Slashdot Mirror
Postfix
Fortunately, my first needs were simple and I came to realise that Postfix was a much easier system to install and maintain. Now that my needs are more complex, I was glad when this book hit my desk at exactly the same time as I started upgrading the corporate servers from Mac OS 9 to OS X Server.
Postfix: The Definitive Guide seems to fit the bill. It is a well-written and well-constructed guide to mail systems in general and Postfix in particular. (Oh, and speaking of definitive, could someone at O'Reilly provide a definitive answer to both reviewers and their own editors as to that colon? This is the second 'Definitive Guide' I've reviewed in as many months, and they are sprinkled with instances of each book's title, sometimes including that colon, sometimes leaving it out.)
The book starts with a good overview of the underlying technology in Chapters 1 and 2. I can't blame Dent for my slight confusion in the section on addresses and headers - having RFC822 superseded by RFC2822 was just a little too much coincidence for this particular "bear of little brain." He then follows it with a chapter discussing Postfix's architecture, important since Postfix uses a much more modular approach than the sendmail monolith, with each part of the mail handling process a different executable and the single queue turned into five.
Once the background is well covered, Dent then gets onto the nitty-gritty of configuring and administering Postfix. He has certainly covered everything I needed, including spam handling, multiple domains, relaying, SASL authentication and using LDAP. Once I'd finished grokking all that, and getting it integrated into my servers, I had a corporate email system up in three sites that replaced and improved upon a couple of thousand dollars worth of proprietary dreck. Happy is an understatement.
Dent's writing is sometimes a little patchy, though never bad. The technical detail does seem overpowering in places, though, and I occasionally found myself reading a section through more than once with a configuration file open in front of me. There are certainly spots where a little more hand holding and care with the writing would have been appreciated. (If you are a little more cognizant of the interstices of mail systems then you may not have the same problem.)
I did, however, appreciate the appendices enormously. The four appendices cover configuration parameters, Postfix commands, installation, and an FAQ. My system came with Postfix compiled and installed just as I required it so I didn't get a chance to thoroughly test out Dent's installation procedure (though it looks good); the other three continue to be useful.
If you want to have a look for yourself, then the usual O'Reilly page is complete with a table of contents and index, but this time no example chapter is provided (how come, O'Reilly?). You can also get an expanded version of the FAQ in Appendix 4 from Dent's website. A better example of Dent's writing style is an excellent article on troubleshooting with Postfix logs at O'Reilly's Onlamp.com.
This is an excellent book, Dent has explained the underlying methodology and use of Postfix well, taken the reader through all aspects of this MTA system and explained both the why and the how. I would recommend this book (and, as a result Postfix) to anyone looking for an MTA and a guide to configuring and running it.
You can purchase Postfix: The Definitive Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Mac OS X users can find a cool, donation-ware (read: non-crippleware) GUI for the buil-in postfix server, Postfix Enabler. It allows some advanced configuration of the postfix server.
It has some handy instructions for setting up Mac OS X's Mail.app to interface with the Postfix server as well.
I had but a simple dream, to destroy all humans.
after admin'ing sendmail for two years, I switched to Postfix a month ago, and wow, what a difference. recommended, and I'd think a book would only be needed for someone that was deploying this in a large organization.
CB
free ipod and free gmail!
...but comparing how complex sendmail configuration is, and how simple is it to configure Postfix, does a guy who ate his teeth on Sendmail really need -a book- to learn something SO much easier?
(while Sendmail config file reminds raw binary, Postfix is all easy, understandable and well commented options)
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
I thought everyone without a huge legacy setup had switched from the archaic sendmail to something decent like postfix, or qmail long ago.
A few years ago I simply wanted to re-write my host.domain.tld address on outgoing email to be simply host.tld. I bawked at the stupidities of learning a crappy sendmail language, then re-compiling it into yet another crappy language just to do this. A friend told me about postfix, and I've never looked back. I think only the massochistic, or those hopelessly lost in a legacy sendmail mess use sendmail these days.
AccountKiller
I had always wondered how he managed to have so much time to read all these different books, and then on top of reading them, writing a pretty nice review of it.. the following line explains it all to me:
;)
I was glad when this book hit my desk at exactly the same time as I started upgrading the corporate servers from Mac OS 9 to OS X Server
And I'm posting this anonymously because I know there are many of you who wondered the very same thing..
I have also read this book, reviewed it, and submitted it. Obviously honestpuck is more interesting than me, and I can accept that :-).
Good book, but even with Kyle's help I still can't get procmail working with postfix. Postfix has its own filtering mechanism, including spam filtering. It doesn't seem to allow 3rd party apps like procmail and spamassassin to play with it, though. I can't find info on Gogole either. Is anyone using procmail or spamassassin with postfix?
