Sendmail Replacements/Box size
Sean Bennett
I'm currently looking for a *unix sendmail replacement;
Can anyone give me their pros/cons/recommendations for MTAs
such as Postfix, Qmail, Exim, <other> ...with or without
Procmail??
In addition to the standard security/speed/configurability
criteria, I would like to be able to configure/control user
mailbox size from the MTA itself, as opposed to setting file
quotas via the OS. Can this be done with with any of the
MTAs currently available?
Regards;
Sean.
--
******************************************
Sean Bennett < se...@mail.nnet.ne.jp >
Nnet/Nakamura Shoji Co. Ltd.
N-Bldg. 2Flr.; 1-12-24 Minami Odouri,
Morioka City, Iwate,
Japan; 020-0874
Tel: +81 (0)19-629-2250
Fax: +81 (0)19-629-2234
PHS: 070-6133-1080
******************************************
Dave Sill
> Can anyone give me their pros/cons/recommendations for MTAs
> such as Postfix, Qmail, Exim, <other> ...with or without
> Procmail??
I'm currently running qmail, Postfix, and sendmail. I looked at exim a
while back but decided it didn't meet my needs. With that background,
here's my comparison of the three alternatives:
qmail Postfix exim
----- ------- ----
performance high high high
security high high medium/low
state mature young, beta (0) mature
sendmail-ish (1) low high high?
add'l features (2) high low low?
modularity high high low
license restrictive (3) revocable (4) open?
(0) Postfix is still labeled "beta" because it's in a state of
flux. New releases aren't always backward compatable and some
fairly major features aren't implemented yet. However, the code
that's there is solid, and many people are using it on production
systems now.
(1) This refers to the ease with which it can be dropped in to replace
sendmail on an existing system. qmail scores low in this category
because, by default, it does lots of things differently than
sendmail. For example, it delivers mail to a mailbox in the user's
home directory, not in a central mail spool directory. It also
uses .qmail files instead of .forward files. It's possible to
configure qmail to achieve the sendmail-ish behavior, but it
sometimes requires installing and configuring additional packages.
(2) This refers to capabilities not provided by sendmail. For example,
qmail allows users to manage their own namespace via extension
addresses of the form "username-extension", where different
extensions can be redirected to different mailboxes, addresses, or
filters via a hierarchy of .qmail* files. This is especially
useful for implementing user-managed virtual domains and mailing
lists.
(3) Modified qmail source code can't be redistributed, only virgin
source plus patch kits. Binaries can only be distributed if they
meet rigorous requirements.
(4) The license IBM provides Postfix under allows them to remove your
right to use or distribute Postfix at any time if they even think
it might have stepped on someone else's intellectual property
rights. This is clearly unacceptable to just about everyone, and
efforts are underway to get it fixed, but until then, it's hard to
justify spending a lot of effort learning or implementing Postfix
if it could suddenly be recalled.
Executive Summary: All three (qmail, Postfix, exim) are modern,
high-performance sendmail alternatives. Which you should choose
depends primarily upon how you rank security, maturity, and the ease
with which an existing sendmail installation can be replaced. All will
require learning how to configure a large, complex system since none
of them use sendmail.cf's.
> In addition to the standard security/speed/configurability
> criteria, I would like to be able to configure/control user
> mailbox size from the MTA itself, as opposed to setting file
> quotas via the OS. Can this be done with with any of the
> MTAs currently available?
I'm not sure exactly what you want to do. Since any of these MTA's
will allow one to have an unlimited number of mailboxes, I don't see
how anything short of the functional equivalent of OS filesystem
quotas will do the job. And if you have to do that, fs quotas are
probably the best way to go.
--
Dave Sill <MaxFr...@sws5.ctd.ornl.gov> <URL:http://web.infoave.net/~dsill>
Lockheed Martin Energy Research Oak Ridge National Lab Workstation Support
Take the qmail Challenge. See <URL:http://web.infoave.net/~dsill/qmail.html>
Hello Kittyhawk
Sean Bennett <se...@mail.nnet.ne.jp> wrote:
|Hi all;
|
|I'm currently looking for a *unix sendmail replacement;
|
|such as Postfix, Qmail, Exim, <other> ...with or without
|Procmail??
|
|criteria, I would like to be able to configure/control user
|mailbox size from the MTA itself, as opposed to setting file
|quotas via the OS. Can this be done with with any of the
|MTAs currently available?
We use smail here universally - it's policy that
whereever possible that smail is installed in place
of sendmail for configurability & security reasons.
The package contains a user-supplied patch which
performs the mailbox size control that you require.
