Postfix 2.1 Released 286
MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."
Aaargghhh! (Score:5, Interesting)
Yes, I know its an SMTP server, but sheesh, is it so hard to start it "After an extended period of polishing and testing, Postfix, the popular open source mail transfer agent, has reached version 2.1
Re:Aaargghhh! (Score:5, Funny)
*grin*
Re:Aaargghhh! (Score:5, Funny)
I agree postfix is ubiquitous, although prefix and infix have their merits as well!
BTM
Re:Aaargghhh! (Score:2)
I never understood why computer scientists often use the word "postfix", because this is a term invented by biologists (anatomy). Linguists and mathematicians say "suffix" instead. Those are fields of knowledge which should be much closer to computer science than biology. I mean, what does the average CS student know about anatomy? *g*
Re:Aaargghhh! (Score:4, Interesting)
I use both words, and I use them to mean different things. "Suffix" (in my idiolect) means "a bound morpheme attached to the end of a word"; "postfix" means "an unbound morpheme attached at the end of a word".
Are you saying mathematicians really refer to the style of "2 3 +" as "suffix notation"?
Re:Aaargghhh! (Score:4, Informative)
Interesting. After doing some more research, I think it's time for me to give the word "postfix" a bigger place in my heart.
Are you saying mathematicians really refer to the style of "2 3 +" as "suffix notation"?
No, I found this entry in the Oxford English Dictionary: "MATH. An inferior index written to the right of a symbol, a subscript".
Re:Aaargghhh! (Score:4, Informative)
No, they refer to it as Reverse Polish Notation [wikipedia.org].
Obligatory beowulf joke (Score:4, Funny)
Scedelandum in , in scandinavia.
Re:Aaargghhh! (Score:4, Informative)
this SMTP server vs Qmail and Sendmail (Score:3, Interesting)
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
Personally, I still use Sendmail everywhere, but Postfix is designed to be a fast, secure, easy-to-configure MTA. It would be my migration path of choice if I were ever having problems in any of those three areas.
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
Or you can use Sendmail + Procmail for Maildir-style storage.
parent is so wrong, it's not even funny (Score:5, Insightful)
It is not the MTA's (Mail Transfer Agent) job to put the mail on the filesystem, that's the MDA's (Mail Delivery Agent) job. Sendmail is a Mail Transfer Agent. Sendmail, for as long as I've known, as a pluggable MDA format, where you can put in any MDA you choose. You can easily build your own MDA for Sendmail. Not to mention if you use Milter.
This is rudimentary internet mail handling.
For example, I use Cyrus IMAP's MDA with sendmail; and thus sendmail simply hands the Cyrus MDA my mail once sendmail has figured the mail belongs on this server.
Thus in a way, Sendmail, Postix, and all other MTA are essentially routers.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
You can freely redistribute the source and binaries compiled from clean source. And you can distribute patches to it.
However, the point is, the qmail maintainer is the only person who can release new versions of qmail. And hence it's not free software.
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with, and you'll either have to follow along or go that way, and that the qmail maintainer will just stop releasing new versions. With free software, if enough people use it, they will simply make a fork...but they can't do that with qmail. Technically they could grab a random version and keep building patches off that, but that becomes unmaintainable real fast.
In other words, qmail is basically 'freeware', not 'free software', although it does come in source form, and you have been granted the ability to modify it and even share the modifications. But not the end result.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Informative)
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with
There is another theory which states that this has already happened.
and that the qmail maintainer will just stop releasing new versions
To quote the qmail web site [cr.yp.to]: The latest published qmail package is qmail-1.03.tar.gz, which was released in June 1998. So again, this may have happened already.
netqmail-1.05.tar.gz (Score:3, Informative)
'nuff said. Trolls, heh, ya gotta love 'em.
-russ
Re:this SMTP server vs Qmail and Sendmail (Score:4, Interesting)
To be fair..
Qmail is *very* well deigned and programmed. There's hasen't been a real need to issue a new package for a long time.
I still don't like the license - but it is damn fine software.
Re:this SMTP server vs Qmail and Sendmail (Score:4, Interesting)
It may be damn fine software, but its creator has decided that he doesn't like the existing init systems on linux/BSD and so has written his own. That right there took qmail out of consideration. I don't care if he is right or wrong, I have no intention of installing a second init system just so I can run his software. The creators of Postfix integrate beautifully with linux standards, Redhat even provides a well integrated postfix package (install the rpm's then run 'redhat-switch-mail'). Not to mention the awesome 'mailgraph' utility - http://people.ee.ethz.ch/~dws/software/mailgraph/ [ee.ethz.ch] for charting stats!
