Slashdot Mirror
Postfix
Fortunately, my first needs were simple and I came to realise that Postfix was a much easier system to install and maintain. Now that my needs are more complex, I was glad when this book hit my desk at exactly the same time as I started upgrading the corporate servers from Mac OS 9 to OS X Server.
Postfix: The Definitive Guide seems to fit the bill. It is a well-written and well-constructed guide to mail systems in general and Postfix in particular. (Oh, and speaking of definitive, could someone at O'Reilly provide a definitive answer to both reviewers and their own editors as to that colon? This is the second 'Definitive Guide' I've reviewed in as many months, and they are sprinkled with instances of each book's title, sometimes including that colon, sometimes leaving it out.)
The book starts with a good overview of the underlying technology in Chapters 1 and 2. I can't blame Dent for my slight confusion in the section on addresses and headers - having RFC822 superseded by RFC2822 was just a little too much coincidence for this particular "bear of little brain." He then follows it with a chapter discussing Postfix's architecture, important since Postfix uses a much more modular approach than the sendmail monolith, with each part of the mail handling process a different executable and the single queue turned into five.
Once the background is well covered, Dent then gets onto the nitty-gritty of configuring and administering Postfix. He has certainly covered everything I needed, including spam handling, multiple domains, relaying, SASL authentication and using LDAP. Once I'd finished grokking all that, and getting it integrated into my servers, I had a corporate email system up in three sites that replaced and improved upon a couple of thousand dollars worth of proprietary dreck. Happy is an understatement.
Dent's writing is sometimes a little patchy, though never bad. The technical detail does seem overpowering in places, though, and I occasionally found myself reading a section through more than once with a configuration file open in front of me. There are certainly spots where a little more hand holding and care with the writing would have been appreciated. (If you are a little more cognizant of the interstices of mail systems then you may not have the same problem.)
I did, however, appreciate the appendices enormously. The four appendices cover configuration parameters, Postfix commands, installation, and an FAQ. My system came with Postfix compiled and installed just as I required it so I didn't get a chance to thoroughly test out Dent's installation procedure (though it looks good); the other three continue to be useful.
If you want to have a look for yourself, then the usual O'Reilly page is complete with a table of contents and index, but this time no example chapter is provided (how come, O'Reilly?). You can also get an expanded version of the FAQ in Appendix 4 from Dent's website. A better example of Dent's writing style is an excellent article on troubleshooting with Postfix logs at O'Reilly's Onlamp.com.
This is an excellent book, Dent has explained the underlying methodology and use of Postfix well, taken the reader through all aspects of this MTA system and explained both the why and the how. I would recommend this book (and, as a result Postfix) to anyone looking for an MTA and a guide to configuring and running it.
You can purchase Postfix: The Definitive Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Mac OS X users can find a cool, donation-ware (read: non-crippleware) GUI for the buil-in postfix server, Postfix Enabler. It allows some advanced configuration of the postfix server.
It has some handy instructions for setting up Mac OS X's Mail.app to interface with the Postfix server as well.
I had but a simple dream, to destroy all humans.
after admin'ing sendmail for two years, I switched to Postfix a month ago, and wow, what a difference. recommended, and I'd think a book would only be needed for someone that was deploying this in a large organization.
CB
free ipod and free gmail!
...but comparing how complex sendmail configuration is, and how simple is it to configure Postfix, does a guy who ate his teeth on Sendmail really need -a book- to learn something SO much easier?
(while Sendmail config file reminds raw binary, Postfix is all easy, understandable and well commented options)
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
I thought everyone without a huge legacy setup had switched from the archaic sendmail to something decent like postfix, or qmail long ago.
A few years ago I simply wanted to re-write my host.domain.tld address on outgoing email to be simply host.tld. I bawked at the stupidities of learning a crappy sendmail language, then re-compiling it into yet another crappy language just to do this. A friend told me about postfix, and I've never looked back. I think only the massochistic, or those hopelessly lost in a legacy sendmail mess use sendmail these days.
AccountKiller
I had always wondered how he managed to have so much time to read all these different books, and then on top of reading them, writing a pretty nice review of it.. the following line explains it all to me:
;)
I was glad when this book hit my desk at exactly the same time as I started upgrading the corporate servers from Mac OS 9 to OS X Server
And I'm posting this anonymously because I know there are many of you who wondered the very same thing..
