Slashdot Mirror
Sendmail 8.10.0 Released
Eric Allman, who is one of the primary people behind Sendmail, wrote to let us know that Sendmail 8.10.0 was released. The code itself can be found at
sendmail.org or from
their FTP sever.
A complete list of changes in sendmail 8.10.0 is available
on sendmail.net.
typical qmail FUD. it's never a rational technical discussion from the qmail guys. just a bunch of "sendmail sucks" and "i am sick of sendmail" pages at qmail.org dated 1996 (check the page info in netscape). calling something "modern" isn't helping open source get better. it's marketing/sales crap. tell you what. go look at new sendmail feature details at sendmail.net, and the bug tracking at sendmail.org (i suppose qmail has no bugs is why they have to list 1997 sendmail bugs on their site instead?), then come back and explain to me something how qmail is more "modern" in a way that will help me. i'll actually read it. sendmail 8.10 took a long time, but it finally has the features i need, like rfc 2034 and rfc 2505. that makes it the most "modern" to me. saying something is "modern" because it was invented later is bad bad bad thinking. i'll bet you wear shiny pants and listen to n'sync because they're "modern" too.
We are using it on a list server and deliver about 20 million emails per month using qmail/ezmlm. Our current setup handles up to 50 remote connections per second, so theoretically we could deliver abour 4M emails/day (or 120M/month, for the non-math people).
There are many people who work on sendmail. Greg Shapiro and Claus Aßmann are probably the primary contributors. You should check out the RELEASE_NOTES which lists some contributions and who provided them.
Hehe. When you expand the special character, it's Claus *Assman*. Hehe.
I found virtusertable to be as easy to use as qmail. Sendmail is a swiss army knife, so it's natural to separate "i accept mail for somedomain" from "i accept mail for user@somedomain". If there is one thing that sendmail support for virtual hosts does badly, it's that it assumes local users accept mail for any domain. And as anyone running large sites would know, having
I set up qmail and checked it out, and while I appreciate its security and simplified configuration, I'm sticking with sendmail for now. Qmail wasn't THAT much easier for the novice user, compared to m4 configuration.
Additionally, to get the features I need in qmail, I have to apply a bunch of patches that may or may not stay synchronized with source. Something about the license for that thing and the fact that more useful patches don't get folded in as configuration options, but are left separate, worries me that Mr. Q will take his marbles and go home some day. The fact that the patches for all kinds of useful stuff remain separate undermines the argument that qmail is more secure; it's harder to evaluate the security that way, and smells like an excuse to discount security problems should they arise.
I'll take RFC standards and one single scrutinized source tree any day. I'd still consider qmail if I were doing a really large, brutal mailfarm or something for its security model and maildir. I've noticed qmail in Received: headers I get from luser@yahoo.com, so I guess someone with experience in volume has had the same idea...
The server still works - sorta - but I have a terrible hunch I've gone and done it all wrong as usual.
Will postfix or qmail allow me to configure what I want (for example a@b.com -> c@d.com, everybodyelse@b.com -> e@f.com) without any black magic?
qmail has had this functionality for years. No, not in the default installation, but it's readily available. Here's hoping you don't get owned any time soon.
I initally installed postfix to obtain SSL support. It took me about 25minutes from make to recieveing mail, complete with RBL,RSS,RUL and virtual domains. Simply awesome.
It's fast, has a more securable design (chroot support), is very featurful, and it's easy to configure.
Sure, it might not be as easy as sendmail to make it turn Microsoft in the body of all messages to Micro$oft, but it make commonly needed features trivial.
We're now running it on 24 mail servers and have no regrets.
Someone moderate this up. While it does present a point of view, it does so with facts, which are *always* welcome, especially since qmail/sendmail seems to be developing into another recurrent holy flame war...
I had 10,000 users on a Pentium/150 years ago.
Earthlink uses Sendmail with 4 million people (it's a customized setup, but that's large).
Do you fit somewhere between? Well so do THOUSANDS of other sendmail users.
Lists? Sendmail delivers what you give it. Very Unix toolkit philosophy. Pass the list through a tool that sorts by MX records and passes to sendmail, then you get that. Sendmail is enough without being a list manager (and no, :include: is not very robust, but it's intended to be BASIC and was come up with for lists of 20 people).