There is no reasonable defense against an idiot with an agenda
:wq
p
/ | \
m / u
/ \
t s
/ \ / \
o d h i
the great Qmail/Postfix flame war has.
This guy is way out there
It has no impossible-to-understand langauge, the options have reasonable names, they do what they suggest... it just works.
to the dustbin of history the better.
Q. Why does the 'sendmail book' have a bat on the cover?
A. The diet of the North American brown bat is principally composed of bugs. Sendmail is a software package principally composed of bugs.
or;
A. Bat guano is a source of ammonium nitrate, a principal ingredient of things that blow up in your face, like sendmail.
(And many others, courtesy of 'the unix haters handbook' (worth a read)).
Obviously, the people who designed the sendmail configuration file system can't have been smoking crack, it wasn't invented back then.
So what was it that they were on? LSD?
In the free world the media isn't government run; the government is media run.
I was in the middle of upgrading my corporate database server to Access 2000, but had to stop and type this post to wholeheartedly agree with you.
You'd be surprised.. OS 9 is a very secure OS.. there is no root shell to spawn after smashing the stack, for instance.
The perfect sig is a lot like silence, only louder
Somehow, I have the feeling that you have never been in charge of anything than your home network.
... then you'll find it hard to persuade anyone to bless an upgrade.
Sorry that's just my impression, but a matter of fact is that IT managers don't allow willy/nilly upgrades. In fact the chances are that in real life, you're managing something that was not designed by you. So you have to put up with whatever is there. And if it works... sort of
Same goes for coding; you take over project someone else has started and it might well be that you'll find yourself learning COBOL. You think that writing a CPU simulator in Java is stupid and inefficient; who cares we want it to run faster and you do whatever is needed to make that happen. That's life.
Ever seen an S390? Do you know how much IBM charges for fixing these? Do you have an idea how slow they are? But just taking the risk of upgrading to something new usually isn't worth it in real life.
Btw. he wasn't giving any advice on running a network, just a book review.
Disclaimer: My buddy works at bookpool (but their prices really are great!)
I've been using this book to migrate our existing sendmail gobbilygook mailsystem to a sane well documented postfix system and I've found the book to be a great help as I've had to do a one to one comparision between sendmail and postfix for configuration stuff.
Plus Dent's writing style is excellent and the book is well laid out.
Yes Francis, the world has gone crazy.
---[snip]---
Postfix, it just works!
---[snip]---
Anyway, who better to write a review of an introductory Postfix book than an admin just switching to Unix?
What I'm listening to now on Pandora...
Darwin doesn't use the FreeBSD kernel. It has its own (open source) kernel based on Mach, so it has nothing to contribute back to the FreeBSD kernel.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Performing post order tree traversal on this tree yeilds:
modthisup
For those of you too long out out CS class, just remember: left, right, root.
-- Fighting mediocrity one bad post at a time.
There are still quite a few Mac OS 9 servers - running Webstar or AppleShare IP, or maybe even Eudora Internet Mail Server.
It's actually not a bad platform at all and can be quite reliable.
Richard Blum wrote one - it's now quite outdated.
Ralf Hildebrandt & someone else (sorry, forgot who) are working on another very current Postfix book as well. Keep an eye on Amazon.com for it.
I've also read the O'Reilly Postfix book and found it to contain a lot of information. It's nice to have around.
I replaced sendmail wwith postfix on all my non-isiolated machines last year after the sendmail vulnerability-of-the-week treadmill got very old.
it was *really* simple to do.
postfix: the ultimate sendmail patch.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
This is pure conjecture on my part, but I suspect the syntax (and I use the word loosely) of the sendmail.cf file was evolved for ease of parsing via whatever code originally implemented sendmail. It's very nearly a binary format.
.cf files is when they're writing new recipies. The sendmail.m4 file is dead simple to work with.
I'm no sendmail appologizer, but the only time anyone should be messing with
As for me, I've been using qmail since '97 and I recommend it to anyone with the patience to change the way they think about MTA configuration. It's well worth the one week of agonizing confusion. You'll wonder why anyone would do it any other way.
I ran sendmail for nearly a decade at various jobs and on various systems. I switched to Postfix a few months ago after trying out SuSE 8.1 Linux (love it, btw) and I'm hooked! I now run Postfix as an Internet-to-interior "smtp firewall" between the Internet and my internal Lotus Domino servers, and the pcre body_checks filters that became available in the first couple days of the MyDoom virus storm proved to be invaluable in keeping about a thousand viruses per hour from being relayed thru my SuSE Linux/Postfix "smtp firewall" and hammering away at the Trend Scanmail antivirus on my Domino server.
