Re: Er.... for Sendmail users......

adam bultman wrote:
> Apart from a few spelling errors, I mostly agree.

I didn't really take the time to proof read my email, thanks for not
noticing :)

>
> I historically have disliked Cyrus simply because as of the last time I
> tested, it stored mail in randomly generated folder names - usually
> integers. So, in my reader I might have 'spam', but on the imap server
> it might be named '4'. That's kinda dumb. Maildir at least has the
> folder names similar.

That is not the case anymore. Folder names are what you expect and the
message ID is the name of the message file. In fact they even have
newer cooler features. Such as smmapd where you can lookup cyrus info
though a socket. Add a quick rule in sendmail to query this socket and
you have the ability to check quotas before sendmail goes to deliver the
message.

>
> One thing I must talk about, though: Sendmail is slow in general.
> Qmail will accept, handle, and deliver mail far faster than sendmail
> does because it is a number of small, discrete binaries. I ran a couple
> sendmail servers at my first job, a few qmail servers at my second job,
> and now I run sendmail servers at my current position. In terms of raw
> speed, no offense, but qmail is to the rocket as sendmail is to the
> rickshaw with square wheels. If I do get spammed hard, qmail will
> always handle it more intelligently than sendmail. Hands down.

This all depends on how you filter spam. If you are filtering during
the smtp transaction then the MTA is no longer the bottle-neck.
Performance is now dictated by spamassassin and the virus scanner. Most
qmail solutions get really slow when you add the filtering because they
call the spamassassin or clam binary which is WAY slower than their
respective daemons. I should also mention that qmail is faster because
of the total lack of features. Where are the greet pause, ldap, and
connection throttling features? What if you want to do something odd
like only allow SMTPAuth after startTLS? What if you want to omit
someone from rbls if they SMTPAuth? All of these things are simple in
sendmail.

It's like mysql and postgres. Mysql is blazingly fast at dumb select
and insert queries, however the second you want to do real complex stuff
postgres isn't so slow anymore because the transaction overhead is small
compared to the performance the query planner and procedures add.

>
> Qmail is an enormous pain in the ass to maintain; especially if you want
> to add functionality. "I want ldap now" means you have to completely
> recompile Qmail, if you want to add RBL, that's a recompile, etc. And
> recompiling is a pain, and isn't always foolproof. (But qmail has
> vmailmgr, which is swell)

Not only is it a pain, but how do you know that
qmail/patch1/patch2/patch3 is without a big security hole? Sure, all
three patches are individually tested and qmail is pretty tight by way
of omitting features, but the combined package is left to you to
test/verify.

>
> I'm working on a solution to my mail woes at work right now (sendmail
> with shared mailspools from a netapp) and I'm at the very least going to
> go with maildir or cyrus - probably cyrus now that Matt's made his case.
> (Converting from mbox to Cyrus, and implementing quotas on cyrus is a
> whole other ball of wax, o' course).

Been there done that.... It's a pain, but can be done. If your netapp
is nfs then you can't use cyrus since it isn't nfs safe. If you do
iscsi or something like that it should work fine. Do yourself a favor
and don't use bdb data files. Use skiplist format. You will also need
to snapshot the maildir to backup. It's more trouble but will save you
from rebuilding the database files from the messages after a restore.

>
> I'm tempted to use postfix, or qmail - and avoid sendmail because it is
> large and heavy, despite the configurability (I've made a few changes to
> our sendmail.cf file already, including adding the double bounce to bit
> bucket thing).

I've never used postfix, and qmail wasn't flexible enough for me (not to
mention the double bounce issues). I'm sure it's better now after you
patch it 6 times, but I'm not interested in maintaining that headache.

>
> When sendmail has a problem, if I want to tinker, I have to shut it
> down. If qmail is having a problem, I can stop the daemon (qmail-smtpd)
> so it doesn't accept messages while taking care of the queue
> (qmail-local, qmail-remote). I can tweak the number of incoming
> connections, outgoing connections, etc, and handle things a little more
> delicately and smoothly and not have outages.

iptables -A INPUT -p tcp --dport 25 -j DROP

>
> Plus (and this is my biggest thing) I don't have the sendmail "Oh, Crap,
> I don't know what to do so I'm deleting incoming mail" error. Qmail has
> the sense, when it's misconfigured, to either not start at all, or to
> save incoming mail to the queue so i don't lose messages.

I've not seen this. Sendmail tries very hard to deliver the message.
If the LDA is down it does queue it. I don't remember ever loosing mail
in sendmail, but I suppose it's possible if you have a real big config
issue.

>
> I'll let you know how I do - but if you have more stories, I'd love to
> hear them. I've got to make a decision and quickly, so I can start
> working. Only snag: I'm on solaris.
>
> Adam
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Aug 29 08:31:38 2006