[CentOS] mail server best practices question

Tue May 11 05:08:19 UTC 2010
Christopher Chan <christopher.chan at bradbury.edu.hk>

On Tuesday, May 11, 2010 11:02 AM, Craig White wrote:
> On Tue, 2010-05-11 at 09:40 +0800, Christopher Chan wrote:
>> On Tuesday, May 11, 2010 06:07 AM, Craig White wrote:
>>> On Mon, 2010-05-10 at 20:33 +0200, Alexander Dalloz wrote:
>>>> Am 10.05.2010 14:02, schrieb Brian McKerr:
>>>>
>>>>> I use Mailscanner with postfix and Mailwatch to manage quarantine etc;
>>>>>
>>>>> http://mailscanner.info/
>>>>
>>>> I don't intend to start a flamewar, but given Wieste's repeated warnings
>>>> on the Postfix mailinglist[1] and expressed on
>>>>
>>>> http://www.postfix.org/addon.html
>>>>
>>>> as
>>>>
>>>> "mailscanner system, works with Postfix and other MTAs. WARNING: This
>>>> software uses unsupported methods to manipulate Postfix queue files
>>>> directly. This will result in corruption or loss of mail. The
>>>> mailscanner authors have sofar refused to discuss a proper access API or
>>>> protocol."
>>>>
>>>> I call that combination not being best practice.
>>> ----
>>> clearly this is a personal issue that Wietse has with Julian (the author
>>> of MailScanner) and I can assure all that it works fine with Postfix and
>>> has never caused either corruption or loss of mail on many servers that
>>> I have configured to use both. There are also a lot of users who run
>>> MailScanner with Postfix.
>>>
>>
>> I don't know about that. If it was sendmail, fine because sendmail does
>> provide mechanisms for multiple access to a mail in the queue which is
>> how sendmail itself treats mails in the queue when you have multiple
>> queue runners. I have not used exim so as far as I know, only sendmail
>> actually tolerates a third-party touching mails in the queue.
> ----
> clearly this isn't rocket science and the manipulation of the mail queue
> is rather straight forward and hardly worth all of the rancor that
> Wietse seems to direct towards Julian/MailScanner.

sendmail checks for locks on queue files and so multiple sendmail 
processes + third party processes can operate on a sendmail queue at the 
time.

There is no such provision on qmail or postfix. Queue manipulation on 
postfix should be done through postsuper instead of directly mucking 
about with the queue file in whatever postfix subqueue while postfix is 
live.


>
> I started with Sendmail and MailScanner was written with Sendmail in
> mind and adapted later for Exim&  Postfix. When I was trying to switch
> to Postfix, I couldn't stand amavisd and went back to MailScanner and
> decided to just ignore the warnings from Wietse and I discovered that
> many on the MailScanner list came to the same conclusion.

Never used mailscanner but I am sure that is very little out there that 
can knock amavis of the top of the hill of top cpu chewers.


>
> With reference to your other message in this thread, MailScanner calls
> spamd/clamd as part of the process but the real value in my mind is the
> granular handling in MailScanner which is sort of complete overkill but
> it totally works and scratches about every itch you ever had in running
> a mail server.

I'm sure the same can be said of mimedefang and more. When I find 
something is not met by the postfix provided mechanisms, I'll take a 
look at these other solutions.