Slashdot Mirror
Postfix: A Secure and Easy-to-Use MTA
BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."
the department of homeland security is issuing security advisories now? did anyone know we're paying them to audit code?
I wonder if they'll start trolling on bugtraq.
-blak
Does postfix have milters? Sendmail is popular for a reason.
Exim seems to be quite popular at ISP's recently.
Qmail is rock-solid. The best proof I can offer is that fact that no security flaw has been found since 1.03 was released in 1998. The man is a cryptographer and designed it for security.
There is also an enormous amount of support for the product available. Check out qmail.org and cr.yp.to/qmail.html
The Qmail author offers money for any holes found. So far he hasn't had to pay a cent.
OLPC Australia
Of course now I get al the exim, qmail and postfix fanboys blasting at me, but sendmail works well. Works good enough for most. Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?
Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.
In general I found that virtual domains were a bit trickier to set up in postfix than in sendmail. Ordinary aliases were just as easy (read identical). My sites don't do enough volume to tell any difference in performance. The build/install process was probably a bit easier for postfix, i.e. didn't have to monkey around with M4. So as a sendmail admin of more years than I care to think about, postfix seems about as easy to administer as sendmail on a day-to-day basis.
...because the article poster had to mention Postfix. Now someone's gonna say "qmail", someone else will say "exim", someone will say "fuck you, sendmail all the way" and what could have been a nice debate about the full-of-security-holes-dinosaurs of open source will be spent in 500 messages worth of flamewar. Sigh.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
1) Get hacked every other day.
2) ?
3) Switch from sendmail to postfix.
4) Secure!
As for myself, I switched to postfix several years ago and haven't looked back even once.
Harald
windows users don't have to worry about this!
hahaha
(it's a joke ok ? i use unix.....)
Phew lucky I'm running exchange and don't have these damn sendmail SECURITY fixes to worry about ;)
Just as a heads up to Mac users... the next major revision of Mac OS X, Panther, will be changing from Sendmail to Postfix. So if you use Mac OS X, you don't need to do anything special other than buy Panther when it becomes available.
Personally, that's what is pushing me over the edge to learn Postfix and use it on my OpenBSD servers. In a nostalgic way, it's too bad... I once made some seriously good money writing custom sendmail.cf files on a consulting basis.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
Qmail uses some kind of weird uniq ways. Of course you may defend your lovely Qmail server.
:)...
But if I remember correct. You cannot feel difference between Qmail vs Postfix until, start to deliver 40.000 mails per day.
So use Postfix
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
I have been using Courier for over two years now. No remote roots ever or problems of any kind (I am amazed!). It's open sourced and a full package (esmtp, pop, imap, webmail and a thousand other things). It gets my vote.
I for one have used sendmail and postfix, and have tried qmail in the past [sorry, didn't like it]. :)
I finally settled on Postifx. I really like it. I feel I don't have to jump through nearly as many hoops to get it running well as I did with sendmail. I certainly didn't need a 900 page 'bat' book to get postfix running.
With that said, to each his/her own. Use what you want, I'm sure people love qmail for reasons that make sense to them, and the same with exim and sendmail. Those of you who would flame me or others because of our choice of email servers all I can say is "Get over it..."
Ender
Nothing to see here
Just like Internet Explorer is still used because it ships as the default browser with every flavor of Windows, and Apple Mail is still used because it ships as the default mail client with every flavor of Mac OS X, and so on. This surprises you because...?
--
Damn the Emperor!
There's been discussion about switching to postfix as the default for new installs however, and it may even be a done deal. A lot of arguments have been tossed about for this, however the biggie seems to be its simplicity: with something as complex as exim or sendmail, there are just more opportunities for something to go wrong. Postfix is quite enough for most users.
There ARE others out there you know.
Postfix is cool and words but so does Exim, Qmail et al. Sendmail is a large code base that has devloped over many years but its secret is its ability to do alomst anything required. Of course its almost impenterable if you don't want to learn rule sets but you can just get the Orielly book which is only about 1000 pages long :)
Rus
Cheap UK and US VPS
If you run virtual domains, Postfix or Sendmail is not an option, especially if you dont want to deliver john@d1.com and john@d2.com to john@localhost. Heck, with virtual domains, you don't want to have user accounts anyway.
I wish there were other easy to use open source options, because Qmail really suffers under Sobig at this point.
Newsfollow.com
I'm expecting certain people to make much of this news, citing the "insecurity that comes with open source".
