Postfix 2.1 Released
MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."
It would be nice if, during product announcements, if the submitter actually included a sentence SAYING WHAT THE SOFTWARE DOES.
Yes, I know its an SMTP server, but sheesh, is it so hard to start it "After an extended period of polishing and testing, Postfix, the popular open source mail transfer agent, has reached version 2.1
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I've been running sendmail 4ever - sure it's complicated as hell - and a bit of a resource hog at times..but it freaking works and is rock solid over more years of production use than any other MTA ever will be in our lifetimes.
Wait, wouldn't post fix Postfix 2.1 actually be fix 2.2?
-m
#
# Modus Ponens
#
I upgraded first thing this morning when I saw the listing on freshmeat. So far its a drop in replacement.
Download
tar -zxvf
cd postfix-2.1.0
make
make upgrade
postfix stop
postfix start
No issues what so ever!
Even working correctly with TMDA whitelisting/blacklisting spam filter, which had been my one real concerns did anything happen that could screw up TMDA. NOPE! Runs fine.
Have to go ahead and look into setup and using some of the new features now I suppose.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Many of us are happy with Sendmail
.. as are the kiddies that've r00ted your mail server.
I recently configured a 200 MHz Pentium host (with slow IDE drives etc.) as an ISP's mail server. It handles over 10,000 emails daily and the load average hangs around at 0.10 -- it's using Postfix with the renattach attachment filter as a content filter (catches all those windows viruses). I was pretty impressed that Postfix performed so well on such an ancient machine :)
That was basically Linus's idea. Some people have copied it (Gnome and Gimp hackers spring to mind), but its by no means all pervasive.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I've been running sendmail 4ever - sure it's complicated as hell - and a bit of a resource hog at times..but it freaking works and is rock solid over more years of production use than any other MTA ever will be in our lifetimes.
On a Axil 320(110mhz, I think? I forget which sparc chip) running Solaris w/320MB of ram and one single SCSI drive, on a Mailman list with about 2,000 subscribers and 100 posts a day, we went from delivery times of an hour+(and load averages well over 4) to under 5 minutes(and load averages between .5 and 2).
Proponents of Sendmail will say "oh, it just needs to be tuned properly".
Nope, sorry. Proper software doesn't need tuning to do its job. Ever notice that the only proponents of the "it just needs someone who knows how to tune it" model are...well...the limited number of people who know how to tune it, and are fast finding themselves out of jobs?
Please help metamoderate.
> There's never been a better time to migrate ;).
> from Sendmail (just _had_ to get that in
> there
So is there any documentation describing a good way to convert from sendmail? Like, how the directives in sendmail map to directives in postfix?
mr
You're forgetting the parent post authors theory on the world, Linux is the same thing as Unix, and Linux is the world, with out it, the earth would stop spinning and we'd all be thrown off into space.
Nowhere did I see:
"-read the changelog notes to see if any of the numerous changes classified as "incompatible" affected me or my users".
Please help metamoderate.
I know this sounds like a commercial, but it's hard not to sound that way when everything just kind've worked the first time. I now have authenticated, encrypted SMTP and POP and my users are, literally, thanking me. My experience has been that using Postfix was an easy way for me to look good.
Here's a Postfix SASL HOWTO which came in handy, but there are a lot of resources on the Web, especially at the Postfix site.
Chr0m0Dr0m!C
I use QMail and Sendmail on several hosting servers. Which advantages will my customers get with Postfix ?
Visit Tutorials & guides collection
Why is this in the developers section? Wouldn't it be more appropriately placed in a topic for system administrators?
'SBEMAIL!' is better than a goat!!
If you're using Postfix and have been waiting for any of these "new features", go ahead and try Exim.
Exim home page
About time. I've been doing this with Exim and Exiscan for almost 2 years now. It's nice to see other MTA's begin to incorporate this functionality. Now, if everyone upgrades and takes advantage of this wonderful feature, maybe the number of false NDR's I receive due to forged senders will start to go down...
