Slashdot Mirror
Postfix 2.1 Released
MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."
It would be nice if, during product announcements, if the submitter actually included a sentence SAYING WHAT THE SOFTWARE DOES.
Yes, I know its an SMTP server, but sheesh, is it so hard to start it "After an extended period of polishing and testing, Postfix, the popular open source mail transfer agent, has reached version 2.1
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I've been running sendmail 4ever - sure it's complicated as hell - and a bit of a resource hog at times..but it freaking works and is rock solid over more years of production use than any other MTA ever will be in our lifetimes.
Wait, wouldn't post fix Postfix 2.1 actually be fix 2.2?
-m
#
# Modus Ponens
#
I upgraded first thing this morning when I saw the listing on freshmeat. So far its a drop in replacement.
Download
tar -zxvf
cd postfix-2.1.0
make
make upgrade
postfix stop
postfix start
No issues what so ever!
Even working correctly with TMDA whitelisting/blacklisting spam filter, which had been my one real concerns did anything happen that could screw up TMDA. NOPE! Runs fine.
Have to go ahead and look into setup and using some of the new features now I suppose.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Many of us are happy with Sendmail
.. as are the kiddies that've r00ted your mail server.
on sendmail, qmail, exim, and postfix. HERE
I recently configured a 200 MHz Pentium host (with slow IDE drives etc.) as an ISP's mail server. It handles over 10,000 emails daily and the load average hangs around at 0.10 -- it's using Postfix with the renattach attachment filter as a content filter (catches all those windows viruses). I was pretty impressed that Postfix performed so well on such an ancient machine :)
That was basically Linus's idea. Some people have copied it (Gnome and Gimp hackers spring to mind), but its by no means all pervasive.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I've been running sendmail 4ever - sure it's complicated as hell - and a bit of a resource hog at times..but it freaking works and is rock solid over more years of production use than any other MTA ever will be in our lifetimes.
On a Axil 320(110mhz, I think? I forget which sparc chip) running Solaris w/320MB of ram and one single SCSI drive, on a Mailman list with about 2,000 subscribers and 100 posts a day, we went from delivery times of an hour+(and load averages well over 4) to under 5 minutes(and load averages between .5 and 2).
Proponents of Sendmail will say "oh, it just needs to be tuned properly".
Nope, sorry. Proper software doesn't need tuning to do its job. Ever notice that the only proponents of the "it just needs someone who knows how to tune it" model are...well...the limited number of people who know how to tune it, and are fast finding themselves out of jobs?
Please help metamoderate.
that's the question.
I've been running Postfix for 8 months now, and I much, much prefer it to my life of running Sendmail for the previous 2 years. Anyway, I've been running Postfix, it has worked perfectly for me, and my 8 other mail users, and I have kept up to date on all/any security patches. Is there any compelling reason for me to upgrade? If the newer one is faster, more effiecent, that's great, but for a small server like mine I'm not sure if I'm even going to notice.
Anyone with helpful advice is appreciated. TIA.
VSCB
free ipod and free gmail!
> There's never been a better time to migrate ;).
> from Sendmail (just _had_ to get that in
> there
So is there any documentation describing a good way to convert from sendmail? Like, how the directives in sendmail map to directives in postfix?
mr
You're forgetting the parent post authors theory on the world, Linux is the same thing as Unix, and Linux is the world, with out it, the earth would stop spinning and we'd all be thrown off into space.
Nowhere did I see:
"-read the changelog notes to see if any of the numerous changes classified as "incompatible" affected me or my users".
Please help metamoderate.
I know this sounds like a commercial, but it's hard not to sound that way when everything just kind've worked the first time. I now have authenticated, encrypted SMTP and POP and my users are, literally, thanking me. My experience has been that using Postfix was an easy way for me to look good.
Here's a Postfix SASL HOWTO which came in handy, but there are a lot of resources on the Web, especially at the Postfix site.
Chr0m0Dr0m!C
I use QMail and Sendmail on several hosting servers. Which advantages will my customers get with Postfix ?
Visit Tutorials & guides collection
Is it worthwhile to migrate to postfix from qmail? Qmail has a weird license scheme preventing binary distribution that sort of urked me, not to mention hit-or-miss setup documentation, but it's been running great for years now. I've wanted to add some virtual domains and spam filtering and it might just be easier to swap the whole MTA.
//Blessed are they that run around in circles, for they shall be known as wheels.
