Best firewall gateway version of Linux ?
Matthew Hawkins
matthew at topic.com.au
Tue Jan 15 17:29:30 EST 2002
Just to fix a minor, yet important error
On Tue, 15 Jan 2002, Simon Fowler wrote:
> The paranoid option is qmail (local mirror is at
> http://qmail.planetmirror.com/top.html): written by the (in)famous
> Dan Bernstein, a crypto and computer security researcher. qmail is
> rather fiddly to set up, but it's fast and /extremely/ secure: the
> current version has been out for several years, and hasn't seen any
> bugs at all. If you're paranoid and you need to have a mail gateway
> on your firewall, qmail is probably your best option . . .
qmail is slower than current sendmail and postfix[1], and is "extremely
secure" according to the definition of secure given by its author. Just
like IIS is "extremely secure" according to the definition of secure
given by Microsoft.
qmail has seen quite a few bugs over the years, hence why it's at
version 1.03. Yes, that's been the latest for a few years simply
because the author chooses to not recognise any of the current bugs it
has.
Perhaps the worst bugs in qmail are not the security related ones, but
the non-adherance to email-related RFC's. Having the securest MTA is
pointless if its not going to function properly.
The best thing to come out of qmail is Maildir, which is currently the
safest way to have an NFS-mounted mail spool. That's it. Most MTA's
and MUA's now support the Maildir format, so its no longer an exclusive
pro for qmail.
If you're paranoid and need to have mail gateway, postfix is your best
option. I would even run sendmail over qmail, mainly because its faster
and more configurable than any other MTA.
[1]
http://www-dt.e-technik.uni-dortmund.de/~ma/postfix/vsqmail.html
http://www-dt.e-technik.uni-dortmund.de/~ma/postfix/bench2.html
--
Matt
More information about the linux
mailing list