And best of all, its wicked fast. I can handle 100's of msg per minute on a 500Mhz box, which I learned the hard way that sendmail can't.
Re:this SMTP server vs Qmail and Sendmail (Score:4, Insightful)
I agree myself too. I *like* Qmail better than Postfix... but I realise that Postfix has a gurenteed future so that's what I run.
Re:OTOH.. (Score:5, Interesting)
I loved qmail, but all my systems run Postfix nowadays. SSL, SMTP AUTH, content filtering, too many features I needed and qmail doesn't have.
I just hope djbdns doesn't go the same way, cause I REALLY hate BIND.
Re:this SMTP server vs Qmail and Sendmail (Score:5, Insightful)
I wonder when people will stop repeating this rubbish. Qt has been GPL'd for years. It is also available under a commercial licence, but that has nothing to do with KDE, it's in case you want to develop a closed-source application with Qt. (And it seems to be an excellent business model.)
As for qmail, you're not allowed to distribute modified versions, and the rules on distributing binaries are rather stringent and almost impossible for distributors to follow. That makes it not quite "free software" (by FSF's definition) or "open source". (However, you're allowed to distribute patches, and even bundle patches with unmodified source in a tarball; you can download one such tarball, called netqmail, from http://www.qmail.org).
Re:this SMTP server vs Qmail and Sendmail (Score:4, Informative)
Postfix is easy to configure. One of it's biggest advantages is that it uses many different type of maps for various purposes. Say I want to tell postfix what domains to relay mail for. I can have it lookup the domains in a traditional dbm/hash file or I can even specify an LDAP server to hit. In addition I can have it do the lookups in any order, dmn static entries first, then hit an old sendmail hash, then finally hit LDAP for my new point and click allocation system. This same mapping system is identical for almost all configuration parameters, aliases, virtual domains, virtual alias, maildir/mbox locations, valid recipients, valid senders, SMTP Auth users, etc., etc.
In addition I like postfix's rate control system. Postfix will notice when a foriegn mail system is under load (judged by its response times) and throttle back the rate and number of connections to it. This means that there is less of a chance that mail will be rejected with a temporary failure by the foreign server because it's too busy. It avoids the mail being moved from the active queue to the deferred queue imposing an hour or so delay until the next delivery attempt.
This also works for inbound mail. I can set rate limits so that if a foreign mail server tries to bomb me, postfix will notice this and throttle the connections. It does this by imposing mandatory delays in confirming the delivery to the foreign server. Again, the rates and thresholds are all configurable.
Postfix has some nice security features. For instance one feature is From: validation. All my users must log into postfix using SMTP Auth before sending mail. I have an LDAP map that specifies the allowable From: addresses the users are allowed to use. If the From: address doesn't match what's configured for the SMTP Auth user, the message is rejected. This keep users from spoofing other user's addresses in the From: header. In addition to validating the recipient domain, postfix can validate the recipient address before the message is accepted. Again, from any map type, including LDAP.
Postfix also has a sendmail compatibility layer. Meaning sendmail commands like 'sendmail' and 'mailq' typically work exactly like their sendmail counterparts.
As for performance and scalability, it's right up there with Qmail and sendmail. Performance on my particular servers will be less than on a plain Qmail or sendmail setup, but I also perform tons and tons more checks and validations on each message. Each message results in about 4 LDAP lookups and also gets piped through Amavis-new, Spamassassin, and ClamAV. The idea that postfix is for small to medium sized servers is a wash. It has a feature set that is above and beyond the rest and I'm quite impressed with it.
I used to be a die hard sendmail guy. But after going to postfix, I'll never go back.
My $.02 anyhow....
Re:this SMTP server vs Qmail and Sendmail (Score:5, Interesting)
Simply put, Postfix is designed from the ground up with security in mind as well as the KISS philosophy of software design. Postfix has a bunch of little programs that all do one thing and do it very well, is realitively easy to chroot and even if you opt to not do that is still much more secure than Sendmail (esp its out of the box config). It's author Wietse Venema (sp?) was the same guy that wrote TCP Wrappers which is a stock part of almost every BSD/Linux distro today.
