Slashdot Mirror

← Back to Stories (view on slashdot.org)

Postfix: A Secure and Easy-to-Use MTA

Posted by Hemos on from the learn-more-about-it dept.

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."

28 of 374 comments (clear)

  1. What's wrong with sendmail? by CoolVibe · · Score: 2, Interesting
    No, really?

    Of course now I get al the exim, qmail and postfix fanboys blasting at me, but sendmail works well. Works good enough for most. Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?

    Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.

    1. Re:What's wrong with sendmail? by Anonymous Coward · · Score: 1, Interesting

      not only is it "good enough for OpenBSD", it's also good enough to be behind some of the largest email servers in the world.

      Sendmail is tried and true. It handles load like there is no tomorrow. There's a reason it has been the standard for so many years...

      Just because it has holes (that are patched in later versions) does not make it any worse off than anything else.

    2. Re:What's wrong with sendmail? by satch89450 · · Score: 4, Interesting
      Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.

      I ditched SendMail because it made me uncomfortable as an administrator. Yes, I could get it working "good enough" that I wasn't a relay, but because of the arcane command file structure I wasn't satisfied that it was tuned the way I wanted it. (BTW, I had hand-coded a sendmail.cf from scratch before, and made it work, but that was when I had a whole day to spend on the project.)

      Back in the days when there weren't a hoard of people trying to crack your system, SendMail was OK. Nowadays, you want to make absolutely sure there are zero holes in your system -- arguably you want to PROVE there are no holes, which is an impossibility -- and SendMail makes that very hard to do.

      With PostFix, I can get a configuration file, sort it, and check each parameter against the manual. In fact, PostFix can get me EVERY setting (using postconf) so that I can verify I like the defaults, too.

      In the current Internet environment, "good enough" isn't good enough.

    3. Re:What's wrong with sendmail? by CoolVibe · · Score: 2, Interesting
      Sendmail currently ships with being a relay by default turned off. Also, all BSDs ship with sendmail set up that way. And they're not ancient versions anyway. (8.12.x, last time I checked). Of course NetBSD ships with postfix, but I harly use it. Sendmail performs well enough, and m4 isn't the hassle everyone thinks it is.

      Like some other poster says, postfix is actually pretty fussy when it comes to virtual domains. In sendmail you use a sendmail.cw, plonk all your recieving domains in there an be done with it. And there's milter.

      Sendmail is good enough for me, the same as postfix would be, but I don't see a solid reason to switch.

      Oh, I haven't seen a compromise through sendmail in YEARS. Yeah sure there were bugs, but if you keep your world upt o date with cvsup or cvs, the holes get plugget VERY fast.

      Try better. I'm not convinced.

    4. Re:What's wrong with sendmail? by CoolVibe · · Score: 2, Interesting
      Ah, the voice of reason.

      Moderate this up. It cuts straight through the FUD from the qmail/postfix/exim fanboys.

      I _NEVER_ touch the .cf. Never never never. Creating a sendmail.cf on e.g. FreeBSD requires no more knowlegde than how to run 'make' in /etc/mail. You don't even _need_ to mess with m4. NetBSD does the same. OpenBSD however requires you to make your own .mc, but that's not really hard, since theres lots of .mc files you can use in /usr/share/sendmail.

      Also, it strikes me that lots of the anti-sendmail crowd got modpoints today. They are clearly on crack.

    5. Re:What's wrong with sendmail? by javamutt · · Score: 2, Interesting

      I've said it before and I'll say it again. Complexity is very tightly tied to availability in a general sense. I stay with sendmail because I've got it working "good enough" and I don't have the time right now to rearchitect our mail system...

      BUT I aboslutely hate the fact that the config language is so complicated that it needs a preparser. Just reading the sendmail book from O'Reilly can be painful because of its size.

      I like flexibility, I agree that restricting yourself to M4 (vs. cf editing) makes sendmail MUCH more tasteful, but really - this is the best we can do as a default after all these years?