--
,u, Bruce Becker Toronto, Ontario 1 416 699 1868
a \i\ Internet: b...@gts.org Uucp: ...!gts!bdb
`/o/-e carbon is finished as a molecule, we are on tuareg time now
_\ >_ - Sandy Bull
Erlend Midttun
| I'm currently running qmail, Postfix, and sendmail. I looked at exim a
| while back but decided it didn't meet my needs.
I am using Exim, and it surely covers mine :) My comments here apply only
to exim unless explicitly stated.
| qmail Postfix exim
| ----- ------- ----
| performance high high high
| security high high medium/low
Exim can run, and I would say should run as a non-priveleged user. If you
choose to configure it differently, I blame you rather than the mailer :)
I consider it at least medium on the security issue.
| state mature young, beta (0) mature
| sendmail-ish (1) low high high?
I would remove the "?". At least we use it as a drop in replacement, and
I can not recall any problems with that.
| add'l features (2) high low low?
You mention the "username-extension". Exim does this and the rest of
the stuff you mention with minimal configuring. Does that qualify as
a "high"?
| modularity high high low
I must admit I do not quite understand what you mean by "modularity"
here. Care to explain?
| license restrictive (3) revocable (4) open?
Exim is GPL.
| Executive Summary: All three (qmail, Postfix, exim) are modern,
| high-performance sendmail alternatives. Which you should choose
| depends primarily upon how you rank security, maturity, and the ease
| with which an existing sendmail installation can be replaced. All will
| require learning how to configure a large, complex system since none
| of them use sendmail.cf's.
I've found both Postfix and Exim to be very easy to set up and work with.
I also found them well documented, and at least Exim has a FAQ that covers
all I ever have gotten stuck on. I switched from using Smail, though, and
I think I benefited from that.
| Dave Sill <MaxFr...@sws5.ctd.ornl.gov> <URL:http://web.infoave.net/~dsill>
Erlend..
--
Erlend Midttun erle...@bofh.no
Network administrator at Funcom Oslo AS. Speaking by myself, for myself.
IRC: Golle http://www.tihlde.hist.no/~erlendbm/
Windows 2000: Yesterdays technology, tomorrow. Maybe.
Dave Sill
> | qmail Postfix exim
> | security high high medium/low
>
> Exim can run, and I would say should run as a non-priveleged user.
Presumably with a setuid root delivery agent?
> | add'l features (2) high low low?
>
> You mention the "username-extension". Exim does this and the rest of
> the stuff you mention with minimal configuring. Does that qualify as
> a "high"?
That was just one example, and I don't know if exim's extension
addressing is a powerful as qmail's. Can you do wildcarding, too?
E.g., the address user-foo-bar can be handled by whichever of the
following .qmail files is found first, if any:
.qmail-foo-bar
.qmail-foo-default
.qmail-default
> | modularity high high low
>
> I must admit I do not quite understand what you mean by "modularity"
> here. Care to explain?
Sure. Sendmail is monolithic: there's one sendmail binary that does
all functions: SMTP daemon, queue management, non-SMTP message
injection, message routing, header munging, etc. In qmail and Postfix,
each of these is done by a separate binary. Modularity allows one to
compartmentalize security and plug new modules between existing
modules to add additional functionality.
> Erlend Midttun erle...@bofh.no
Thanks for removing the ?'s.
--
Dave Sill <MaxFr...@sws5.ctd.ornl.gov> <URL:http://web.infoave.net/~dsill>
Cameron Laird
Dave Sill <MaxFr...@sws5.ctd.ornl.gov> wrote:
>Sean Bennett <se...@mail.nnet.ne.jp> writes:
>
>> Can anyone give me their pros/cons/recommendations for MTAs
>> such as Postfix, Qmail, Exim, <other> ...with or without
>> Procmail??
seen anyone else do so, I've started to collect
answers in <URL:http://
starbase.neosoft.com/~claird/comp.mail.misc/MTA_comparison.html>.
I invite review.
>
>I'm currently running qmail, Postfix, and sendmail. I looked at exim a
>here's my comparison of the three alternatives:
[lots of good points]
.
.
>(2) This refers to capabilities not provided by sendmail. For example,
> qmail allows users to manage their own namespace via extension
> addresses of the form "username-extension", where different
> extensions can be redirected to different mailboxes, addresses, or
> filters via a hierarchy of .qmail* files. This is especially
> useful for implementing user-managed virtual domains and mailing
> lists.
Bernstein appears to think of security as qmail's
principle distinction, this aliasing-mailing-list-
namespace-management stuff is the single aspect
of qmail that has swayed the most administrators
of my acquaintance.