Postfix was engineered from the groupd up to be a Secure MTA and was able to take immediate advantage of all the lessons that had been learned by Sendmail w/o having to hang on to a legacy codebase.
Postfix is also extremely easy to configure, using straight non-cryptic ini style conf files and doesn't require a 1300 page manual to get the best out of it. Couple this with the fact that connecting it to a MySQL/Postgres/Oracle database for map lookups (forwarding, alias, transport, etc) and you've got this beast that scales very well for hosting environments (you can also used virtual passwd databases enabling you to create mailbox accounts that do not actually exist in the systems passwd db). When we deployed it at said hosting company, we were delivering close to a million messages a day and saw lookup times, delivery times, queue times, pretty much everything drop to about 1/4 of their levels w/Sendmail. Postfix is blazingly fast.
Postfix isn't for everyone tho. If you're only running a few domains and/or Sendmail came preconfigured on the box you're running it on then you're probably fine sticking w/Sendmail. We actually only used Postfix as a hub and used Sendmail on all our severs in a relay only mode. If you know Sendmail back and forth and can make it jump through flaming hoops I wouldn't necessarily advise switching to Postfix unless you're looking to wring more out of your MTA and want to do it relatively easily and securely.
Someone correct me if I'm wrong, but I don't think Postfix has even had any remote exploits (it doesn't run as root out of the box)?
Re:this SMTP server vs Qmail and Sendmail (Score:4, Insightful)
Re:this SMTP server vs Qmail and Sendmail (Score:3, Informative)
I would actually argue the opposite of parent - use Sendmail if it came preconfigured on your box, but otherwise if you're running a large server or hub, migrate over to Postfix if you want to wring every ounce possible outta your mailserver.
Re:Aaargghhh! (Score:3, Interesting)
On far too many Open Source projects, it's a real struggle to figure out what the durn thing is supposed to do. Go to the website, get a list of contributers, a changelog, and perhaps some press releases. Fire it up, click "help->about" and get a logo. Nothing says what it does.
WHAT THE BLEEP IS IT SUPPOSED TO DO?
Why does everyone alwasy gotta knock sendmail?? (Score:4, Interesting)
Re:Why does everyone alwasy gotta knock sendmail?? (Score:2, Insightful)
My preference is qmail, only because I haven't used postfix in a production environment yet.
Re:Why does everyone alwasy gotta knock sendmail?? (Score:2)
qmail is nice but it's not ubiquitous...for whatever reason sendmail still is - a correctly configured sendmail setup is still gonna meet the needs/requirements of most users.
Re:Why does everyone alwasy gotta knock sendmail?? (Score:2, Insightful)
Technology like everything else has a life span. Sendmails ended long ago, get over it.
Why all the MTA anti-sendmail holy wars? (Score:5, Insightful)
I can't quite understand the religous flame wars over MTA choice either. I mean, I can kind of understand the whole emacs vs. vi or gnome vs. KDE. But why fight over MTA's? It seems there is an awful lot of hatred for sendmail, and for no good reason whatsoever. It's just stupid.
I think a lot of it has to do with sendmail having such a long and rich history; anything which has existed for over a decade tends to get a lot of newbie disapproval. Also the configuration can be rather complex, and I think most people who flame about sendmail just don't want to 'fess up to being too dumb to understand it (with my asbestos suit on), and so resort to juvinile name calling.
Also you have to remember that probably 95% or more of the
And about the security-flaw reasoning. That's just an easy way for flammers to badmouth sendmail without really giving true reasons. Any software which has had such a long history and unbiquitous use as sendmail has a history of security flaws. For that matter Unix itself has had an absolutely abismal security record. And yes, someday Postfix will have it's own history to brag about too. But in all cases the flaws were quickly fixed, and the vast majority of flaws required a very specific configuration to even be a problem. Also many security problems result from improper installation; you can run sendmail in a very security setup if you want (just avoid all the FUD about sendmail). You can't compare Postfix and sendmail based solely upon their history of security, because sendmail's history is decades longer than Postfix's. And sendmail has processed perhaps a million trillion times as many email messages as has Postfix over it's lifetime.