And it looks like content filtering (spam & virus filters) has been improved with version 2.1
Why is this in the developers section? Wouldn't it be more appropriately placed in a topic for system administrators?
'SBEMAIL!' is better than a goat!!
If you're using Postfix and have been waiting for any of these "new features", go ahead and try Exim.
Exim home page
About time. I've been doing this with Exim and Exiscan for almost 2 years now. It's nice to see other MTA's begin to incorporate this functionality. Now, if everyone upgrades and takes advantage of this wonderful feature, maybe the number of false NDR's I receive due to forged senders will start to go down...
Gimp hackers...
Don't pick on them just because of the version numbers they coose, you insensitive clod...
Yeah, that's good. I always had trouble finding my way into the postfix documentation, now it's a lot clearer. I especially like the listing of all main.cf settings (now if there would be a manpage for master.cf too...) and the bottleneck analysis tool.
I do miss however the "big pictures" yellow + blue graphs that seduced me into trying out postfix long time ago. Now we're stuck with pityful text-only rendering
Still great, after all those years, postfix is my MTA of choice: ease of use, power and security.
Semantics is the gravity of abstraction
Personally, I still use Sendmail everywhere, but Postfix is designed to be a fast, secure, easy-to-configure MTA. It would be my migration path of choice if I were ever having problems in any of those three areas.
Dewey, what part of this looks like authorities should be involved?
Its the other way round with /. UIDs. Odd numbers are gurus and geniuses, even numbers are dweebs and wannabes. Its a pretty clever algorithm that gives them out.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Hi guys,
Postfix + TLS/SSL + SMTP-AUTH HOWTO
I wrote this howto a while back ago. It explains what is needed to be done in setting up a secure Postfix SMTP server with TLS/SSL and SMTP-AUTH. It isn't fully done (but the meat is there). I hope someone will find it useful.
Sunny Dubey
PS: no I have *not* submitted it to postfix.org, for it is not done, and its doesn't have all that I want in it. (Must add virus/spam scanning to it first)
One of my servers is a big Sparc box (running Linux, not Solaris) that performs backup MX and other relay services for about a hundred domains at a hosting center. It gets constantly pounded on all day long. Originally it ran Sendmail, and it was badly loaded down. Installing Postfix cleared up all the problems. It's just that much better.
:(
Unfortunately, with all the extra mail traffic now due to MORE spam, MORE viruses, and all the bounces generated by the above, we have to expand again. And we have to go back to Sendmail because of one particular feature: you can have multiple Sendmail instances sharing an NFS-mounted queue. Since the new system is multiple Sparc boxes in a load-balanced cluster, we have to go back to Sendmail because Postfix doesn't support this.
Tired of FB/Google censorship? Visit UNCENSORED!
You can freely redistribute the source and binaries compiled from clean source. And you can distribute patches to it.
However, the point is, the qmail maintainer is the only person who can release new versions of qmail. And hence it's not free software.
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with, and you'll either have to follow along or go that way, and that the qmail maintainer will just stop releasing new versions. With free software, if enough people use it, they will simply make a fork...but they can't do that with qmail. Technically they could grab a random version and keep building patches off that, but that becomes unmaintainable real fast.
In other words, qmail is basically 'freeware', not 'free software', although it does come in source form, and you have been granted the ability to modify it and even share the modifications. But not the end result.
If corporations are people, aren't stockholders guilty of slavery?
I'm sure someone can come up with a joke about beowulf clusters....
Shift some services to it, network monitoring, security scans. Stuff you can easily run somewhere else if it dies but it's handy not to. Or donate it to a charity that wants it. MP3 server, CD jukebox server. Write something spiffy to act as a voicemail system...
I wonder when people will stop repeating this rubbish. Qt has been GPL'd for years. It is also available under a commercial licence, but that has nothing to do with KDE, it's in case you want to develop a closed-source application with Qt. (And it seems to be an excellent business model.)
As for qmail, you're not allowed to distribute modified versions, and the rules on distributing binaries are rather stringent and almost impossible for distributors to follow. That makes it not quite "free software" (by FSF's definition) or "open source". (However, you're allowed to distribute patches, and even bundle patches with unmodified source in a tarball; you can download one such tarball, called netqmail, from http://www.qmail.org).
