[rescue] Mail Server

[Wes Will]

At 07:18 PM 12/20/2004 -0500, you wrote:
>here, so I hope for good reasons.

Several very good reasons.

1. Sendmail is a nightmare to configure correctly and all-but-impossible to
debug said configuration due to the complexity of the rewrite rules.  That
said, if you still have some old, proprietary probably-mainframe-based
non-RFC mail system which you have to gateway into or out of, Sendmail
probably has a native capacity in the default config to handle it.  Use
that config file, and drop in the Postifx binary to do the actual work in
"Sendmail Replacement" mode.

2. Sendmail was wrotten before any of the cracker-kiddies had invented
themselves.  Security was not one of the original design goals, but has
been grafted on as an after-thought, trying to shoehorn some reasonable
facsimile of network security ungracefully onto the end product.  Postfix
was written after the hacker/cracker explosion, with security one of the
primary design goals.

3.  Postfix runs in smaller memory space and (tends to, in my experience)
spawns more quickly to meet rising load than a similar sendmail system.

4.  Exim and qmail are quite able programs, and Exim in particular is known
for dealing gracefully with very large loads by using some decent parallel
queueing strategies.  Both programs (and qmail especially) are difficult to
get set up.  It takes some getting used to to blithely put binaries in /var
.... In other words, getting either of these things to run will require
that you adjust your operating habits considerably to take advantage of
their security paradigms.

5.  Postfix can be a drop-in replacement for Sendmail, and if any of the
folks already in the organization have Sendmail experience it will help
them understand Postfix.  Leverage present knowledge.

6.  No matter how well code is written, a careless administrator can still
make it unsafe.  Postfix is a little harder to make unsafe by goofing up
the config file - no set-uid root binaries.  Exim is also very safe, if you
can get it running.  qmail is also quite securable (but I'll be dipped in
dookie if I can get it to run in a stable fashion for any length of time,
even after putting in all the special users and groups and spool files and
directories and weird permissions on twenty thousand different files, all
different, and moving things around - and we're back to to the binaries in
/var thing... I just don't -like- qmail.).

There are some reasons, not too rabid, for Postfix.  If you are needing
something in the small-to-medium-huge range, Postfix is your best bet.  If
you want to handle massively huge mail queues (tens of thousands of
messages per minute), go with Exim and pay close attention to the process
and thread limits sections of the config files.  And pray a lot.  (Keep a
good big flock of chickens to make dead and wave over the server.  (Any
MTA, not just Exim, under that sort of load needs dead chickens, and even
the occasional sheep or goat sacrifice.))

Sendmail will do if you have to do weird non-RFC things, but you're still
better off with Postfix in Sendmail-compatibility mode, from a security
standpoint.

>Also, Bill, do you have a writeup of your postfix/amavis/clamAV 
>installation, and maybe even a business case for it?

I have that message archived from the original posting if you want it.  I
found the description to be dead useful.  (Ping me off-list for forwarding.)

--
wes will