>>That's real useful for end users :P. Wietse (postfix guy) was smart, 100%
>>compatible sendmail replacement, both in functionality and license. Qmail is
>>NOT. Neither is djbdns a drop in replacement for Bind. Hence only a minor
>>percentage of people will make the effort to use it.
>Why is "drop-in-replacement"==GOOD and "no drop-in-replacement"==BAD?
>I don't agree there. It's not that the programs are hard to install or
>something. On the contrary, IMHO.
Sendmail, ok, cleaned up a lot in the last two years, BUT if there is a hack
it's usually root, for example the kernel capabilities bug. To get users to
switch to a more secure mailer you have a few realistic options:
make it the default - Mandrake now does this with Postfix. They do not ship
Qmail. Vince (mandrake security packager goombah guy who writes their advisories
and whatnot, who I drink with sometimes) tried valiantly to legally package
qmail and ship it and gave up. Buy him a drink sometime and ask him about it if
you want to hear a painful story.
if it's hard to do people will not switch to it. Hell people won't even patch
software or apply vendor security updates in a lot of cases, so what are the
chances of them switching from say sendmail to qmail, if it requires a lot of
effort? This is why compatibility (function wise, license wise, etc.) is so
>Again, I don't agree. There are boatloads of enhancements and
>modifications for qmail (and less so for djbdns, but that doesn't
>exist as long). If you want a specific feature that isn't in standard
>qmail/djbdns, there most probably is a patch that you can apply in
>seconds. Again, very easy.
Ohh, so if I go out of my way to fix qmail, it can do function X, whereas that
is standard in Postfix for example (and then there are things postfix does that
qmail can't, even with available patches, like regex filtering). That's like
saying "Windows isn't insecure, if you get these security products and apply
them it's secure". No, Qmail, as it ships from DJB, is a pain in the ass :P.
I've tried to move to it several times (long ago), and tested it more recently,
and I've never liked the results (and I get paid to spend my time on things like