Slashdot Mirror
Postfix: A Secure and Easy-to-Use MTA
BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."
the department of homeland security is issuing security advisories now? did anyone know we're paying them to audit code?
I wonder if they'll start trolling on bugtraq.
-blak
Does postfix have milters? Sendmail is popular for a reason.
Qmail is rock-solid. The best proof I can offer is that fact that no security flaw has been found since 1.03 was released in 1998. The man is a cryptographer and designed it for security.
There is also an enormous amount of support for the product available. Check out qmail.org and cr.yp.to/qmail.html
The Qmail author offers money for any holes found. So far he hasn't had to pay a cent.
OLPC Australia
Of course now I get al the exim, qmail and postfix fanboys blasting at me, but sendmail works well. Works good enough for most. Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?
Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.
In general I found that virtual domains were a bit trickier to set up in postfix than in sendmail. Ordinary aliases were just as easy (read identical). My sites don't do enough volume to tell any difference in performance. The build/install process was probably a bit easier for postfix, i.e. didn't have to monkey around with M4. So as a sendmail admin of more years than I care to think about, postfix seems about as easy to administer as sendmail on a day-to-day basis.
...because the article poster had to mention Postfix. Now someone's gonna say "qmail", someone else will say "exim", someone will say "fuck you, sendmail all the way" and what could have been a nice debate about the full-of-security-holes-dinosaurs of open source will be spent in 500 messages worth of flamewar. Sigh.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
As for myself, I switched to postfix several years ago and haven't looked back even once.
Harald
windows users don't have to worry about this!
hahaha
(it's a joke ok ? i use unix.....)
Phew lucky I'm running exchange and don't have these damn sendmail SECURITY fixes to worry about ;)
Just as a heads up to Mac users... the next major revision of Mac OS X, Panther, will be changing from Sendmail to Postfix. So if you use Mac OS X, you don't need to do anything special other than buy Panther when it becomes available.
Personally, that's what is pushing me over the edge to learn Postfix and use it on my OpenBSD servers. In a nostalgic way, it's too bad... I once made some seriously good money writing custom sendmail.cf files on a consulting basis.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I have been using Courier for over two years now. No remote roots ever or problems of any kind (I am amazed!). It's open sourced and a full package (esmtp, pop, imap, webmail and a thousand other things). It gets my vote.
I for one have used sendmail and postfix, and have tried qmail in the past [sorry, didn't like it]. :)
I finally settled on Postifx. I really like it. I feel I don't have to jump through nearly as many hoops to get it running well as I did with sendmail. I certainly didn't need a 900 page 'bat' book to get postfix running.
With that said, to each his/her own. Use what you want, I'm sure people love qmail for reasons that make sense to them, and the same with exim and sendmail. Those of you who would flame me or others because of our choice of email servers all I can say is "Get over it..."
Ender
Nothing to see here
Just like Internet Explorer is still used because it ships as the default browser with every flavor of Windows, and Apple Mail is still used because it ships as the default mail client with every flavor of Mac OS X, and so on. This surprises you because...?
--
Damn the Emperor!
There's been discussion about switching to postfix as the default for new installs however, and it may even be a done deal. A lot of arguments have been tossed about for this, however the biggie seems to be its simplicity: with something as complex as exim or sendmail, there are just more opportunities for something to go wrong. Postfix is quite enough for most users.
Postfix is cool and words but so does Exim, Qmail et al. Sendmail is a large code base that has devloped over many years but its secret is its ability to do alomst anything required. Of course its almost impenterable if you don't want to learn rule sets but you can just get the Orielly book which is only about 1000 pages long :)
Rus
Cheap UK and US VPS
If you run virtual domains, Postfix or Sendmail is not an option, especially if you dont want to deliver john@d1.com and john@d2.com to john@localhost. Heck, with virtual domains, you don't want to have user accounts anyway.
I wish there were other easy to use open source options, because Qmail really suffers under Sobig at this point.
Newsfollow.com
I'm expecting certain people to make much of this news, citing the "insecurity that comes with open source".
All it demonstrates is that large complex pieces of software are inherently more difficult to secure than smaller simpler ones.
Sendmail is great but we switched to another MTA about four years ago, also because Sendmail had exploits.
Ceci n'est pas une signature
My postfix installation is extremely secure, I can't get it to receive any email at all. If anyone could help me unsecure it by teaching it to deliver mail to my computer, could they shoot me an email? (bassettgabriel @qwest.net). I'm not a system administrator, just a guy w/ linux at home and the simple setup just isn't working for some reason.
