
The Security Architecture of Qmail (2004) [pdf] - kick
http://hillside.net/plop/2004/papers/mhafiz1/PLoP2004_mhafiz1_0.pdf
======
kjs3
I ran qmail for a _long_ time in a lot of places and it was by and large a
good thing. While I watched the sendmail folks periodically scramble to cover
the _vuln du jour_ debacle, there was never much that took the piss out of
qmail. Unfortunately, the idiosyncratic license meant that I spent more and
more time cobbling up a set of sources and patches that supported the latest
email requirements and finally decided postfix was far less overhead with
close to qmail security.

The I decided life was too short to run my own mail server. Don't judge. :-)

------
angry_octet
qmail is an excellent example of isolation and least priviledge security
design. But I'd really like to hear how production systems used by major ISPs
or gmail work.

~~~
jlgaddis
Yahoo! Mail ran qmail back in the day.

