Postfix 2.1 Released 286
MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."
Already Upgraded...works great. (Score:5, Informative)
Download
tar -zxvf
cd postfix-2.1.0
make
make upgrade
postfix stop
postfix start
No issues what so ever!
Even working correctly with TMDA whitelisting/blacklisting spam filter, which had been my one real concerns did anything happen that could screw up TMDA. NOPE! Runs fine.
Have to go ahead and look into setup and using some of the new features now I suppose.
Comparisons (Score:2, Informative)
Re:versioning (Score:4, Informative)
Re:Qmail (Score:1, Informative)
Re:A big shout out to teh postfix guys (Score:1, Informative)
Postfix Heaven (Score:5, Informative)
I know this sounds like a commercial, but it's hard not to sound that way when everything just kind've worked the first time. I now have authenticated, encrypted SMTP and POP and my users are, literally, thanking me. My experience has been that using Postfix was an easy way for me to look good.
Here's a Postfix SASL HOWTO [porcupine.org] which came in handy, but there are a lot of resources on the Web, especially at the Postfix [postfix.org] site.
Re:improved documentation.. (Score:1, Informative)
http://www.postfix.org/docs.html
and it magically works.
Real-time filtering (Score:5, Informative)
Sendmail upgrade? (Score:5, Informative)
If you're using Postfix and have been waiting for any of these "new features", go ahead and try Exim.
Exim home page [exim.org]
SMTP time scanning, finally. (Score:5, Informative)
About time. I've been doing this with Exim [exim.org] and Exiscan [duncanthrax.net] for almost 2 years now. It's nice to see other MTA's begin to incorporate this functionality. Now, if everyone upgrades and takes advantage of this wonderful feature, maybe the number of false NDR's I receive due to forged senders will start to go down...
The Doc (Score:5, Informative)
I do miss however the "big pictures" yellow + blue graphs that seduced me into trying out postfix long time ago. Now we're stuck with pityful text-only rendering [porcupine.org]
Still great, after all those years, postfix is my MTA of choice: ease of use, power and security.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
Personally, I still use Sendmail everywhere, but Postfix is designed to be a fast, secure, easy-to-configure MTA. It would be my migration path of choice if I were ever having problems in any of those three areas.
Re:Aaargghhh! (Score:1, Informative)
http://www.exim.org/ [exim.org]
Re:Comparisons (Score:5, Informative)
Yeah your comparisons link is seriously outdated (cicra 2001) and only compares mta descriptions. It is neither indepth nor does it touch on the features that existed at the time. With statements like "Add to this sendmail's renowned inefficiency" or "Postfix is quite flexible in its configuration file, but not to the extent of Exim" this document can't be anything more then a abstract draft written up for basic filler in attempt to sell a book idea to publishers.
This wouldn't have been a good comparison at the time it was written let alone now. Next time try googling a little harder perhaps you would have found this link: http://www.geocities.com/mailsoftware42/ [geocities.com] or heck google it for yourself here http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF -8&q=MTA+comparison&btnG=Google+Search
[google.com]
Re:Great software, bad hardware (Score:3, Informative)
Re:because it's an ugly, lumbering dinosaur (Score:5, Informative)
The hardest part is deciding which of your Sendmail optimizations are still necessary on Postfix.
Sendmail is mostly around because of inertia. It can also do a few sick things (like bridging SNMP and non-SNMP mail systems) that are not necessary for most sane people.
Re:Converting from sendmail? (Score:5, Informative)
I won't quote them here in case some of the steps have changed, but it's a very nice step by step list of what to do, what to type, and when to type it.
Postfix + TLS/SSL + SMTP-AUTH HOWTO (Score:5, Informative)
Postfix + TLS/SSL + SMTP-AUTH HOWTO [opencurve.org]
I wrote this howto a while back ago. It explains what is needed to be done in setting up a secure Postfix SMTP server with TLS/SSL and SMTP-AUTH. It isn't fully done (but the meat is there). I hope someone will find it useful.
Sunny Dubey
PS: no I have *not* submitted it to postfix.org, for it is not done, and its doesn't have all that I want in it. (Must add virus/spam scanning to it first)
Re:insight needed (Score:3, Informative)
I don't see any compelling reasons to migrate if everything is working fine in Qmail.