Re:Why all the MTA anti-sendmail holy wars? (Score:5, Insightful)
Postfix has several security policies:
1) no process will ever _touch_ user data as root
2) all data is converted into fixed-length records for internal use
3) each program is small and does one task using the least privilege concept
There are others, but I can't think of them right now. Up until V8, sendmail had the monolithic, let's-run-everything-as-root concept. It's not that sendmail has flaws, it's that sendmail is so susceptible to flaws just by its design.
Again, I'm not aware of the improvements done in V9, as I had already switched to Postfix.
Re:Why all the MTA anti-sendmail holy wars? (Score:3, Interesting)
It uses capabilities, chroot jails, etc. It is nowdays very good about running with least priviledge, and only a very small kernel of code ever runs with root priviledge in a proper setup anyway. (or if at all if you OS supports capab
Re:Why all the MTA anti-sendmail holy wars? (Score:5, Insightful)
Incorrect. What Postfix does is BREAK UP a message into fixed-length pieces so that a buffer overflow CANNOT occur.
Buffer overflows are a problem when you ASSUME that a field is of X length but it's actually Y. Since Postfix breaks up lines into fixed-length quantities, it prevents lots of potential problems because there is no way that a line could overflow.
because it's an ugly, lumbering dinosaur (Score:5, Interesting)
I've been running sendmail 4ever - sure it's complicated as hell - and a bit of a resource hog at times..but it freaking works and is rock solid over more years of production use than any other MTA ever will be in our lifetimes.
On a Axil 320(110mhz, I think? I forget which sparc chip) running Solaris w/320MB of ram and one single SCSI drive, on a Mailman list with about 2,000 subscribers and 100 posts a day, we went from delivery times of an hour+(and load averages well over 4) to under 5 minutes(and load averages between .5 and 2).
Proponents of Sendmail will say "oh, it just needs to be tuned properly".
Nope, sorry. Proper software doesn't need tuning to do its job. Ever notice that the only proponents of the "it just needs someone who knows how to tune it" model are...well...the limited number of people who know how to tune it, and are fast finding themselves out of jobs?
Re:because it's an ugly, lumbering dinosaur (Score:3, Interesting)
Re:because it's an ugly, lumbering dinosaur (Score:5, Informative)
The hardest part is deciding which of your Sendmail optimizations are still necessary on Postfix.
Sendmail is mostly around because of inertia. It can also do a few sick things (like bridging SNMP and non-SNMP mail systems) that are not necessary for most sane people.
Re:because it's an ugly, lumbering dinosaur (Score:5, Funny)
If an SNMP-based mail system exists, I don't want to know about it.
Re:because it's an ugly, lumbering dinosaur (Score:3, Funny)
Re:because it's an ugly, lumbering dinosaur (Score:3, Informative)
On fedora: run 'system-switch-mail', pick postfix, hit okay, you're done.
Re:because it's an ugly, lumbering dinosaur (Score:2)
Yeah, I'm being sarcastic. Do you really believe what you wrote, or have I been trolled?
Re:because it's an ugly, lumbering dinosaur (Score:5, Insightful)
You may or may not be correct in this particular case, but as a general statement, that's just stupid.
Do you really mean that the exact same settings for a little desktop (high priority to input-related tasks, swap only when needed) would work well for a high-load server (high priority to compute-related tasks, swap agressively to make RAM quickly available)? There are a lot of settings on a modern system that just can't be inferred by the system itself. Stating the opposite like it's an obvious fact is ignorant, misleading, or both.
A real-world example: a Usenet spool and an MP3 repository may be the same size, but benefit hugely from tweaked bytes-per-inode or journal settings. In some cases, once the system is running, it's too late to easily change your mind (like bytes-per-inode). In other cases, you can switch at will, but not without unmounting the filesystem (ext3 journaling options). You, as the administrator, make those decisions. Either way, even if the computer were capable of recognizing that you'd made a bad decision, it's not in a position to correct them.
A real-world example: I tuned Sendmail to use delayed sending so that when a client blasted 20,000 copies of a newsletter (yes, opt-in), then it would wait for several minutes so that it could efficiently aggregate recipients by domain. In there situation, telling Sendmail to leave email in the queue for 10 minutes meant a 50% savings in bandwidth. How on earth would you expect a self-tuned MTA to ever make that discovery on its own?
Computers do some things well. Predicting the future usage patterns of their owners without mounds of previous input is not one of them. That's where manual tuning comes in, and why real system administrators still paid decently.
