[plug] MTA Comparison & Debian OpenSSH

John Summerfield summer at os2.ami.com.au
Mon Dec 6 07:59:35 WST 1999 

> John Summerfield wrote:
> > 
> > >
> > > I understand Postfix is pretty much a drop in replacement for sendmail so
> > "I understand..."
> > 
> > You don't know for certain. I don't know for certain.
> 
> I've heard numerous people say it and I've read it in several online
> articles and they *could* all be lying (you're right, I don't know for
> certain) but I'm willing to put a reasonable amount of confidence in
> something I've heard many different times from many different people.
> 
> Having said that, Postfix was pretty much a drop-in replacement for
> smail (in my experience) which is mostly a drop-in replacement for
> sendmail so, while I don't know for certain, I'm reasonably confident.


My point is that one would be foolish to bet one's business on hearsay. 
And, yes, I know there are fools who would.


Prudence advises that people considering changing their software must 
check these things themselves, to the point they can say, "I know." "But 
he said..." just does not count.

Of course, for private (not business) use, where the benefits of learning 
outweigh any risks, go right ahead; consider it a pilot.

> 
> > My point is that there is no point in changing if you have a working
> > setup. Changing requires
> > 1       Finding out just what IS necessary to switch
> > 2       Planning the cutover
> > 3       Planning the recovery if it fails
> > 4       Spending time learning another product.
> > Doubtless there are other things, but I make the point: staying with a
> > working setup requires no extra work whereas changing does require extra
> > work; quite a bit if your business depends on getting it right.
> > You'd need to be sure that the benefits will outweigh the costs and risks
> > before embarking on the move.
> 
> Absolutely.  But in the case that I'm currently concerned with, it is an
> entirely new installation.  Therefore it seems worthwhile to explore
> options other than sendmail (which is somewhat bloated and has a dubious
> history in security) before committing to any particular MTA.

Before slighting sendmail's security, consider this:
	How many people USE sendmail?
	How many people USE smail?
A program could be as buggy as hell; if it's rarely used then any security 
problems will quite likely go unnoticed.

So far, nobody has hacked into my website. I don't know of any particular 
weaknesses, but then it doesn't get as much attention as the FBI or the 
CIA.

My guess is that the CIA site is harder to penetrate than mine even though 
the CIA has been breached whereas mine hasn't.

sendmail gets a lot of attention simply because it's widely used.

-- 
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.

More information about the plug mailing list