Hacker News new | comments | show | ask | jobs | submit login

I would suggest running OpenSMTPD over any of the alternatives, it's much easier to configure and should be/remain secure as it comes from the OpenBSD people (the audit from Qualys attests to that).



Yeah I'll have to disagree here. I beat my head against this horribly documented MTA just trying to get virtual users to work with a relay host. I gave up after three days of slitting my wrists trying to get it to work. It's horribly documented, getting help out of the obsd folks is like getting blood from a turnip, but if it works for you great! But I would never agree it's easier to configure or has better documentation than postfix.


I'm genuinely curious here since opensmtpd has been by far the easiest to configure MTA I've ever seen. What problem(s) did you have? Virtual users through a relay host is literally one simple line:

    accept for domain "example.com" virtual <users> relay via relay.example.com
I don't see how anyone could conclude that is more difficult than postfix.


And have you tried it? Because when I tried it it did not work as documented.


Yes, it works as expected. Again, what problem(s) did you have? Vague "its hard" replaced with an even more vague "it didn't work" comes off as trolling rather than a legit problem.


There was http://seclists.org/oss-sec/2015/q4/11

PS. maybe that's one of the vulnerabilities mentioned in the report (1). Anyway it's an argument for me to run Qmail/qpsmtpd instead.

(1) https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt


Yeah those issues were found in the Qualys audit. They have been fixed so the codebase should only be stronger now.

I just wish we had something that wasn't written in C.


Try running any such program through Softbound + CETS or SAFEcode (already in LLVM). They turn C programs memory-safe. Should knock out most of your risk immediately with an acceptable performance hit unless your volume is really, really high. Code-Pointer Integrity at least protects control flow with max of around 10% penalty. Given they're all alpha by few developers, they need more people using them on various software and doing error reports if they fail.




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: