The Postfix Home Page
All programmers are optimists -- Frederick P.Brooks, Jr.
First of all, thank you for your interest in the Postfix project.
What is Postfix? It is Wietse Venema's mailserver that started life at IBMresearch as an alternative to the widely-used Sendmail program. Now at Google, Wietse continues to support Postfix.
Postfix attempts to be fast, easy to administer, and secure.The outside has a definite Sendmail-ish flavor, but the inside iscompletely different.
Newsflash
A recent twitter post reveals the existence of an exploit for Postfix,in a collection of what appear to be NSA break-in tools.
https://twitter.com/JulianAssange/status/850870683831648256This is an exploit for Postfix 2.0 - 2.2, for a bug that wasfixed 11 years ago in Postfix 2.2.11 and later.
There was a memory corruption bug in a Postfix workaround fora Sendmail bug (CERT advisory CA-2003-07, remote buffer overflowin Sendmail when message headers contain lots of comment text beforeor after an email address).
Technical details: the Postfix strip_address() function, which removes large comments from a mail header, called the printable()function on a string that wasn't null-terminated. This caused theprintable() function to scribble past the end of malloc()ed memory,corrupting the memory heap.
Running the exploit against Postfix versions less than 11 yearsold results in odd-looking email messages in the super-user'smailbox, and warning messages in the maillog file (warning: strippingtoo many comments from address: <long character string>).
About this website
This website has information about the Postfix source codedistribution. Built from source code, Postfix can run on UNIX-likesystems including AIX, BSD, HP-UX, Linux, MacOS X, Solaris, andmore.
Postfix is also distributed as ready-to-run code by operatingsystem vendors, appliance vendors, and other providers. Theirversions may have small differences with the software that isdescribed on this website.