I do security
Sorry for the flamebait, but how would it seem if an "objective" news-headline site said the following:
"The Dodge Ram has had a number of documented problems over the years. However, for less problems, try the Ford Explorer."
Come on...
This wasn't just plain terrible, this was fancy terrible. This was terrible with raisins in it. - Dorothy Parker
- wu-ftpd. Most recently known for the crack of alpha.gnu.org.
- sendmail. "Not having sendmail is like not having VD", according to popular wisdom
- vixie-cron. I don't even know of a "virgin" distribution of this, which is probably a good thing; all the Linux vendors have their own set of extensive patches to vixie-cron.
There are multiple choices for replacing each of these, most of them a written-from-scratch replacement. Not all of these are perfect, either, but at least they're less popular, so (hopefully?) less likely to get hacked.I personally run fcron, postfix, and proftpd instead of the more popular packages. I don't honestly claim that they're any more secure, in all cases they were mostly personal choices having to do with cleanness/installation ease.
SMTP is a fairly simple protocol, so why are there so many security problems with mail servers? Am I missing something obvious?
Can someone post a list of the things we LOSE going to postfix? I'm interested, but I'd like to be able to check to see what I'm losing, so I can compare that to what I'm using.
This article was really about a hole in sendmail. However, with all the so-called "Microsoft holes" Slashdot has been reporting non-stop about, they needed to immediately offer a working alternative so they can say, "It's not that big a deal; here are well-known alternatives," and play down the hypocrisy a bit. Meanwhile, there are just as many alternatives to Outlook, but that doesn't stop people from declaring Windows unsafe (never mind that SoBig is a user-transmitted worm). They were just trying to play down the seriousness of it. "You should have been using postfix!"
Just had to say it. Mod me down if you disagree.
"Sufferin' succotash."
I think they switched which MTA was installed by default between Potato and Woody, but neither one was Sendmail. And of course, they have you configure it when it's installed, and you can just tell it to not run the daemon and deliver local mail only (so you still get important stuff sent to root).
I've used Postfix, and like it very much. Currently, the email server for which I'm responsible runs Sendmail, because I haven't had time to figure out how to port the virtusertable over to Postfix.
As for hackstraw's comment, Debian makes it easy because packages depend on "an MTA", and all of the MTAs conflict, so you just use APT to install your MTA of choice, and it replaces the existing one.
WMBC freeform/independent online radio.
A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics.
Of course, they were too busy upgrading/patching Sendmail.
Really? If you don't have any MTA on your workstation, how do you get all of the email messages to root telling you that things are wrong with your system? Or might that be why you are reinstalling all the time? :)
You could try Debian; not only does it not install Sendmail by default (I think they're on Exim now; used to be smail, IIRC), but it's designed to only have to be installed once, ever, which solves your other problem.
WMBC freeform/independent online radio.
This is a security problem from March. Sendmail 8.12.9 was released on March 31st, correcting this problem.
Why is this being posted nearly half a year later? Solely to advertise Postfix?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
stop executable (ie virus) content. And nobody
in my company got the recent SoBig virus. Here's the line:
This is good info... Always be sure to read the docs fully before saying X feature doesn't exist in Y product.
(Offtopic: A similarly nice, elegant solution for desktop/clients PC printing is pdq, which unlike lpd and cups runs only as a local spooler without opening a network port, and is lean (65k), dead-simple and functional. With nullmailer/ssmtp & pdq, I managed to close all ports (except of course SSH) on my two desktop PCs under Debian GNU/Linux without any firewalling. AFAIK, Debian is the only OS offering all the aforementioned pieces of software as part of its main distribution.)
gopher://cramer.plaintext.cc http://cramer.plaintext.cc:70
BIND was originally was an implementation in C of Jeeves, which was the original PDP-10 DNS implementation. This explains some of the cruft (but in fact I don't feel that BIND has all that much cruft).
We handle roughly 1.5million pieces of mail daily, and found major performance problems with qmail. In particular, qmail would tend to start slowing down, for no apparent reason, which would make the queue size even larger; and well, it was a slipery slope. We found by switching to postfix not only did we eliminate the issues, but since this is a cluster of mail servers, the postconf command made admining the boxes much easier.
(this was on stock redhat 7.2 installs with scsi raid 5 disk arrays)
We handle about 14 million incoming messages per day, across 8 qmail-ldap hosts, in a clustered environment. And we use SpamAssassin for mail filtering, as well.
Those 8 hosts (which are quite modest IBM x335 servers) carry almost no load, and their queues are quite small (about 20,000msgs per host, mostly junk waiting to bounce).