All it demonstrates is that large complex pieces of software are inherently more difficult to secure than smaller simpler ones.
Sendmail is great but we switched to another MTA about four years ago, also because Sendmail had exploits.
Ceci n'est pas une signature
Japan surrenders; war over
JFK Assassinated in Dallas
Moon landing a success
Wall falls, Berlin united
Slashdot. For up-to-the-minute news.
email server, and well, make it stop serving email?
Until postfix doesn't cope with daemonless, on demand operation (no daemons running; user invokes the (fake-)sendmail-command via e.g. 'mail' oder 'pine'), postfix is nothing for me.
The mails are queued, yes, but not immediately sent.
I am not willing to run and administer another 4 processes on simple, dumb workstations.
Sendmail was easy - it just would send mail to the smarthost. Finito!
There are many good and secure mta's out there, sendmail has the larger base and was created by one of our demi-gods. That and it is "the" mta for most of the Unix'. Don't bash, just explain why you want jihad for your mta then go back to your square-headed wife.
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
My postfix installation is extremely secure, I can't get it to receive any email at all. If anyone could help me unsecure it by teaching it to deliver mail to my computer, could they shoot me an email? (bassettgabriel @qwest.net). I'm not a system administrator, just a guy w/ linux at home and the simple setup just isn't working for some reason.
I do security
Sorry for the flamebait, but how would it seem if an "objective" news-headline site said the following:
"The Dodge Ram has had a number of documented problems over the years. However, for less problems, try the Ford Explorer."
Come on...
This wasn't just plain terrible, this was fancy terrible. This was terrible with raisins in it. - Dorothy Parker
- wu-ftpd. Most recently known for the crack of alpha.gnu.org.
- sendmail. "Not having sendmail is like not having VD", according to popular wisdom
- vixie-cron. I don't even know of a "virgin" distribution of this, which is probably a good thing; all the Linux vendors have their own set of extensive patches to vixie-cron.
There are multiple choices for replacing each of these, most of them a written-from-scratch replacement. Not all of these are perfect, either, but at least they're less popular, so (hopefully?) less likely to get hacked.I personally run fcron, postfix, and proftpd instead of the more popular packages. I don't honestly claim that they're any more secure, in all cases they were mostly personal choices having to do with cleanness/installation ease.
I find it quite amusing that in the Root Prompt news box that I have at the top of my right hand sidebar, the second news item is titled "Postfix: A Secure and Easy-to-Use MTA"
Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain.
Don't know about the "most of the power" bit but I could hit myself in the head and still have "a fraction of the pain". It's sendmail for f**ks sake!!!
- Alex
SMTP is a fairly simple protocol, so why are there so many security problems with mail servers? Am I missing something obvious?
Can someone post a list of the things we LOSE going to postfix? I'm interested, but I'd like to be able to check to see what I'm losing, so I can compare that to what I'm using.
This article was really about a hole in sendmail. However, with all the so-called "Microsoft holes" Slashdot has been reporting non-stop about, they needed to immediately offer a working alternative so they can say, "It's not that big a deal; here are well-known alternatives," and play down the hypocrisy a bit. Meanwhile, there are just as many alternatives to Outlook, but that doesn't stop people from declaring Windows unsafe (never mind that SoBig is a user-transmitted worm). They were just trying to play down the seriousness of it. "You should have been using postfix!"
Just had to say it. Mod me down if you disagree.
"Sufferin' succotash."
I ditched SendMail because it made me uncomfortable as an administrator. Yes, I could get it working "good enough" that I wasn't a relay, but because of the arcane command file structure I wasn't satisfied that it was tuned the way I wanted it. (BTW, I had hand-coded a sendmail.cf from scratch before, and made it work, but that was when I had a whole day to spend on the project.)
I agree, sendmail has a steep learning curve, and I don't have to change mail settings often enough for it to sink in and become instinctual knowledge the way most other things have. For that reason, as well as the security issues others (and the article) have raised, I too have switched to postfix.
However, a friend of mine who administers numerous networks for clients swears by sendmail, and claims that it is far easier to learn and administer than the one, thick O'Reilly book on sendmail would have you believe. Indeed, he accuses the book of actually obfuscating administrative techniques for sendmail, to the point of calling it a "crime against sendmail and humanity." (He is sometimes prone to the melodramatic).