Re:because it's an ugly, lumbering dinosaur (Score:2)
For someone using Solaris, that's an odd statement to make. I can't tell you how much F'ing tuning I've had to do on Solaris to get it working properly on our dev systems. I finally got things to where they needed to be, but I've seen more than my share of the 'ndd' command.
Not that I think he's right about Sendmail. I've moved to Postfix and don't plan on looking back.
Re:Why does everyone alwasy gotta knock sendmail?? (Score:4, Insightful)
Re:Why does everyone alwasy gotta knock sendmail?? (Score:5, Interesting)
Cause Postfix was built for people who do not understand how to properly configure a mailserver.
Feeling a bit up on yourself are you? I've used all three and as a busy sysadmin I have to say I don't have time to screw around with with Sendmail security patches and overly complex setup or qmail's complete lack of flexability. I have a fairly complex Postfix setup that stores my users in Mysql, does spam and virus checking and handles about 40 domains. I set it all up in about half a day
As my head explodes.... (Score:5, Funny)
-m
Re:As my head explodes.... (Score:2)
Re:As my head explodes.... (Score:2, Funny)
I wonder if this technology would work for
versioning (Score:2)
i was under the impression that the standard methodology in the unix-ish/open source-ish world was that odd sub-versions (.1, .3, etc.) were for adding features and even sub-versions (.2, .4, etc.) were for stabilizing the code, bug fixes, etc.
am i incorrect or does the postfix project simply not follow this model? just curious.
Re:versioning (Score:4, Informative)
Re:versioning (Score:2, Funny)
Don't pick on them just because of the version numbers they coose, you insensitive clod...
Re:versioning (Score:2)
That is just Linux.
Re:versioning (Score:3, Funny)
Re:versioning (Score:2)
i do sometimes forget that /. has warped me. i apologize.
Linux Kernel (Score:2)
Re:Linux Kernel (Score:2)
I think some of the guys at Microsoft may have used this at some point, also. Odd numbered NT service packs were a nightmare.
In particular, NT4 SP5 was about as stable as Windows ME on a Cyrix chip...
Re:Linux Kernel (Score:2)
Re:Linux Kernel (Score:2, Funny)
Already Upgraded...works great. (Score:5, Informative)
Download
tar -zxvf
cd postfix-2.1.0
make
make upgrade
postfix stop
postfix start
No issues what so ever!
Even working correctly with TMDA whitelisting/blacklisting spam filter, which had been my one real concerns did anything happen that could screw up TMDA. NOPE! Runs fine.
Have to go ahead and look into setup and using some of the new features now I suppose.
missing step (Score:5, Insightful)
Nowhere did I see:
"-read the changelog notes to see if any of the numerous changes classified as "incompatible" affected me or my users".
Comparisons (Score:2, Informative)
Re:Comparisons (Score:5, Informative)
Yeah your comparisons link is seriously outdated (cicra 2001) and only compares mta descriptions. It is neither indepth nor does it touch on the features that existed at the time. With statements like "Add to this sendmail's renowned inefficiency" or "Postfix is quite flexible in its configuration file, but not to the extent of Exim" this document can't be anything more then a abstract draft written up for basic filler in attempt to sell a book idea to publishers.
This wouldn't have been a good comparison at the time it was written let alone now. Next time try googling a little harder perhaps you would have found this link: http://www.geocities.com/mailsoftware42/ [geocities.com] or heck google it for yourself here http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF -8&q=MTA+comparison&btnG=Google+Search
[google.com]
Postfix performs quite well (Score:5, Interesting)
Re:Great software, bad hardware (Score:3, Informative)
Re:Great software, bad hardware (Score:3, Interesting)
Shift some services to it, network monitoring, security scans. Stuff you can easily run somewhere else if it dies but it's handy not to. Or donate it to a charity that wants it. MP3 server, CD jukebox server. Write something spiffy to act as a voicemail system...
Re:Great software, bad hardware (Score:3, Interesting)
Re:Great software, bad hardware (Score:3, Interesting)
to update or not to update? (Score:2, Interesting)
I've been running Postfix for 8 months now, and I much, much prefer it to my life of running Sendmail for the previous 2 years. Anyway, I've been running Postfix, it has worked perfectly for me, and my 8 other mail users, and I have kept up to date on all/any security patches. Is there any compelling reason for me to upgrade? If the newer one is faster, more effiecent, that's great, but for a small server like mine I'm not sure if I'm even going to notice.