Actually, you're all wrong, nice speach though.
Apple has contributed very little to FreeBSD, all of the contributions have been to the userland; NONE to the kernel.
No, I'm not complaining, I'm very glad that Apple released a nice test suite that allowed us to find some rather nasty NFS bugs; but other than that, Apple has does no more than helping FreeBSD get the recognition it deserves, which is no little thing by the way.
The FreeBSD realation with Apple is technically one-sided, Apple benefits, FreeBSD doesn't. On the political side, they both benefit from the BSD push. Which is good, but it could be better, for FreeBSD at least.
I have also read this book, reviewed it, and submitted it. Obviously honestpuck is more interesting than me, and I can accept that :-).
Good book, but even with Kyle's help I still can't get procmail working with postfix. Postfix has its own filtering mechanism, including spam filtering. It doesn't seem to allow 3rd party apps like procmail and spamassassin to play with it, though. I can't find info on Gogole either. Is anyone using procmail or spamassassin with postfix?
There is no reasonable defense against an idiot with an agenda
:wq
yeah.. that was about where I gave up on this review. Anyone that runs MacOS 9 as a server ... not someone I think I'd be taking advice from for my network.
/dev/random
p
/ | \
m / u
/ \
t s
/ \ / \
o d h i
the great Qmail/Postfix flame war has.
This guy is way out there
It has no impossible-to-understand langauge, the options have reasonable names, they do what they suggest... it just works.
You didn't look very hard did you? This was in the default main.cf!
/usr/bin/procmail
mailbox_command =
The headline is just one word, Postfix, so how could you tell?
to the dustbin of history the better.
Q. Why does the 'sendmail book' have a bat on the cover?
A. The diet of the North American brown bat is principally composed of bugs. Sendmail is a software package principally composed of bugs.
or;
A. Bat guano is a source of ammonium nitrate, a principal ingredient of things that blow up in your face, like sendmail.
(And many others, courtesy of 'the unix haters handbook' (worth a read)).
Obviously, the people who designed the sendmail configuration file system can't have been smoking crack, it wasn't invented back then.
So what was it that they were on? LSD?
In the free world the media isn't government run; the government is media run.
Is that so hard to believe? :-)
Note: that was before I switched to Qmail.
This is next book to buy. I like postfix. Five years (or so) ago it was unknown rpm that came with fetchmail in Mandrake. Now I use it on all of my mail servers. And I use it for free.
Disclaimer: My buddy works at bookpool (but their prices really are great!)
I've been using this book to migrate our existing sendmail gobbilygook mailsystem to a sane well documented postfix system and I've found the book to be a great help as I've had to do a one to one comparision between sendmail and postfix for configuration stuff.
Plus Dent's writing style is excellent and the book is well laid out.
Yes Francis, the world has gone crazy.
If you have a complex setup, it is easier to modify a file with your specific settings, and use M4 to push those settings into the "real" config file. This is fairly future-proof.
I'm not saying it is the best way, but there was a reason.
---[snip]---
Postfix, it just works!
---[snip]---
Sendmail was incompatible with xcode, probably because of the latest version of GCC. I just checked, and it seems to have been fixed in 8.12.11. At the time it was easier to find a 10.2 box than to dig up the compiler switch command and remember to switch it back afterwards.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
Wouldnt this be a reason that GPL kernels have a longer life expectancy?
Dont get me wrong, I love BSD style licenses. They are very useful, but tend to be lacking in author compensation and stability of the platform when a commercial entity gets interested in it, i think.
The FreeBSD realation with Apple is technically one-sided, Apple benefits, FreeBSD doesn't.
Well, I thought that was what the BSD license's for. You write code, a company comes in, takes it, does whatever suits them without any need of giving back. If you want a reciprocal relationship, license the code under the GPL.
"Important Stuff: Please try to keep posts on topic."
What if it's a boring topic? Like a new mailserver or something?
Darwin doesn't use the FreeBSD kernel. It has its own (open source) kernel based on Mach, so it has nothing to contribute back to the FreeBSD kernel.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Performing post order tree traversal on this tree yeilds:
modthisup
For those of you too long out out CS class, just remember: left, right, root.
-- Fighting mediocrity one bad post at a time.
