Qmail At 10 Years — Reflections On Security 304
os2man writes "Qmail is one of the most widely used MTAs on the Net and has a solid reputation for its level of security. In 'Some thoughts on security after ten years of qmail 1.0' (PDF), Daniel J. Bernstein, reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming. A good read for anyone involved in secure development."
Re:license (Score:5, Interesting)
Yes, some of his refusal to compromise mean that qmail is still secure, but in terms of usability, it's a bitch unless you're willing to work with patches & diffs to add the functions you need.
Re:license (Score:3, Interesting)
If the program is not functional, it doesn't matter how secure it is.
That said, qmail is actually still pretty useful. However, pride cometh before a fall. The author's arrogance is going to let him down one day.
Re:license (Score:3, Interesting)
The good thing is that is easy to work with and works really good.
Last time I had to reconstruct a particular email's flow through various MTAs including Qmail ended at the Qmail MTA since it the log files it uses offer little to system administrators to do proper troubleshooting.
That alone is one major reason to never ever consider it for production use.
Re:license (Score:5, Interesting)
In wonder how much of the worlds spam traffic is a result of qmail sending bounces from a different socket connection and process, instead of sending the response back through the connection which the message arrived in.
But yeah it is very secure. Back when I first ran servers on the internet I bought a book on configuring sendmail. The ultimate conclusion in the book was to run qmail.
Re:license (Score:5, Interesting)
Qmail going public domain? (Score:5, Interesting)
Actually, that might be changing in the immediate future. Check out the slides to go with this talk [cr.yp.to], in particular, page 10 where there's a timeline including:
Re:license (Score:5, Interesting)
I agree that sendmail was horrid to configure. The m4 wrappers have made it better, and Postfix provides an easy to configure tool that actually allows you to rebundle it with the configurations you want. Dan Bernstein's precious ideas of no documentation, his own peculiar and poorly explained licensing, no publication of forks of his code, and mixing the binaries in with the mail spool itself for various reasons are so nasty that many of us working with open source won't touch his utilities.
I just love qmail (Score:5, Interesting)
1. How do you start / stop your MTA?
2. How do you configure software? Config files or adding and removing files from a magic directory?
3. How do you kick the mail queue? Buggered if I can remember.
Having a few years of experience looking after various 'nixes is nothing to being thrown at djb's stuff without warning. Add to this the attitude from the fanboys I've met [2] and I hate anything touched by djb. The other fun thing I can remember from some doc was djb's suggested solution to one problem was to change fork().
[1] mailq ran, but obviously freaked out.
[2] The worst examples of the stereotype, however, I've seen stuff posted online from some very nice people. My sample size was small but annoying.
Re:I just love qmail (Score:2, Interesting)
Re:license (Score:5, Interesting)
Postfix makes for a good read (Score:4, Interesting)
You would be wanting the Postfix source code, then. I've learned a tremendous amount about how secure, well designed software can be constructed. Wietse is a very smart guy, and his code is some of the tightest code I've seen. Go through it, and you'll be a better software developer for it.
I've never looked at the qmail code. It could be just as good, I don't know.
Re:Qmail going public domain? (Score:4, Interesting)
Hard codes port numbers.
Uses non-descript variables.
Forces interpretations one way without allowing changing.
Hard codes directory structures.
Has to write a monitoring program to monitor his daemons and restart on failures instead of just spending more time making sure his daemons are solid to begin with. Here's a note: If you need a different tool to restart your process when it fails, perhaps you should consider looking into why the process failed in the first place?
Re:license (Score:2, Interesting)
Re:An example, please? (Score:3, Interesting)
Robert
[1] like rejecting SMTP transactions which use LF for line termination (RFC states it must be CR/LF), but most smtp servers of the time accepted either, while some "challenged" servers sent mail with LF only;
[2] qmail will never deliver mail to secondary MX; or tertiary etc; If primary MX for the address is dead, then you're screwed;