John Summerfield wrote:
Which of the two Email systems are the most secure, that most people
use and trust, has better control over intrusion and has good AntiSpam
and AntiVirus support?
Historically, sendmail has had a bad reputation for security, though
widely used. It's also had a bad reputation for its obscure
configuration language; look at sendmail.cf and you will fully
understand that.
postfix was written (by a chap working for IBM, so its pedigree is fine)
to be compatible with sendmail at the commandline level, to address the
security concerns and to be easier to configure.
I used sendmail from the beginning[1], back when it had those security
problems and the obscure configuration language was the only way to
configure it, on OS/2 and thence to Linux when it was what Red Hat
shipped on RHL 3.x and 4.x.
I believe its security problems have been addressed, and the m4 macroes
in the sendmail-cf package make it easier to configure, but postfix
remains the MTA of choice for many users and is the default in some
distros including *suse and *ubuntu*.
Debian prefers exim which (I think) is also in Fedora and EL.
If you need to ask, probably postfix is the best to use. Its main
configuration file is semantically easy for mere mortals to follow and
all configuration files have good comments.
If you do use sendmail and understand a bit of perl, look at MimeDefang
(http://www.mimedefang.org/) which runs as a milter and can control all
of your virus and spam scanning operations or other customizations
without dealing with the more complex sendmail configuration and can
reject messages during the smtp conversation based on the results of the
tests. It extracts attachments once for all scanning operations and
multiplexes commands to a few back-end servers to conserve memory, so it
is more efficient than most other programs.
--
Les Mikesell
lesmikesell@xxxxxxxxx