Yeah, that's good. I always had trouble finding my way into the postfix documentation, now it's a lot clearer. I especially like the listing of all main.cf settings (now if there would be a manpage for master.cf too...) and the bottleneck analysis tool.
I do miss however the "big pictures" yellow + blue graphs that seduced me into trying out postfix long time ago. Now we're stuck with pityful text-only rendering
Still great, after all those years, postfix is my MTA of choice: ease of use, power and security.
Semantics is the gravity of abstraction
Personally, I still use Sendmail everywhere, but Postfix is designed to be a fast, secure, easy-to-configure MTA. It would be my migration path of choice if I were ever having problems in any of those three areas.
Dewey, what part of this looks like authorities should be involved?
Slashdot Sig. version 0.1alpha. Use at your own risk.
Yeah your comparisons link is seriously outdated (cicra 2001) and only compares mta descriptions. It is neither indepth nor does it touch on the features that existed at the time. With statements like "Add to this sendmail's renowned inefficiency" or "Postfix is quite flexible in its configuration file, but not to the extent of Exim" this document can't be anything more then a abstract draft written up for basic filler in attempt to sell a book idea to publishers.
This wouldn't have been a good comparison at the time it was written let alone now. Next time try googling a little harder perhaps you would have found this link: http://www.geocities.com/mailsoftware42/ or heck google it for yourself here http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF -8&q=MTA+comparison&btnG=Google+Search
Hi guys,
Postfix + TLS/SSL + SMTP-AUTH HOWTO
I wrote this howto a while back ago. It explains what is needed to be done in setting up a secure Postfix SMTP server with TLS/SSL and SMTP-AUTH. It isn't fully done (but the meat is there). I hope someone will find it useful.
Sunny Dubey
PS: no I have *not* submitted it to postfix.org, for it is not done, and its doesn't have all that I want in it. (Must add virus/spam scanning to it first)
I don't see any compelling reasons to migrate if everything is working fine in Qmail.
If you want a cookbook on how to set up Postfix and SpamAssassin and friends, there are several really good resources: Jeffrey Posluns, Jim Seymour, Meng Wong (old but still useful). Posluns' guide is probably where you should start first.
I'm proud of my Northern Tibetian Heritage
One of my servers is a big Sparc box (running Linux, not Solaris) that performs backup MX and other relay services for about a hundred domains at a hosting center. It gets constantly pounded on all day long. Originally it ran Sendmail, and it was badly loaded down. Installing Postfix cleared up all the problems. It's just that much better.
:(
Unfortunately, with all the extra mail traffic now due to MORE spam, MORE viruses, and all the bounces generated by the above, we have to expand again. And we have to go back to Sendmail because of one particular feature: you can have multiple Sendmail instances sharing an NFS-mounted queue. Since the new system is multiple Sparc boxes in a load-balanced cluster, we have to go back to Sendmail because Postfix doesn't support this.
Tired of FB/Google censorship? Visit UNCENSORED!
You can freely redistribute the source and binaries compiled from clean source. And you can distribute patches to it.
However, the point is, the qmail maintainer is the only person who can release new versions of qmail. And hence it's not free software.
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with, and you'll either have to follow along or go that way, and that the qmail maintainer will just stop releasing new versions. With free software, if enough people use it, they will simply make a fork...but they can't do that with qmail. Technically they could grab a random version and keep building patches off that, but that becomes unmaintainable real fast.
In other words, qmail is basically 'freeware', not 'free software', although it does come in source form, and you have been granted the ability to modify it and even share the modifications. But not the end result.
If corporations are people, aren't stockholders guilty of slavery?
I wonder when people will stop repeating this rubbish. Qt has been GPL'd for years. It is also available under a commercial licence, but that has nothing to do with KDE, it's in case you want to develop a closed-source application with Qt. (And it seems to be an excellent business model.)
As for qmail, you're not allowed to distribute modified versions, and the rules on distributing binaries are rather stringent and almost impossible for distributors to follow. That makes it not quite "free software" (by FSF's definition) or "open source". (However, you're allowed to distribute patches, and even bundle patches with unmodified source in a tarball; you can download one such tarball, called netqmail, from http://www.qmail.org).