Postfix seems ok, I'd recommend it for folks setting up straightforward machines who didn't know sendmail
But people whine that "sendmail is too complex" and at the same time they WANT complex things to happen.
I had a guy come up to me at an event and shout:
Guy: Sendmail is too hard.
ok
Guy: and is there any way to make it only send large (> 1MB) messages out after 7PM when my ISDN rates are lower?
sure. 5 lines in your m4 file.
Sendmail.cf is a binary. It is intended to be read and parsed quickly by a binary. Sendmail still runs on 4MB Sun 3 machines. You don't edit /bin/ls to effect a change there, you edit "ls.c". .mc file to effect a change in the .cf.
Similarly, you edit the
More, when sendmail changes major revisions (eg. you fianlly move from Sendmail 8.8 to 8.12), you regen your .cf and, barring some minor changes to remove defunct features or take advantage of new ones, you have a new working .cf file. You can't just move a 8.8 cf file to an 8.12 machine and expect it to work well and use new features.
Having worked on HUNDREDS or THOUSANDS of config files (one set went onto 10,000 machines at a site), there's NOTHING you can do in the .cf that can't be done in the .mc.
That said, the rule language is painfully ... complex? No, just the opposite. It's painfully simple. My experience with 6502 assm and a BASIC that had neither ELSE nor AND/OR options helped to make me really good at writing sendmail rules.
Dealing with booleans (just to ruleset^Wsubroutine saving buffer, put time in buffer.
Is message less than 1MB? then return
is time after 1900 hrs? Yes? return dsmtp.
Is time < 700 hrs? Yes? return dsmtp.
Otherwise just return.
In calling routine, look for return value and if it's dsmtp, put the saved buffer to the dsmtp mailer. Otherwise continue with the saved buffer.
Hard? No, not really.
Painful? You betcha. I'd love to have variables and ANDs and ELSEs. I've taken to putting complex logic in a perl milter at the RCPT TO phase and calling it a day.
sub choosemailer {
if ((($time > 1900) || ($time < 700)) && $size > 1MB) THEN $mailer=dsmtp
}
But the rulesets are just read by a parser. It's not rocket science (just computer science).
It would be nice to have (perl) regex's and such built in.
And that's where Postfix starts to have an advantage. I can live without UUCP for that. I'd just hope that new sendmail versions might rethink the whole language for processing mail. It's good to have competition. (qmail2 also looks promising to raise the envelope).
But lets just recall that's its not about Sendmail vs postfix vs exim vs qmail.
It's any of these VS Exchange/Notes/Gropewise. And we're losing.
So the point was that you are the admin for a corporate network that ran on MacOS 9, and now runs on MacOS X.
And therefore, since the administration is so easy, you have plenty of time to read and review books.
See? He made a funny.
(Mind you, this is funny because it's true. If you'd said the same thing except about moving your servers from Windows NT 4 to Windows 2003 Advanced Server, he could have said the same thing, and it would've been funny because it was so outrageously false.)
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
While a lot of the comments here (at least those +3 and above) mention Postfix's ease of management vs. that of Sendmail, one point that hasn't received a lot of attention is how the two compare in terms of efficiency. My experience with Sendmail in a high-load environment tells me it's a monolithic, bloated, resource pig. But that was when I was still somewhat new to the admin game, so I'm sure with some expertise it can be tuned.
Postfix, on the other hand, 'out of the box' was wonderful, (not to mention easy to use) and when I learned to tune things like filesystem parameters, optimal disk subsystem layout, and such it only got better. Our Postfix installation where I work continues to amaze me with how much mail it processes each day, with little or no maintenance, even under heavy load (1M+ incoming messages/day between 5 dual-CPU, 2-disk SCSI PIII-class machines). My gut feeling is that with some beefier boxes, and a pile of disks I could get that down to 2 machines handling the same amount of traffic.
Another plus for Postfix is its flexibility, and, if you need to get so deep, its hackability. The code is extremely clean, modular, and easy to work with.
Mac OS X users could alternatively safe the money and read a description of how to enable postfix on OS X for free in ten minutes. In Panther, it's just one or two lines in configuration files, essentially. If you want SASL authentication and other things, the nicely-designed GUI of Postfix Enabler is probably worth a few bucks!
I've long wished that Wietse Venema would turn his attention next to a replacement for BIND. Can you imagine it? I get wistful thinking about it.
In this day and age of DNS and MTAs synergizing to combat spam, it kind of makes some sense, doesn't it?
I use tinydns myself but the DJB way has also irked me. Which is why I turned to postfix after evaluating qmail long ago. sendmail's security problems and horrid config made it out of the question.
Kinda like BIND. Though the config isn't as bad as sendmail.cf (and tinydns's data file is about as bad), I'd like to see what Wietse would come up with...
-h3