Re: Newb questions

From: +Alan Hicks+ (alan_at_lizella.netWORK)
Date: 09/08/04 

Date: 8 Sep 2004 11:11:18 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In comp.unix.bsd.freebsd.misc, Sky-Knight dared to utter,
> I'm looking for suggestions on DNS and mail servers. I know BIND
> and sendmail are there but I keep hearing about potential security problems.

BIND and sendmail both have a history of security vulnerabilities, but
you must also realize that BIND and sendmail are very old. In computer
years, they're from the paleolithic era. :^) Both daemons suffer from a
bad rap thanks to security problems that are in many cases decades old.
Recent versions are stable and have no known bugs to my knowledge.
Performance with both services is high, and support for them is
outstanding.

> It was suggested to me that I use djbdns and qmail.

Uh! The bane of my existance! My personal preference would be to wipe
both of those from any machine I touch, but that isn't always
practical. qmail has an undeserved reputation for stability because of
DJB's bounty on the first person to discover a vulnerability in it.
That bounty is bogus btw. Some one actually has found vulnerabilities
in it and DJB blew him off. If you look at qmail you'll see that the
latest version is ancient, and DJB has no inclination to release a new
version. Patches are required to compile it on just about any modern
operating system, and DJB refuses to publish those patches, so you wind
up using third party patches for everything. Performance with qmail is
abyssal compared to sendmail. It jsut won't batch mails and send them
as one unit for example.

I can't speak for djbdns as I've never used it, but qmail is a serious
pain in the ass to work with. It's also not entirely open source. While
you do get the source code, you can't bundle patches with it and
redistribute it, and you can't distribute a binary IIRC, even if you
provide the source.

Over on alt.os.linux.slackware we've had a lot of discussions about
qmail and a few about djbdns from people who have and continue to use
them in production environments. I recommend googling that group and
paying careful attention to every /dev/rob0 has to say about qmail.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPy7plKR45I6cfKARAuhqAJwIzw66UCnW310A+UfEBfJzOIEz0QCfQnjS
S6BTE/2OYbtLm8NwX68Bh9A=
=fhov
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Newb questions
    ... I know BIND ... >> and sendmail are there but I keep hearing about potential security problems. ... to avoid qmail in favour of a postfix-based solution. ... It's also mostly unusable without different patches, ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Newb questions
    ... I know BIND ... >> and sendmail are there but I keep hearing about potential security problems. ... >> It was suggested to me that I use djbdns and qmail. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Ping Bill Sanderson
    ... absolutely you can guess that there may be additional patches for RPC ... SSH, Sendmail, Bind, Red Hat Linux, Debian Linux, and even OpenBSD in the ... You should take a look at OpenBSD. ...
    (microsoft.public.security.virus)
  • Re: Mail Server
    ... Because in one site they had mentioned that sendmail is not that ... > compared to qmail. ... It will include many of the patches that have been ... The fact that the basic source code works, ...
    (Fedora)
  • Qmail to Sendmail migration => life without qmail :-)
    ... This howto assumes that you have compiled and makeinstalled sendmail, ... Qmail is an MTA which uses specific form of database containing ... Now, user aliases are kept in domain directory, e.g. /MAIN/domainX.com/ ... Site-wide aliases and virtualusers are kept ...
    (comp.mail.sendmail)