So your statement is not:
Sendmail does not scale to 10,000 users;
it's I am not smart enough to configure sendmail to work for 10,000 users.
Just be clear
Nay, you people ought to learn to take care about your own problems first.
No sorry, no points either.
or note that it's been in beta for 5-6 months sussing out those features.
Since Sendmail went semi-commercial, it would seem that qmail has gotten the upper hand as far as features were concerned. Will sendmail ever have a decent facility to handle virtual domains?
Oh, how I would love to be able to get qmail installed. However, I have to steal the time to read /. let alone RTFM to install and maintain a complex application. :(
After reading teh qmail site, I REALLY would like to run that rather than sendmail: I don't have to fsck with the black magic of the sendmail.cf file under qmail!
You're right. Ok, sendmail is an important package, but this is a minor release.
It doesn't scale very well for 10,000 users, either. We've had tons of problems with sendmail's braindead method of processing it's queue. Multiple queue processors is only a small improvement, and something you could already do with sendmail. Qmail does a MUCH better job. And for relaying/mailing list delivery, zmailer is the best. It runs tons of concurrent delivery threads, and sorts by destination MX server.
It was a bad design at the start. The fixes were just kludges on kludges.
Configuration is a joke.
It is FAR worse than Apache's mod_rewrite. mod_rewrite makes sense if you know regexps - which are used almost everywhere else - perl, tcl, grep etc. sendmail.cf? hahaha.
M4? Maybe I should have looked deeper, but in the end I found it easier to just hack sendmail.cf to do what I wanted.
I'm not saying qmail is the best, but next to sendmail, qmail is great.
qmail is only version 1.03 and so far no major probs. Most features can be added by just dropping your own stuff between the qmail modular services. Sendmail was like 8.7, 8.8, 8.9 and now 8.10. Security problems all the way.
I've got better things to do than to patch my mailservers for security and stupid problems every 3-6 months. If you wanted to do all that you maybe you should shift to Microsoft, it may suit your personality better.
qmail is a bit rigid for certain things - it's like one of those well built european designed sport cars. Great performance, maybe a tad uncomfortable at first due to the firm ride. Only need a little routine maintenance now and then.
Whereas sendmail is one of those old gas guzzling cars (edsel?), wallowing around. If you're unlucky it'll tip over and flatten you. M4 is just sticking an autocruise and a half decent auto transmission on it. It still sucks underneath and will continue to suck. Every 5000 miles something falls out and needs to be replaced.
So what if qmail has no autocruise or auto transmission. I don't mind stick shifting good cars. VROOOM!
Two kids who were talking about Paul McCartney. One of them turns to the other and says "Did you know that Paul McCartney was in another band before Wings". :-)
Sendmail is a piece of crap.
Okay, now that that is out of the way, here are the links to modern mail servers-
Postfix
Qmail
- A sysadmin stuck with sendmail
For the same reason that Unix and C and X-Windows and MS-Windows are popular. Because worse is better.
Its is only 2 seconds work to create a flame war between any two or more rivals. In this case, Sendmail, Qmail and Postfix could be argued about for years. My experience is with qmail, and I have found that with the goods available at inter7.com, there is no easier way to manage mail for a couple of 1000 users and a 1000 domains. Just my thoughts.
Good to see that /. is back on track notifying us of software releases that we'd _never_ have noticed otherwise.
-----
sendmail also implements several kinds of authentication mechanisms. (Kerberos, MD5, etc.) and does it according to the standard.
Get a fucking clue.
I havn't come across a feature of sendmail that someone would use today, that postfix doesn't have.
Take a look at it.
Cheers //Johan
I agree. Even with the m4 macros, it's just plain stupidly designed.
Why doesn't someone rip out the configuration part of sendmail, and replace it with something apache-style? It can't be that difficult.
The innards of apache's "httpd.conf" file have got to be at least 80% as intimidating as the innards of "sendmail.cf". If you want an easy GUI configurator front end, then pay for the commercial version of Sendmail, it's only $99 right now.
Here's something to put security holes in perspective.
qmail has a patch for SMTP AUTH since a while back. Check out http://www.qmail.org/
I know this is highly subjective, but what is, in your opinion, the best MTA?
I've been using exim, the default MTA that comes with Debian, and have been pretty happy with it. I also installed it on my Mandrake box cause I just couldn't figure out how to configure sendmail and I had no intention of spending lots of time on it.