The new policy server interface is a simple sockets-based API for getting a chance to participate in the SMTP conversation as it is happening. The basic idea is:
- tell your Postfix config file (main.cf) that you've written a "policy server" that listens on a particular Unix socket or TCP address/port.
You can have the policy server get "called" at any of the points in the SMTP conversation where Postfix may make a decision about how to dispose of the message (HELO, RCPT, etc.).
- write your policy server. It listens for connections, and each connection sends you one or more requests. Each request contains a small set of information about the mail message being transmitted (client name/address, HELO text, etc.) Your server responds with one of a broad set of actions that Postfix supports (reject, accept, defer, perform other custom checks, etc.).
- The protocol for talking to your server is a simple text-based protocol with newlines, much like the form of HTTP. I coded an initial policy server in good ol' C in about an hour.
In particular, this new API is a great place to implement greylisting. Your server can maintain its database of whitelisted and greylisted from/to/IP triplets all on its own and just respond to Postfix requests. And, once you've coded up your policy server, you don't have to revise it with every Postfix patch that comes down the pike. As long as the API remains backwardly compatible, your policy server code should survive any Postfix upgrades.Kudos to the new policy server API!
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
The latest version of an application... how about including a link to the release notes / changelog. No point in upgrading if you don't know the changes - RELEASE_NOTES
There are two very large dangers with qmail...that it will go off in a random direction no one agrees with
There is another theory which states that this has already happened.
and that the qmail maintainer will just stop releasing new versions
To quote the qmail web site: The latest published qmail package is qmail-1.03.tar.gz, which was released in June 1998. So again, this may have happened already.
It's great to see this feature added! I've been using sendmail's milter feature (a very similar sockets-based "policy" API) for many years. And I can't live without it now, and there was no way I would even consider looking at any other MTA that didn't have a similar feature. I program my milter's in Python, a bit easier than C. But you should have your choice.
Of course I'm one of those very happy sendmail administrators (we do exist), and I have a relatively complex setup handling hundreds of thousands of messages per day, with very complex routing, etc. But perhaps Postfix is finally serious about providing an alternative (of course I also need TLS and IPv6 built-in like sendmail's had forever).
A pleasant surprise in the 10.3 was the adoption of Postfix. It's good to see that they apparently made a good choice and good things are happening on the Postfix front.
(I had been rooting for exim, which is also a great package, but Postfix seems to be a good alternative. Maybe they should also include exim on XServe's?)
I've been using sendmail for nearly 15 years in some pretty complex environments, and am pretty happy with it. But I have nothing against Postfix either (except it has been lacking features, for me, and sendmail works just grand).
/. readers never use an MTA in anything but the simplest of configurations. Most likely a home computer or a small LAN. Those who have to manage email for large corporations in very complex networks, etc., can appreciate all that raw power and flexibility of sendmail much more. But to most, it seems like an overly complex mess.
I can't quite understand the religous flame wars over MTA choice either. I mean, I can kind of understand the whole emacs vs. vi or gnome vs. KDE. But why fight over MTA's? It seems there is an awful lot of hatred for sendmail, and for no good reason whatsoever. It's just stupid.
I think a lot of it has to do with sendmail having such a long and rich history; anything which has existed for over a decade tends to get a lot of newbie disapproval. Also the configuration can be rather complex, and I think most people who flame about sendmail just don't want to 'fess up to being too dumb to understand it (with my asbestos suit on), and so resort to juvinile name calling.
Also you have to remember that probably 95% or more of the
And about the security-flaw reasoning. That's just an easy way for flammers to badmouth sendmail without really giving true reasons. Any software which has had such a long history and unbiquitous use as sendmail has a history of security flaws. For that matter Unix itself has had an absolutely abismal security record. And yes, someday Postfix will have it's own history to brag about too. But in all cases the flaws were quickly fixed, and the vast majority of flaws required a very specific configuration to even be a problem. Also many security problems result from improper installation; you can run sendmail in a very security setup if you want (just avoid all the FUD about sendmail). You can't compare Postfix and sendmail based solely upon their history of security, because sendmail's history is decades longer than Postfix's. And sendmail has processed perhaps a million trillion times as many email messages as has Postfix over it's lifetime.