Actually, it does, UFS driver updates they made would be welcome. Actually, many systemcalls in the MacOS X are directly from FreeBSD, so they would be welcome to contribute back the the PPC tree.
Postfix is really great. I converted all our mail servers to it a while back. cpu usage is way down. The config file is very simple too.
There are still quite a few Mac OS 9 servers - running Webstar or AppleShare IP, or maybe even Eudora Internet Mail Server.
It's actually not a bad platform at all and can be quite reliable.
Richard Blum wrote one - it's now quite outdated.
Ralf Hildebrandt & someone else (sorry, forgot who) are working on another very current Postfix book as well. Keep an eye on Amazon.com for it.
I've also read the O'Reilly Postfix book and found it to contain a lot of information. It's nice to have around.
I replaced sendmail wwith postfix on all my non-isiolated machines last year after the sendmail vulnerability-of-the-week treadmill got very old.
it was *really* simple to do.
postfix: the ultimate sendmail patch.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
This is pure conjecture on my part, but I suspect the syntax (and I use the word loosely) of the sendmail.cf file was evolved for ease of parsing via whatever code originally implemented sendmail. It's very nearly a binary format.
.cf files is when they're writing new recipies. The sendmail.m4 file is dead simple to work with.
I'm no sendmail appologizer, but the only time anyone should be messing with
As for me, I've been using qmail since '97 and I recommend it to anyone with the patience to change the way they think about MTA configuration. It's well worth the one week of agonizing confusion. You'll wonder why anyone would do it any other way.
I found the article referenced by Arts & Letters Daily.
http://netbsd.org/gallery/products.html#darwin
FreeBSD or NetBSD is more than the kernel alone. Contributing to either doesn't have to be in the form of changes to
Now "some useful changes" might be a man page type correction... I don't know. You're welcome to scan Net's cvsweb.
I ran sendmail for nearly a decade at various jobs and on various systems. I switched to Postfix a few months ago after trying out SuSE 8.1 Linux (love it, btw) and I'm hooked! I now run Postfix as an Internet-to-interior "smtp firewall" between the Internet and my internal Lotus Domino servers, and the pcre body_checks filters that became available in the first couple days of the MyDoom virus storm proved to be invaluable in keeping about a thousand viruses per hour from being relayed thru my SuSE Linux/Postfix "smtp firewall" and hammering away at the Trend Scanmail antivirus on my Domino server.
Postfix seems ok, I'd recommend it for folks setting up straightforward machines who didn't know sendmail
But people whine that "sendmail is too complex" and at the same time they WANT complex things to happen.
I had a guy come up to me at an event and shout:
Guy: Sendmail is too hard.
ok
Guy: and is there any way to make it only send large (> 1MB) messages out after 7PM when my ISDN rates are lower?
sure. 5 lines in your m4 file.
Sendmail.cf is a binary. It is intended to be read and parsed quickly by a binary. Sendmail still runs on 4MB Sun 3 machines. You don't edit /bin/ls to effect a change there, you edit "ls.c". .mc file to effect a change in the .cf.
Similarly, you edit the
More, when sendmail changes major revisions (eg. you fianlly move from Sendmail 8.8 to 8.12), you regen your .cf and, barring some minor changes to remove defunct features or take advantage of new ones, you have a new working .cf file. You can't just move a 8.8 cf file to an 8.12 machine and expect it to work well and use new features.
Having worked on HUNDREDS or THOUSANDS of config files (one set went onto 10,000 machines at a site), there's NOTHING you can do in the .cf that can't be done in the .mc.
That said, the rule language is painfully ... complex? No, just the opposite. It's painfully simple. My experience with 6502 assm and a BASIC that had neither ELSE nor AND/OR options helped to make me really good at writing sendmail rules.
Dealing with booleans (just to ruleset^Wsubroutine saving buffer, put time in buffer.
Is message less than 1MB? then return
is time after 1900 hrs? Yes? return dsmtp.
Is time < 700 hrs? Yes? return dsmtp.
Otherwise just return.
In calling routine, look for return value and if it's dsmtp, put the saved buffer to the dsmtp mailer. Otherwise continue with the saved buffer.
Hard? No, not really.