I heard a few nice things about Postfix. Besides that there is smail, qmail, vmail, and whatever-mail. Does anybody have any experience with them?
___
___
If you think big enough, you'll never have to do it.
Some of your points above saying that 'qmail assumes' are simply what you assume that qmail assumes.
qmail does not assume that all users have entries in the passwd file, nor does it assumes all users have different UIDs, not in fact does it assume that each user has a home directory.
Just take a look at what vpopmail does to simply provide hints to qmail as to how to handle mail. All the stuff vpopmail does is easy to do manually, and all is easily understood from the available documentation. In fact, before I knew about vpopmail, I created a utility that did basically the exact same function in an hour or two.
Your other two points are true, although maybe not valid, and they're specific assumptions made by the code. You personally may think that a shared queue with multiple queue runners is the only way to work, but I would like to know whether you tried it qmail's way before deciding that was the way to do it. Admittedly, perhaps qmail isn't flexible in that area, but then again, perhaps qmail does it for a reason. djb is well-known for restricting people from shooting themselves in the foot, even if they might want to aim in the general direction of their foot, and are sure they won't hit it.
That said, I currently have no preference in MTAs between exim, postfix, and qmail, since they all seem to be very good products. I haven't had the time and inclination both at the same time to learn sendmail yet, but I'm sure I'll give it appropriate time before making any judgement.
Hm, I apologize if we're talking apples and oranges- but can't you edit your /etc/aliases file and run 'newaliases' to redirect mail to user@blah to any particular file?
HOWTO get better dates on slashdot
We were trying to make a scalable, reliable, efficient and nearly fault-tolerant mail platform based on a strategy of cheap servers clustered around more expensive (but stable) NetApp filers. The inspiration for this architecture came from the following excellent Earthlink papers:
- A Scalable News Architecture on a Single Spool
- A Highly Scalable Electronic Mail Service Using Open Systems
We wanted to use Maildir format to avoid NFS locking issues on the shared mail spool. (The locking problems seemed to be the main trouble that Earthlink had, using Unix mailbox format.) At the insistence of a new hire, we tried using qmail instead of sendmail as the MTA. (My preference was sendmail, since I know it well; qmail was interesting but an unknown quantity, and we were under a tight deadline.)Unfortunately, in our attempts to move to the intended server architecture, we ran into a number of assumptions in qmail which are hardcoded and scattered through the "modular" qmail code:
- qmail assumes that all users have an entry in
/etc/passwd (we needed user information to come from a database, not /etc/passwd) - qmail assumes that each user has a home directory which contains a ".qmail" file to control delivery (we wanted all users to be in Maildir format, and we wanted forwarding information to come from the same database, not from a ".qmail" file)
- qmail assumes each user has a unique UID number (calls getpwuid())
- qmail assumes its queue directory is local and plays games with the inode numbers (we wanted to experiment with an NFS-mounted queue for fault-tolerance, although the performance tradeoff may have proven unacceptable)
- qmail assumes there is only one queue runner, so of course no locking is done on the queue (we wanted to experiment with a shared queue so multiple servers could drain a single queue in parallel and distribute load better)
After fighting with qmail for several weeks, we ended up tossing all that work and starting over with sendmail when the new hire abruptly quit the company. In three days, we had most of the code written and working in sendmail that we fought with qmail for weeks trying to get it to do what we wanted.In my experience, the core qmail code is nearly incomprehensible, totally unmaintainable, and the much tauted "security" seems to be mostly through obscurity. The code is filled with idioms unique to qmail, and riddled with cross-dependencies between the ridiculous number of separate source files (many of which are one line long). While it may be easy to extend in certain ways envisioned by the author, modifying the core code can be a nightmare.
Sendmail, on the other hand, is very clean. The code is well-modularized with clear interfaces. (I added a new map type to the sendmail source easily, in less than a day with very few lines of the original source modified.) The MDA functions are clearly separated from MTA functions, and the MTA doesn't make unwarranted assumptions. (It often doesn't even make warranted assumptions, but that's a different topic of discussion.) Making a Maildir version of "mail.local" was a breeze. Even modifying the arcane "sendmail.cf" file wasn't nearly as as hard as trying to work with the qmail source code!
