Slashdot Mirror
Postfix: A Secure and Easy-to-Use MTA
BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."
Qmail is rock-solid. The best proof I can offer is that fact that no security flaw has been found since 1.03 was released in 1998. The man is a cryptographer and designed it for security.
There is also an enormous amount of support for the product available. Check out qmail.org and cr.yp.to/qmail.html
The Qmail author offers money for any holes found. So far he hasn't had to pay a cent.
OLPC Australia
In general I found that virtual domains were a bit trickier to set up in postfix than in sendmail. Ordinary aliases were just as easy (read identical). My sites don't do enough volume to tell any difference in performance. The build/install process was probably a bit easier for postfix, i.e. didn't have to monkey around with M4. So as a sendmail admin of more years than I care to think about, postfix seems about as easy to administer as sendmail on a day-to-day basis.
Milter is one of the things that's keeping me with sendmail.
Just as a heads up to Mac users... the next major revision of Mac OS X, Panther, will be changing from Sendmail to Postfix. So if you use Mac OS X, you don't need to do anything special other than buy Panther when it becomes available.
Personally, that's what is pushing me over the edge to learn Postfix and use it on my OpenBSD servers. In a nostalgic way, it's too bad... I once made some seriously good money writing custom sendmail.cf files on a consulting basis.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I have been using Courier for over two years now. No remote roots ever or problems of any kind (I am amazed!). It's open sourced and a full package (esmtp, pop, imap, webmail and a thousand other things). It gets my vote.
There's been discussion about switching to postfix as the default for new installs however, and it may even be a done deal. A lot of arguments have been tossed about for this, however the biggie seems to be its simplicity: with something as complex as exim or sendmail, there are just more opportunities for something to go wrong. Postfix is quite enough for most users.
Postfix is cool and words but so does Exim, Qmail et al. Sendmail is a large code base that has devloped over many years but its secret is its ability to do alomst anything required. Of course its almost impenterable if you don't want to learn rule sets but you can just get the Orielly book which is only about 1000 pages long :)
Rus
Cheap UK and US VPS
I'm expecting certain people to make much of this news, citing the "insecurity that comes with open source".
All it demonstrates is that large complex pieces of software are inherently more difficult to secure than smaller simpler ones.
Sendmail is great but we switched to another MTA about four years ago, also because Sendmail had exploits.
Ceci n'est pas une signature
- wu-ftpd. Most recently known for the crack of alpha.gnu.org.
- sendmail. "Not having sendmail is like not having VD", according to popular wisdom
- vixie-cron. I don't even know of a "virgin" distribution of this, which is probably a good thing; all the Linux vendors have their own set of extensive patches to vixie-cron.
There are multiple choices for replacing each of these, most of them a written-from-scratch replacement. Not all of these are perfect, either, but at least they're less popular, so (hopefully?) less likely to get hacked.I personally run fcron, postfix, and proftpd instead of the more popular packages. I don't honestly claim that they're any more secure, in all cases they were mostly personal choices having to do with cleanness/installation ease.
What you talking about Willis?
Sendmail & Postfix support virtual domains with no problems.
Postfix: http://www.postfix.org/faq.html#virtual_domains
Sendmail you can do it extremely easily with the virtualusertable (and I have for years and years)
False:
Well well well, ancient huh? Whatever. Yes, that's openbsd's default sendmail as of version 3.3
No it doesn't. Debian has Exim as it's default MTA.
the pun is mightier than the sword
content_filter is the equivalent of Milter for Postfix.
This is quite powerful. For example, you can have some regular expression (around header or body), that sent to the content_filter.
If you want to switch and have milter in mind, please consult the documentation about content_filter...
I think they switched which MTA was installed by default between Potato and Woody, but neither one was Sendmail. And of course, they have you configure it when it's installed, and you can just tell it to not run the daemon and deliver local mail only (so you still get important stuff sent to root).
I've used Postfix, and like it very much. Currently, the email server for which I'm responsible runs Sendmail, because I haven't had time to figure out how to port the virtusertable over to Postfix.
As for hackstraw's comment, Debian makes it easy because packages depend on "an MTA", and all of the MTAs conflict, so you just use APT to install your MTA of choice, and it replaces the existing one.
WMBC freeform/independent online radio.
stop executable (ie virus) content. And nobody
in my company got the recent SoBig virus. Here's the line:
This is something that really pisses me off. People bitch and moan about Sendmail being so hard to configure when really they haven't done the tiniest bit of research or RTFM. If they had they would have known not to edit the CF. "Don't touch the CF" is the most common answer on comp.mail.sendmail. Yet these novices still feel knowledgeable enough to make claims about how hard it is to configure Sendmail. I swear the quality of sysadm nowadays is somewhere in the crapper. I've been using Sendmail since 8.8.7. I have never had an unusual configuration I couldn't quickly create with a minimal amount of online research. It's not rocket science folks.
We handle about 14 million incoming messages per day, across 8 qmail-ldap hosts, in a clustered environment. And we use SpamAssassin for mail filtering, as well.