I haven't delved as deeply into sendmail as he has, so I cannot personally confirm that, once the epiphany hits, sendmail becomes dramatically more straightforward than the Sendmail book's coverage, but I do concur that, with my moderate knowledge and a copy of said book on my bookshelf, the current state of the software and documentation leaves a lot to be desired in terms of getting things going fairly quickly and simply, which programs like qmail, postfix, and others address nicely.
It is, however, IMHO a shame to give up some of the more advanced features of sendmail (and its amazing flexibility), such as milters, so here's hoping they either work their way into postfix et. al. in a more accessible fashion, or that (assuming my friend is accurate in his allegations) someone writes a more accessible book on the subject of sendmail.
In the meantime, the O'Reilly book seems to be the only book on the subject, so if it is really the reason so many of us get discouraged with sendmail and move on to easier, if less flexible, MTAs, then perhaps a second book covering the subject would be in order.
The Future of Human Evolution: Autonomy
I think they switched which MTA was installed by default between Potato and Woody, but neither one was Sendmail. And of course, they have you configure it when it's installed, and you can just tell it to not run the daemon and deliver local mail only (so you still get important stuff sent to root).
I've used Postfix, and like it very much. Currently, the email server for which I'm responsible runs Sendmail, because I haven't had time to figure out how to port the virtusertable over to Postfix.
As for hackstraw's comment, Debian makes it easy because packages depend on "an MTA", and all of the MTAs conflict, so you just use APT to install your MTA of choice, and it replaces the existing one.
WMBC freeform/independent online radio.
A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics.
Of course, they were too busy upgrading/patching Sendmail.
Really? If you don't have any MTA on your workstation, how do you get all of the email messages to root telling you that things are wrong with your system? Or might that be why you are reinstalling all the time? :)
You could try Debian; not only does it not install Sendmail by default (I think they're on Exim now; used to be smail, IIRC), but it's designed to only have to be installed once, ever, which solves your other problem.
WMBC freeform/independent online radio.
This is a security problem from March. Sendmail 8.12.9 was released on March 31st, correcting this problem.
Why is this being posted nearly half a year later? Solely to advertise Postfix?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
You dont mention which distribution youre using, but FWIW, on Red Hat when sendmail is installed it only accepts connections from localhost.
stop executable (ie virus) content. And nobody
in my company got the recent SoBig virus. Here's the line:
First of all, the GNU compromise was a local user, not a result of the FTP daemon. They do not run wu-ftpd (and neither should you; in fact, don't run an FTP daemon at all, unless it's only anonymous, and then you could use publicfile).
/usr/local and run daemontools out of /var/service if you want (which is what I do). And if his license bothers you, there are other implementations arising, such as MaraDNS.
Also, don't forget about BIND. This is pretty much the exact same situation as Sendmail vs. Qmail. The mainstream app is a big fat binary, and so is more difficult to audit. Why did they design it this way? Isn't this against the spirit of Unix?
To be fair, DJB's ideas of where binaries should go in the filesystem is...er. But you can put everything in
WMBC freeform/independent online radio.
This is good info... Always be sure to read the docs fully before saying X feature doesn't exist in Y product.
(Offtopic: A similarly nice, elegant solution for desktop/clients PC printing is pdq, which unlike lpd and cups runs only as a local spooler without opening a network port, and is lean (65k), dead-simple and functional. With nullmailer/ssmtp & pdq, I managed to close all ports (except of course SSH) on my two desktop PCs under Debian GNU/Linux without any firewalling. AFAIK, Debian is the only OS offering all the aforementioned pieces of software as part of its main distribution.)
gopher://cramer.plaintext.cc http://cramer.plaintext.cc:70
Well I'd previously used Sendmail, and struggled with it for a week trying to make it do what I wanted.
On Friday, I installed exim, exiscan, clamav, and spamassasin all from source in half a day. And it works perfectly.
"Sendmail has a long history of security holes, Sendmail isn't easy to configure. It lacks a user-friendly front end."
Sound like any Operating systems you know? [ehem, MS, ehem]
the difference is that the sendmail dev team FIXES the problems when they are discovered.
instead of calling them "features"
The article should have been about a new sendmail hole, but the headline, for some reason, was about postfix, and the focus of the summary became "switch to postfix; it's great!" Why not just admit that sendmail had a hole and let us discuss it? Open Source has its faults too, y'know. You don't have to rush in and try to play it down by changing the headline to a competing app, giving a bunch of postfix links, and then acting like things aren't that bad.