In summary, qmail has a niche it fills well -- small, simple user communities on a single server. If you have more than about 5,000 users, you may start finding that the single server no longer can handle the load, and that's when you'll start to stumble across qmail's limitations. If you want to run a serious mail platform under heavy load, sendmail is a better choice.
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
Virtuser table is highly annoying in sendmail.
Let's say, I want to accept may for user@domainname and direct it to user foo.
Simple, eh? Just add a virtusertable entry.
Hmmm. Not working. oops. Gotta add, domainname into sendmail.cw so that sendmail recognizes it.
All done, right?
Oops, fo@domainname is being delivered to fo@mailserver instead of bounceing. Sendmail.cw has the side effect of delivering aliasing *@domainame to *@mailserver. Yuck!
Now, I have to add another virtusertable entry to explicity bounce *@domainname.
There we have it. Three entries, in two files where one entry in one file should have been sufficient.
I got 'em. I used wget. It took 3 or 4 tries to connect then got through. Try wget it is awesome!
Adults are obsolete children. - Dr. Seuss
I agree that SMTP AUTH has a high coolness factor, but the one thing I can't seem to find anywhere on the sendmail site is a list of clients that support it. Netscape messenger? Pine? Outlook? Does anyone know?
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
So don't fucking read it. If you don't like a post, don't read it. Better yet. Start your own fucking site and post only stories YOU want. Grow the fuck up. It reminds me of something my mom used to tell me years ago. When you get your own house you make your own rules but while you live in my house you live by my rules. And at least have the balls to post under your own account when you make complaints. If you aren't a logged in user, what you say about the site doesn't really matter. Take some accountability for once people.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
The last I read on these issues is that this was a major concern for the sendmail guys. Does anyone know of the status of this? I feel like these two issues are really important in a modern MTA. I know there is an application on freshmeat that monitors the maillog for authenticated POP logins and adds authenticated users to sendmail for a short amount of time so they can relay mail but it seems quite the kludge.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
You've never used mod_rewrite, have you?
:grins.
Well, if you're not able to understand sendmail.cf switch to microsoft soft or maybe change job and start selling peanuts at the stadium but don't say sendmail sucks, because it's still the most powerful and flexible MTA out there. Period.
And for me a new sendmail version with changes like SMTP AUTH it's many orders of magnitude more important than a new linux kernel point release...
--
"The crux of the biscuit is the Apostrophe(*)" - FZ
I've always used the default MTA on my Linux servers (== sendmail, RedHat). But I've been having some major configuration trouble lately, and I was wondering if there were some more lightweight MTAs for UNIX systems around (preferrably open source for political correctness ;).
I've read about qmail. I'd like to try it someday. Anybody care to share his experience?
Specifically:
- How easy is it to transfer an existing sendmail config?
- Security? (I know sendmails reputation is bad...)
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
Well... I have the same problem. Even if I ftp with ordinary ftp (user anonymous or user ftp) i am rejected after i type in my email as password.
Strange.
Sendy
GNU guru and mainframe hacker
Thanks for a very well-thought-out aand expressed answer. I'd have e-mailed you to express this, but you'd posted as an AC...
Just as an aside, we have tried to get consulting help from Sendmail, Inc., but they don't seem to want the business --- its three weeks since we sent them a proposal, and we haven't heard back, except "its going to a different group & you'll be hearing soon". Numerous phone calls remain unreturned. If they act like this when a potential customer is standing outside their door waving money, how responsive are they going to be when its time to do the work?
Can you (or anyone else) recommend someone who actually *wants* consulting business and who knows sendmail? I'm thinking about VA Systems (since it'll run on their hardware), but I'm open to suggestions.
This page accidentally left blank
qmail rocks!
Security is rock solid
Migrating a sendmail config is not trivial (postfix might be better if that's your sole aim), however, the native configuration is far more intuitive once you get there. If you've been having problems configuring sendmail, you definately ought to check out qmail. Get it here
I've been running qmail on a pair of servers (in a very low volume site) and have had no problems at all, once I got it set up OK. Sendmail was a different matter...
Please check the links in the story: the RELEASE NOTES one doesn't work.
(First post? Kuhl!)
It is by caffiene alone I set my mind in motion. It is by the beans of java that thoughts acquire speed, hands acquire
Come on... at least the Apache config files use keywords, and have a comprehensible structure. Sendmail uses single letter commands with an insane structure.
--
More people are running it in production environments than any other MTA.
