[CentOS] Recommend Mail Server

Christopher Chan christopher.chan at bradbury.edu.hk
Tue Nov 24 05:06:24 UTC 2009


Les Mikesell wrote:
> Christopher Chan wrote:
>   
>>>     
>>> How do you have a remote root exploit if you aren't running as root?
>>>
>>>   
>>>       
>> Ask the sendmail advisories for 8.12.x.
>>     
>
> Wasn't the last bug found and fixed 5 or 6 years ago?
>
>   

Which is great. Just saying that if there is one still lurking around, 
the current model of operation might still be vulnerable.

>>>> I fail to see how that becomes an advantage for sendmail. 
>>>>     
>>>>         
>>> It lets you control load very precisely.  You can limit sendmail to some number 
>>> of instances that can be much larger than the number of big/slow scanning 
>>> backend processes that you permit and the sendmails don't wait for the milters 
>>> until/unless they need one of their functions and you don't have to start a new 
>>> process for each message.
>>>
>>>
>>>   
>>>       
>> Sorry, I meant to say, an advantage for sendmail over postfix.
>>     
>
> I've been using it with sendmail for many years.  Postfix has only recently 
> added milter support and only very recently made it good enough to work with 
> mimedefang.  I don't know if it does the session multiplexing as efficiently - 
> maybe...
>
>   

I was the under the impression that it was mimedefang that handled that 
and not sendmail? In any case, postfix has long had very good multiplexing.

>> You know the answer to that one. If I am going to use MimeDefang for 
>> spamassassin and postfix obviously does not have anti-virus features 
>> (unless you call using body_checks to check for known patterns 
>> anti-virus support) where do you think I would plug in anti-virus 
>> support? Again, in a sendmail + mimedefang versus postfix + mimedefang, 
>> sendmail is the loser.
>>     
>
> If you just started to use email, perhaps.
>
>   

Ho hum. I do not know why you keep insisting that letting mimedefang 
handle say lookups to mysql and perform decisions based on those is 
faster than if sendmail had native support. It is after all, one less 
layer to going through and not run in something that is interpreted.

>>> On the contrary, having the ability to extend through external software gives 
>>> you unlimited options.  Note that postfix eventually got around to copying this 
>>> feature.  Also with mimedefang you can do most of your special configuration in 
>>> perl instead of having to learn yet another syntax.
>>>
>>>   
>>>       
>> Simply because it made sense to use available existing tools that 
>> support spamassassin and virus scanners than make yet another interface. 
>> No more smtp proxying. Good riddance amavisd. postfix was after all a 
>> replacement for sendmail and it would be incomplete without milter support.
>>     
>
> And it was incomplete for a long time.  Which is why sendmail is the standard.
>
>   

More and more distributions are using postfix as the default even though 
it does not allow delivery to root. That 'is' will soon become 'was' 
despite its incomplete milter support. I guess milters are not all that 
standard then. So many alternatives to milters out there that got 
established when milters just were not stable enough (no fault of 
sendmail) so that today milters are not quite as well known as stuff 
like resource hog amavisd.


More information about the CentOS mailing list