"Sufferin' succotash."
In the example, the mailer says "ok" when a
user is there and something else when it doesn't
following "RCPT TO:". this allows someone to
enumerate users and then later use that info in
a brute force attack against other services.
How to turn off that behavior? (ie make it say
OK for everybody)
I'm just wondering.. if you install a sendmail alternative (exim, let's say), will it break any CGI scripts you are using for your webpage that call on sendmail to send mail?
I have no problem with the principle idea of switching from Sendmail to something more secure like qmail, postfix, exim, except for the fact that nobody has brought up that nearly EVERY *nix distro has tools that depend on having *sendmail*. Perl modules, bash scripts, all look for the particular behavior of sendmail. Sure, qmail has a sendmail-like wrapper, but I've had problems in sending mail with qmail. Haven't wanted to try anything else yet. It's such a pain to get anything else working, I'd rather use the m4's and keep sendmail working "good enough".
I only post comments when someone on the internet is wrong.
Did I mis something or was this problems dealt with
in MARCH 2003?
Any interesting problems from 2002?
mike
Compare this to the antics of "that corporation" who is quite content to leave bugs as "undocumented features". Could be this FUD is just a reaction to that "insecure by design" mudslinging.
You should definitely build qmail with the QMAILQUEUE patch - this opens up a world of possibilities for customizing what happens to mail on the way in to your machine.
Combine this with qmail-qfilters, which allows you to daisy-chain simple filter scripts you can whip up yourself to examine messages and decide what to do with them. The site has some examples.
Sobig.* and other viruses with predictable patterns (like one of eight or so standard subjects and a body with other clues) can be blocked very easily with this.
-- http://frobnosticate.com
According to the article, "Every mail server, or Mail eXchanger, must have a DNS entry for each domain for which it receives mail"
According to dyndns.org FAQ site, " we do not recommend that users wanting a basic mail configuration set up an MX. It is not necessary, and it is possible to make mistakes in the MX record that will cause mail to end up somewhere else."
I have a mail server running Postfix WITHOUT a MX record.
You know what I like about Postfix? Its ability to easily use MySQL for transports and aliases. There are various howto's listed on the Postfix documentation/howto page and its enough to get you going if you're familiar with both Postfix and MySQL. I'm sure something similar exists for Qmail and the others, but I was suprised at how easy it was to set up with Postfix.
As to the Great MTA Debate, everyone is going to have their preferences and everyone is going to be needing something slightly different. I don't see the point in arguing. Joe Blow likes Qmail more than sex? Great, I hope the security and modularity works out for him. Jimmy Johnson likes the raw power of Sendmail and eats three milters for breakfast? Cool. Myself, I feel more comfortable with Postfix. As long as the sysadmins are competent and the security holes are patched, it's all good in my opinion
Beef! Beef! Beef!
A lot of sendmail users out there are using it not for any form of local MTA, but instead as an Internet SMTP gateway between the lawless outside Internet and their internal MS Exchange / Lotus Domino / Novell Groupwise email systems. None of their email users have local accounts on the gateway machine at all, the mail just flows thru it. These gateways also effortlessly handle complex sets of multiple domain names and stuff like username@domain.one and username@domain.two conflicts where two different users have the same username part of the address. While in transit thru that machine, stuff like Amavis, SpamAssassin and TMDA also act upon the emails flowing thru. These are pretty easy to install, configure and operate with sendmail as the MTA, and more recently, recipies for building such a machine around Postfix have appeared. I'm right now in the middle of building a Postfix-based system to replace my old sendmail-based machine which I've grown increasingly leary of keeping in operation. I run OpenBSD as the underlying O/S on these boxes.
Can Qmail do all these same things with equal ease and are there any good websites out there with detailed, mature step-by-step howto's like there are for sendmail and postfix? Or is the qmail state of affairs such that you still have to first become a qmail guru and then figure out all on your own how to plug all these pieces together manually? The sendmail and postfix based systems today can be set on in pretty short order by someone who isn't a rocket scientist, by simply following readily-available step-by-step howto guides. I haven't found any such guides for Qmail, except for systems that assume that all your user accounts are going to reside on that same machine (unix mail accounts) and that all your clients are going to get their mail via a POP3 or IMAP client. This does no good for those who run internal Exchange/Lotus/Groupwise systems.
While it has been years since I have done sendmail, I remember it as being that I lost 2 things.
1) being cracked almost as easily as an XP box (it was 6 years ago), so it required constant update.