The new policy server interface is a simple sockets-based API for getting a chance to participate in the SMTP conversation as it is happening. The basic idea is:
- tell your Postfix config file (main.cf) that you've written a "policy server" that listens on a particular Unix socket or TCP address/port.
You can have the policy server get "called" at any of the points in the SMTP conversation where Postfix may make a decision about how to dispose of the message (HELO, RCPT, etc.).
- write your policy server. It listens for connections, and each connection sends you one or more requests. Each request contains a small set of information about the mail message being transmitted (client name/address, HELO text, etc.) Your server responds with one of a broad set of actions that Postfix supports (reject, accept, defer, perform other custom checks, etc.).
- The protocol for talking to your server is a simple text-based protocol with newlines, much like the form of HTTP. I coded an initial policy server in good ol' C in about an hour.
In particular, this new API is a great place to implement greylisting. Your server can maintain its database of whitelisted and greylisted from/to/IP triplets all on its own and just respond to Postfix requests. And, once you've coded up your policy server, you don't have to revise it with every Postfix patch that comes down the pike. As long as the API remains backwardly compatible, your policy server code should survive any Postfix upgrades.Kudos to the new policy server API!
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
The latest version of an application... how about including a link to the release notes / changelog. No point in upgrading if you don't know the changes - RELEASE_NOTES
Did 200MHz Pentiums have CPU fans, or just heatsinks?
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with
There is another theory which states that this has already happened.
and that the qmail maintainer will just stop releasing new versions
To quote the qmail web site: The latest published qmail package is qmail-1.03.tar.gz, which was released in June 1998. So again, this may have happened already.
It's great to see this feature added! I've been using sendmail's milter feature (a very similar sockets-based "policy" API) for many years. And I can't live without it now, and there was no way I would even consider looking at any other MTA that didn't have a similar feature. I program my milter's in Python, a bit easier than C. But you should have your choice.
Of course I'm one of those very happy sendmail administrators (we do exist), and I have a relatively complex setup handling hundreds of thousands of messages per day, with very complex routing, etc. But perhaps Postfix is finally serious about providing an alternative (of course I also need TLS and IPv6 built-in like sendmail's had forever).
What's happened to ZMailer? This thread has lots of mentions of postfix, exim, sendmail, and qmail, but I thought zmailer was supposed to be a big deal in mail server land... Has it been surpassed and forgotten now?
A pleasant surprise in the 10.3 was the adoption of Postfix. It's good to see that they apparently made a good choice and good things are happening on the Postfix front.
(I had been rooting for exim, which is also a great package, but Postfix seems to be a good alternative. Maybe they should also include exim on XServe's?)
I've been using sendmail for nearly 15 years in some pretty complex environments, and am pretty happy with it. But I have nothing against Postfix either (except it has been lacking features, for me, and sendmail works just grand).
/. readers never use an MTA in anything but the simplest of configurations. Most likely a home computer or a small LAN. Those who have to manage email for large corporations in very complex networks, etc., can appreciate all that raw power and flexibility of sendmail much more. But to most, it seems like an overly complex mess.
I can't quite understand the religous flame wars over MTA choice either. I mean, I can kind of understand the whole emacs vs. vi or gnome vs. KDE. But why fight over MTA's? It seems there is an awful lot of hatred for sendmail, and for no good reason whatsoever. It's just stupid.
I think a lot of it has to do with sendmail having such a long and rich history; anything which has existed for over a decade tends to get a lot of newbie disapproval. Also the configuration can be rather complex, and I think most people who flame about sendmail just don't want to 'fess up to being too dumb to understand it (with my asbestos suit on), and so resort to juvinile name calling.
Also you have to remember that probably 95% or more of the
And about the security-flaw reasoning. That's just an easy way for flammers to badmouth sendmail without really giving true reasons. Any software which has had such a long history and unbiquitous use as sendmail has a history of security flaws. For that matter Unix itself has had an absolutely abismal security record. And yes, someday Postfix will have it's own history to brag about too. But in all cases the flaws were quickly fixed, and the vast majority of flaws required a very specific configuration to even be a problem. Also many security problems result from improper installation; you can run sendmail in a very security setup if you want (just avoid all the FUD about sendmail). You can't compare Postfix and sendmail based solely upon their history of security, because sendmail's history is decades longer than Postfix's. And sendmail has processed perhaps a million trillion times as many email messages as has Postfix over it's lifetime.
Opportunity knocks. Karma hunts you down.