More people are running Win 95/98 in production enviroments than any other OS. More people run wu-ftpd than any other ftpd. More people watch TV than read newspapers.
sendmail's bugs tend to get found very quickly, publicized immediately, and fixed very quickly.
They have a quick response because they're already used to it. And, besides, a quick response for a software bug is common practice in the open source community, specially if security-related. But the point is: a well designed MTA wouldn't have that many bugs.
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
Check out Exim. http://www.exim.org A very simple drop-in replacement for sendmail. Easy to install and powerful.
No replies made to AC posts. Please log in.
Dude, there's something called m4. That's the modern, enlightened way of configuring sendmail. If you're mucking around with .cf files, then you get what you deserve...
Now that you mention this, have you seen ever how linuxconf sets up sendmail.cf? It has a whole bunch of chopped-up pieces of m4-generated (!) sendmail.cf files, and sticks them together like a first grader with a bottle of paste sticks construction paper together. Of course, all the tags at the top from the original chopped up sendmail.cf which are generated by the m4 macros to document what was used to build the sendmail.cf file are left in, making them less than useless. Furrfu!
I'd rather watch something calm and wholesome like an unrated horror slasher flick or a video of surgial procedures on cable TV than have to ever look at a linuxconf generated sendmail.cf file again. (shudder)
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
There are also other various improvements to the source overall which have increased I/O performance incremently, but the multiple mail queues is the killer feature you'll want.
Postfix is a *much* nicer MTA. It's config makes simple things simple, while leaving complex things possbile. It's source code is very clean and readable, and it's trivial to install (RedHat 6.1 includes it, but doesn't install it by default).
It's a drop in replacement for Sendmail, written by the author of TCP wrappers.
Give it a spin.
(and it supports TLS with a patch!)
I thought Eric Allman was the creator of Sendmail, ie *the* person behind it.
-- Ed Avis ed@membled.com
Enjoy..
SECURITY: The safe file checks now back track through symbolic links to make sure the files can't be compromised due to poor permissions on the parent directories of the symbolic link target.
SECURITY: Only root, TrustedUser, and users in class t can rebuild the alias map. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS).
SECURITY: There is a potential for a denial of service attack if the AutoRebuildAliases option is set as a user can kill the sendmail process while it is rebuilding the aliases file (leaving it in an inconsistent state). This option and its use is deprecated and will be removed from a future version of sendmail.
EraseMe
I agree that it's easy to set up. I thought that it would be a huge nightmare, but it actually turned out to be really easy.
/bin/false.
/vhome. But when I had to add a new account, wary of linuxconf, I ended up reinstalling sendmail and setting up a convoluted system like I've described above.
:) BTW, do yourself a favour -- don't get the bat book. It'll only scare you. I mean, it's a great book, don't get me wrong, but it's just more information than you need to get a basic server up. You'll just get overwhelmed.
However, it doesn't work like it *should*. I'm hoping that 8.10 will fix this. Apache's treatment of virtual servers is how I want Sendmail to treat them. Let's say that I have two domains: example.org and example.com. And I (waldo) want to get mail at each of those, but in separate POP accounts. And my mail server is named mail.example.com. I have to do this:
1. Let CW recognise example.org & example.com.
2. Get virtusertable to recognise waldo at both accounts and redirect them to separate accounts.
3. Create two system user accounts: example.org-waldo and example.com-waldo.
4. Give them shells of
5. Set up my mail program to check both accounts on mail.example.com with the two e-mail addresses, and have to outgoing reply-to set to the "real" address.
This is really ugly. I'm certain that there must be more elegant work arounds (probably involving MySQL), but I don't mind quite enough to get up to that.
What would be *way* nicer would be a setup where the domains are truly apart from one another. No redirecting accounts. mail.example.org and mail.example.com would be recognised differently by my mail server.
Now, I kind of got this working once, involving (*shudder*) linuxconf. I don't know how it worked, but there was all kinds of weird directories, like
Hopefully, a more Apache-like system will come into being with 8.10. I can't take much more of this.
-Waldo
I know you mean well, but I just want to point out the FUDdy nature of this 'revelation' about Lotus.
1) What is described (part of the 'international' in NSA escrow) is common practice for the US Software industry. Netscape and Microsoft do it in their mailers. Yeah, it sucks, but that's our gubernmint.
