Slashdot Mirror
Postfix 2.1 Released
MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."
I upgraded first thing this morning when I saw the listing on freshmeat. So far its a drop in replacement.
Download
tar -zxvf
cd postfix-2.1.0
make
make upgrade
postfix stop
postfix start
No issues what so ever!
Even working correctly with TMDA whitelisting/blacklisting spam filter, which had been my one real concerns did anything happen that could screw up TMDA. NOPE! Runs fine.
Have to go ahead and look into setup and using some of the new features now I suppose.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
on sendmail, qmail, exim, and postfix. HERE
That was basically Linus's idea. Some people have copied it (Gnome and Gimp hackers spring to mind), but its by no means all pervasive.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Good thing there are no security fixes that egomaniac doesn't patch in qmail!
ok...
I know this sounds like a commercial, but it's hard not to sound that way when everything just kind've worked the first time. I now have authenticated, encrypted SMTP and POP and my users are, literally, thanking me. My experience has been that using Postfix was an easy way for me to look good.
Here's a Postfix SASL HOWTO which came in handy, but there are a lot of resources on the Web, especially at the Postfix site.
Chr0m0Dr0m!C
or you go to the actual link
http://www.postfix.org/docs.html
and it magically works.
'SBEMAIL!' is better than a goat!!
If you're using Postfix and have been waiting for any of these "new features", go ahead and try Exim.
Exim home page
About time. I've been doing this with Exim and Exiscan for almost 2 years now. It's nice to see other MTA's begin to incorporate this functionality. Now, if everyone upgrades and takes advantage of this wonderful feature, maybe the number of false NDR's I receive due to forged senders will start to go down...
Yeah, that's good. I always had trouble finding my way into the postfix documentation, now it's a lot clearer. I especially like the listing of all main.cf settings (now if there would be a manpage for master.cf too...) and the bottleneck analysis tool.
I do miss however the "big pictures" yellow + blue graphs that seduced me into trying out postfix long time ago. Now we're stuck with pityful text-only rendering
Still great, after all those years, postfix is my MTA of choice: ease of use, power and security.
Semantics is the gravity of abstraction
Personally, I still use Sendmail everywhere, but Postfix is designed to be a fast, secure, easy-to-configure MTA. It would be my migration path of choice if I were ever having problems in any of those three areas.
Dewey, what part of this looks like authorities should be involved?
http://www.exim.org/
Postfix has a sendmail-compatable setup where it creates a binary named "sendmail" that accepts common sendmail flags. In most setups, a switch-over is totally transparent.
The hardest part is deciding which of your Sendmail optimizations are still necessary on Postfix.
Sendmail is mostly around because of inertia. It can also do a few sick things (like bridging SNMP and non-SNMP mail systems) that are not necessary for most sane people.
--
In the source directory there's a text file named INSTALL that has detailed instructions for the three installation options, including "Replace sendmail altogether."
I won't quote them here in case some of the steps have changed, but it's a very nice step by step list of what to do, what to type, and when to type it.
Hi guys,
Postfix + TLS/SSL + SMTP-AUTH HOWTO
I wrote this howto a while back ago. It explains what is needed to be done in setting up a secure Postfix SMTP server with TLS/SSL and SMTP-AUTH. It isn't fully done (but the meat is there). I hope someone will find it useful.
Sunny Dubey
PS: no I have *not* submitted it to postfix.org, for it is not done, and its doesn't have all that I want in it. (Must add virus/spam scanning to it first)
I don't see any compelling reasons to migrate if everything is working fine in Qmail.
If you want a cookbook on how to set up Postfix and SpamAssassin and friends, there are several really good resources: Jeffrey Posluns, Jim Seymour, Meng Wong (old but still useful). Posluns' guide is probably where you should start first.
I'm proud of my Northern Tibetian Heritage
You can freely redistribute the source and binaries compiled from clean source. And you can distribute patches to it.
However, the point is, the qmail maintainer is the only person who can release new versions of qmail. And hence it's not free software.
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with, and you'll either have to follow along or go that way, and that the qmail maintainer will just stop releasing new versions. With free software, if enough people use it, they will simply make a fork...but they can't do that with qmail. Technically they could grab a random version and keep building patches off that, but that becomes unmaintainable real fast.
In other words, qmail is basically 'freeware', not 'free software', although it does come in source form, and you have been granted the ability to modify it and even share the modifications. But not the end result.
If corporations are people, aren't stockholders guilty of slavery?
