Les Mikesell wrote: > Christopher Chan wrote: > >> Les Mikesell wrote: >> >>> Susan Day wrote: >>> >>> >>>> Hi; >>>> I don't want sendmail. What's a good secure email server that I can yum? >>>> I really only need smtp right now, but who knows what the future will bring? >>>> >>>> >>> Postfix is probably a reasonable choice, but I'm curious as to how you >>> reached the decision that you don't want to use the standard, >>> mostly-preconfigured tool without already knowing anything about the >>> other choices. Sendmail may have a long history of exploits back in the >>> day with it was monolithic and ran as root, but now it is probably the >>> most carefully audited piece of code shipped in the distribution. The >>> milter interface developed for sendmail (and now also implemented in >>> postfix) lets you add functionality that wasn't designed in, so it is >>> hard to imagine a mail job or environment that either couldn't handle. >>> >>> >>> >> I don't see sendmailX on Centos at the moment...do you? It is therefore >> still monolithic as far as Centos is concerned. >> > > By not-monolithic, I mean that now submission queuing, forwarding, and local > delivery are all different processes, each running with limited credentials most > of the time. And milters also can run under different uids. > > All that means naught if there is a remote root exploit. sendmail 8.12.x already worked like that. >> postfix comes with mysql/postgresql support and with connection pooling >> at that and which can be used directly in a lot of built-in features of >> postfix. >> > > You probably really want ldap for that sort of thing. > > > You probably really want to reconsider using ldap for anything that gets loads of changes daily. >> Unless the supporting stuff in the milters are as efficient as >> what you can get in postfix, sendmail + milters might be hard pressed to >> handle some environments that postfix can. >> > > MimeDefang gets this right - it runs as a multiplexor that connects multiple > processes as needed so you don't have a 1:1 ratio of mailers to backend milters > and you don't have fast step waiting on slow steps to complete. See page 31 of > http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches > use simple pipelines that make everything wait while spamassin runs and have to > reparse the mime headers to break out attachments for each scanning step. Some > very large sites are running it. > > I fail to see how that becomes an advantage for sendmail. I can very well pair postfix and mimedefang for just spamassassin and the rest of the stuff handled by native postfix features. That at the very least cuts out another layer to go through for postfix. In the end, sendmail is at a disadvantage having to depend on a third party for extra features.