.
.
.
>Executive Summary: All three (qmail, Postfix, exim) are modern,
>high-performance sendmail alternatives. Which you should choose
>depends primarily upon how you rank security, maturity, and the ease
>with which an existing sendmail installation can be replaced. All will
>require learning how to configure a large, complex system since none
>of them use sendmail.cf's.
of recent liberalization of its license.
Not using sendmail.cf should generally be considered
an advantage.
>
>> In addition to the standard security/speed/configurability
>> criteria, I would like to be able to configure/control user
>> mailbox size from the MTA itself, as opposed to setting file
>> quotas via the OS. Can this be done with with any of the
>> MTAs currently available?
>
>I'm not sure exactly what you want to do. Since any of these MTA's
>will allow one to have an unlimited number of mailboxes, I don't see
>how anything short of the functional equivalent of OS filesystem
>quotas will do the job. And if you have to do that, fs quotas are
>probably the best way to go.
.
.
.
I think he's saying something fairly straightforward,
like, "I want e-mail to user foo to bounce if his
spool is over a megabyte." I think smail does this.
It's not hard to customize qmail or Postfix to do so,
if you're comfortable changing source. I suspect
customization of this sort with Postfix will become
easier.
--
Cameron Laird http://starbase.neosoft.com/~claird/home.html
cla...@NeoSoft.com +1 281 996 8546 FAX
Hello Kittyhawk
|In article <36F0B788...@mail.nnet.ne.jp>,
|Sean Bennett <se...@mail.nnet.ne.jp> wrote:
||Hi all;
||
||I'm currently looking for a *unix sendmail replacement;
||
||such as Postfix, Qmail, Exim, <other> ...with or without
||Procmail??
||
||criteria, I would like to be able to configure/control user
||mailbox size from the MTA itself, as opposed to setting file
||quotas via the OS. Can this be done with with any of the
||MTAs currently available?
|
|
| whereever possible that smail is installed in place
| of sendmail for configurability & security reasons.
| The package contains a user-supplied patch which
| performs the mailbox size control that you require.
I forgot to mention the URL:
http://ftp.planix.com/pub/Smail
--
,u, Bruce Becker Toronto, Ontario 1 416 699 1868
a \i\ Internet: b...@gts.org Uucp: ...!gts!bdb
`/o/-e "712.62: Number of the Beast plus 7% sales tax."
_\ >_ - Donald McRonald
Erlend Midttun
| Presumably with a setuid root delivery agent?
Yes. I belive you could do mailbox delivery with group write permissions
as well. I use procmail, though, so I have never played with it.
| That was just one example, and I don't know if exim's extension
| addressing is a powerful as qmail's. Can you do wildcarding, too?
I would be very surprised if you can't, but I have never seen it done.
I would really recommend looking at the Exim FAQ at
<URL:http://www.exim.org/FAQ.html> for a lot more information about Exim
than I am capable of giving. There is a lot more useful information there
as well :)
| Sure. Sendmail is monolithic: there's one sendmail binary that does
| all functions:
In such a case it is monolithic.
| Thanks for removing the ?'s.
My pleasure. Actually.
| Dave Sill <MaxFr...@sws5.ctd.ornl.gov> <URL:http://web.infoave.net/~dsill>
Erlend..
--
Erlend Midttun erle...@bofh.no
Network administrator at Funcom Oslo AS. Speaking by myself, for myself.
IRC: Golle http://www.tihlde.hist.no/~erlendbm/
Java, the sendmail of WWW
Dave Sill
> >Sean Bennett <se...@mail.nnet.ne.jp> writes:
> >
> >> Can anyone give me their pros/cons/recommendations for MTAs
> >> such as Postfix, Qmail, Exim, <other> ...with or without
> >> Procmail??
> Doesn't this seem like a FAQ? As I haven't
> seen anyone else do so, I've started to collect
> answers in <URL:http://
> starbase.neosoft.com/~claird/comp.mail.misc/MTA_comparison.html>.
> I invite review.
Good idea, and it's a good start.
> >> In addition to the standard security/speed/configurability
> >> criteria, I would like to be able to configure/control user
> >> mailbox size from the MTA itself, as opposed to setting file
> >> quotas via the OS. Can this be done with with any of the
> >> MTAs currently available?
> >
> >I'm not sure exactly what you want to do. Since any of these MTA's
> >will allow one to have an unlimited number of mailboxes, I don't see
> >how anything short of the functional equivalent of OS filesystem
> >quotas will do the job. And if you have to do that, fs quotas are
> >probably the best way to go.
