[linux-elitists] MTA roundup
Mon Apr 29 11:48:03 PDT 2002
On Mon, Apr 29, 2002 at 10:19:52AM -0700, Don Marti wrote:
> begin Marc MERLIN quotation of Sun, Apr 28, 2002 at 05:37:58PM -0700:
> > Sendmail
> Most software that works with Un*x mail expects to see good old
> sendmail, so the admin burden of working with it is minimal.
> Exim and postfix provide accurate sendmail emulation, though.
Correct. Doesn't qmail provide a sendmail wrapper too?
(either way, I should add a few lines about that)
> milter.org has many recipes for filtering, virus and worm checking,
> and spam fighting.
Yep, I should add that link. Milters are cool, I'll give sendmail that.
Do yall know what qmail and postfix can do in that regard
(exim has some support with local_scan now)
> > Qmail
> > This wouldn't be a problem per se, since patches exist to support things
> > that Dan doesn't agree with and won't include in his source tree, but you
> > are not allowed, among other things to redistribute binaries of patched
> > qmail source.
> Plan to spend [ length of time ] downloading, compiling, configuring,
> and troubleshooting patches in order to make qmail interoperate
> with other software.
Yeah, a lot more can be said. I just didn't want to spend more time bashing
qmail than listing its features :-)
> > Postfix
> > Postfix has a sane configuration file, and is also known to be very fast.
> > For people who like the modular approach for MTAs, and people who like some
> > of the features of qmail, postfix should definitely be the MTA of choice.
> Even if you decide to use sendmail or Exim as your internal mailer,
> a stripped-down, featureless, secure Postfix gateway for mail
> entering or leaving your site is a good idea.
Not necessarily. I'm not a fan of outside MXes that say ok to any RCPT TO
you throw at it.
1) it makes SMTP callback half useless
2) you get stuck with the unbounceable mail. I believe more and more into
refusing mail at SMTP time. You can't even thrust the envelope from to
bounce back to nowadays.
For that matter, exim 4 has a really cool feature, called callout, where
your outside MX will try a NULL RCPT TO delivery to the receipient that the
sender is trying to reach, before saying ok to it.
This allows you to refuse mail for non existant users on secondary MXes
without them needing to have access to your alias file or user DB.
> Postfix's capability for content filtering is limited:
Thanks for the link, that's useful.
Yeah, I guess sendmail and exim win in that department, partly because their
monolithic design make it simple for them to validate and check anywhere in
the mail delivery process.
> > exim
> Marc Merlin runs exim. Game over, exim wins.
(while I don't know postfix as well as I'd like to, I do have respect for
it, I just think exim has more cool features)
> > Conclusion:
> > To anyone looking for an MTA today, I recommend postfix or exim. Exim is
> > my MTA of choice because of its configurability, but if postfix's
> > functionality is enough for you, and you like the security model, then
> > you should probably pick it.
> I would recommend postfix or exim. Postfix is my MTA of choice
> because of its simplicity and strict security policy where nothing
> runs as root that doesn't have to. But if you really need exim's
> features then you should probably pick it. Consider using exim
> or sendmail on your internal mail server and Postfix on your mail
> gateway to get the best of both.
So we agree on this. I'll rework the conclusion a bit (except for the fact
that exim can run as non root, and can be quite safe on your exposed mail
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger email@example.com for PGP key
More information about the linux-elitists