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
Or you can use Sendmail + Procmail for Maildir-style storage.
and you're there. On the other hand, you may have other reasons to change MTAs. I'm actually thinking of switching from qmail to courier since I already use courier for IMAP, so it just makes sense to use the courier MTA, too. Also, like you, I hate the oddball qmail license. I also hate the way qmail installs weird shit all over my system. Come to think of it, I don't even remember why I chose qmail other than the hate of sendmail.
Blah.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Well, having a stable target for patches and extensions can be a nice thing, too.
And if you're dealing with mailing lists (from the admin side) you definately wanna take a look at ezmlm.
I haven't tried postfix in a while but I guess the old rule of thumb (for small sites use whatever, if you need it big stick with qmail) still applies?
Postfix is -not- written in perl. Postfix is written in C. Please, in the future, at least -know- what you are talking about before posting.
Carl P. Corliss
Becuase so many other posts aren't stating this I'll try to explain some of the offerings:
Postfix is easy to configure. One of it's biggest advantages is that it uses many different type of maps for various purposes. Say I want to tell postfix what domains to relay mail for. I can have it lookup the domains in a traditional dbm/hash file or I can even specify an LDAP server to hit. In addition I can have it do the lookups in any order, dmn static entries first, then hit an old sendmail hash, then finally hit LDAP for my new point and click allocation system. This same mapping system is identical for almost all configuration parameters, aliases, virtual domains, virtual alias, maildir/mbox locations, valid recipients, valid senders, SMTP Auth users, etc., etc.
In addition I like postfix's rate control system. Postfix will notice when a foriegn mail system is under load (judged by its response times) and throttle back the rate and number of connections to it. This means that there is less of a chance that mail will be rejected with a temporary failure by the foreign server because it's too busy. It avoids the mail being moved from the active queue to the deferred queue imposing an hour or so delay until the next delivery attempt.
This also works for inbound mail. I can set rate limits so that if a foreign mail server tries to bomb me, postfix will notice this and throttle the connections. It does this by imposing mandatory delays in confirming the delivery to the foreign server. Again, the rates and thresholds are all configurable.
Postfix has some nice security features. For instance one feature is From: validation. All my users must log into postfix using SMTP Auth before sending mail. I have an LDAP map that specifies the allowable From: addresses the users are allowed to use. If the From: address doesn't match what's configured for the SMTP Auth user, the message is rejected. This keep users from spoofing other user's addresses in the From: header. In addition to validating the recipient domain, postfix can validate the recipient address before the message is accepted. Again, from any map type, including LDAP.
Postfix also has a sendmail compatibility layer. Meaning sendmail commands like 'sendmail' and 'mailq' typically work exactly like their sendmail counterparts.
As for performance and scalability, it's right up there with Qmail and sendmail. Performance on my particular servers will be less than on a plain Qmail or sendmail setup, but I also perform tons and tons more checks and validations on each message. Each message results in about 4 LDAP lookups and also gets piped through Amavis-new, Spamassassin, and ClamAV. The idea that postfix is for small to medium sized servers is a wash. It has a feature set that is above and beyond the rest and I'm quite impressed with it.
I used to be a die hard sendmail guy. But after going to postfix, I'll never go back.
My $.02 anyhow....
http://qmail.org/netqmail/
'nuff said. Trolls, heh, ya gotta love 'em.
-russ
Don't piss off The Angry Economist
My 486 had a CPU fan. Then again, it didn't really need it since it ran for about 3 years after the fan died on it. On the other hand, the power supply only ran without a fan for about 6 months before it died. Ah, the glory days of computing.
www.timcoleman.com is a total waste of your time. Never go there.
To be fair..
Qmail is *very* well deigned and programmed. There's hasen't been a real need to issue a new package for a long time.
I still don't like the license - but it is damn fine software.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
It is not the MTA's (Mail Transfer Agent) job to put the mail on the filesystem, that's the MDA's (Mail Delivery Agent) job. Sendmail is a Mail Transfer Agent. Sendmail, for as long as I've known, as a pluggable MDA format, where you can put in any MDA you choose. You can easily build your own MDA for Sendmail. Not to mention if you use Milter.
This is rudimentary internet mail handling.
For example, I use Cyrus IMAP's MDA with sendmail; and thus sendmail simply hands the Cyrus MDA my mail once sendmail has figured the mail belongs on this server.
