Hacker News new | ask | show | jobs
by SwellJoe 3075 days ago
While qmail has faded in popularity as it has been sporadically maintained by a random bunch of folks over the years, there has been at least one other MTA written by someone with excellent security cred, and that has been continually maintained and has an excellent security record. We don't really need to mourn what could have been with qmail; we have Postfix, and it's really very good.
2 comments
JdeBP 3074 days ago
Making a world-readable, world-searchable, and world-writable drop directory because of a decision to have no set-UID and set-GID executables in Postfix, even appropriate ones; failing to learn the even then well-known lessons of the batch job (at), UUCP, and printing (lpr) subsystems when it comes to world-accessible input directories; was a fairly large blot.

* https://cr.yp.to/maildisasters/postfix.19981221

* https://cr.yp.to/maildisasters/postfix.html

* https://groups.google.com/forum/#!msg/mailing.postfix.users/...

link
jlgaddis 3075 days ago
Yep. With a few exceptions, Postfix is the MTA I've used pretty much everywhere for the last 10 years or so.
link