2) certain config tools work on sendmail only (but there are much better replacements in postfix and other mtas).
3) the speed and scalability. To this day, sendmail is the better choice for extreme loads, say 5000 users on up.
Postfix is a great choice for home all the way up to small-large businesses. I did not lose any capabilities (in fact gained some new ones).
I presently use this combination for many customers, and will continue to do so.
Postfix is much easier to deal with than sendmail. The configuration file "main.cf" is long but well documented, and it is often the only file you need to muck with.
Add Webmin and you can leave the system in the hands of a local admin without much training.
Add Usermin and basic webmail is painless.
Try it, you might like it.
~8^]
Another VI (Postfix) Emacs (qmail) flamewar!
I guess that would make Sendmail SED.
/.
Postfix is great. We all know that, hell, Wietse wrote it and he wrote TCP wrappers for linux.
Postfix has had security holes. They were fixed.
Sendmail can gruesomely difficult to configure because it can do ANYTHING. Most people do not need the raw power of sendmail. However, those that do can spring $100 for the sendmail GUI and it becomes butt-simple to configure. (Please don't bother with the jokes about Marshal's butt).
Sendmail has had security holes. They were fixed. In fact, Sendmail has had more bugs fixed than any other mailer, so we could be just as illogical as the original post and say it is obviously is the most secure mailer.
Qmail's brilliant but difficult creator, Dr. Bernstein, has posted a reward for finding security holes in Qmail. According to rumor, he has refrained from paying that reward by the simple expedient of not accepting any allegations of security holes. I am not qualified to judge the truth of the rumors as I have not studied the code. I prefer the license terms of Sendmail and Postfix (Qmail comes with source code, but is not Open Sourced).
The slashdot denigration of sendmail for security problems is undeserved. Acknowledging and fixing security holes should not be a subject for ridicule, it ought to be admired! Sendmail is ancient, proven, mature, pick your favorite word.
Postfix is excellent. It stands on its own merits and doesn't have to take swipes at sendmail.
If you want to diss sendmail, you should be dissing the monolithic design and dependency on *nix (since the *nix security model SUCKS - suid root is an atrocity).
Having a long record of bug fixes simply means the code has been thoroughly scrutinized and tested under fire!
--Charlie
I have to disagree a bit when it comes to the OpenBSD and Apache issue.
// hdw
Apache is included in the standard install but it's default switched off.
If there's a security problem with Apache, then it's an issue with apache, not OpenBSD.
And nowadays it's even better, when you switch apache on it starts chroot jailed unless configured otherwise.
All showing the fundamentals of security.
If you don't use it, don't start it.
Configure it to run unchrooted _only_ if you have to.
Don't add any modules or functions that you don't intend to use.
This is in stark contrast to several other software/OS/dists that ship with a bells and whistles ready to run and you have to lock them down to get rid them.
ps.
I still think it's a bug that OpenBSD allows root login over ssh as default.
ds.
Executive Pope (small) Kallisti Engineering
According to http://cr.yp.to/surveys/sendmail.html and http://cr.yp.to/surveys/smtpsoftware6.txt, Sendmail has long been trending towards less and less hosts running it. As of his last survey two years ago, it was at 42%. And if you look only at "serious" MTAs, those for sites that have heavy mail volumes, you'll probably see even less Sendmail.
One simple rule for its versus it's
>Also, it doesn't require that you install all the author's other tools in order to have a functioning MTA.
This one does it for me. I currently use Exim, which also drops in for sendmail and is reasonably secure. If/when I want more security, I'll probably go Postfix because of the simple drop-in.
Security is never unimportant, but for an internal-only MTA for a family of four that accepts no external connections, it's secondary. I will however agree that had I been running Sendmail, the March problem would have had me.
The living have better things to do than to continue hating the dead.
Exactly what I was thinking. Please people get over the "open source will solve the world security problems" way of thinking. It's a pipe dream
oh wait, nevermind.
http://www.lifewithqmail.org/lwq.html#whatitis
/.. Nobody RsTFM.
Oh, I forgot! This is
The config file is so arcane you have to use an ugly macro language to generate the config file. What's up with that?
Postfix is a breeze to set upeasy installations, and very mild to set up complex installations.
I have a beef w/Redhat. Can someone here maybe explain to my why they issue patches the way they do? They don't update the version number of the package when they apply a fix, so there is no way to tell if you are running a patched version or not. Quite annoying. Yes, there are ways to keep track of it yourself, but I don't see any reason why they don't indicate the patch version in the package numbering scheme.
