[luau] sendmail patch

kmayer at bitwrangler.com kmayer at bitwrangler.com
Mon Sep 22 07:16:01 PDT 2003


Keith <krjw at optonline.net> wrote:

> ... [ qmail ] ...
> If more folks were as commonsensical a programmer as DJB the Internet
> would be a much safer place.

Hmmm. For those doing DoD work you know that the *best* way to secure a
network is simply to unplug it (isolation) from the rest of the
world. That is kind of what Dan did with qmail. He just went his own way
with everything and doesn't care about playing nice with others. In
1997, I had trouble with qmail not accepting mail because it treated the
left-hand side of the address as case-sensitive; that's what the RFCs
*say* but practical experience says that human beings don't care about
the difference between USER at foo.bar.com, User at foo.bar.com, and
user at foo.bar.com. I believe the rule should be "accept liberally, send
strictly" but that's my opinion. Dan disagreed. That's why we use the
source. 

Don't get me wrong, qmail has its strengths, but it isn't a magic
bullet. I had a friend who was head of the Internet e-mail team at
AOL. I asked him about qmail and his opinion was *not*, to say the
least, positive. Apparently qmail doesn't scale to the very, very big
(e.g. AOL). That isn't an important factor for most people, but you made
a point that qmail is "fast" and back in 2000, which was the last time I
was working with it closely, it didn't handle large volumes of mail well.

It's more of a personality thing (DJB's, qmail's and mine) than code
quality issues for me. Having worked with sendmail, qmail and postfix, I
prefer the latter. I haven't seen a CERT advisory on postfix; Wietse
Venema wrote postfix with speed, compatibility and security in mind and
I think he succeeded.

Ken



More information about the LUAU mailing list