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
The latest version of an application... how about including a link to the release notes / changelog. No point in upgrading if you don't know the changes - RELEASE_NOTES
And why the hell are you bouncing spam? Delete spam or reject spam, do not bounce spam.
It sounds like you don't know what you're doing, or have a really stupid setup.
And, BTW, if you're getting hammered because you're the backup MX, which spammers like to pound, it might make sense to set up a tertiary MX server that doesn't actually exist. Spammers will go after that, instead, and never hit you, as almost all spamming software is written by complete fucking morons. Whereas actual mail that failed to get your primary server will just your backup. (Or, failing to get your backup, they will then fail to get your tertiary and just queue the mail, and start back over when they retry.)
I, personally, set up a 'backup MX' record to point at one of my IPs that didn't actually run a mail server, and cut my daily spam attempts by 30%.
If corporations are people, aren't stockholders guilty of slavery?
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with
There is another theory which states that this has already happened.
and that the qmail maintainer will just stop releasing new versions
To quote the qmail web site: The latest published qmail package is qmail-1.03.tar.gz, which was released in June 1998. So again, this may have happened already.
and how did you manage the MTA change in all your apps or did you only have to do in GNU/Mailman?
On fedora: run 'system-switch-mail', pick postfix, hit okay, you're done.
how did you manage the MTA change in all your apps
/usr/sbin/sendmail: symbolic link to `/etc/alternatives/mta' /etc/alternatives/mta /etc/alternatives/mta: symbolic link to `/usr/sbin/sendmail.postfix'
Postfix presents itself as sendmail; it just drops in as a direct replacement. From my Mandrake box:
% file `which sendmail`
% file
I use both words, and I use them to mean different things. "Suffix" (in my idiolect) means "a bound morpheme attached to the end of a word"; "postfix" means "an unbound morpheme attached at the end of a word".
Interesting. After doing some more research, I think it's time for me to give the word "postfix" a bigger place in my heart.
Are you saying mathematicians really refer to the style of "2 3 +" as "suffix notation"?
No, I found this entry in the Oxford English Dictionary: "MATH. An inferior index written to the right of a symbol, a subscript".
Yes, I'd recommend that you look at both. Both are excellent, but in my experience some people who can't make sense of postfix configuration find Exim to be intuitive. And vice-versa. You won't know if you are a postfix or an exim person until you look at both.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Opportunity knocks. Karma hunts you down.
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
Or you can use Sendmail + Procmail for Maildir-style storage.
Actually sendmail has better SMTP performance for sending multiple copies to multiple rcpts at same destination, but it's true that there's no reason for using sendmail except perhaps for outgoing SMTP.
and you're there. On the other hand, you may have other reasons to change MTAs. I'm actually thinking of switching from qmail to courier since I already use courier for IMAP, so it just makes sense to use the courier MTA, too. Also, like you, I hate the oddball qmail license. I also hate the way qmail installs weird shit all over my system. Come to think of it, I don't even remember why I chose qmail other than the hate of sendmail.
Blah.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Postfix + Amavis is a wicked combo for content filtering. For virtual domain admin, check out Jamm. If you want great POP/IMAP mailbox support for your virtual domains, add Courier IMAP to your setup.
Some of the features you might like in Postfix over Qmail include SMTP AUTH, TLS/SSL support, nice content-filtering support, great spam blocking features (HELO checking, RHSbl support, DNSbl support, sender address checking, many others), and extensive database and LDAP support. The virtual domain support is full-featured, although very different to Qmail's in terms of implementation, and with something like Jamm your users can have full control of their domains and/or mailboxes via a web interface.
And yes, I know there are patches for Qmail to do most or all of the above. It's just easier to do with Postfix IMO.
Becuase so many other posts aren't stating this I'll try to explain some of the offerings:
Postfix is easy to configure. One of it's biggest advantages is that it uses many different type of maps for various purposes. Say I want to tell postfix what domains to relay mail for. I can have it lookup the domains in a traditional dbm/hash file or I can even specify an LDAP server to hit. In addition I can have it do the lookups in any order, dmn static entries first, then hit an old sendmail hash, then finally hit LDAP for my new point and click allocation system. This same mapping system is identical for almost all configuration parameters, aliases, virtual domains, virtual alias, maildir/mbox locations, valid recipients, valid senders, SMTP Auth users, etc., etc.
