Postfix as an Alternative

Sendmail is a monster of an MTA. Rarely is it necessary for an organization to use sendmail for the advanced (and remarkably obscure) features. More frequently one would be better off installing an alternative server, such as Postfix (http://www.postfix.org/). To quote the author:

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.

Many people are hesitant to move away from mainstream software such as sendmail, but Postfix has gained a following as one of the easiest and most stable Unix MTAs available. Better yet, it installs as a drop-in sendmail replacement, meaning that any other software or scripts that rely on sendmail (such as CGI scripts) will continue to function without additional modifications.

Postfix supports Mac OS X, integrates with the Netinfo:/aliases map, and is much easier to configure than sendmail. If you don't mind a few minutes compiling, you can be rid of sendmail for good.

Of course, Postfix isn't without fault. Before you start the installation, it's a good idea to take a look at the list (the short list) of exploits for Postfix.

Recent Postfix Exploits

As with sendmail, two kinds of exploits can potentially affect Postfix: local and remote attacks. Strangely enough, there are two reported Postfix exploits, one local and one remote. Unlike sendmail, the known Postfix exploits are minor in the severity and occur only in extreme conditions.

Logfile DOS Attack

Versions of Postfix prior to 0.0.19991231pl11-2 could potentially be targets of a DOS attack aimed at filling drive space. Early versions of Postfix kept extensive SMTP debugging logs. Attackers could create and drop connections in an attempt to overflow the log and disrupt server operations. There are no known occurrences of this attack taking place. For more information visit http://online.securityfocus.com/advisories/3722. Because we will be installing a more recent version of Postfix, this will not be an issue with our installation. (CVE: CVE-2001-0894)

sudo MTA Invocation

On some Linux systems, an error existed in the sudo package which could be exploited by local users. Attempting to invoke sudo would result in an error message being generated and Postfix being started SUID root to deliver the message without the proper environment settings. This does not affect Mac OS X, and anyway, it was easily fixed by removing or upgrading sudo . More information is available at http://online.securityfocus.com/advisories/3799 (CVE: CVE-2001-0279).

Although Postfix is obviously a less widely used MTA than sendmail, the lack of serious problems is still very telling. Over time, as with any software, new exploits will be found, but, if peace of mind is of any concern to you, I recommend following through with the replacement of sendmail.