The biggest performace increase we saw was when we switched from magnetic disks to Solid State (RAM) disks for the queue drives.
I'm just wondering.. if you install a sendmail alternative (exim, let's say), will it break any CGI scripts you are using for your webpage that call on sendmail to send mail?
It turns out that the wu-ftpd report for the crack of alpha.gnu.org on slashdot was in fact wrong, and in fact alpha.gnu.org wasn't even running wuftpd. It was "just" the linux kernel ptrace vulnerability and a local user.
Compare this to the antics of "that corporation" who is quite content to leave bugs as "undocumented features". Could be this FUD is just a reaction to that "insecure by design" mudslinging.
better get your facts straights
www.courier-mta.org
full blown email server: MTA, filtering, pop3, imap and webmail, all neatly packaged (and written) by the great Sam. works like a charm too
While it has been years since I have done sendmail, I remember it as being that I lost 2 things.
1) being cracked almost as easily as an XP box (it was 6 years ago), so it required constant update.
2) certain config tools work on sendmail only (but there are much better replacements in postfix and other mtas).
3) the speed and scalability. To this day, sendmail is the better choice for extreme loads, say 5000 users on up.
Postfix is a great choice for home all the way up to small-large businesses. I did not lose any capabilities (in fact gained some new ones).
I presently use this combination for many customers, and will continue to do so.
Postfix is much easier to deal with than sendmail. The configuration file "main.cf" is long but well documented, and it is often the only file you need to muck with.
Add Webmin and you can leave the system in the hands of a local admin without much training.
Add Usermin and basic webmail is painless.
Try it, you might like it.
~8^]
According to http://cr.yp.to/surveys/sendmail.html and http://cr.yp.to/surveys/smtpsoftware6.txt, Sendmail has long been trending towards less and less hosts running it. As of his last survey two years ago, it was at 42%. And if you look only at "serious" MTAs, those for sites that have heavy mail volumes, you'll probably see even less Sendmail.
One simple rule for its versus it's
>Also, it doesn't require that you install all the author's other tools in order to have a functioning MTA.
This one does it for me. I currently use Exim, which also drops in for sendmail and is reasonably secure. If/when I want more security, I'll probably go Postfix because of the simple drop-in.
Security is never unimportant, but for an internal-only MTA for a family of four that accepts no external connections, it's secondary. I will however agree that had I been running Sendmail, the March problem would have had me.
The living have better things to do than to continue hating the dead.
"major" being: courier, sendmail, postfix, exim and qmail.
it looks like it's about a year old, and has some missing information, but it's a place to start for anyone looking to switch MTAs.
Yes. Yes it is.
No, SuSE and Mandrake have been shipping Postfix by default for a few years (Mandrake at least since 7.1). Of course, sendmail is still available and supported (pity, otherwise there may be space for other secure mail servers
I think it's only the Redhat users who get an insecure MTA by default
It seems Debian may have also seen the light
Most of the installs I've done for postfix and exim (I prefer exim) replace sendmail completely and setup a link from /usr/sbin/sendmail (or whereever) to the replacement. Both postfix and exim will accept the same commandline parameters as sendmail (although they ignore some of them) so this won't break any locally installed software that expects sendmail to be available.
Yeah me too. I messed with Postfix on Debian for awhile. I got it to work but I wasn't real comfortable that I understood what I had done.
Switching to Exim was great, I thought the config file much better. When I rebuilt my server to Gentoo a couple of weekends ago, I moved to Exim 4.1 and thought the config even better.
smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup, reject
permit_mx_backup_networks = 64.15.260.112/27, 282.66.92.0/22, 67.91.305.33/32
(specific addresses changed to protect the innocent, and yes, I know that a byte can't exceed 255, that was deliberate)
This tells Postfix to accept mail for any domain that has an MX in one of the specified networks. So whenever I add a new domain to one of my primary MX servers, I don't have to change the configuration on my backup MX servers at all.
Assuming each e-mail passes on average 3 MTAs, and sendmail is used on 50% of those servers, that gives:
- .50 (probability first server rung sendmail)
- .50*.50 = 0.25 (probability second server runs sendmail, if first didn't)
- .50*.50*.50 = 0.125 (probability third server runs sendmail if first two didn't)
Summarizing: in 87,5% of cases, the e-mail was handled (= routed through) by at least one MTA running sendmail.If sendmail is deployed on 40% of the servers, the same reasoning gives a total of 62,4%. So the newspaper talking about "routing" and not about the percentage of servers running sendmail, may be correct.
My 2c.