In addition I like postfix's rate control system. Postfix will notice when a foriegn mail system is under load (judged by its response times) and throttle back the rate and number of connections to it. This means that there is less of a chance that mail will be rejected with a temporary failure by the foreign server because it's too busy. It avoids the mail being moved from the active queue to the deferred queue imposing an hour or so delay until the next delivery attempt.
This also works for inbound mail. I can set rate limits so that if a foreign mail server tries to bomb me, postfix will notice this and throttle the connections. It does this by imposing mandatory delays in confirming the delivery to the foreign server. Again, the rates and thresholds are all configurable.
Postfix has some nice security features. For instance one feature is From: validation. All my users must log into postfix using SMTP Auth before sending mail. I have an LDAP map that specifies the allowable From: addresses the users are allowed to use. If the From: address doesn't match what's configured for the SMTP Auth user, the message is rejected. This keep users from spoofing other user's addresses in the From: header. In addition to validating the recipient domain, postfix can validate the recipient address before the message is accepted. Again, from any map type, including LDAP.
Postfix also has a sendmail compatibility layer. Meaning sendmail commands like 'sendmail' and 'mailq' typically work exactly like their sendmail counterparts.
As for performance and scalability, it's right up there with Qmail and sendmail. Performance on my particular servers will be less than on a plain Qmail or sendmail setup, but I also perform tons and tons more checks and validations on each message. Each message results in about 4 LDAP lookups and also gets piped through Amavis-new, Spamassassin, and ClamAV. The idea that postfix is for small to medium sized servers is a wash. It has a feature set that is above and beyond the rest and I'm quite impressed with it.
I used to be a die hard sendmail guy. But after going to postfix, I'll never go back.
My $.02 anyhow....
http://qmail.org/netqmail/
'nuff said. Trolls, heh, ya gotta love 'em.
-russ
Don't piss off The Angry Economist
It's kludgey, broken, and something I wish I'd thought of earlier.
Dewey, what part of this looks like authorities should be involved?
So much flamebait, so little time...
Why the hell are you sharing a mail queue? It's not like more than one server can send the message at a time, or receive it. And postfix supports NFS mailboxes just fine.
One server, one message? We're talking hundreds of thousands of messages per day spread out over dozens of individual mail systems. There are no local mailboxes -- this is strictly a relaying system.
I, personally, set up a 'backup MX' record to point at one of my IPs that didn't actually run a mail server, and cut my daily spam attempts by 30%.
And you probably dropped the reachability of legitimate mail too. I'm sure that works well in your little playground, but this is a real environment and we have SLA's to honor.
Tired of FB/Google censorship? Visit UNCENSORED!
Here.
The HOWTO is based on Gentoo, but the configuration principles can obviously be used on any machine.
-----
How can you have any pudding if you don't eat your meat?
He's not only building relay servers that transfer mail between themselves, which there is absolutely no reason to do, (They should accept mail from X and forward to Y, not play hot potato with it. Having more than one server is fine, but they don't have anything to say to each other.) he's making them transfer mail between themselves using the mail queue instead of SMTP.
Which is rather akin to setting up a shuttle bus system between the airport and a hotel, realizing you need more than one bus to handle the load, and coming up with the 'solution' of running each bus halfway and transferring all the passengers at the midway point. Each bus driver only needs to be able to handle half the route, think of all the time and training he'll save!
With postfix, of course, he'd have to build a delivery station to offload the passengers to, but with sendmail, he apparently can transfer passengers directly from bus to bus! (Which, despite sendmail's shortcomings, I doubt was intentional.)
If corporations are people, aren't stockholders guilty of slavery?
Are you saying mathematicians really refer to the style of "2 3 +" as "suffix notation"?
No, they refer to it as Reverse Polish Notation.
To add to this, Postix is not just for small to medium sized servers. It actually scales extremely well because of it's design philosophy (bunch of small programs that each do one thing and do it well communicating w/each other).
I would actually argue the opposite of parent - use Sendmail if it came preconfigured on your box, but otherwise if you're running a large server or hub, migrate over to Postfix if you want to wring every ounce possible outta your mailserver.
He meant for clients, not server config. The typical:
system("/usr/bin/sendmail -m user@host.tld");
Is unchanged when migrating to postfix. The backend, however, has some extremely significant differences.
You weren't trolled, you just didn't understand his argument correctly.
As for talking about deleting things out of the queue, that's just crazy. There are commands to do that, and they run just fine remotely. (Not that running around deleting mail from a delivery queue is a normal action in the first place, and I suspect you came up with that because you know what you're talking about is silly.)
If corporations are people, aren't stockholders guilty of slavery?