Hi list, Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted? Yours, Ruben -- Ruben Konig Communicatiewetenschap Katholieke Universiteit Nijmegen prive email adres r.konig@mailbox.kun.nl ruben@dromedaris.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you are going to use qmail, then you might as well trust the qmail website and ftp servers (www.qmail.org). The current qmail version (1.03) was released in 1998, so the rpms are probably compatible with your system. There is a good deal of documentation and links on the site. Regards, Matt - -----Original Message----- From: ruben@mailserver.uci.kun.nl [mailto:ruben@mailserver.uci.kun.nl]On Behalf Of Ruben Konig Sent: Friday, September 14, 2001 1:16 PM To: suse-security@suse.de Subject: [suse-security] qmail.rpm Hi list, Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted? Yours, Ruben - -- Ruben Konig Communicatiewetenschap Katholieke Universiteit Nijmegen prive email adres r.konig@mailbox.kun.nl ruben@dromedaris.net - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use http://www.pgpinternational.com iQA/AwUBO6JpUmCxI19Ln0TAEQKofwCeJ3vUc65MebNuuJFUoxSa5d4SuX8AoPNh tt9AhUSIGMR/+rjVOXrLIxDL =lXD3 -----END PGP SIGNATURE-----
Hi list,
Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But
Technically speaking there's only been one sendmail security hole in the last 2-3 years. Might want to make sure your facts are straight (not that I use sendmail myself because of security concerns =).
SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted?
You can't really, the license on qmail, well that's a problem, for one thing it doesn't ship with a license, only a vague reference to DJB's web pages. Which say conflicting things. But boil down to you cannot modify qmail and ship binaries, and since DJB installs qmail into very non standard file locations it causes quite a mess (OpenBSD dropped qmail/etc from the ports tree, to much hassle). Basically creating a properly working rpm for qmail is impossible. Get the source, or better yet get Postfix (which has a sane license and active devel, and was designed for security) and conviniently available as RPM's.
Yours, Ruben
Kurt Seifried, kurt@seifried.org PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/
Ruben Konig schrieb am Freitag, den 14. September 2001:
Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted?
Go for Postfix, it's faster than qmail and integrates MUCH better with SuSE, and as easy to configure, yet it has more features (spam block, UUCP support, many more) - and it ships as RPM on your SuSE CD or DVD.
On Fri, 14 Sep 2001, Ruben Konig wrote:
Hi list,
Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted?
The sendmail that comes as a default with Suse is fully configured by the suse instaler (Yast). There is no setup problems at all. The less you messs with it the better it runs. It installs very securly, no need to fiddle with it. There are no known security holes in sendmail and havent been for 3 or 4 years. Its run in far more places than qmail. You are free to run (and trust) what ever software you wish, but You over state the scope of the problem.
Hi list,
There are no known security holes in sendmail and havent been for 3 or 4 years. Its run in far more places than qmail.
For qmail you have a good replacement for the inetd (tcpserver). And the mailinglistmanager ezmlm is designed for qmail. The handling of ezmlm functions via blancomails using verb. This list is handled using ezmlm. Qmail is a modular mta, much faster than sendmail and you can configure it to use slow internetconnection by using serialmail. One other good fact is the using of Maildirs, so you are able to restore mails from backup if some mail gets lost. The mails will be stored in these directories like files. Regards, Ruprecht
Ruprecht Helms schrieb am Samstag, den 15. September 2001:
For qmail you have a good replacement for the inetd (tcpserver). And
You don't need qmail for tcpserver; xinetd will also do.
Qmail is a modular mta, much faster than sendmail and you can configure
qmail faster than sendmail? In special cases maybe, with big per-mail recipient lists and with a lot of recipient MXs slow or down, but not in regular operation for 1-to-1 mailings. Configure sendmail in queue-only mode if inbound mail is slow. In my LAN (10base2 wiring), qmail running on FreeBSD 4.4-RC (K6-2/300) sent 3.2 mails/s in a test, sendmail 8.5 mails/s, Postfix 15.3 mails/s. I didn't run that test on Linux because my Linux machines are too busy. qmail's queue handling and preprocessing of inbound mail make it slow. It's SMTP client doesn't to ESMTP PIPELINING (Sendmail does neither, but Postfix does). Bugtraq has been switched from qmail to Postfix for delivering mail because qmail was too slow and could not longer handle the load. qmail is secure and reliable, so is Postfix.
it to use slow internetconnection by using serialmail. One other good fact is the using of Maildirs, so you are able to restore mails from backup if some mail gets lost. The mails will be stored in these directories like files.