In fact, if you have the export version of Netscape Communicator on your desktop, as many Linux users do, the NSA has part of your encryption key.
2) It's now OK to export the 'North American' version of Notes to most countries. This version supposedly doesn't have any part of the key in escrow.
3) AFAIK, sendmail is just an MTA and doesn't do any encryption. If it does, it's configured as a site policy which means that the NSA may or may not have all or some of your key in escrow, depending. Anyway, I'm not sure what sendmail has to do with Lotus/MS/Netscape's mail encryption, which is all done on the MUA side.
--
Business. Numbers. Money. People. Computer World.
You are correct. You also forgot that sendmail is a swiss army knife. You can configure it to do almost anything short of dry cleaning and laundry. The only pending rival here may be the new exim with perl-like capabilities in the config.
But at the same time,
Qmail still rips the guts out of sendmail as performance.
Qmail does not have the record of the second most security-troubled sofwtare after Washington University
Qmail still has more flexible local delivery support which sendmail gets only via various external delivery agents.
Qmail as is does not have SPAM filtering. If you want to kill SPAM you can
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
You have to be kidding, right?
At least as of a couple of weeks ago (haven't checked recently), Qmail hasn't been updated in three years. Here are some features in sendmail that are nowhere to be found in Qmail:
ESMTP AUTHentication/some kind of SASL support
RFC 1894 Delivery Status Notifications
Any kind of spam filtering
LDAP support
UUCP support
Qmail is still incapable of batching recipients for the same domain into one transaction
And there's more where that's came from. I suppose DJB has been a bit occupied, the last couple of years, fighting the US Commerce Dept on the crypto issue, so Qmail has gotten a bit moldy.
--
At least two of those security breaches are nothing to do with the fact that Microsoft technology was involved.
They were down to bad working practices.
I'm not an MS fan, but I would be wary of a company that tries to promote itself on the back of ill-researched half-facts that question the integrity of their main competitor.
Alexey from Messaging direct has been keeping lists of all things that support SASL. I'm not sure if the sites moved but here's a cached copy http://www.google.com/search?q=cache:www.taxxi.com /homerus/mail/SASL_ClientRef.html
Hopefully you'll be able to add mozilla to that list shortly too.
There are two truths in the universe:
btw, I'm not a GUI admin NT yuck yuck. I've done some incredible things with sendmail.cf files and I can't fathom doing the same things with other MTAs. But, you know, damn, it can be a bitch!
Anyway, thanks for replying.
P.S. Have you guys noticed that you can still release commercial software *AND* be open source at the same time?
read that "bat book" from o'reilly ...
.cf file in order to configure sendmail ... using the m4 files is very easy ... want to use cyrus deliver ? :)
... :)
:)
and look at those m4 files.
You don't need to edit a
use MAILER(cyrus)
Thats it !
I think sendmail is quite EASY to configure
(and its still FAR more configurable than qmail or postfix
In reality it is really as safe as you care to make it.
Majority of the "security issues" come from mis-configured configuration files. There have been others issues of course but misconfiguration is one of the biggest.
Admittedly it takes a bit of time and effort to configure one correctly but from my experiance it is safer than my Exchange servers I run at work overall.
We had sendmail running on one of our Linux machines in the the computer lab. A sysop came up to us and said "What? You don't need sendmail, shut that down." I said, "You gotta have sendmail, what if you forget the root password? You gotta be able to find a bug in sendmail and hack root!"
Sheepdot: Open Source good, Closed Source baaaaaaad!
Ignore the "p2p is theft" trolls, they're just uninformed
Move yourself... I think a new release of a really massive used SMTP Server can be classified as "News for Nerds. Stuff that matters".
Hmmm... I think I'll wait 'til the first or second dot release.
Mail (and mail) is usually fairly IO bound (it must commit messages to disk per RFC 82(1|2) before passing them on). Get good disk and you'll go faster.
That said, I've been told that sendmail can't do more than a couple messages a second by "experts". Fortunately, my machines which ran a typical 30,000 messages/hour with bursts to 50 or 60k per hour didn't know about these "experts."
Rob Kolstad wrote a paper for Usenix on tuning for lists a few years ago. If you're a member, you can find it. If not, join and find it.
8.10 pluses:
8.10 (and the commercial product that uses it) allows multiple queues. This means that you can have 6 queues (each on a separate spindle) running mail for you. This should fill a T1 quite handily.