My beliefs do not require that you agree with them.
NOTE: I occasionally do system security audits, this problem is one of my favorite targets.
Just because you use a sendmail replacement (qmail, etc.) does not mean you've eliminated your vulnerability. Most distributions install SENDMAIL by default set to accept local input only. This is necessary for configuration, but also leaves it open to anyone that can launch a local process. If sendmail is used temporarily until it is replaced then it may be left open to external input also.
If you use a replacement for sendmail then you should remove sendmail from the system. If you cannot remove it due to dependencies by other code then you should insure it is up to date and patched, even if you're not using it for mail routing as it is still vulnerable.
The worst systems I've seen are older production systems where SENDMAIL has been replaced and left on the system (either due to negligence or necessity) and not maintained "since it's not used anymore". (and you just wouldn't believe how many sysops out there that don't know what's really running on systems set up be predecessors and that they make some very bad assumptions about, like, we don't use SENDMAIL, so it's not on the box)
Any binary on your system, especially this one, needs to be maintained or you're asking for trouble. And worse, if you haven't documented what's on the system you'll really be out in left field not even knowing what to patch!
It doesn't matter what you wrap your emotions around, Reality is a brick wall specifically designed to scramble eggs
Windows has an alternative setup for Mozilla. Go to Mozilla, open installer, follow instrucitons. Equally easy yet few people do it. If somehting is up and running and working, most users will say "fuck it" and stick with that.
In the life of sendmail, write-only cf files are a recent innovation.
There is still a huge amount of legacy material on modifying cfs. The perils of modifying the path to the local delivery agent (for example), or removing DaemonPortOptions (which has greater risks) are easily mitigated.
Please approach the subject with a more evenhanded point of view, and be aware of the historical perspective.
"major" being: courier, sendmail, postfix, exim and qmail.
it looks like it's about a year old, and has some missing information, but it's a place to start for anyone looking to switch MTAs.
Postfix is not easy to use. It is probably the best MTA out there. That is not in question. But to say any proper mail system, such as Postfix, is easy to use is like saying Windows is a secure OS.
There is a steep learning curve with Postfix, just as with most/all other MTAs. And there is probably far less printed documentation out there than there is for Sendmail. But there is a lot of on-line documentation and what comes with the package, although terse, is also quit excellent. The same goes for the people on the mailing list - as long as you RTFM and you're still having a problem, they are glad to help.
You get what you put in. Put in the time and learn Postfix and you'll have an awesome MTA that can do many tricks and isn't plagued by the issues associated with Sendmail.
Must-not-watch TV!
...which this ain't. It isn't news, and nerds have already patched. So what is this, a postfix ad?
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
To be fair, I havent tried postfix
i l- bugs.html
Well, it's pointless comparing any MTA to sendmail, so what is the point of your post?
Postfix implements many of the ideas in Qmail, but
-is a drop-in replacement for sendmail (ie external commands are supported, many config files are common)
-free software (DJBWare isn't free)
-supported by most linux distros
-scales well (with support for LDAP, SQL etc out-the-box)
-doesn't unbundle mail
For information on why qmail is bad, see:
http://www-dt.e-technik.uni-dortmund.de/~ma/qma
I can see that some ISPs have a need for sendmail due to legacy UUCP-customers (yes, someone still uses UUCP)
Postfix supports UUCP, no excuses! (yes, I have some boxes running Postfix/UUCP)
The Qmail author offers money for any holes found. So far he hasn't had to pay a cent.
Not because his software is so good, but because he doesn't agree that DoS vulnerabilities qualify as "holes".
And there are a lot of other reasons not to use Qmail.
I'll use Postfix just as soon as someone puts up some correct and current documentation about how to get it working with SASL (particularly, Cyrus-SASL's latest release) to allow SMTP-AUTH for authorized users.
I'm a university student and I'm often on a DHCP connection. I grab my mail off my home box using POP3s and I want to reply to it, but I can't since my university server requires that all outgoing mail be from "myname@example.edu", not my home domain of "rjh@homedomain.org".
So I have Sendmail set up right now to do SMTP-AUTH and everything works great. I get to use my home Sendmail server from anywhere in the world without it being an open relay. Love it. Unfortunately, Sendmail blows, securitywise. I've often been wishing I could go back to Postfix, but the documentation on SMTP-AUTH with Postfix is embarassingly scanty. USENET has been absolutely no help. Google can't find any current and accurate documentation beyond "you need to use Cyrus-SASL". Even dead-tree Postfix books have been useless.
