On Fri, 2006-08-25 at 01:59, Andy Green wrote: > >> You can diss all other mtas + their addons all you like Les, but > >> sendmail X is following the design principles of qmail and postfix which > >> says something. > > > > The only one I'll really diss is qmail, and I'll concede that > > qpsmtpd will solve a few of it's problems as the project slowly > > re-invents the things that MimeDefang has been doing for years. > > My point is just that sendmail does a good job and has some > > unique advantages when used with MimeDefang. > > I guess it comes down to this: if you are handling a ton of mail and > mail is a big part of what you do, the rules are different. You can > consider to look past the investment needed to get sendmail and qmail[1] > to perform. > > If you are handling relatively low volumes of mail, say the low tens of > thousands a day, and "mail guy" is not a shout you respond to, then I > strongly recommend not becoming a white-coated acolyte to these and to > make the smaller brain-investment needed to get Postfix working great. Unfortunately the amount of real mail you intend to handle doesn't relate much to what can happen when you plug into the internet. Sites frequently get hammered with spam or virus 'dictionary attacks' where messages with near-random user names are sent by the millions to a domain. For the last few years this seems to be coordinated over a vast network of virus-compromized zombie machines in a way that can make the messages appear from many different IP addresses but at a controlled rate that doesn't completely swap the receiver. An unmodified qmail will accept all these messages then in a later operation realize that the recipient doesn't exist, construct a bounce message for each, and try to return them, generally to a forged sender address which may in fact be the real target of the scheme. You have a similar problem with other mailers if you try to accept internet mail through a DMZ relay that doesn't have the user base, forwarding it to a firewalled machine for delivery unless you work out some way to reject invalid users at the relay. > [1] qmail's license used to be source distribution only, because that > locked out anyone unable to compile it and its dependent packages and > "killed the weak". Mail isn't that hard! Mortals can get Postfix going! That's not the worst part of the license. The real problem is that qmail as written has several logical flaws, the above-mentioned being the most obvious, and the license states that no one is allowed to distribute modified versions so it can't be fixed without completely replacing components. -- Les Mikesell lesmikesell at gmail.com