Fedora Core 2 wishlists
Wil Cooley
wcooley at nakedape.cc
Thu Dec 11 04:14:27 UTC 2003
On Wed, 2003-12-10 at 07:01, Chris Adams wrote:
> > Out of curiosity, why not?
>
> Milter is probably the biggest reason at the moment. I filter 1000
> spams a minute with a multi-server setup using milter (sendmail is
> running on several servers and the milter server is on another server).
Postfix has a 'content_filter' mechanism which acts as an SMTP proxy;
the receiving server can be anywhere, if your filtering server supports
it. With amavisd-new, you have to use Sendmail in a dual-server setup
and not Milter if you want to be able modify the message (like adding
*SPAM* to the header); the Postfix content_filter mechanism is much
cleaner and seems less hackish on a single-host setup. The
content_filter can also be configured per-transport.
> Also, I have some heavily tuned custom configs. Can postfix allow
> multiple DNSBLs to be merged into one (with different response code) to
> cut down on DNS requests, and allow some to reject before RCPT TO and
> some after?
Like, you've imported the zones from the RBLs and serve them locally?
Sure, don't see why not.
> I also know of people that still use UUCP.
I've heard of such people. Apparently there are also people using
dial-in BBSes and running DOS applications.
> > Postfix is a viable alternative to sendmail with a much better security
> > history and architecture. These other projects don't have secure usable
> > replacements.
>
> There's plenty of other web servers and there are a couple of other SSH
> servers IIRC.
'lsh' is the only replacement SSH server I know of, but from what I've
heard it's not really usable yet. (Aside, perhaps, from proprietary
versions, like F-Secure's or Cisco's.)
> There've only been a few problems with sendmail in recent years, and
> those have been found by people examining the code closer than ever. I
> think that sendmail is one of the more scrutinized pieces of code
> around.
Architecture. You can audit code until your eyes bleed, but without a
proper architecture with security in mind, you're just waiting until
someone finds a clever way of exploiting something that hadn't been
thought of or of exploiting some part of the underlying framework the
application is built on. Proper design is a hedge against that and
limits the scope of damage even when a vulnerability if found.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Naked Ape Consulting http://nakedape.cc *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031210/44646779/attachment.sig>
More information about the fedora-devel-list
mailing list