Painful? You betcha. I'd love to have variables and ANDs and ELSEs. I've taken to putting complex logic in a perl milter at the RCPT TO phase and calling it a day.
sub choosemailer {
if ((($time > 1900) || ($time < 700)) && $size > 1MB) THEN $mailer=dsmtp
}
But the rulesets are just read by a parser. It's not rocket science (just computer science).
It would be nice to have (perl) regex's and such built in.
And that's where Postfix starts to have an advantage. I can live without UUCP for that. I'd just hope that new sendmail versions might rethink the whole language for processing mail. It's good to have competition. (qmail2 also looks promising to raise the envelope).
But lets just recall that's its not about Sendmail vs postfix vs exim vs qmail.
It's any of these VS Exchange/Notes/Gropewise. And we're losing.
So the point was that you are the admin for a corporate network that ran on MacOS 9, and now runs on MacOS X.
And therefore, since the administration is so easy, you have plenty of time to read and review books.
See? He made a funny.
(Mind you, this is funny because it's true. If you'd said the same thing except about moving your servers from Windows NT 4 to Windows 2003 Advanced Server, he could have said the same thing, and it would've been funny because it was so outrageously false.)
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
While a lot of the comments here (at least those +3 and above) mention Postfix's ease of management vs. that of Sendmail, one point that hasn't received a lot of attention is how the two compare in terms of efficiency. My experience with Sendmail in a high-load environment tells me it's a monolithic, bloated, resource pig. But that was when I was still somewhat new to the admin game, so I'm sure with some expertise it can be tuned.
Postfix, on the other hand, 'out of the box' was wonderful, (not to mention easy to use) and when I learned to tune things like filesystem parameters, optimal disk subsystem layout, and such it only got better. Our Postfix installation where I work continues to amaze me with how much mail it processes each day, with little or no maintenance, even under heavy load (1M+ incoming messages/day between 5 dual-CPU, 2-disk SCSI PIII-class machines). My gut feeling is that with some beefier boxes, and a pile of disks I could get that down to 2 machines handling the same amount of traffic.
Another plus for Postfix is its flexibility, and, if you need to get so deep, its hackability. The code is extremely clean, modular, and easy to work with.
sendmail have atrocious spelling, grammar, syntax, and punctuation. Perhaps the kind of linguistic mindset that enables one to become fluent in sendmail configuration is incompatible with the one that allows fluency in English. Maybe if you naturally write in run-on sentences with no punctuation and indifferent regard for syntax, sendmail configuration files make perfect sense!
...those of us with a very early Slackware box (which came with sendmail but no sendmail docs) didn't know that there was such a thing as the M4 files. We had some helpful comments in the
When we did find docs, it was just for the .cf file, not the installation-and-regeneration docs. (Which didn't really exist then.)
I became very good at editing sendmail.cf, and then came the day, years later, when I had to do it from absolute scratch, and downloaded the full tarball for the first time, and discovered the installation docs, which pointed me to the M4 files. Then I gave up in disgust and found qmail.
Having done my own rewriting rulesets, I became acutely aware of what's involved in processing an email. The knowledge gained helped me figure out qmail, in spite of its craptacular documentation.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
No one has mentioned the great mysql integration. That was what turned me on to Postfix. The domain info can be stored in MySQL. Combine with Cyrus IMAP/POP (and the MySQL PAM module), I can run almost my entire hosting busines without real system users.
Virtual users with mysql ROCK! Add a record in mysql,
and a couple folders on the server(via cron jobs that also check the MYSQL database) and voila!
I don't like to plug my business on slashdot, so I'll post anonymously, but this setup has worked wonderfully for a long while for my companies modest needs.
It is nice having virtual users. In fact my shared hosting servers can be run without any real system accounts for the end users., (I try to keep "advanced" accounts that have shell access on other servers...)
FTP users are all virtual too! (Pure FTP), even the DNS is mysql powered (PowerDNS). Make admin pretty easy, I just spend most of my time writing frontends to it...
ANyway POSTFIX is great by itself, but combined with some additional open source goodness and the sum totoal just rocks...
Just because you're fucking dyslexic or something doesn't earn you any grovelling points. For one thing it's not HONSTEPUCK, it's HONSETPUCK. I believe it's a reference to William Shakespeare's character Puck in A Midsummer Night's Dream. Just because it's probably the lamest and most uncreative slashdot username ever used doesn't mean it's that horrid. But you, my friend, need to settle down. It's just a freaken loser's name. ie. WHO CARES?