So. Anyone want to throw me a bone here and tell me just how the $#(&! I can get Postfix + SMTP-AUTH working?
Yes. Yes it is.
No, SuSE and Mandrake have been shipping Postfix by default for a few years (Mandrake at least since 7.1). Of course, sendmail is still available and supported (pity, otherwise there may be space for other secure mail servers
I think it's only the Redhat users who get an insecure MTA by default
It seems Debian may have also seen the light
I need milter and UUCP, and I need them to work together. (And yes, there is a real reason I use UUCP! SMTP is not allowed over my ISP's firewall)
I actively use UUCP with my postfix installations have done so for years.
I also have two primary MX servers in two parts of this country routing mail using tables that exist in a replicated LDAP server...and virtuals (although I have my virtuals in just plain replicated virtuals table because I find it a bit easier to manage currently).
No, you don't need sendmail.
-- The world is watching America, and America is watching TV.
Postfix became the default mailer in SuSE 8.2. It has been the default mailer in Libranet forever. Red Hat makes it easy to switch to Postfix from Sendmail with a simple switch script.
I evaluated mailers in 2000, choose Postfix as the best and have never gone back. It is very powerful, fast, and secure. And you can edit the configuration with a plain text editor.
Now, if sendmail was twice as fast or had some other great advantages, then maybe the extra pain would be worth it, but why make your life harder than it has to be?
It looks like it's fixed in many Linux disributions and you don't have to downlad raw sendmail yourself. For example, ISS reports it's already fixed in updates from RedHat for 6.2 through 8.0 and presumably for 9.0 as it was released later. Other vendors have similar reports. Check out the ISS link.
That this will also be the de-facto standard on OSX means that Postfix will be the alternative mail server to running Exchange.
OK, I'm not about to claim that postfix, qmail, or whatever you want don't have their places. In fact, I'd be quick in line to argue for them replacing sendmail in many cases.
However, I am sick and tired of hearing about how difficult sendmail is. It is NOT difficult to manage, it is NOT difficult to configure. It IS, however, difficult to LEARN.
Yes, it's a big, complex, massively powerful and massively detailed piece of software. If you understand and know sendmail well, then there's nothing difficult about it. At least, no more difficult than any other MTA.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup, reject
permit_mx_backup_networks = 64.15.260.112/27, 282.66.92.0/22, 67.91.305.33/32
(specific addresses changed to protect the innocent, and yes, I know that a byte can't exceed 255, that was deliberate)
This tells Postfix to accept mail for any domain that has an MX in one of the specified networks. So whenever I add a new domain to one of my primary MX servers, I don't have to change the configuration on my backup MX servers at all.
Given that sendmail is rather rich in features, which one of those do you honestly use on a day to day basis? The truth is, its very complex, archaic, and outdated. That's where Postfix comes into play. Its more secure and easy to configure.
I use postfix because of the simple fact that its VERY easy to configure, more secure, and just plain better. As for sendmail, after reading the manual for hours, I still had no idea where to begin thinking about how to modify the configuration files.
If security is important to you, try using Qmail. It is so secure (so the author claims) that he is willing to offer a cash reward to anyone who can find an exploit in a stock distribution. I must say, its not very robust in features, and has a number of limitations to maintain its securty. Postfix turns out to be a good combination of both security and features, as well as ease of use.
It appears that Yahoo actually bases their MTA on Qmail, as I can tell from the extended details from the mail that is sent to me from Yahoo accounts.
I am sorry, but this slashdot story looks like an blatant and biased ad for Postfix that also undeservably bashes Sendmail. The security problems mentioned in the story are relatively old. This problem has been found and fixed in March. So, why are these advisories making it into slashdot headlines today? Talk about sensassionalist journalism. I'll stick with sendmail. Thank you very much.
I use exim for everything, never had a (real) problem. (That is, anything outside me goofing up :P) Not knowing much about how the various MTAs compare, I have to ask: does anyone know how and why EXIM does/does not compare well against postfix/sendmail? Certainly seems viable to me.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Assuming each e-mail passes on average 3 MTAs, and sendmail is used on 50% of those servers, that gives:
- .50 (probability first server rung sendmail)
- .50*.50 = 0.25 (probability second server runs sendmail, if first didn't)
- .50*.50*.50 = 0.125 (probability third server runs sendmail if first two didn't)
Summarizing: in 87,5% of cases, the e-mail was handled (= routed through) by at least one MTA running sendmail.If sendmail is deployed on 40% of the servers, the same reasoning gives a total of 62,4%. So the newspaper talking about "routing" and not about the percentage of servers running sendmail, may be correct.