It is also important to note that Postfix provides Maildir support for local delivery. This means you can have nested folders (containing both messages and more folders) on your IMAP server, where as with Sendmail's mbox format you can only have folders containing messages, and those folders are actually just long text files. Qmail provides the maildir format natively, but Postfix makes it free.
Or you can use Sendmail + Procmail for Maildir-style storage.
Unfortunately, it has also meant no new functionality for >= 5 years, unless you want to maintain your own source tree with dozens of patches.
I loved qmail, but all my systems run Postfix nowadays. SSL, SMTP AUTH, content filtering, too many features I needed and qmail doesn't have.
I just hope djbdns doesn't go the same way, cause I REALLY hate BIND.
Postfix is -not- written in perl. Postfix is written in C. Please, in the future, at least -know- what you are talking about before posting.
Carl P. Corliss
Becuase so many other posts aren't stating this I'll try to explain some of the offerings:
Postfix is easy to configure. One of it's biggest advantages is that it uses many different type of maps for various purposes. Say I want to tell postfix what domains to relay mail for. I can have it lookup the domains in a traditional dbm/hash file or I can even specify an LDAP server to hit. In addition I can have it do the lookups in any order, dmn static entries first, then hit an old sendmail hash, then finally hit LDAP for my new point and click allocation system. This same mapping system is identical for almost all configuration parameters, aliases, virtual domains, virtual alias, maildir/mbox locations, valid recipients, valid senders, SMTP Auth users, etc., etc.
In addition I like postfix's rate control system. Postfix will notice when a foriegn mail system is under load (judged by its response times) and throttle back the rate and number of connections to it. This means that there is less of a chance that mail will be rejected with a temporary failure by the foreign server because it's too busy. It avoids the mail being moved from the active queue to the deferred queue imposing an hour or so delay until the next delivery attempt.
This also works for inbound mail. I can set rate limits so that if a foreign mail server tries to bomb me, postfix will notice this and throttle the connections. It does this by imposing mandatory delays in confirming the delivery to the foreign server. Again, the rates and thresholds are all configurable.
Postfix has some nice security features. For instance one feature is From: validation. All my users must log into postfix using SMTP Auth before sending mail. I have an LDAP map that specifies the allowable From: addresses the users are allowed to use. If the From: address doesn't match what's configured for the SMTP Auth user, the message is rejected. This keep users from spoofing other user's addresses in the From: header. In addition to validating the recipient domain, postfix can validate the recipient address before the message is accepted. Again, from any map type, including LDAP.
Postfix also has a sendmail compatibility layer. Meaning sendmail commands like 'sendmail' and 'mailq' typically work exactly like their sendmail counterparts.
As for performance and scalability, it's right up there with Qmail and sendmail. Performance on my particular servers will be less than on a plain Qmail or sendmail setup, but I also perform tons and tons more checks and validations on each message. Each message results in about 4 LDAP lookups and also gets piped through Amavis-new, Spamassassin, and ClamAV. The idea that postfix is for small to medium sized servers is a wash. It has a feature set that is above and beyond the rest and I'm quite impressed with it.
I used to be a die hard sendmail guy. But after going to postfix, I'll never go back.
My $.02 anyhow....
To be fair..
Qmail is *very* well deigned and programmed. There's hasen't been a real need to issue a new package for a long time.
I still don't like the license - but it is damn fine software.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
It is not the MTA's (Mail Transfer Agent) job to put the mail on the filesystem, that's the MDA's (Mail Delivery Agent) job. Sendmail is a Mail Transfer Agent. Sendmail, for as long as I've known, as a pluggable MDA format, where you can put in any MDA you choose. You can easily build your own MDA for Sendmail. Not to mention if you use Milter.
This is rudimentary internet mail handling.
