[linux-elitists] MTA roundup

Marc MERLIN marc@merlins.org
Mon Apr 29 11:48:03 PDT 2002


On Mon, Apr 29, 2002 at 10:19:52AM -0700, Don Marti wrote:
> begin Marc MERLIN quotation of Sun, Apr 28, 2002 at 05:37:58PM -0700:
> 
> > Sendmail
> 
> Most software that works with Un*x mail expects to see good old
> sendmail, so the admin burden of working with it is minimal.
> Exim and postfix provide accurate sendmail emulation, though.
 
Correct. Doesn't qmail provide a sendmail wrapper too?
(either way, I should add a few lines about that)
 
> milter.org has many recipes for filtering, virus and worm checking,
> and spam fighting.

Yep, I should add that link. Milters are cool, I'll give sendmail that.
Do yall know what qmail and postfix can do in that regard
(exim has some support with local_scan now)

> > Qmail
> 
> > This wouldn't  be a problem  per se, since  patches exist to  support things
> > that Dan doesn't  agree with and won't  include in his source  tree, but you
> > are  not allowed,  among other  things to  redistribute binaries  of patched
> > qmail  source.
> 
> Plan to spend [ length of time ] downloading, compiling, configuring,
> and troubleshooting patches in order to make qmail interoperate
> with other software.
(...)

Yeah, a lot more can be said. I just didn't want to spend more time bashing
qmail than listing its features :-)
 
> > Postfix
> > Postfix has a sane configuration file, and is also known to be very fast.
> > For people who like the modular approach  for MTAs, and people who like some
> > of the features of qmail, postfix should definitely be the MTA of choice.
> 
> Even if you decide to use sendmail or Exim as your internal mailer,
> a stripped-down, featureless, secure Postfix gateway for mail
> entering or leaving your site is a good idea.
 
Not necessarily. I'm not a fan of outside MXes that say ok to any RCPT TO
you throw at it.
1) it makes SMTP callback half useless
2) you get stuck with the unbounceable mail. I believe more and more into
   refusing mail at SMTP time. You can't even thrust the envelope from to
   bounce back to nowadays.

For that  matter, exim 4  has a really  cool feature, called  callout, where
your outside MX will try a NULL  RCPT TO delivery to the receipient that the
sender is trying to reach, before saying ok to it.
This allows  you to  refuse mail  for non existant  users on  secondary MXes
without them needing to have access to your alias file or user DB.
 
> Postfix's capability for content filtering is limited:
> http://www.postfix.org/faq.html#scanning
 
Thanks for the link, that's useful.
Yeah, I guess sendmail and exim win in that department, partly because their
monolithic design make it simple for  them to validate and check anywhere in
the mail delivery process.
 
> > exim
> 
> Marc Merlin runs exim.  Game over, exim wins.

:-)))
(while I don't know postfix as well as I'd like to, I do have respect for
it, I just think exim has more cool features)

> > Conclusion:
> > To anyone looking for an MTA today, I recommend postfix or exim. Exim is
> > my  MTA of  choice  because  of its  configurability,  but if  postfix's
> > functionality is enough  for you, and you like the  security model, then
> > you should probably pick it.
> 
> I would recommend postfix or exim.  Postfix is my MTA of choice
> because of its simplicity and strict security policy where nothing
> runs as root that doesn't have to.  But if you really need exim's
> features then you should probably pick it.  Consider using exim
> or sendmail on your internal mail server and Postfix on your mail
> gateway to get the best of both.
 
So we agree on  this. I'll rework the conclusion a bit  (except for the fact
that exim can  run as non root, and  can be quite safe on  your exposed mail
relay)

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key



More information about the linux-elitists mailing list