A big sendmail advantage is that you can get consulting and support. A company I did work for had those guys make some recommendations and help them and they seemed to benefit a lot. I figure if email is a production service, then buying support for it is a Good Thing. If the authors of Sendmail provide that, then great, money well spent - give back to the people who gave it to you (and these clients pay Sun a LOT for 24x7 hardware support).
Much of the tuning that can be done applies to any mailer. Sendmail, by default, is fairly "nice" to the machine. You can tune it a thousand ways so that it runs on machines from a 12MHz Sun 3 with 8MB RAM to a 128 way SGI at peak performance. If you want to tune it to chug out 120,000 message per hour and destroy the bandwidth of a 10baseT network, that can be done with some experience. If you don't have it, you can hire that experience.
Will 8.10 make a huge difference? Well it's been out for what, 15 hours? Beta for a while, but this has diffs from Beta12, so I don't think we know yet.
RE: the qmail/postfix rants. Showing release notes of security fixes of Beta releases doesn't offer that there was a hole that was exploited. It shows that the code has been reviewed (in beta and alpha, largely) and that potential problems have been removed. I thought that's was beta was for.
I can speak for qmail with a little larger number of users. I have qmail running for a small ISP with 3000+ accounts. The same machine is handling authentication, file serving, POP, etc.
The machine is bored and its a low-end PC. You could build it for $1500 today. We push 15000+ messages a day.
We switched from sendmail/qpopper to qmail. I got tired of administrating sendmail, not having real virtual email account support, watching qpopper slam my disk by copying the user's mail file everytime they popped, etc, etc. sendmail just has too much baggage and isn't elegantly designed in the first place.
qmail is built very modular, tiny programs to handle every stop of the MTA process. This makes it more secure, setuid'ing whenever it can, reducing the amount of code that ever sees root permissions. Also, it is very easy to extend. I have qmail-pop authenticating from a SQL database, just by replacing the the checkpassword program.
After using it, Maildir support is a must. In a Maildir, each message is a file. It sounds like a waste of inodes, and it is, but the performance benefits are incredible. Now when a user POPs, they don't have to lock their mailbox, and only touch the messages that they want. Before qmail, qpopper was causing my server (then running 1000 users) to write 4 GB/sec on my little 4 GB drive. In addition, my secondary mail server can deliver into the same mailboxes without locking, etc.
I will give you that qmail can be a pain to administer by hand since its configuration is kind of distributed, with .qmail files in user's homedirs, redirecting their mail, etc. But I built a management system on top of it. This is where qmail really sings for us. We can change damn near anything just by twiddling some files, no restart, rebuilding config files, etc.
And the best part, in my opinion, I have been using qmail for 1 year and I'm still using the same version. It does what it does and is rock solid stable and secure.
How's that for a testimonial?
Will the new release of sendmail perform faster?
/dev/nul).
This may be mildly off-topic, but it's a genuine plea for help -- see if you can recognize the symptoms and propose a solution. I thank you in advance.
I'm in charge of a system which sends out approximately 50,000 emails a day to a list of subscribers.
We were running this on a dedicated box. When I built it, this Pentium 120 with 128 megs of RAM and IDE drives was a fairly happenin' machine. It was running Red Hat Linux 5.2 and sendmail 8.8. The system queues outgoing mail into one of about 40 queues, depending on destination domain. A cron job runs sendmail against each one of the queues (the relevant invocation is:
/usr/sbin/sendmail -OQueueDirectory=name of directory -OQueueLA=24 -OQueueSortOrder=host -OTimeout.connect=1m -OTimeout.helo=1m -q
).
We were getting peak throughput as high as 20,000 messages delivered per hour.
Due to the relaying holes in old versions of Sendmail, I wanted to upgrade to the then-current 8.9.3 Because of the Great C Library Change, the sendmail rpm available from redhat didn't want to work. So I upgraded the entire box to Red Hat 6.1.
(please redirect all comments about the evils of RedHat, the rpm format, or how I should have compiled it myself from a tarball to
Now, the same volume of mail takes 6 times longer than before the sendmail 8.8->8.9.3, RHL 5.2->6.1
upgrade. Moreover, it takes the same time on a VA Linux Full-On rack system, so hardware isn't an issue.