...Postfix.
.forward etc etc).
.forward) to forward to SpamAssassin and finally deliver mail to the user.
http://cr.yp.to/maildisasters/postfix.html
http://cr.yp.to/qmail/venema.html
And after reading and realizing how some of the fundamental issues with Postfix were neither acknowledged nor understood by the author of Postfix (at first), I'm not sure if I really trust its security.
I have nothing against Mr Venema, infact, I've used TCP Wrapper for a long time now.
On the subject of Sendmail vs. the world, I think after 7 yrs of using Sendmail I feel quite comfortable with it. One thing I wish Sendmail was better at was the use of resources like Postfix and specially qmail.
I keep thinking about making the switch to qmail or postfix but I can never find the time to learn any new stuff these days. I would have to learn it well too so I can do all the things I currently can with Sendmail e.g. virtual hosting, mailing lists, RBLs, SpamAssasin interface via
My current mail server setup is:
smptd (www.obtuse.com, small, fast, secure) for the front end (listening on port 25) which uses sendmail for the delivery, which in turn uses procmail (via
Postfix is very good and not crippled by stupid DJB style "licenses" like qmail. I'm using in on all my boxes (FreeBSD, Linux) and one of them delivers large amounts of mail. Very fast delivery, supports all kinds of stuff (maildirs, MySQL, LDAP, delivery to Cyrus, etc.) has some builtin unsolicited bulk email controls and some resource controls and it doesn't require 1e13 users on the system like qmail does. I'm surprised people still use Sendmail (and argue that it's somehow "better"). Very cool piece of software. I'd like to thank Wietse Venema and IBM for it.
Some would argue about the license (especially BSD people who also argue about GPL being not liberal enough) but it's OSI approved so most arguments are vapour.
here is a fine guide to build a Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC.
You can follow the steps and build it with Linux too. This entire procedure has been developed with security as a primary focus. These are the main tools it shows:
Mac OS X users could alternatively safe the money and read a description of how to enable postfix on OS X for free in ten minutes. In Panther, it's just one or two lines in configuration files, essentially. If you want SASL authentication and other things, the nicely-designed GUI of Postfix Enabler is probably worth a few bucks!
I've long wished that Wietse Venema would turn his attention next to a replacement for BIND. Can you imagine it? I get wistful thinking about it.
In this day and age of DNS and MTAs synergizing to combat spam, it kind of makes some sense, doesn't it?
I use tinydns myself but the DJB way has also irked me. Which is why I turned to postfix after evaluating qmail long ago. sendmail's security problems and horrid config made it out of the question.
Kinda like BIND. Though the config isn't as bad as sendmail.cf (and tinydns's data file is about as bad), I'd like to see what Wietse would come up with...
-h3
Who cares?
next if ($author eq "djb");
I must admit that having read a lot of DJBs site for various reasons over time, I have come to the conclusion that I really wouldn't like him if I ever met him. Having said that, I do use DJBDNS rather than bind on my network simply beacuse I had a very short timeframe to get DNS up and running and bind seemed to have too steep a learning curve at the time.
Back on topic, I do use Postfix on my mail server and found it relatively easy to configure and setup. I've also got Ilohamail sitting on top of it for webmail services, which I'd recommend as well.
Bob
Listen to my latest album here
I dont know why anyone would want to put themselves through the hell of sendmail when Postfix is available. I have Postfix working with LDAP lookups, SMTP authentication, passwords out of LDAP - all kinds of cool stuff that was a total pain in the ass to get sendmail to do. If you havent checked it out yet, do so and I am sure you will agree: Postfix rules!
-- NeTMoNGeR
One of the most annoying things about qmail/DJB is the unwillingness to accept what the community sees as necessary feature patches.
Just having gotten postfix/sasl/tls/auth going, I have to say, it's not sensible that postfix ships without the TLS functionality. It was easy once I found the patches, and maybe I missed something, but it took me a while to realize it wasn't bundled by default. Anybody know why this is?
It's just not a good idea to setup a mailserver today for most users without supporting AUTH over TLS. MD5 is OK if you can handle the admin overhead of extra passwords, but a configure option (if there was a configure) --without-tls would take care of those folks who want to run a leaner server. Export licenses maybe? Just have a -non-crypto.tar.gz download as a non-default download option.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)