Thus in a way, Sendmail, Postix, and all other MTA are essentially routers.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
Here.
The HOWTO is based on Gentoo, but the configuration principles can obviously be used on any machine.
-----
How can you have any pudding if you don't eat your meat?
It may be damn fine software, but its creator has decided that he doesn't like the existing init systems on linux/BSD and so has written his own. That right there took qmail out of consideration. I don't care if he is right or wrong, I have no intention of installing a second init system just so I can run his software. The creators of Postfix integrate beautifully with linux standards, Redhat even provides a well integrated postfix package (install the rpm's then run 'redhat-switch-mail'). Not to mention the awesome 'mailgraph' utility - http://people.ee.ethz.ch/~dws/software/mailgraph/ for charting stats!
And best of all, its wicked fast. I can handle 100's of msg per minute on a 500Mhz box, which I learned the hard way that sendmail can't.
You are in a maze of twisted little posts, all alike.
Having worked at a hosting company for years, we actually migrated to Postfix (from Sendmail) way back in the day, when Postfix was still called VMailer (actually joined the beta before it even had a name).
Simply put, Postfix is designed from the ground up with security in mind as well as the KISS philosophy of software design. Postfix has a bunch of little programs that all do one thing and do it very well, is realitively easy to chroot and even if you opt to not do that is still much more secure than Sendmail (esp its out of the box config). It's author Wietse Venema (sp?) was the same guy that wrote TCP Wrappers which is a stock part of almost every BSD/Linux distro today.
Postfix was engineered from the groupd up to be a Secure MTA and was able to take immediate advantage of all the lessons that had been learned by Sendmail w/o having to hang on to a legacy codebase.
Postfix is also extremely easy to configure, using straight non-cryptic ini style conf files and doesn't require a 1300 page manual to get the best out of it. Couple this with the fact that connecting it to a MySQL/Postgres/Oracle database for map lookups (forwarding, alias, transport, etc) and you've got this beast that scales very well for hosting environments (you can also used virtual passwd databases enabling you to create mailbox accounts that do not actually exist in the systems passwd db). When we deployed it at said hosting company, we were delivering close to a million messages a day and saw lookup times, delivery times, queue times, pretty much everything drop to about 1/4 of their levels w/Sendmail. Postfix is blazingly fast.
Postfix isn't for everyone tho. If you're only running a few domains and/or Sendmail came preconfigured on the box you're running it on then you're probably fine sticking w/Sendmail. We actually only used Postfix as a hub and used Sendmail on all our severs in a relay only mode. If you know Sendmail back and forth and can make it jump through flaming hoops I wouldn't necessarily advise switching to Postfix unless you're looking to wring more out of your MTA and want to do it relatively easily and securely.
Someone correct me if I'm wrong, but I don't think Postfix has even had any remote exploits (it doesn't run as root out of the box)?
To add to this, Postix is not just for small to medium sized servers. It actually scales extremely well because of it's design philosophy (bunch of small programs that each do one thing and do it well communicating w/each other).
I would actually argue the opposite of parent - use Sendmail if it came preconfigured on your box, but otherwise if you're running a large server or hub, migrate over to Postfix if you want to wring every ounce possible outta your mailserver.
Actually, using an unreachable backup MX is an excellent idea and shouldn't affect legitimate email at all. Real mail servers (i.e., servers running software like sendmail, postfix, exim, etc.) will try to deliver a message to each MX server, from high priority to low priority, until they find one that is accessible. So if he sets up a bogus MX server at the lowest priority, all of his other MX servers will still be attempted (and if they're all down for some reason, he's screwed anyway). However, spammers often use custom mass-mailing software that isn't smart enough to try all MX servers. In fact, their software seems to specifically target the lowest priority MX servers, probably because they think these servers will be less likely to inspect and reject the message at SMTP time. So if your lowest priority MX server is bogus and doesn't really exist, spammer software might not be smart enough to actually try the other MX servers; it will give up and move on to the next victim.
So using this technique shouldn't affect legitimate email, but it stands a good chance of cutting down on some spam. I'm glad he posted it.
First, a morpheme attached to the end of a word isn't unbound, it is bound. Second, what you seem to mean by postfix is usually called a postposition (contra preposition), as in ... drum roll ... Beowulf:
Scedelandum in , in scandinavia.
I agree myself too. I *like* Qmail better than Postfix... but I realise that Postfix has a gurenteed future so that's what I run.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.