If you want a cookbook on how to set up Postfix and SpamAssassin and friends, there are several really good resources: Jeffrey Posluns [securitysage.com], Jim Seymour [linxnet.com], Meng Wong [mengwong.com] (old but still useful). Posluns' guide is probably where you should start first.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
You can freely redistribute the source and binaries compiled from clean source. And you can distribute patches to it.
However, the point is, the qmail maintainer is the only person who can release new versions of qmail. And hence it's not free software.
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with, and you'll either have to follow along or go that way, and that the qmail maintainer will just stop releasing new versions. With free software, if enough people use it, they will simply make a fork...but they can't do that with qmail. Technically they could grab a random version and keep building patches off that, but that becomes unmaintainable real fast.
In other words, qmail is basically 'freeware', not 'free software', although it does come in source form, and you have been granted the ability to modify it and even share the modifications. But not the end result.
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
When next you announce.. (Score:5, Informative)
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
And why the hell are you bouncing spam? Delete spam or reject spam, do not bounce spam.
It sounds like you don't know what you're doing, or have a really stupid setup.
And, BTW, if you're getting hammered because you're the backup MX, which spammers like to pound, it might make sense to set up a tertiary MX server that doesn't actually exist. Spammers will go after that, instead, and never hit you, as almost all spamming software is written by complete fucking morons. Whereas actual mail that failed to get your primary server will just your backup. (Or, failing to get your backup, they will then fail to get your tertiary and just queue the mail, and start back over when they retry.)
I, personally, set up a 'backup MX' record to point at one of my IPs that didn't actually run a mail server, and cut my daily spam attempts by 30%.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with
There is another theory which states that this has already happened.
and that the qmail maintainer will just stop releasing new versions
To quote the qmail web site [cr.yp.to]: The latest published qmail package is qmail-1.03.tar.gz, which was released in June 1998. So again, this may have happened already.
Re:because it's an ugly, lumbering dinosaur (Score:3, Informative)
On fedora: run 'system-switch-mail', pick postfix, hit okay, you're done.
Re:because it's an ugly, lumbering dinosaur (Score:2, Informative)
Postfix presents itself as sendmail; it just drops in as a direct replacement. From my Mandrake box:
% file `which sendmail`
% file
Re:Aaargghhh! (Score:4, Informative)
Interesting. After doing some more research, I think it's time for me to give the word "postfix" a bigger place in my heart.
Are you saying mathematicians really refer to the style of "2 3 +" as "suffix notation"?
No, I found this entry in the Oxford English Dictionary: "MATH. An inferior index written to the right of a symbol, a subscript".
Re:Aaargghhh! (Score:4, Informative)
OTOH.. (Score:2, Informative)
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
Or you can use Sendmail + Procmail for Maildir-style storage.
Re:Why does everyone alwasy gotta knock sendmail?? (Score:1, Informative)
Re:Sendmail upgrade? (Score:4, Informative)
Not a compelling reason to switch. (Score:3, Informative)
and you're there. On the other hand, you may have other reasons to change MTAs. I'm actually thinking of switching from qmail to courier since I already use courier for IMAP, so it just makes sense to use the courier MTA, too. Also, like you, I hate the oddball qmail license. I also hate the way qmail installs weird shit all over my system. Come to think of it, I don't even remember why I chose qmail other than the hate of sendmail.
Blah.
Re:insight needed (Score:3, Informative)
Some of the features you might like in Postfix over Qmail include SMTP AUTH, TLS/SSL support, nice content-filtering support, great spam blocking features (HELO checking, RHSbl support, DNSbl support, sender address checking, many others), and extensive database and LDAP support. The virtual domain support is full-featured, although very different to Qmail's in terms of implementation, and with something like Jamm your users can have full control of their domains and/or mailboxes via a web interface.
And yes, I know there are patches for Qmail to do most or all of the above. It's just easier to do with Postfix IMO.
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
Postfix is easy to configure. One of it's biggest advantages is that it uses many different type of maps for various purposes. Say I want to tell postfix what domains to relay mail for. I can have it lookup the domains in a traditional dbm/hash file or I can even specify an LDAP server to hit. In addition I can have it do the lookups in any order, dmn static entries first, then hit an old sendmail hash, then finally hit LDAP for my new point and click allocation system. This same mapping system is identical for almost all configuration parameters, aliases, virtual domains, virtual alias, maildir/mbox locations, valid recipients, valid senders, SMTP Auth users, etc., etc.