      I'm temped to make use of RedHat's new MTA switcher and take something new for a spin if it saves headaches. I wonder how clean their setup is.

  2. Re:Or try qmail - unbroken since v1.03 (1998) by satch89450 · · Score: 1, Interesting
    Qmail is rock-solid. The best proof I can offer is that fact that no security flaw has been found since 1.03 was released in 1998. The man is a cryptographer and designed it for security.

    I run a number of qmail instances as part of my job, and while it may remain unbroken from a compromise viewpoint, it can get suffer from denial-of-service problems by bogging down to the point that the mail queue has to be cleared and the daemon restarted for the thing to run

    I've never had this problem with PostFix.

    I stopped running SendMail a long time ago, so I can't comment on that package's behavior first-hand when presented with a crushing load.

  3. Its look like Qmail Vs Postfix war by Delifisek · · Score: 1, Interesting

    Qmail uses some kind of weird uniq ways. Of course you may defend your lovely Qmail server.

    But if I remember correct. You cannot feel difference between Qmail vs Postfix until, start to deliver 40.000 mails per day.

    So use Postfix :)...

    --
    [My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
    1. Re:Its look like Qmail Vs Postfix war by slushpupie · · Score: 5, Interesting

      We handle roughly 1.5million pieces of mail daily, and found major performance problems with qmail. In particular, qmail would tend to start slowing down, for no apparent reason, which would make the queue size even larger; and well, it was a slipery slope. We found by switching to postfix not only did we eliminate the issues, but since this is a cluster of mail servers, the postconf command made admining the boxes much easier.

      (this was on stock redhat 7.2 installs with scsi raid 5 disk arrays)

    2. Re:Its look like Qmail Vs Postfix war by Anonymous Coward · · Score: 1, Interesting

      So you shelled out huge bucks for solid state disks and 8 hosts for only 14m messages a day?

      I've got an old sun E450 doing about 4m a day using local memory for the queue and nothing more going on. No clusters, no incredibly expensive ssd, no 8 hosts. For the money you spent on those ssd drives alone, I could have built a few racks of E420s off ebay and handled 50x your mail load.

      You're giving admins a bad name.

  4. Mmmm...postfix by ender- · · Score: 4, Interesting

    I for one have used sendmail and postfix, and have tried qmail in the past [sorry, didn't like it].
    I finally settled on Postifx. I really like it. I feel I don't have to jump through nearly as many hoops to get it running well as I did with sendmail. I certainly didn't need a 900 page 'bat' book to get postfix running. :)

    With that said, to each his/her own. Use what you want, I'm sure people love qmail for reasons that make sense to them, and the same with exim and sendmail. Those of you who would flame me or others because of our choice of email servers all I can say is "Get over it..."

    Ender

    --
    Nothing to see here
  5. Stupid question... by Skirwan · · Score: 4, Interesting
    Is Sendmail still used because it ships as the default mailer with almost every flavor of Unix?
    Yes. Yes it is.

    Just like Internet Explorer is still used because it ships as the default browser with every flavor of Windows, and Apple Mail is still used because it ships as the default mail client with every flavor of Mac OS X, and so on. This surprises you because...?

    --
    Damn the Emperor!
  6. Re:I've switched one box to postfix.. by segment · · Score: 4, Interesting
    I've run heavy sites with postfix when I worked at a service access provider once. We had about 5k domains (notice I typed domains... users = ? don't have an idea) on each server (back then was a VAR501) running on postfix without a problem. QMail is alright but I notice the load gets heavy a bit so it's not good for like legacy systems at least in my opinion.

    Sendmail.. ugh. Remember that old comment, if you've got nothing nice to say? At least they gave out free sendmail swiss army knives once!

    --
    MoFscker
  7. Qmail just works by esconsult1 · · Score: 3, Interesting
    The combination of Qmail and Vpopmail is perfect for our company with multiple virtual domains. No other solution comes close.

