Christopher Chan wrote: > Les Mikesell wrote: >> Susan Day wrote: >> >>> Hi; >>> I don't want sendmail. What's a good secure email server that I can yum? >>> I really only need smtp right now, but who knows what the future will bring? >>> >> >> Postfix is probably a reasonable choice, but I'm curious as to how you >> reached the decision that you don't want to use the standard, >> mostly-preconfigured tool without already knowing anything about the >> other choices. Sendmail may have a long history of exploits back in the >> day with it was monolithic and ran as root, but now it is probably the >> most carefully audited piece of code shipped in the distribution. The >> milter interface developed for sendmail (and now also implemented in >> postfix) lets you add functionality that wasn't designed in, so it is >> hard to imagine a mail job or environment that either couldn't handle. >> >> > > > I don't see sendmailX on Centos at the moment...do you? It is therefore > still monolithic as far as Centos is concerned. By not-monolithic, I mean that now submission queuing, forwarding, and local delivery are all different processes, each running with limited credentials most of the time. And milters also can run under different uids. > postfix comes with mysql/postgresql support and with connection pooling > at that and which can be used directly in a lot of built-in features of > postfix. You probably really want ldap for that sort of thing. > Unless the supporting stuff in the milters are as efficient as > what you can get in postfix, sendmail + milters might be hard pressed to > handle some environments that postfix can. MimeDefang gets this right - it runs as a multiplexor that connects multiple processes as needed so you don't have a 1:1 ratio of mailers to backend milters and you don't have fast step waiting on slow steps to complete. See page 31 of http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches use simple pipelines that make everything wait while spamassin runs and have to reparse the mime headers to break out attachments for each scanning step. Some very large sites are running it. -- Les Mikesell lesmikesell at gmail.com