www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thom May <thom...@apache.org>
Subject Re: WORA Considered Evil ;-)
Date Wed, 02 Jul 2003 21:39:35 GMT
* Ask Bjoern Hansen (ask@perl.org) wrote :
> On Wed, 2 Jul 2003, James Duncan Davidson wrote:
> > By changing their id after they launch as root. setuid. Pretty common
> > thing to do. See man setuid.
> With qmail it's even more separated. There's a small program that
> opens the port and then drops root.  The smtpd itself never has any
> special access.
> The qmail mail system is one of the most beautiful pieces of
> software around; making another mail system without looking at qmail
> carefully is silly.
To some extent I'd agree. However, there is a distinct lack of defensive
programming in qmail *itself*. So while the security aspects are totally
laudable, and there are definitely a lot of good ideas, you shouldn't go
looking at qmail as the be all and end all of mail servers.
(For people wanting specific pointers, /var/qmail/queue/lock/trigger is an
accident waiting to happen; and we've seen qmail-send just silently stop
delivering mail a few times. Also, having individual mails tied to inodes is
an absolute nightmare for disaster recovery. Oh, and the way the remote
queues can get hung up waiting because a site has fallen off the net is a
pain. (Yes, I can keep going like this for some time ;-) ))
And the fact it isn't Free really really bugs me.
Mind you, we do run qmail on ~300 servers, so I guess we are a limit case
for seeing qmail break in weird and wonderful ways.
So I guess this email is "take all the paranoia from qmail you can, but then
look at postfix too." :-)

To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message