[linux-elitists] My Anti-Qmail Page
Sat Nov 5 11:50:41 PST 2005
On Saturday 2005-November-05 08:41, Shlomi Fish wrote:
> I set up an anti-qmail page:
I started one myself about a year ago, which was more a comparison of
qmail and Postfix in anti-spam capabilities. But I quit working on it
before it got to a point of being published.
My boss was (is?) a qmail zealot. I had learned a few tricks in Postfix
for curbing spam. I found that those tricks would not be easily done in
qmail, if at all. On that basis I recommended deploying Postfix. I was
overruled on a religious basis: "Dan said it, I believe it, we're
staying with qmail!"
I was given the job to find qmail patches to do the things I was doing
in Postfix. I declined. He tried to do it himself. 3 days later I was
asked to install Postfix.
> Comments, suggestions, corrections and flames are welcome.
I could nitpick a few things, but it's probably better to point out
qmail's biggest crime: backscatter spam. By deliberate design it will
accept all mail for its domains, doing no recipient validation in the
SMTP dialogue. Then if a user does not exist, a bounce is generated,
almost always spamming the mailbox of an innocent victim (forged
The backscatter problem is addressed by a few patches and drop-in
replacements for qmail-smtpd, but TTBOMK the most popular HOWTOs
available do not apply these patches.
You might want to elaborate on the free vs. proprietary software issue.
I think qmail is a vivid illustration of the superiority of free
licenses. Without Bernstein's restrictive license, someone else might
have picked up the abandoned project and added the missing features. It
possibly could have become a complete MTA.
My own pet peeve about qmail and other DJBware is the radical departure
from Unix norms. Putting everything in /var/qmail, ugh! A secure system
might have /var mounted noexec. And the logging for qmail is a poor
excuse; timestamps down to the nanosecond (yeah, right) and the
information you need isn't there. Syslog isn't perfect, but it's the
best we have.
Rob - /dev/rob0
More information about the linux-elitists