You can use maildir with every MTA that is able to use procmail or maildrop as local delivery agent. Postfix will do maildir out of the box, just configure and you're set. Nothing particular of qmail. I would not take the hassle of setting up qmail in a fresh installation. It's too much work, and too different. Postfix is basically unpack, make install if you do it manually, and rpm -Uhv if you install via RPM package.
Just a note on Sendmail, I have systems up that are running 60+ messages per sec in our (Sendmail Inc) HVMS clients. Granted, these systems are configured quite different than "out of the box". If you change MAX Load in the cf you should see performance improvements on mail servers that have high volume. Multiple spindles, and multiple queues will boost performance. My only point here is that Sendmail can be made to perform quite fast. Have a look at 8.12, it has no more setuid, and the performance is incredible over prior releases. I do not think SuSE will release the RPM for it until 7.3. I was able to get hooks into 8.12 for Reiser FS, thanks for your patience Claus Aussmann and Chris Mason :~) Regards, Jon On Sun, 16 Sep 2001, Matthias Andree wrote:
Ruprecht Helms schrieb am Samstag, den 15. September 2001:
For qmail you have a good replacement for the inetd (tcpserver). And
You don't need qmail for tcpserver; xinetd will also do.
Qmail is a modular mta, much faster than sendmail and you can configure
qmail faster than sendmail? In special cases maybe, with big per-mail recipient lists and with a lot of recipient MXs slow or down, but not in regular operation for 1-to-1 mailings. Configure sendmail in queue-only mode if inbound mail is slow.
In my LAN (10base2 wiring), qmail running on FreeBSD 4.4-RC (K6-2/300) sent 3.2 mails/s in a test, sendmail 8.5 mails/s, Postfix 15.3 mails/s. I didn't run that test on Linux because my Linux machines are too busy.
qmail's queue handling and preprocessing of inbound mail make it slow. It's SMTP client doesn't to ESMTP PIPELINING (Sendmail does neither, but Postfix does).
Bugtraq has been switched from qmail to Postfix for delivering mail because qmail was too slow and could not longer handle the load.
qmail is secure and reliable, so is Postfix.
it to use slow internetconnection by using serialmail. One other good fact is the using of Maildirs, so you are able to restore mails from backup if some mail gets lost. The mails will be stored in these directories like files.
You can use maildir with every MTA that is able to use procmail or maildrop as local delivery agent. Postfix will do maildir out of the box, just configure and you're set. Nothing particular of qmail.
I would not take the hassle of setting up qmail in a fresh installation. It's too much work, and too different. Postfix is basically unpack, make install if you do it manually, and rpm -Uhv if you install via RPM package.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Sunday, September 16, 2001 04:00:58 AM +0200 Matthias Andree
* Ruben Konig (r.konig@mailbox.kun.nl) [010914 13:15]:
Since configuring sendmail is a pain (to me that is) and since sendmail is known for its security holes, I decided that I want to try qmail. But SuSE doesn't distribute qmail. Does anyone outhere know where to download an RPM that can be trusted and that will fit in with my SuSE 7.1 (2.2) system? I learned to trust SuSE (I know, unwise), but who else can be trusted?
We can't really distribute it b/c DJB's "license" prevents us from shipping patches that he hasn't approved. That means that if there were to be a security problem, for example, we wouldn't be allowed to distribute an updated package until DJB did. Of course, we've used qmail for our mailing lists for quite some time (only because there's really nothing but ezmlm that can handle our lists) and I've been very happy with it. -- -ckm
Hi, on SuSE 6.3 just get the sources and install it. I found no problems with that. mike
Hi,
on SuSE 6.3 just get the sources and install it. I found no problems with that.
it's also working with Suse 7.1 by using tcpserver and daemontools of djb, mentioned in life with qmail (http://www.lifewithqmail.org). There can be only a little problem by using qmail-pop3d with maildirs. Regards, Ruprecht
Ruprecht Helms schrieb am Sonntag, den 16. September 2001:
it's also working with Suse 7.1 by using tcpserver and daemontools of djb, mentioned in life with qmail (http://www.lifewithqmail.org). There can be only a little problem by using qmail-pop3d with maildirs.
There is no problem. I ran qmail-pop3d off Maildirs for several months, until I dropped it and switched to courier-imap. On 6.3, procmail is probably not yet aware of Maildir. OTOH, I (personal opinion, I heard nothing from SuSE yet) expect 6.3 support to cease pretty soon, before the end of the year, so an upgrade to 7.1 or 7.2 might be advisable in any case, and those have recent Postfix packages.
participants (10)
-
Christopher Mahmood
-
John Andersen
-
Kurt Seifried
-
marsaro@interearth.com
-
Matthew Thomas
-
Matthias Andree
-
Michael Salmon
-
Ruben Konig
-
Ruprecht Helms
-
Thomas Michael Wanka