Anyone with helpful advice
Re:to update or not to update? (Score:5, Funny)
Converting from sendmail? (Score:3, Interesting)
> from Sendmail (just _had_ to get that in
> there
So is there any documentation describing a good way to convert from sendmail? Like, how the directives in sendmail map to directives in postfix?
mr
Re:Converting from sendmail? (Score:5, Informative)
I won't quote them here in case some of the steps have changed, but it's a very nice step by step list of what to do, what to type, and when to type it.
Postfix Heaven (Score:5, Informative)
I know this sounds like a commercial, but it's hard not to sound that way when everything just kind've worked the first time. I now have authenticated, encrypted SMTP and POP and my users are, literally, thanking me. My experience has been that using Postfix was an easy way for me to look good.
Here's a Postfix SASL HOWTO [porcupine.org] which came in handy, but there are a lot of resources on the Web, especially at the Postfix [postfix.org] site.
insight needed (Score:2, Interesting)
Re:insight needed (Score:3, Informative)
I don't see any compelling reasons to migrate if everything is working fine in Qmail.
If you want a cookbook on how to set up Postfix and SpamAssassin and friends, there are several really good resources: Jeffrey Posluns [securitysage.com], Jim Seymour [linxnet.com], Meng Wong [mengwong.com] (old but still useful). Posluns' guide is probably where you should start first.
Not a compelling reason to switch. (Score:3, Informative)
and you're there. On the other hand, you may have other reasons to change MTAs. I'm actually thinking of switching from qmail to courier since I already use courier for IMAP, so it just makes sense to use the courier MTA, too. Also, like you, I hate the oddball qmail license. I also hate the way qmail
Re:insight needed (Score:3, Informative)
Some of the features you might like in Postfix over Qmail include SMTP AUTH, TLS/SSL support, nice content-filtering support, great spam blocking features (HELO checking, RHSbl support, DNSbl support, sender address checking, many others), and extensive database and LDAP support. The virtual domain support
SASL, spam, viruses (Score:2, Insightful)
And it looks like content filtering (spam & virus filters) has been improved with version 2.1
Developers?? (Score:3, Insightful)
Real-time filtering (Score:5, Informative)
Sendmail upgrade? (Score:5, Informative)
If you're using Postfix and have been waiting for any of these "new features", go ahead and try Exim.
Exim home page [exim.org]
Re:Sendmail upgrade? (Score:4, Informative)
Re:Sendmail upgrade? (Score:3, Insightful)
I wrote a Perl-based whitelist program [outshine.com]. My biggest problem in the Exim vs. Postfix wars is that Exim (at the time I wrote the whitelist app) doesn't offer all the status codes that Postfix does. So my ability to bounce email with informative messages is limited in Exim. Postfix, no problem. But since you seem to know all about Exim's features, what can you tell me about the last 18 mon
SMTP time scanning, finally. (Score:5, Informative)
About time. I've been doing this with Exim [exim.org] and Exiscan [duncanthrax.net] for almost 2 years now. It's nice to see other MTA's begin to incorporate this functionality. Now, if everyone upgrades and takes advantage of this wonderful feature, maybe the number of false NDR's I receive due to forged senders will start to go down...
The Doc (Score:5, Informative)
I do miss however the "big pictures" yellow + blue graphs that seduced me into trying out postfix long time ago. Now we're stuck with pityful text-only rendering [porcupine.org]
Still great, after all those years, postfix is my MTA of choice: ease of use, power and security.
Postfix + TLS/SSL + SMTP-AUTH HOWTO (Score:5, Informative)
Postfix + TLS/SSL + SMTP-AUTH HOWTO [opencurve.org]
I wrote this howto a while back ago. It explains what is needed to be done in setting up a secure Postfix SMTP server with TLS/SSL and SMTP-AUTH. It isn't fully done (but the meat is there). I hope someone will find it useful.
Sunny Dubey
PS: no I have *not* submitted it to postfix.org, for it is not done, and its doesn't have all that I want in it. (Must add virus/spam scanning to it first)
Grudgingly going back to Sendmail. (Score:5, Interesting)
Unfortunately, with all the extra mail traffic now due to MORE spam, MORE viruses, and all the bounces generated by the above, we have to expand again. And we have to go back to Sendmail because of one particular feature: you can have multiple Sendmail instances sharing an NFS-mounted queue. Since the new system is multiple Sparc boxes in a load-balanced cluster, we have to go back to Sendmail because Postfix doesn't support this.