In addition I like postfix's rate control system. Postfix will notice when a foriegn mail system is under load (judged by its response times) and throttle back the rate and number of connections to it. This means that there is less of a chance that mail will be rejected with a temporary failure by the foreign server because it's too busy. It avoids the mail being moved from the active queue to the deferred queue imposing an hour or so delay until the next delivery attempt.
This also works for inbound mail. I can set rate limits so that if a foreign mail server tries to bomb me, postfix will notice this and throttle the connections. It does this by imposing mandatory delays in confirming the delivery to the foreign server. Again, the rates and thresholds are all configurable.
Postfix has some nice security features. For instance one feature is From: validation. All my users must log into postfix using SMTP Auth before sending mail. I have an LDAP map that specifies the allowable From: addresses the users are allowed to use. If the From: address doesn't match what's configured for the SMTP Auth user, the message is rejected. This keep users from spoofing other user's addresses in the From: header. In addition to validating the recipient domain, postfix can validate the recipient address before the message is accepted. Again, from any map type, including LDAP.
Postfix also has a sendmail compatibility layer. Meaning sendmail commands like 'sendmail' and 'mailq' typically work exactly like their sendmail counterparts.
As for performance and scalability, it's right up there with Qmail and sendmail. Performance on my particular servers will be less than on a plain Qmail or sendmail setup, but I also perform tons and tons more checks and validations on each message. Each message results in about 4 LDAP lookups and also gets piped through Amavis-new, Spamassassin, and ClamAV. The idea that postfix is for small to medium sized servers is a wash. It has a feature set that is above and beyond the rest and I'm quite impressed with it.
I used to be a die hard sendmail guy. But after going to postfix, I'll never go back.
My $.02 anyhow....
netqmail-1.05.tar.gz (Score:3, Informative)
'nuff said. Trolls, heh, ya gotta love 'em.
-russ
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
It's kludgey, broken, and something I wish I'd thought of earlier.
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
Why the hell are you sharing a mail queue? It's not like more than one server can send the message at a time, or receive it. And postfix supports NFS mailboxes just fine.
One server, one message? We're talking hundreds of thousands of messages per day spread out over dozens of individual mail systems. There are no local mailboxes -- this is strictly a relaying system.
I, personally, set up a 'backup MX' record to point at one of my IPs that didn't actually run a mail server, and cut my daily spam attempts by 30%.
And you probably dropped the reachability of legitimate mail too. I'm sure that works well in your little playground, but this is a real environment and we have SLA's to honor.
Excellent Postfix Setup Guide (Score:2, Informative)
The HOWTO is based on Gentoo, but the configuration principles can obviously be used on any machine.
Re:Grudgingly going back to Sendmail. (Score:2, Informative)
He's not only building relay servers that transfer mail between themselves, which there is absolutely no reason to do, (They should accept mail from X and forward to Y, not play hot potato with it. Having more than one server is fine, but they don't have anything to say to each other.) he's making them transfer mail between themselves using the mail queue instead of SMTP.
Which is rather akin to setting up a shuttle bus system between the airport and a hotel, realizing you need more than one bus to handle the load, and coming up with the 'solution' of running each bus halfway and transferring all the passengers at the midway point. Each bus driver only needs to be able to handle half the route, think of all the time and training he'll save!
With postfix, of course, he'd have to build a delivery station to offload the passengers to, but with sendmail, he apparently can transfer passengers directly from bus to bus! (Which, despite sendmail's shortcomings, I doubt was intentional.)
Re:Aaargghhh! (Score:4, Informative)
No, they refer to it as Reverse Polish Notation [wikipedia.org].
Re:this SMTP server vs Qmail and Sendmail (Score:3, Informative)
I would actually argue the opposite of parent - use Sendmail if it came preconfigured on your box, but otherwise if you're running a large server or hub, migrate over to Postfix if you want to wring every ounce possible outta your mailserver.
Re:because it's an ugly, lumbering dinosaur (Score:2, Informative)
system("/usr/bin/sendmail -m user@host.tld");
Is unchanged when migrating to postfix. The backend, however, has some extremely significant differences.
You weren't trolled, you just didn't understand his argument correctly.
Re:Grudgingly going back to Sendmail. (Score:2, Informative)
As for talking about deleting things out of the queue, that's just crazy. There are commands to do that, and they run just fine remotely. (Not that running around deleting mail from a delivery queue is a normal action in the first place, and I suspect you came up with that because you know what you're talking about is silly.)