Does anyone have a theory? Will upgrading to 8.10 help/hurt/be neutral?
Again, thanks in advance
This page accidentally left blank
Basically it means we'll never see them improve sendmail management issues in the open source version in order to drive business to their commercial product.
In my capacity as as a manager, I understand the need for commercial support and do pay for that. But my goals to have everything open-sourced are circumvented by this product extension scheme.
(Disclaimer: I could be horribly misinformed and stuff like Sendmail switch *is* open sourced, but I've been poking around their sites and haven't seen it downloaded anywhere without paying.)
is SMTP AUTH .. it rocks my world ! :)
... with SMTP AUTH you can "login" to an smpt server to permit relaying. This feature is a MUST for most ISP's !
:)
.. NO other competitor (qmail,exim, etc...) has it ... GO SENDMAIL GO !
for those who don't know
It uses the cyrus SASL library, so if the client supports it, it can handle nearly any authentication method, from Kerberos to CRAM-MD5
There is even a patch (or allready included in sasl) so that OutlookExpress (which uses an VERY OLD SMTP LGOIN command) can use SMTP auth !
I'm still using one of betas for exact this functionality
regards,
Michael
I agree. Even with the m4 macros, it's just plain stupidly designed.
Why doesn't someone rip out the configuration part of sendmail, and replace it with something apache-style? It can't be that difficult.
--
I have a server which is doing 3, soon to be 5 virtual domains. Apache configuration is simple. Sendmail was also very easy to configure. All you need to do is this:
:)
/etc/mail/aliases, but a bit different. This allows you to redirect, say, webmaster@host1 to a different place than webmaster@host2, redirect all mail for 1 domain to one place, etc.
1. Have support for a sendmail.cw file, so that it will accept mail for all the hostnames. Put the hostnames in that file
2. Add in support for virtusertable, which is similar to
I have the O'Reilly book, but I didn't actually need it; I found all the info I needed on www.sendmail.org. It took about 1/2 hour. In case you're wondering, I'm a college student who's been using Linux for about 2 years, not a 60-year-old UNIX guru.
WMBC freeform/independent online radio.
Sendmail Switch isn't open source software, it's commercial software. It does many sophisticated management thingies besides configuring sendmail.
That being said, OS sendmail configuration got much easier since m4 configuration files came about. And while it's not an Apache-style configuration, etc., it's on the same level in terms of difficulty.
The OS sendmail developers work pretty much orthogonal to the commercial component developers. Feature sets of OS sendmail are driven by the OS community. They are aware of the inherent difficulty of configuring sendmail, and consider it to be quite a shortcoming of OS sendmail, independent of whether management components exist in a commercial software product.
You will probably see OS sendmail become easier to use somewhere down the line.
One final note, Sendmail Switch was built using open source technology. It's not apparent to people outside the company, but if you bought the product you'd see we use open source technology extensively in the product. The commercial component developers also believe in OS principles, which is why our products use open source technology where possible.
Sendmail Switch is commercial software. But buying it supports the company. Supporting the company supports the OS developers - giving a secure "home" and dedicated resources to OS sendmail development. Benchmarking, compatibility labs, food, and clothing are examples of such.
Hope that gives a small view from the inside.
Regards,
Charles
http://sendmail.net/?feed=allabout810
-Leader of the Free Peoples - http://mobgroup.net
MHO also says that if you are looking at setting up a mail server, you should check out Postfix by Wietse Venema, or qmail first. I have been using postfix instead of sendmail for quite some time now, and have not had a single problem. Of course, I only have 600-1000 users, so my system is certainly not a true test of its capabilities.
I found this to be interesting:
/var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with 'q' in /var/spool/mqueue as queue directories. Keep in mind, the queue directory structure should not be changed while sendmail is running. Queue runs create a separate process for running each queue unless the verbose flag is given on a non-daemon queue run. New items are randomly assigned to a queue. Contributed by Exactis.com, Inc.
:)
Support multiple queue directories. To use multiple queues, supply a QueueDirectory option value ending with an asterisk. For example,
This could be great for my Solaris box with 50,000+ active SMTP connections, as we may be able to segregate the mail queue onto seperate partitions!
EraseMe
They have a series of articles such as Spam control in 8.10, Performance and usability in 8.10 and many more.
Noel
RootPrompt.org -- Nothing but Unix
kayaking