[lug] mail server preference

Sean Reifschneider jafo at tummy.com
Fri Dec 8 16:15:47 MST 2006


On Fri, Dec 08, 2006 at 03:07:03PM -0700, dio2002 at indra.com wrote:
>sean, do you use sendmail or postfix over at tummy.. just curious?

As Ken says, we're using Postfix on the community system (which hosts this
list).  I think all of our other "tummy" systems are running Postfix as
well.  Our main mail infrastructure is all Postfix.

I'm an old sendmail person, because there was very little choice when I
started running mail servers.  It's ok, but I don't like it's security
architecture.  One of the few times I've had one of my boxes compromised
was via a slightly out of sendmail.  1996.

Sendmail is nice because even still it gets a lot of attention.  Things
like milter and domainkeys.  However, I don't like the architecture.  It's
design makes it hard to make secure.

In 1996, I ended up switching to qmail, which DID have a strong security
architecture.  I liked the pile of config files, which made it easy to
configure things like aliases (echo user at example.com >~alias/.qmail-root),
and other system values (echo mail.example.com >/var/qmail/config/me).  The
reason I abandoned it was that the author basically abandoned it.  The
current release of qmail is the same version I was running back in 1997.
Managing a mail server has changed a lot in the last decade, but qmail has
not.

The license of qmail means that even though there is a vibrant community
around it, but the licensing means that you have to pick up the source code
and then apply a lot of patches to get a fully-functional, modern mail
server.  The last qmail I had involved 25 packages just to get up to
something that was reasonable.  Now, those patches are made in isolation,
so when you start applying 30 of them, they start failing and requiring
you to fix the code.

I'd been watching Postfix since 1996.  Trying some of the very early
releases, playing with it periodically.  Around 3 years ago I got tired of
qmail not dealing with restricting incoming mail at an SMTP level to only
valid accounts.  Over a weekend, I switched us over from qmail to Postfix,
which would restrict at SMTP.

Postfix is extremely capable, able to wedge things into the architecture
for doing, for example, greylisting and SPF, it's really easy to write
an "external policy filter" for rich SMTP-time decisions, etc.  And postfix
gets regular updates and enhancements.

Sean
-- 
 Good idea: Slaves Girls of Gor
 Bad idea: Slave Girls of Al Gore.
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability




More information about the LUG mailing list