[CentOS] Recommend Mail Server

Tue Nov 24 01:21:30 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Christopher Chan wrote:
> Les Mikesell wrote:
>> Susan Day wrote:
>>   
>>> Hi;
>>> I don't want sendmail. What's a good secure email server that I can yum? 
>>> I really only need smtp right now, but who knows what the future will bring?
>>>     
>>
>> Postfix is probably a reasonable choice, but I'm curious as to how you 
>> reached the decision that you don't want to use the standard, 
>> mostly-preconfigured tool without already knowing anything about the 
>> other choices.  Sendmail may have a long history of exploits back in the 
>> day with it was monolithic and ran as root, but now it is probably the 
>> most carefully audited piece of code shipped in the distribution.  The 
>> milter interface developed for sendmail (and now also implemented in 
>> postfix) lets you add functionality that wasn't designed in, so it is 
>> hard to imagine a mail job or environment that either couldn't handle.
>>
>>   
> 
> 
> I don't see sendmailX on Centos at the moment...do you? It is therefore 
> still monolithic as far as Centos is concerned.

By not-monolithic, I mean that now submission queuing, forwarding, and local 
delivery are all different processes, each running with limited credentials most 
of the time.  And milters also can run under different uids.

> postfix comes with mysql/postgresql support and with connection pooling 
> at that and which can be used directly in a lot of built-in features of 
> postfix.

You probably really want ldap for that sort of thing.


> Unless the supporting stuff in the milters are as efficient as 
> what you can get in postfix, sendmail + milters might be hard pressed to 
> handle some environments that postfix can.

MimeDefang gets this right - it runs as a multiplexor that connects multiple 
processes as needed so you don't have a 1:1 ratio of mailers to backend milters 
and you don't have fast step waiting on slow steps to complete.  See page 31 of
http://www.mimedefang.org/static/mimedefang-lisa04.pdf.  Most other approaches 
use simple pipelines that make everything wait while spamassin runs and have to 
reparse the mime headers to break out attachments for each scanning step.  Some 
very large sites are running it.

-- 
   Les Mikesell
    lesmikesell at gmail.com