|
|
Log in / Subscribe / Register

qmail doesn't *need* any patches

qmail doesn't *need* any patches

Posted Nov 4, 2007 0:31 UTC (Sun) by njs (subscriber, #40338)
In reply to: qmail doesn't *need* any patches by CyberDog
Parent article: Daniel Bernstein: ten years of qmail security 

Esp. since qpsmtpd, though it's written in Perl, appears to be built on Apache -- so you have
another big chunk of C code talking to the network.  (Apache's C is far better than
traditional sendmail's C, but it still in no way comes close to meeting DJB's requirements.)

to post comments

qmail doesn't *need* any patches

Posted Nov 4, 2007 1:23 UTC (Sun) by xanni (subscriber, #361) [Link] (1 responses) 

qpsmtpd is not "built on Apache".  One supported mode of operation is to run it under Apache
on the basis that many sites are already running Apache anyway and it is well-understood and
supported, but qpsmtpd has always had and continues to support several other modes of
operation including running under djb's daemontools or even under xinetd.

qmail doesn't *need* any patches

Posted Nov 4, 2007 5:52 UTC (Sun) by njs (subscriber, #40338) [Link] 

FWIW, I didn't mean 'built on Apache' as in 'runs as part of an Apache HTTPD'; Apache is in
part a very nice framework for writing generic server apps these days.  (Maybe this is
technically part of APR, I haven't followed where exactly they're drawing that boundary.)

On a further look, though, I see that you're right, when qpsmtpd is not running under httpd,
it uses a different home-brew network framework rather than APR.  I was misled by looking at
the first anti-malware plugin linked on their homepage:
  http://svn.perl.org/qpsmtpd/trunk/plugins/check_earlytalker
which contains a bunch of code using APR -- but it turns out that's because there are two
copies of all that code, one that works when being run under Apache and one that works with
the home-brew.  I don't know how typical this is of qpsmtpd's codebase, but it doesn't strike
me as The DJB Way either.

(If I were them, I'd consider just using Apache in all cases, even if it is a big hunk of
scary C that makes baby DJB cry, but I don't actually know what I'm talking about so *shrug*.)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds