[Cryptography] Simpler programs?

Viktor Dukhovni cryptography at dukhovni.org
Fri Apr 18 13:25:16 EDT 2014 

On Fri, Apr 18, 2014 at 08:54:00AM -0700, Bill Frantz wrote:

> One question that might shed light on the marketing problem: Why hasn't
> Postfix completely displaced Sendmail? Perhaps some of the Postfix people
> have some insights.

A major impediment to displacing Sendmail in businesses is that
Postfix has no sales organization and no commercial support.  Some
companies want to pay somebody (will somebody *please* take our
money) to feel that they are "supported".

Also, Postfix is not delivered in the form-factor that businesses
expect these days, which is as an "appliance", with a web-UI for
management and an integrated vertical stack of anti-spam filters,
data-leakage detection, anti-virus scanners, ...

Hence, Sendmail appliances, Cisco Ironport appliances, Symantec
Appliances, ...

As for MTAs in open source O/S distributions, Sendmail has largely
been displaced, roughly in order of "popularity":

    - Exim is the default MTA on Debian and Ubuntu

    - Postfix is the default MTA on RedHat, NetBSD and MacOSX

    - Sendmail is the default MTA on FreeBSD and OpenBSD

My sense is that while Exim is on more systems, Postfix handles
more mail, but whichever way the numbers break, each substantially
outnumbers the open-source Sendmail install base.

Exim is more popular in part, IIRC, because 'e' is before 'p' in
the alphabet, and some Debian developer long ago decided to pick
Exim on that basis, since no rational consensus for either Exim or
Postfix was in sight.  Exim has a built-in macro language with
conditionals and uses it for all kinds of content inspection and
policy extensions.  People who want built-in flexibility tend to
choose Exim as a more modern alternative to Sendmail.  Exim is not
as secure by design as Postfix, and its vulnerability history
reflects that.  And yet it is at least by some (if not all) measures
the more popular of the two.

Getting back to security, I think that Postfix is used primarily
because its configuration is human-readable and what it does, can
be done without resorting to a Turing-complete customization
language, though content filter and milter support pushes that
problem out to the extension interface.  The fact that Postfix has
a sound security architecture motivates only a minority of users.

Also the formerly endless series of Sendmail security advisories
seem to have dried-up, IIRC NetBSD switched to Postfix as a result
of frustration with the constant advisories right after the last
substantive Sendmail advisory.

-- 
	Viktor.

More information about the cryptography mailing list