"NM" == Nicolas Mailhot <Nicolas.Mailhot@xxxxxxxxxxx> writes:
NM> You do know that postfix design is a common example in advanced NM> security CS courses right ?
What on Earth does that have to do with anything? I'm sure advanced race mechanics study Ferrari engines, but I don't need one to drive to the store.
I guess what you're trying to say is that all of the extra stuff that Postfix comes with is secure, so it doesn't hurt anything to have it on the machine. That's something definitely contradicted by those advanced security CS courses you speak of.
Most real postfix installations aren't going to be qualified as secure by the authors of postfix, because if you want to implement POP authentication you need to install Cyrus SASL -- which is the kind of "security" software that introduces two buffer overflows for every security hole it plugs. Throw in an average virus filter
(see http://news.com.com/Take+three+Antivirus+apps+could+spread+infection/2100-1002_3-5589439.html?tag=nefd.top)
and spam filter and I know it can be cracked. If you made a homebrew system, it's likely that nobody's going to spend the time to weaponize an attack, but ship an integrated system with every copy of FC4 and it's worth the effort.