    If you run virtual domains, Postfix or Sendmail is not an option, especially if you dont want to deliver john@d1.com and john@d2.com to john@localhost. Heck, with virtual domains, you don't want to have user accounts anyway.

    I wish there were other easy to use open source options, because Qmail really suffers under Sobig at this point.

    --

    Newsfollow.com

  8. And this isn't an advertisement how? by Apostata · · Score: 3, Interesting

    Sorry for the flamebait, but how would it seem if an "objective" news-headline site said the following:

    "The Dodge Ram has had a number of documented problems over the years. However, for less problems, try the Ford Explorer."

    Come on...

    --

    This wasn't just plain terrible, this was fancy terrible. This was terrible with raisins in it. - Dorothy Parker
  9. What's lost in postfix? by Anonymous Coward · · Score: 2, Interesting

    Can someone post a list of the things we LOSE going to postfix? I'm interested, but I'd like to be able to check to see what I'm losing, so I can compare that to what I'm using.

  10. Re:I've switched one box to postfix.. by Anonymous Coward · · Score: 1, Interesting

    When you have thousands of domains on the box you really do notice how much better postfix is than sendmail.

    I've handled tens of thousands of domains under both and the ease of management, load handling and better security (as well as readable code!) make postfix the hands down winner for me.

  11. Re:I use by autechre · · Score: 2, Interesting

    Really? If you don't have any MTA on your workstation, how do you get all of the email messages to root telling you that things are wrong with your system? Or might that be why you are reinstalling all the time? :)

    You could try Debian; not only does it not install Sendmail by default (I think they're on Exim now; used to be smail, IIRC), but it's designed to only have to be installed once, ever, which solves your other problem.

    --
    WMBC freeform/independent online radio.
  12. MTAs for desktop/client installations by Florian · · Score: 5, Interesting
    For running an MTA on a desktop/client PC, I strongly recommend solutions like Nullmailer or, for computers with permanent Internet connectivity, ssmtp. Both work as just local gateways/bouncers to a remote SMTP server; they don't open any network ports and thus prevent remote exploits/attacks/spam relaying by design. Nullmailer offers local spooling (important for dialup connections) while ssmtp bounces everything immediately to the smarthost. Both are very small (ssmtp: 22k, nullmailer-send: 25k), ridiculously simple to configure even for people with low administration skills, both provide sendmail-compatibility to work with MUAs like mutt.

    (Offtopic: A similarly nice, elegant solution for desktop/clients PC printing is pdq, which unlike lpd and cups runs only as a local spooler without opening a network port, and is lean (65k), dead-simple and functional. With nullmailer/ssmtp & pdq, I managed to close all ports (except of course SSH) on my two desktop PCs under Debian GNU/Linux without any firewalling. AFAIK, Debian is the only OS offering all the aforementioned pieces of software as part of its main distribution.)

    --
    gopher://cramer.plaintext.cc http://cramer.plaintext.cc:70
  13. Re:Don't forget BIND. by shoppa · · Score: 4, Interesting
    My information that the GNU alpha.gnu.org compromise was due to wu-ftpd came from this quote posted to slashdot after the compromise:
    iSEC Security Research reports that wu-ftpd contains an off-by-one bug in the fb_realpath function which could be exploited by a logged-in user (local or anonymous) to gain root privileges. A demonstration exploit is reportedly available.

    BIND was originally was an implementation in C of Jeeves, which was the original PDP-10 DNS implementation. This explains some of the cruft (but in fact I don't feel that BIND has all that much cruft).

  14. Re:Or try qmail - unbroken since v1.03 (1998) by thogard · · Score: 2, Interesting

    Qmail has a guarantee

    But have you noticed the qualifiers? Sendmail works around bugs in the OS (and most of the CERT warnings involving sendmail are because of OS related issues and other delivery programs, not the sendmail core).

    How many of the race conditions fixed in sendmail and apache exist today in qmail? Does qmail work around any linux kernal problems?

