Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Security

Postfix: A Secure and Easy-to-Use MTA 374

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."
This discussion has been archived. No new comments can be posted.

Postfix: A Secure and Easy-to-Use MTA

Comments Filter:
  • heh. (Score:4, Insightful)

    by bangel ( 308936 ) on Monday August 25, 2003 @07:46AM (#6783123)
    the department of homeland security is issuing security advisories now? did anyone know we're paying them to audit code?

    I wonder if they'll start trolling on bugtraq.

    -blak
    • Re:heh. (Score:5, Funny)

      by capt.Hij ( 318203 ) on Monday August 25, 2003 @07:52AM (#6783155) Homepage Journal

      the department of homeland security is issuing security advisories now?

      Do they do anything else?

    • Re:heh. (Score:5, Insightful)

      by autechre ( 121980 ) on Monday August 25, 2003 @08:26AM (#6783374) Homepage
      Is this the same Department of Homeland Security that recently signed a contract with Microsoft to provide their software? And they're complaining about Sendmail?

      http://slashdot.org/article.pl?sid=03/07/16/1634 25 0&mode=thread&tid=103&tid=99

      On the other hand, maybe they'll train their sights on BIND next.

      • Re:heh. (Score:4, Funny)

        by clckwrkMalChick ( 592449 ) on Monday August 25, 2003 @08:50AM (#6783530)
        yeap, and it's the same homeland security that after buying that issued this warning [nipc.gov]. I suppose I should be glad they're looking out, because you and I both know that the terrorists might come into the country next through the finger exploit.
      • by BrokenHalo ( 565198 ) on Monday August 25, 2003 @09:18AM (#6783736)
        Sure, sendmail has had holes found in it from time to time. But we should remember that it has been a very *long* time, and for most people it has been stable as a rock. And I have never yet met anyone whose system has been compromised as a result of these holes. We also shouldn't forget that whenever bugs have been found, they have been fixed immediately (if not before).

        Compare this to the antics of "that corporation" who is quite content to leave bugs as "undocumented features". Could be this FUD is just a reaction to that "insecure by design" mudslinging.

        • by wwest4 ( 183559 ) on Monday August 25, 2003 @09:51AM (#6784036)
          Actually, it hasn't been that long [sendmail.com]. The latest security problems in sendmail were found in March.

          Sendmail isn't awful - but some of its code is old, it's complicated, and it's richly-featured. All of these things contribute to an increased risk of bugs and vulnerabilities. In those respects, it's similar to some of those products by "that corporation," except that sendmail issues timely patches and the current developers, at least, care about security from the outset versus considering it as an afterthought.
  • Milters? (Score:5, Insightful)

    by itsjpr ( 16533 ) on Monday August 25, 2003 @07:46AM (#6783125) Homepage
    Does postfix have milters? Sendmail is popular for a reason.
    • Re:Milters? (Score:4, Informative)

      by CoolVibe ( 11466 ) on Monday August 25, 2003 @07:53AM (#6783162) Journal
      No, postfix has no milters. A shame really, since milter is a nice way to control how your mail flows (and to filter/reject/bounce when needed).

      Milter is one of the things that's keeping me with sendmail.

      • by Anonymous Coward
        Can someone post a list of the things we LOSE going to postfix? I'm interested, but I'd like to be able to check to see what I'm losing, so I can compare that to what I'm using.
      • Re:Milters? (Score:5, Informative)

        by Anonymous Coward on Monday August 25, 2003 @08:34AM (#6783427)
        content_filter is the equivalent of Milter for Postfix.

        This is quite powerful. For example, you can have some regular expression (around header or body), that sent to the content_filter.

        If you want to switch and have milter in mind, please consult the documentation about content_filter...

      • Re:Milters? (Score:5, Informative)

        by cloudmaster ( 10662 ) on Monday August 25, 2003 @09:23AM (#6783781) Homepage Journal
        Yes, postfix has mail filters. They're just not *called* "milters", and they're readable by people who don't have M4 parsers built into their reading glasses. Grumble grumble crummy sendmail configuration grumble.

        In fact, most of the things you can do with sendmail through external additions are already in postfix. I'm pretty sure that Postfix is also overall "faster" than Sendmail, and it upgrades easier, and the config system is useful, etc...
  • by KeithH ( 15061 ) on Monday August 25, 2003 @07:48AM (#6783132)
    Qmail is rock-solid. The best proof I can offer is that fact that no security flaw has been found since 1.03 was released in 1998. The man is a cryptographer and designed it for security.

    There is also an enormous amount of support for the product available. Check out qmail.org and cr.yp.to/qmail.html
    • I've run qmail on my machine for almost a year. In the end I ended up switching back to sendmail - while it may be "unbroken", qmail is cumbersome to use and lacks many important features of sendmail.
      • by KeithH ( 15061 ) on Monday August 25, 2003 @08:03AM (#6783223)
        What can you do with sendmail that you can't to with qmail? There is a a very large set of mature additions and patches to qmail that permit just about anything you may wish to undertake with your mail server.

        On the point of qmail being cumbersome: I disagree - what could be simpler than adding a single line to your rcpthosts file? Maintaining qmail is trivial. However, I'll agree that the author's terse documentation makes it seem quite foreign but compared to sendmail it is positively didactic. There are also many other resources available which supplement the original docs.
        • qmail is supposedly very secure in its default state. Aren't you compromising that security when you add third-party patches? I would think that these patches, since they are not part of qmail proper, have received nowhere near the scrutiny that sendmail (or postfix, exim, etc.) have received. Doesn't that defeat the main reason for using qmail?
          • by KeithH ( 15061 ) on Monday August 25, 2003 @08:29AM (#6783390)
            That's a good point and one that should be considered whenever one patches the source. However some of the patches are trivial and "obviously" safe while others are additions that don't actually require changes to the qmail source itself.

