Sendmail or Postfix?

[Les Mikesell]

John Summerfield wrote:

>> Which of the two Email systems are the most secure, that most people
>> use and trust, has better control over intrusion and has good AntiSpam
>> and AntiVirus support?
> 
> 
> Historically, sendmail has had a bad reputation for security, though 
> widely used. It's also had a bad reputation for its obscure 
> configuration language; look at sendmail.cf and you will fully 
> understand that.
> 
> postfix was written (by a chap working for IBM, so its pedigree is fine) 
> to be compatible with sendmail at the commandline level, to address the 
> security concerns and to be easier to configure.
> 
> I used sendmail from the beginning[1], back when it had those security 
> problems and the obscure configuration language was the only way to 
> configure it, on OS/2 and thence to Linux when it was what Red Hat 
> shipped on RHL 3.x and 4.x.
> 
> I believe its security problems have been addressed, and the m4 macroes 
> in the sendmail-cf package make it easier to configure, but postfix 
> remains the MTA of choice for many users and is the default in some 
> distros including *suse and *ubuntu*.
> 
> Debian prefers exim which (I think) is also in Fedora and EL.
> 
> If you need to ask, probably postfix is the best to use. Its main 
> configuration file is semantically easy for mere mortals to follow and 
> all configuration files have good comments.

If you do use sendmail and understand a bit of perl, look at MimeDefang 
(http://www.mimedefang.org/) which runs as a milter and can control all 
of your virus and spam scanning operations or other customizations 
without dealing with the more complex sendmail configuration and can 
reject messages during the smtp conversation based on the results of the 
tests.  It extracts attachments once for all scanning operations and 
multiplexes commands to a few back-end servers to conserve memory, so it 
is more efficient than most other programs.

-- 
    Les Mikesell
     lesmikesell at gmail.com