Re: Er.... for Sendmail users......

James Zuelow wrote:
> OK, you're saying Sendmail is better because you don't like Damien's particular setup.

Not at all, I'm saying sendmail is better because mbox/procmail:

1. Performs very poorly and consumes tons of memory when serving IMAP.
2. Filters after the SMTP session so it has to generate a new message
to the sender announcing the problem (such as over quota) instead of
just returning a 5XX error during the smtp conversation.
3. Doesn't scale well to thousands of large mailboxes.
4. Doesn't support odd configs like changing the behavior of the
filters based on whether the user authenticated to smtp.

When you add all of this up, I don't think think it's a good way to do
it. I should also note that I ran procmail/mbox for a long time in an
ISP setting, and now that I'm doing all of my filtering in milter and my
storage in cyrus it is WAY faster and also offers much better flexibility.

>
> This is rapidly degenerating into a religious war. :)

I don't see it this way, my (and Arthur's) comments have all be
technical reasons. I don't dislike qmail because it's fun, I dislike it
because it separates smtp from delivery causing it to always except the
message in smtp before it changes it's mind and generates a new bounce
message. This new bounce message, in my opinion, is every bit as evil
as spam. It wasts time and bandwidth, and most of the time is sent to
an illegitimate email address. The solution is to accept the message in
SMTP and write it to disk, or don't accept the message and return a 5XX
error. There are qmail patches to make it do this, but then your forced
to maintain your own heavily patched mail system.

>
> I use Postfix mainly because it has easy to understand config files, and it meets my needs. I do not run an ISP, so do not get into scalability issues. I do know that wikipedia claims that one of Postfix's features is it's ability to handle large amounts of e-mail. You may want to correct the entry if this is wrong. :)

I have never used postfix, but I'm told it now supports milter so it's
looking like a good setup. Postfix also supports cyrus so I bet postfix
would work just fine for what I'm doing. At this point I'm failure with
sendmail so I'll stick with it, but postfix does look like it could be a
sendmail replacement. Other MTA's that claim to be a sendmail
replacement that don't support ldap or milter are just kidding themselves.

> Recent versions of Postfix can use milters as well. Interestingly, the Postfix crowd claimed it was more efficient BEFORE they added milter support. Go figure.

All depends on what you are doing. Some of my filters reject the
message after the rcpt to: thus omitting spamassassin and clamav from
running. I assure you this is more efficient than calling
spamassassin/clamav on everything.

> Damien failed to mention reject_unauth_pipeline, smtpd_client_connection_count_limit, smtpd_client_connection_rate_limit (limits connections per anvil_rate_time_unit), smtpd_client_message_rate_limit (again, per anvil_rate_time_unit), a whole passel of reject_X options for smtpd_sender_restrictions and smtpd_recipient_restrictions, etc. etc. etc. Postfix is not unaware of what is happening during the SMTP transaction and has a variety of settings to control the transaction.

Those look like good features, I wonder if you can do them
conditionally. Can you force rate limiting on everybody that doesn't
authenticate, but allow authenticated users to do what they want? My
sendmail system treats users completely different once they authenticate
so I would need that feature to consider postfix.

> /etc/postfix should contain all of the relevant files - main.cf, master.cf, and your maps. Sometimes the alias file lives in /etc, but that is easy to change. Spamassassin, etc. should be in /etc/spamassassin, etc. Sometimes there are files in /etc/sysconfig or /etc/default (distro dependent). These directories are typically not very big - why would it be a problem to back them up? I do so all the time.

Windows is a pain to backup, not postfix.

> `postfix check` will tell you exactly which line is bad. So will `tail /var/log/mail.log` after Postfix refuses to start. Normally there are no syntax changes unless you are making a large upgrade (Postfix 1.x to 2.x for example). If you are upgrading from one release to another, you kind of expect changes like that are prepared for them.

No need to defend your MTA, I'm sure it's a good solution for you. I
just wanted to point out why m4 files and config is a good thing. Given
the size and complexity of the sendmail.cf file, the ability to
regenerate it from macros during upgrades is actually quite nice.

> I have seen Sendmail installs break after an upgrade (recently in fact), so the m4 configs are not always bulletproof.

It's not impossible, but I haven't seen it. My sendmail mc file hasn't
changed in the last 3 versions, but the cf sure has (after running m4.)

> I would go with the statement that one mailer is not globally better or worse than another - you can always find a particular situation where one might be preferable, but from where I sit SendMail/Postfix/QMail/Exim all seem to get the job done. Because I am more comfortable with Postfix, Postfix tends to be preferable in more situations for me.

I'll agree that one mailer is not globally better or worse, but there
are certain ways of processing mail that are globally worse. Accepting
the message in SMTP then rejecting it in the mail processing is a bad
way to handle email. It spams the Internet with double bounces, it's
less efficient, it burns bandwidth, and its a pain to manage. Because
there is no reasons why you would want this, MTA's that do this are
globally bad in my book.

>
> Cheers,
>
> James

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Aug 29 09:23:07 2006