  15. .. in scripts? by iantri · · Score: 2, Interesting

    I'm just wondering.. if you install a sendmail alternative (exim, let's say), will it break any CGI scripts you are using for your webpage that call on sendmail to send mail?

  16. CGIs, other scripts by Kozz · · Score: 0, Interesting

    I have no problem with the principle idea of switching from Sendmail to something more secure like qmail, postfix, exim, except for the fact that nobody has brought up that nearly EVERY *nix distro has tools that depend on having *sendmail*. Perl modules, bash scripts, all look for the particular behavior of sendmail. Sure, qmail has a sendmail-like wrapper, but I've had problems in sending mail with qmail. Haven't wanted to try anything else yet. It's such a pain to get anything else working, I'd rather use the m4's and keep sendmail working "good enough".

    --
    I only post comments when someone on the internet is wrong.
  17. Re:Or try qmail - unbroken since v1.03 (1998) by proj_2501 · · Score: 2, Interesting

    "Even just recently there was a remote DOS in some versions of postfix."

    Big deal. DJB offers $500 for finding a security hole in qmail EXCEPT DOS attacks.

  18. sendmail is NOT that popular by ChrisCampbell47 · · Score: 3, Interesting
    While Sendmail runs half the mail servers in the world

    According to http://cr.yp.to/surveys/sendmail.html and http://cr.yp.to/surveys/smtpsoftware6.txt, Sendmail has long been trending towards less and less hosts running it. As of his last survey two years ago, it was at 42%. And if you look only at "serious" MTAs, those for sites that have heavy mail volumes, you'll probably see even less Sendmail.

    --
    One simple rule for its versus it's
  19. Re:Or try qmail - unbroken since v1.03 (1998) by JamieF · · Score: 3, Interesting

    >Postfix, on the other hand, suffers from the windows design pardigim.
    >One big package to do it all.

    I guess if you define "one big package" to be modularized like this and "do it all" to mean "be an MTA" then you're right. Are you saying that qmail does less, with more than 36 different executables (which is how many postfix uses), and that that's better?

    >Even Wietse doesn't trust his own software.
    >http://marc.theaimsgroup.com/?l=bugtra q&m=1060186 77502632&w=2

    Riiight. So you're saying that when Dan ships a bug fix, all qmail installations are magically updated, and all distributions out there on FTP servers and CDs are updated too. No? That's all that Wietse was lamenting - read the message again. He's saying that you can fix a bug in the current code but you can't make it go away retroactively. He doesn't say he doesn't use or trust his own software.

    >Postfix on the other hand is still underdevelopment,

    I guess you would prefer an abandoned product? Or are you saying it's not ready for production use yet? IBM released it FIVE YEARS AGO as the IBM Secure Mailer. It does get updated, though. Horrors! Do you use an OS that is "done" too, because not ever being updated is a good thing?

    >suffers from a poor design,

    According to you. How exactly is the design poor in your opinion? Hint: You can't just say "it's like Windows". What are some specific design choices and examples of why that's bad? Or are you just hand-waving?

    >and probably will include the kitchen sink by next year.

    Based on what, exactly? Please explain why you think Postfix is adding all sorts of non-MTA features lately, and preferrably show a link to a message by Wietse where he says he's going to do so in the future.

  20. Re:Replacing SENDMAIL does not eliminate problem. by Kevinv · · Score: 2, Interesting

    Most of the installs I've done for postfix and exim (I prefer exim) replace sendmail completely and setup a link from /usr/sbin/sendmail (or whereever) to the replacement. Both postfix and exim will accept the same commandline parameters as sendmail (although they ignore some of them) so this won't break any locally installed software that expects sendmail to be available.

  21. Re:Exim for me by Kevinv · · Score: 2, Interesting

    Yeah me too. I messed with Postfix on Debian for awhile. I got it to work but I wasn't real comfortable that I understood what I had done.

    Switching to Exim was great, I thought the config file much better. When I rebuilt my server to Gentoo a couple of weekends ago, I moved to Exim 4.1 and thought the config even better.