"One of the major services formerly provided by
plains was mail service. In order to exchange mail
with hosts outside the network, the mail server must be in contact
with the external network. However, we didn't want to install a POP
server on the new firewall machine, or have user accounts on it. So
we decided to configure the mail server on wolf to
relay mail to and from plains. User accounts and the
POP server could then remain on plains, behind the
firewall, resulting in minimal disruption to the client's email
habits."
"The question was whether to use Sendmail on wolf
to relay mail, or to use something else. Sendmail is the most
common free mail transport agent. However, it has numerous security
and usability problems. First of all, it has only one daemon, which
runs as root. It does drop some privileges, but this has
historically been a pathway for system compromise. Sendmail is also
big, complicated, and difficult to configure, and it would detract
from the lightweight beauty of the newly configured Trustix system.
Finally, Sendmail is just more software than necessary to relay
mail from one server to another."
"Postfix is a relatively new, security-conscious mail
server. We use it internally, and it is small and easy to
configure. Furthermore, it comes with Trustix, and thus was
trivially easy to install. (Perhaps it would be better to say
that one of the reasons we selected Trustix is that it came with
Postfix)."
