Re: [tlug] MTA (was ...repetitive question...)

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "jb" == Jonathan Q <jq@example.com> writes:

    jb> That's not because we're ncecessarily fans of sendmail, it's
    jb> because most distros ship with sendmail as the default MTA and
    jb> we're too lazy to switch while it's meeting our needs.

There's also the fact that lots of add-on software works only, or most
transparently, with sendmail.  Spam Assassin, for example.  I'm pretty
sure you can make it work with pretty much anything, but what I saw on
the web site made the sendmail integration look pretty attractive.
And there are things that can only be done with sendmail.

TMDA is the only package I know of that works better with qmail than
with sendmail.  With the exception of packages like ezmlm that were
designed around qmail, and a bunch of packages that any other MTA
would have in the core distribution, but qmail doesn't to avoid
"compromising security."

And there's the rub with qmail; there are lots of patches out there of
dubious security.  If you get burned by one of them, djb doesn't
care.  He has explicitly washed his hands.

Initially I was attracted by qmail's reputation for security, but
basically it's like Windows NT's Class C "Orange Book" rating: only
valid if your box isn't hooked to the Internet.  (An exaggeration, of
course.  For almost all purposes, qmail is surely more secure and very
likely costs no functionality; it is quite high performance as well.)

But postfix is written and maintained by someone with as good a
reputation for security as djb, and there's no comparison when it
comes to RFC and "best practice" conformance.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
 My nostalgia for Icon makes me forget about any of the bad things.  I don't
have much nostalgia for Perl, so its faults I remember.  Scott Gilbert c.l.py