[CentOS] Kind of OT: internal imap server

Les Mikesell lesmikesell at gmail.com
Fri Aug 25 04:55:18 UTC 2006


On Thu, 2006-08-24 at 22:49, Feizhou wrote:
> > As
> > shipped in Centos you can do pretty much anything you would
> > want a mailer to do by changing a few lines in sendmail.mc.
> 
> Actually, what I want to get at is if you need anything beyond the 
> rulesets that are provided, you cannot do anything unless you understand 
>   sendmail rulesets and that is the same if you need to change something 
> too.

Yes, if you want to do something that no one else has needed
to do in sendmail's 3-decade history, you'll probably have
to read the bat book first.  But that seems unlikely to me
and with MimeDefang in the picture you can control many operations
in your perl filter instead of modifying sendmail macros.

> I guess that is the whole point. Ordinary users will probably have no 
> clue how sendmail works and when problems arise, good luck trying to fix 
> or get around them. So unless they know how to build other stuff and use 
> procmail or maildrop, they are pretty much stuck to system mailboxes.

As shipped in Centos, procmail is used for local delivery.

> > Then when you add MimeDefang, you also get the ability to
> > add in any other operations you want to happen in parallel
> > with the smtp chat and control it all with a bit of perl.
> 
> Which makes it no different from your dissing of qmail. qmail provides 
> very little that you can do before DATA in the smtp chat and mimedefang 
> does not kick in until after SMTP DATA in sendmail and they are 
> therefore the same.

I think you've been misinformed. My MimeDefang checks the inbound
recipients via smtp to the final delivery server before DATA is
ever mentioned.  If there are no valid recipients (which the
outside relay wouldn't know directly) the message is rejected
before DATA. 

> >> As for mimedefang, qmail lets you do anything that can be described in 
> >> perl, shell, C, python, whatever you fancy in fact and reject at the 
> >> smtp level too since you can replace qmail-queue or put a filter before 
> >> qmail-queue.
> > 
> > Another way of saying that is that qmail is so bad you have to
> > completely replace components to make it usable at all.
> 
> Which is no different from sendmail + mimedefang. You have no idea how 
> qmail works so I shall ignore your ignorance on this.

I've experienced the pain of using qmail.  I know more than I want
to know about how it accepts everything, then generates millions
of bounces for the things it can't deliver then lets the bounce
delivery attempts throttle your real deliverable outbound mail.

> sendmail gave you 
> milter so that you can get at the headers and message body. DJB's 
> multiple program approach to separate the different functions 

But he separates the functions so you can't do the thing you
need at the time you need to do it...

> automatically provides you the ability to get at what you want by either 
> modifying that particular qmail program

Wait - you think modifying a program is easier than configuring
one that works in the first place?

>  or by replacing like qpsmtpd or 
> by adding another program like qmail-qfilter. For this same reason, 
> people don't get any trouble from postfix and qmail with regard to 
> security issues and sendmail X following the same design principles says 
> a lot.

The milter interface is a more extreme solution, since it gives
you separation of permissions for the parts on the other end
of the socket but you get its response when you need it.

> Well integrated and designed for efficiency eh? I'd like to see 
> benchmarks between sendmail + mimedefang versus postfix + amavisd. In 
> fact, I'd like to see sendmail + mimedefang integrated with a mysql 
> backend versus postfix + amavisd integrated with a mysql backend. But 
> the whole thing would be unfair since postfix does connection pooling to 
> its backends while sendmail will probably beat the crap out of its 
> backend if it supported any sql database at all.

If you run spamassassin, all of the other operations are pretty
much meaningless time-wise.  The piece you need to keep things
going is a multiplexer that allows some maximum number of
backend scanners and some larger number of other MTA operations
to run concurrently.  That is, you don't want to serialize
everything around a few scanners, and you also don't want to
be allowed to spawn off enough instances of them to kill
the machine.  I don't think any of the other systems understand
this concept - but I'd be happy to hear that I'm wrong about
that.

> You can diss all other mtas + their addons all you like Les, but 
> sendmail X is following the design principles of qmail and postfix which 
> says something.

The only one I'll really diss is qmail, and I'll concede that
qpsmtpd will solve a few of it's problems as the project slowly
re-invents the things that MimeDefang has been doing for years.
My point is just that sendmail does a good job and has some
unique advantages when used with MimeDefang.

-- 
  Les Mikesell
   lesmikesell at gmail.com





More information about the CentOS mailing list