. Even if you want to restrict yourself to the last years where sendmail started being half-decent security-wise there is no comparison (just go to CERT, search sendmail then postfix)
But well, what I'd like to ask is: What's wrong with current fedora's MTA management ?
FC uses sendmail as default, which means new users are exposed to the worst tool from an admin POW at least, which is not overly smart.
You can use Postfix, you can use sendmail, you can switch betwen them ... What's the problem then ?
Are you advocating to delete sendmail ??
People are advocating replacing sendmail-as-default with postfix-as- default.
Which should not worry sendmail users, except the value proposition of sendmail might not be sufficient for people to keep using it in meaningful numbers once it(s no longer the default.
Cheers,
On 2004-11-06 (Saturday) 14:08, Iago Rubio wrote:
On Sat, 2004-11-06 at 00:19, Doncho N. Gunchev wrote:
On 2004-11-02 (Tuesday) 04:48, Z wrote:
I don't like sendmail myself, but postfix is pretty complex as well.
Not that complex. I spent about a week to get sendmail working
almost the way I wanted it to. With postfix I can make much more complicated things in a few hours (and it's not only me)...
Because you know Postfix, and don't know sendmail. With m4 sendmail is not so difficult to configure.
Read my other mail in the list - m4 goes away in sendmail X project: http://www.sendmail.org/~ca/email/sm-X/design-2004-09-29/main/main.html http://www.sendmail.org/~ca/email/sm-X/design-2004-09-29/main/node2.html#SEC...
I want to mention that postfix's security record is much better,
Not true.
Just look to the past two years.
The historical security record of sendmail is poor, but to compare it with the security record of tools that does not even exists when those security holes appeared is not fair.
Of course if I code tomorrow "foomail" will have a better security record than Postfix.
True, but here we do compare two projects that are not from yesterday. Qmail's has security guarantee http://cr.yp.to/qmail/guarantee.html and bad license. For postfix I don't know if such exists, but I don't remember security problems too (look at the changelogs of postfix and sendmail).
it is faster and eats less resources too
Did you benchmarked this, or are those simply your intuitions ?
I readed third party benchmarks of sendmail vs Postfix vs Qmail, and Postfix had the worst results.
I also readed benchmarks from Postfix advocates and Postfix had the best results. You can find this benchmark in lots of Postfix sites, the same benchmark I mean.
True about the benchmarks, for me it works faster, but...
But well, what I'd like to ask is: What's wrong with current fedora's MTA management ?
You can use Postfix, you can use sendmail, you can switch betwen them ... What's the problem then ?
Are you advocating to delete sendmail ??
Are you proposing any other MTA management scheme better than current fedora's one ?
Removing sendmail is not an option for me(read my other mail). The only thing I can dream of is to be able to not install fedora without sendmail at all, but I don't dream too much :)
If you'll not do it, this thread is simply a waste of time.
Iago Rubio
Don't get mad at me. I just think sendmail's configuration is quite cryptic and postfix's is much better... The second part of my email was "I want to mention", next time I will not.
On 2004-11-06 (Saturday) 17:31, Doncho N. Gunchev wrote: ..
only thing I can dream of is to be able to not install fedora without sendmail at all, but I don't dream too much :)
ops... to install without sendmail, have postfix as default and/or be able to select sendmail/postfix/exim just like lilo/grub.
On Sat, 2004-11-06 at 16:31, Doncho N. Gunchev wrote:
On 2004-11-06 (Saturday) 14:08, Iago Rubio wrote:
On Sat, 2004-11-06 at 00:19, Doncho N. Gunchev wrote:
[snip]
almost the way I wanted it to. With postfix I can make much more complicated things in a few hours (and it's not only me)...
Because you know Postfix, and don't know sendmail. With m4 sendmail is not so difficult to configure.
Read my other mail in the list - m4 goes away in sendmail X project: http://www.sendmail.org/~ca/email/sm-X/design-2004-09-29/main/main.html http://www.sendmail.org/~ca/email/sm-X/design-2004-09-29/main/node2.html#SEC...
To change it for a simpler configuration file format.
I want to mention that postfix's security record is much better,
Not true.
Just look to the past two years.
The historical security record of sendmail is poor, but to compare it with the security record of tools that does not even exists when those security holes appeared is not fair.
Of course if I code tomorrow "foomail" will have a better security record than Postfix.
True, but here we do compare two projects that are not from yesterday.
Qmail's has security guarantee http://cr.yp.to/qmail/guarantee.html
But have it's security record also, http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=qmail
and bad license. For postfix I don't know if such exists, but I don't remember security problems too (look at the changelogs of postfix and sendmail).
I prefer to look at other sources to research for security problems, http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=postfix
Take into account that programmers want to promote their software, and can say whatever they want to promote it.
They have even their discussions when speaking about security of their programs http://cr.yp.to/qmail/venema.html
[snip]
But well, what I'd like to ask is: What's wrong with current fedora's MTA management ?
You can use Postfix, you can use sendmail, you can switch betwen them ... What's the problem then ?
Are you advocating to delete sendmail ??
Are you proposing any other MTA management scheme better than current fedora's one ?
Removing sendmail is not an option for me(read my other mail). The
only thing I can dream of is to be able to not install fedora without sendmail at all, but I don't dream too much :)
You don't need to dream about it. You can do it right now.
If you'll not do it, this thread is simply a waste of time.
Don't get mad at me.
I don't want to drive you mad. Please remember I'm not a native english speaker, and what could look to you rough language from my side, is simply poor language.
I just think sendmail's configuration is quite cryptic and postfix's is much better...
Ok, let's check that point.
For a user - not a system administrator - current sendmail configuration is safe, and he can send his mail with no need to touch it.
For a sysadmin that wants to open a public mail server to Internet, he must know what tools to use, and how to configure those tools.
If you don't know how to switch from the default sendmail, to your prefered MTA and configure it, you should not put a mail server facing the net.
ITOH you mentioned Sendmail X will change it's configuration, that seems to be the biggest problem here.
It'll change to a simpler one, so may be this problem will be gone shortly.
The second part of my email was "I want to mention", next time I will not.
I only pointed I did not agree with you, because I think current MTA management in fedora is really good.
If don't think it's something to drive you out of the list.
devel@lists.stg.fedoraproject.org