For example, I use Cyrus IMAP's MDA with sendmail; and thus sendmail simply hands the Cyrus MDA my mail once sendmail has figured the mail belongs on this server.
Thus in a way, Sendmail, Postix, and all other MTA are essentially routers.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
It may be damn fine software, but its creator has decided that he doesn't like the existing init systems on linux/BSD and so has written his own. That right there took qmail out of consideration. I don't care if he is right or wrong, I have no intention of installing a second init system just so I can run his software. The creators of Postfix integrate beautifully with linux standards, Redhat even provides a well integrated postfix package (install the rpm's then run 'redhat-switch-mail'). Not to mention the awesome 'mailgraph' utility - http://people.ee.ethz.ch/~dws/software/mailgraph/ for charting stats!
And best of all, its wicked fast. I can handle 100's of msg per minute on a 500Mhz box, which I learned the hard way that sendmail can't.
You are in a maze of twisted little posts, all alike.
Having worked at a hosting company for years, we actually migrated to Postfix (from Sendmail) way back in the day, when Postfix was still called VMailer (actually joined the beta before it even had a name).
Simply put, Postfix is designed from the ground up with security in mind as well as the KISS philosophy of software design. Postfix has a bunch of little programs that all do one thing and do it very well, is realitively easy to chroot and even if you opt to not do that is still much more secure than Sendmail (esp its out of the box config). It's author Wietse Venema (sp?) was the same guy that wrote TCP Wrappers which is a stock part of almost every BSD/Linux distro today.
Postfix was engineered from the groupd up to be a Secure MTA and was able to take immediate advantage of all the lessons that had been learned by Sendmail w/o having to hang on to a legacy codebase.
Postfix is also extremely easy to configure, using straight non-cryptic ini style conf files and doesn't require a 1300 page manual to get the best out of it. Couple this with the fact that connecting it to a MySQL/Postgres/Oracle database for map lookups (forwarding, alias, transport, etc) and you've got this beast that scales very well for hosting environments (you can also used virtual passwd databases enabling you to create mailbox accounts that do not actually exist in the systems passwd db). When we deployed it at said hosting company, we were delivering close to a million messages a day and saw lookup times, delivery times, queue times, pretty much everything drop to about 1/4 of their levels w/Sendmail. Postfix is blazingly fast.
Postfix isn't for everyone tho. If you're only running a few domains and/or Sendmail came preconfigured on the box you're running it on then you're probably fine sticking w/Sendmail. We actually only used Postfix as a hub and used Sendmail on all our severs in a relay only mode. If you know Sendmail back and forth and can make it jump through flaming hoops I wouldn't necessarily advise switching to Postfix unless you're looking to wring more out of your MTA and want to do it relatively easily and securely.
Someone correct me if I'm wrong, but I don't think Postfix has even had any remote exploits (it doesn't run as root out of the box)?
Actually, using an unreachable backup MX is an excellent idea and shouldn't affect legitimate email at all. Real mail servers (i.e., servers running software like sendmail, postfix, exim, etc.) will try to deliver a message to each MX server, from high priority to low priority, until they find one that is accessible. So if he sets up a bogus MX server at the lowest priority, all of his other MX servers will still be attempted (and if they're all down for some reason, he's screwed anyway). However, spammers often use custom mass-mailing software that isn't smart enough to try all MX servers. In fact, their software seems to specifically target the lowest priority MX servers, probably because they think these servers will be less likely to inspect and reject the message at SMTP time. So if your lowest priority MX server is bogus and doesn't really exist, spammer software might not be smart enough to actually try the other MX servers; it will give up and move on to the next victim.
So using this technique shouldn't affect legitimate email, but it stands a good chance of cutting down on some spam. I'm glad he posted it.
First, a morpheme attached to the end of a word isn't unbound, it is bound. Second, what you seem to mean by postfix is usually called a postposition (contra preposition), as in ... drum roll ... Beowulf:
Scedelandum in , in scandinavia.
I agree myself too. I *like* Qmail better than Postfix... but I realise that Postfix has a gurenteed future so that's what I run.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.