My 2c.
Right off the top of my head are these long-standing open-source packages with long histories of security holes: wu-ftpd [...] sendmail [...] vixie-cron
Wow, how could you forget the most obvious one?
The three you mentioned are indeed bad, but BIND is definitely, by far, the most bug-ridden, insecure, shoddily-designed piece of trash ever to embarrass the open-source community. No bitchfest about bad software is complete without mentioning BIND.
Between vixie-cron and BIND, I'd support a law prohibiting Paul Vixie from ever touching a computer again. Kinda like Kevin Mitnick's probation, but with actual justification this time around...
Anyway, a big "thank you" goes out to DJB for freeing the world from the mess that is BIND (and Sendmail, for that matter)!
We have more to fear from the bungling of the incompetent than from the machinations of the wicked.
That reward is just a way of publicly backing up DJB's belief in his code quality. I would think it's obvious that the motivation of anyone researching a qmail vulnerability is the advancement of knowledge and the recognition. By publicizing this award, Bernstein has increased the attention on this issue, guarranteeing more recognition for the person who claims it.
The award is significant, not for its amount, but because it's a very rare public declaration by a software author/vendor that his code is secure.
Explain to me then why a Default install of Exchange 2003 (RC2) on Windows 2003 resulted in a completely open relay, against which several thousand spams were sent before I realized what was happening. The authentication systems in 2003 are widly complicated compared to before. It used to be things were restricted by IP or Domain Username.
Now, it's like you can do this operation if you've inhereted the rights from a parent process which was launched by some other process that was launched under the system user, and you have a groups policy entry that dicates that rights are allowed to be inhereted by tokens of your mom and this and that, and only if the Active Directory account is in a group that is part of a membership that is part of a brotherhood that lives in the right forest that has been granted the authoritah to log on under the alternate credentials under which your SMTP process is running. Or something like that. Trying to figure out "who can send mail" is utterly absurd.
# Erik
This is no longer an issue in newer versions of courier. See http://www.courier-mta.org/courier.html :
"opt BOFHBADMIME=action
Set default disposition of mail with invalid or corrupted MIME headers. Possible settings for action are: accept - accept and pass on the corrupted message, untouched; reject - reject and return the mail as undeliverable; wrap - "wrap" the message as an attachment, that must be separately opened (this is the default action). This setting applies to mail that's generated locally, or which is sent from IP addresses that do not have an explicit BOFHBADMIME setting listed in the smtpaccess configuration file. smtpaccess can be used to set BOFHBADMIME for specific sending IP address ranges only. See makesmtpaccess(8) for more information."
Okay, come on /. editors. this thing is not a new one. the vulnerability is from March. so if you want to talk about postfix (which I have switched to at work and in the process of at home) then fine say so.
but don't post such a misleading article that sounds like there is a enw exploit. that just isn't responsible.
Also, although postfix is easier to use and has more features in other areas (like easier to tie in things like virus scanning, mysql based virtual mail domain handling, etc.) sendmail supports more mail transports.
Yes those transports are now basically extinct, but give credit where credit is due. I am, tired of hearing everybody bash sendmail without giving it the respect it deserves. yes its code is old and has had issues. like most software projects you learn a lot the first time around (and even DJB fanatics should realize that qmail was written with the lessons learned from sendmail in mind -- whther conscious or subconscious).
So is it time for people to be moving on yes. Is it proper to sell people on this idea by basically lying and ignoring the past no.
Qmail is non-free software; distributing modified versions is prohibited. One can distribute patches to an unmodified Qmail and acquire the same result, but some people are unwilling to give up the freedom to publish modified versions of programs. By contrast, Sendmail and Postfix are free software.
I don't know what constitutes an "enormous amount of support", but support is also available for Sendmail and Postfix online and through consultants.
Digital Citizen
Um, that's an oxymoron.
Thanks for the heads up. I'll have to try it out again...maybe I'll switch back!
Gee, Glenn. I wonder if we can get a bunch of slashdotters to take a software they've used forever and get them to switch to another one.