Those 8 hosts (which are quite modest IBM x335 servers) carry almost no load, and their queues are quite small (about 20,000msgs per host, mostly junk waiting to bounce).
The biggest performace increase we saw was when we switched from magnetic disks to Solid State (RAM) disks for the queue drives.
It turns out that the wu-ftpd report for the crack of alpha.gnu.org on slashdot was in fact wrong, and in fact alpha.gnu.org wasn't even running wuftpd. It was "just" the linux kernel ptrace vulnerability and a local user.
Yes, postfix has mail filters. They're just not *called* "milters", and they're readable by people who don't have M4 parsers built into their reading glasses. Grumble grumble crummy sendmail configuration grumble.
In fact, most of the things you can do with sendmail through external additions are already in postfix. I'm pretty sure that Postfix is also overall "faster" than Sendmail, and it upgrades easier, and the config system is useful, etc...
better get your facts straights
www.courier-mta.org
full blown email server: MTA, filtering, pop3, imap and webmail, all neatly packaged (and written) by the great Sam. works like a charm too
While it has been years since I have done sendmail, I remember it as being that I lost 2 things.
1) being cracked almost as easily as an XP box (it was 6 years ago), so it required constant update.
2) certain config tools work on sendmail only (but there are much better replacements in postfix and other mtas).
3) the speed and scalability. To this day, sendmail is the better choice for extreme loads, say 5000 users on up.
Postfix is a great choice for home all the way up to small-large businesses. I did not lose any capabilities (in fact gained some new ones).
I presently use this combination for many customers, and will continue to do so.
Postfix is much easier to deal with than sendmail. The configuration file "main.cf" is long but well documented, and it is often the only file you need to muck with.
Add Webmin and you can leave the system in the hands of a local admin without much training.
Add Usermin and basic webmail is painless.
Try it, you might like it.
~8^]
Actually, it hasn't been that long. The latest security problems in sendmail were found in March.
Sendmail isn't awful - but some of its code is old, it's complicated, and it's richly-featured. All of these things contribute to an increased risk of bugs and vulnerabilities. In those respects, it's similar to some of those products by "that corporation," except that sendmail issues timely patches and the current developers, at least, care about security from the outset versus considering it as an afterthought.
/.
Postfix is great. We all know that, hell, Wietse wrote it and he wrote TCP wrappers for linux.
Postfix has had security holes. They were fixed.
Sendmail can gruesomely difficult to configure because it can do ANYTHING. Most people do not need the raw power of sendmail. However, those that do can spring $100 for the sendmail GUI and it becomes butt-simple to configure. (Please don't bother with the jokes about Marshal's butt).
Sendmail has had security holes. They were fixed. In fact, Sendmail has had more bugs fixed than any other mailer, so we could be just as illogical as the original post and say it is obviously is the most secure mailer.
Qmail's brilliant but difficult creator, Dr. Bernstein, has posted a reward for finding security holes in Qmail. According to rumor, he has refrained from paying that reward by the simple expedient of not accepting any allegations of security holes. I am not qualified to judge the truth of the rumors as I have not studied the code. I prefer the license terms of Sendmail and Postfix (Qmail comes with source code, but is not Open Sourced).
The slashdot denigration of sendmail for security problems is undeserved. Acknowledging and fixing security holes should not be a subject for ridicule, it ought to be admired! Sendmail is ancient, proven, mature, pick your favorite word.
Postfix is excellent. It stands on its own merits and doesn't have to take swipes at sendmail.
If you want to diss sendmail, you should be dissing the monolithic design and dependency on *nix (since the *nix security model SUCKS - suid root is an atrocity).
Having a long record of bug fixes simply means the code has been thoroughly scrutinized and tested under fire!
--Charlie
postfix is sommand-line compatible with sendmail, even going so far as to include a binary named "sendmail" for just that reason. I've got several CGIs that use that, just because they're no important enough for me to rewrite them.
I can't comment on other MTAs in that regard.
Red Hat has "alternatives" set up, which make it real easy to switch MTAs. For RH8, I only have to do the following:
/usr/sbin/sendmail.postfix
alternatives --set mta
service sendmail stop
chkconfig sendmail off
service postfix start
chkconfig postfix on
And you now run Postfix!
Engineering and the Ultimate
Yes, I prefer postfix myself.
The only thing missing with postfix is native authenticated smtp. One needs to authenticate through sasl to use it, and I don't trust sasl. I'm not implying that sasl is an insecure product by virtue of bugs, but there are too many variables to make me confident that I can configure and deploy it securely.
the pun is mightier than the sword
"major" being: courier, sendmail, postfix, exim and qmail.
it looks like it's about a year old, and has some missing information, but it's a place to start for anyone looking to switch MTAs.
smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup, reject
permit_mx_backup_networks = 64.15.260.112/27, 282.66.92.0/22, 67.91.305.33/32
(specific addresses changed to protect the innocent, and yes, I know that a byte can't exceed 255, that was deliberate)
This tells Postfix to accept mail for any domain that has an MX in one of the specified networks. So whenever I add a new domain to one of my primary MX servers, I don't have to change the configuration on my backup MX servers at all.