Re:Grudgingly going back to Sendmail. (Score:2)
I feel dirty just hearing about it,
Alex
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
And why the hell are you bouncing spam? Delete spam or reject spam, do not bounce spam.
It sounds like you don't know what you're doing, or have a really stupid setup.
And, BTW, if you're getting hammered because you're the backup MX, which spammers like to pound, it might make sense to set up a tertiary MX server that doesn't actually exi
Re:Grudgingly going back to Sendmail. (Score:4, Insightful)
Too bad the rest of us aren't experienced mail administrators like you are.
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
Why the hell are you sharing a mail queue? It's not like more than one server can send the message at a time, or receive it. And postfix supports NFS mailboxes just fine.
One server, one message? We're talking hundreds of thousands of messages per day spread out over dozens of individual mail systems. There are no local mailboxes -- this is strictly a relaying system.
I, personally, set up a 'backup MX' record to point at one of my IPs that didn't actually run a ma
Bogus backup MX servers (Score:4, Interesting)
Actually, using an unreachable backup MX is an excellent idea and shouldn't affect legitimate email at all. Real mail servers (i.e., servers running software like sendmail, postfix, exim, etc.) will try to deliver a message to each MX server, from high priority to low priority, until they find one that is accessible. So if he sets up a bogus MX server at the lowest priority, all of his other MX servers will still be attempted (and if they're all down for some reason, he's screwed anyway). However, spammers often use custom mass-mailing software that isn't smart enough to try all MX servers. In fact, their software seems to specifically target the lowest priority MX servers, probably because they think these servers will be less likely to inspect and reject the message at SMTP time. So if your lowest priority MX server is bogus and doesn't really exist, spammer software might not be smart enough to actually try the other MX servers; it will give up and move on to the next victim.
So using this technique shouldn't affect legitimate email, but it stands a good chance of cutting down on some spam. I'm glad he posted it.
Re:Grudgingly going back to Sendmail. (Score:3, Informative)
It's kludgey, broken, and something I wish I'd thought of earlier.
Re:Grudgingly going back to Sendmail. (Score:4, Insightful)
Postfix's new policy server API (Score:5, Interesting)
The new policy server interface is a simple sockets-based API for getting a chance to participate in the SMTP conversation as it is happening. The basic idea is:
- tell your Postfix config file (main.cf) that you've written a "policy server" that listens on a particular Unix socket or TCP address/port.
You can have the policy server get "called" at any of the points in the SMTP conversation where Postfix may make a decision about how to dispose of the message (HELO, RCPT, etc.).
- write your policy server. It listens for connections, and each connection sends you one or more requests. Each request contains a small set of information about the mail message being transmitted (client name/address, HELO text, etc.) Your server responds with one of a broad set of actions that Postfix supports (reject, accept, defer, perform other custom checks, etc.).
- The protocol for talking to your server is a simple text-based protocol with newlines, much like the form of HTTP. I coded an initial policy server in good ol' C in about an hour.
In particular, this new API is a great place to implement greylisting. Your server can maintain its database of whitelisted and greylisted from/to/IP triplets all on its own and just respond to Postfix requests. And, once you've coded up your policy server, you don't have to revise it with every Postfix patch that comes down the pike. As long as the API remains backwardly compatible, your policy server code should survive any Postfix upgrades.Kudos to the new policy server API!
Like sendmail's milter? (Score:4, Interesting)
Of course I'm one of those very happy sendmail administrators (we do exist), and I have a relatively complex setup handling hundreds of thousands of messages per day, with very complex routing, etc. But perhaps Postfix is finally serious about providing an alternative (of course I also need TLS and IPv6 built-in like sendmail's had forever).
When next you announce.. (Score:5, Informative)
Nice that MacOS X now uses Postfix (Score:5, Interesting)
(I had been rooting for exim, which is also a great package, but Postfix seems to be a good alternative. Maybe they should also include exim on XServe's?)
Re:Next time... (Score:5, Funny)
Many of us are happy with Sendmail
.. as are the kiddies that've r00ted your mail server.
Re:Qmail (Score:2)
Additionally, a group of qmail hackers have put together netqmail-1.05 [qmail.org], a patchset which addresses this and other issues.