>
> I think he's saying something fairly straightforward,
> like, "I want e-mail to user foo to bounce if his
> spool is over a megabyte." I think smail does this.
> It's not hard to customize qmail or Postfix to do so,
> if you're comfortable changing source. I suspect
> customization of this sort with Postfix will become
> easier.
OK, take the simple case of sendmail+procmail. The user's main spool
file is /var/spool/mail/user, but in his .procmailrc, he redirects
mailing list mail to ~/Mail/spool/listname. How can sendmail--or any
MTA or add-on--enforce a mailbox quota that doesn't miss the personal
spool? You'd have to parse the .forward or equivalent, see that
procmail, deliver, whatever is being run, parse the .procmailrc file
to see where mail is being delivered, and add up the sizes of all the
mailboxes. That's not feasible.
If you're talking about an environment where users are resticted to a
single mailbox, then it's pretty easy: put a wrapper around the
delivery agent that checks the file size before invoking the real
delivery agent.
--
Dave Sill <MaxFr...@sws5.ctd.ornl.gov> <URL:http://web.infoave.net/~dsill>
Cameron Laird
Dave Sill <MaxFr...@sws5.ctd.ornl.gov> wrote:
.
.
.
>> It's not hard to customize qmail or Postfix to do so,
>> if you're comfortable changing source. I suspect
>> customization of this sort with Postfix will become
>> easier.
>
>OK, take the simple case of sendmail+procmail. The user's main spool
>file is /var/spool/mail/user, but in his .procmailrc, he redirects
>mailing list mail to ~/Mail/spool/listname. How can sendmail--or any
>MTA or add-on--enforce a mailbox quota that doesn't miss the personal
>spool? You'd have to parse the .forward or equivalent, see that
>procmail, deliver, whatever is being run, parse the .procmailrc file
>to see where mail is being delivered, and add up the sizes of all the
>mailboxes. That's not feasible.
>
>If you're talking about an environment where users are resticted to a
>single mailbox, then it's pretty easy: put a wrapper around the
>delivery agent that checks the file size before invoking the real
>delivery agent.
.
.
All true.
I can add that a quota on even the obvious spool might
be very useful. Yes, it could be circumvented, but it
can be useful just as a friendly reminder to users who
mean no harm. Security sometimes has a merely educa-
tional or communicative role, when it can't or doesn't
enforce.
Bennett Todd
>Thank goodness qmail does not use sendmail syntax.
To the best of my knowlege, no other MTA uses anything like sendmail.cf syntax
--- as is to be expected; the most effortless way to make an MTA vastly better
than sendmail is to ditch sendmail.cf:-).
Qmail tends to be table-driven, using the filesystem as its table structure,
for configuration; a lot of configuration abilities end up being
one-file-per-doodad in a directory heirarchy. This can be off-putting when you
first hit it, but boy is it nice for code integration with the rest of the
system!
Postfix uses text files for config; main.cf is a series of variable_name=value
settings, with nice detailed comments; master.cf is a table that defines a lot
of process-level parameters for the process manager; and it uses tables ---
maps, styled like the aliases map --- for a great many more exotic features;
the most recent hack (still experimental) is a regexp map, which is the first
cut at rewriting support.
It's been a few years since I've looked at an smail, but my recollection is
that it uses a text config file not unlike Postfix's main.cf, with of course
maps for aliases and any other table-driven features it might support. Is Exim
similar? I'd expect so, though I don't know.
Zmailer comes closest to having something like sendmail.cf, but its rewriting
rule engine uses a _way_ more readable production language. Otherwise its
configuration is quite reasonable.
-Bennett
sand...@home.com
b...@GTS.Net (Hello Kittyhawk) wrote:
> In article <36F0B788...@mail.nnet.ne.jp>,
> Sean Bennett <se...@mail.nnet.ne.jp> wrote:
> |Hi all;
> |
> |I'm currently looking for a *unix sendmail replacement;
> |
> |such as Postfix, Qmail, Exim, <other> ...with or without
> |Procmail??
> |
> |criteria, I would like to be able to configure/control user
> |mailbox size from the MTA itself, as opposed to setting file
> |quotas via the OS. Can this be done with with any of the
> |MTAs currently available?
>
> whereever possible that smail is installed in place
> of sendmail for configurability & security reasons.
> The package contains a user-supplied patch which
> performs the mailbox size control that you require.
>
> ,u, Bruce Becker Toronto, Ontario 1 416 699 1868
> a \i\ Internet: b...@gts.org Uucp: ...!gts!bdb
> _\ >_ - Sandy Bull
why is it being ascribed to me? -Sandy Bull
-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own