            Because of qmail's design, it is very resistent to compromise, even if one of the components is modified.

            I believe that the strict partitioning of function in qmail lends itself better to extension than a constantly evolving package such as sendmail.

            I'm not in a position to compare it to Postfix.
          • by ajs ( 35943 ) <ajs.ajs@com> on Monday August 25, 2003 @08:53AM (#6783557) Homepage Journal
            This is exactly the problem with the OpenBSD, qmail (and the rest of DJB's software) and any other system that claims security through simplicity, but then refuses to either add features or accept code changes for the feature set that is needed in the real world. I respect this software, as I respect all functioning software that is contributed to the community (though qmail is contributed with some heavy provisos on what you are allowed to do in terms of modification and distribution).

            However, you get the "unsupported majority" who run a modified/patched/extended version that might well have security flaws that no one knows about. Worse, when an exploit is found in one of those changes, the maintainer of the central package usually makes a point of saying, "look, see! My software was secure, it was just those icky add-ons that were broken!" (as OpenBSD did with apache).

            Bottom line: if you run OpenBSD or qmail or any other like service, don't patch it, or add unsupported features.

            If that's not a good enough feature-set for you, choose a platform that embraces the feature-set that you need.

            Now, on to the myths of sendmail:

            Recent sendmail holes have been found because careful security auditing by programmers who have no goal other than to find such problems is being PAID for on sendmail. Companies like Red Hat have found such bugs in the Linux kernel, sendmail, apache, samba, etc, etc because they are looking for them, fixing them, and patching their user-base proactively.

            I'm not saying that this is a first. Many companies that can afford it perform such audits, and it's still not as helpful, IMHO, as the benefit of being open source in the first place. However, saying that software is "insecure" because paid auditors have discovered and fixed the problems is... questionable.

            I like sendmail. It has its quirks and problems, but I've yet to see a replacement that doesn't insist on proving that it's "better than sendmail" by imposing some strange restriction on the users (e.g. exim's B&D approach to RFC-compliance; postfix's convoluted incoming vs outgoing filtering; qmail's B&D approach to software distribution).

            I like these other packages too, but I don't see a role for them as-is in my environments. Perhaps someday someone will write a simple sendmail replacement that is feature-for-feature compatible, but simply has simpler code and a more straight-forward config syntax (the only two real failings of sendmail).
          • by gfilion ( 80497 ) on Monday August 25, 2003 @08:55AM (#6783569) Homepage

            qmail is supposedly very secure in its default state. Aren't you compromising that security when you add third-party patches? I would think that these patches, since they are not part of qmail proper, have received nowhere near the scrutiny that sendmail (or postfix, exim, etc.) have received. Doesn't that defeat the main reason for using qmail?

            I agree partly with you, it bothers me to have to patch my vanilla qmail to get all the functionality that I need. But on the other hand you only install the patchs that you need, so you're still more secure than if all the features/patchs we're allready bundled with qmail.

            The idea is to keep your installation as small as possible and to install only well-known patchs.

    • Want an idea of how secure qmail is? Take a look at the The qmail Security Challenge [infoave.net].
    • by Anonymous Coward on Monday August 25, 2003 @08:05AM (#6783232)
      I've considered qmail a few times, but Dan is such an abrasive prick that I just couldn't bring myself to use his software (the same can be said of Theo and OpenBSD). Check back through the qmail archives for some of his abusive responses to participants in the various qmail lists. Wietse, on the other hand, is easy to get along with, fixes things in a timely manner and operates in a much more respectful manner. Postfix is simple, secure, and well supported. Also, it doesn't require that you install all the author's other tools in order to have a functioning MTA.
      • >Also, it doesn't require that you install all the author's other tools in order to have a functioning MTA.

        This one does it for me. I currently use Exim, which also drops in for sendmail and is reasonably secure. If/when I want more security, I'll probably go Postfix because of the simple drop-in.

        Security is never unimportant, but for an internal-only MTA for a family of four that accepts no external connections, it's secondary. I will however agree that had I been running Sendmail, the March problem w
      • I've considered qmail a few times, but Dan is such an abrasive prick that I just couldn't bring myself to use his software (the same can be said of Theo and OpenBSD). Check back through the qmail archives for some of his abusive responses to participants in the various qmail lists.

        You show 'em! Maybe those bartards'll think next time they do something that you don't agree with. Ya know, they're not selling commercial products, so they're not taking on any financial losses from your boycott. Chances

    • by mnmn ( 145599 ) on Monday August 25, 2003 @08:07AM (#6783245) Homepage
      There are two main things about qmail that gives it the edge.

      1) It is a collection of small daemons. In the UNIX spirit. This cuts on the bugs and allows injection of emails into various stages, and developing addons much easier.

      2) It has a structured config file system. Again thats truly like UNIX. You just go to one file, open it in an editor, usually has less than a screenfull of lines, edit it, close and reHUP the daemon. Imagine the same for sendmail. At the least you have to run make for it.

      To be fair, I havent tried postfix, but after qmail, Ive kinda lost motivation to try anything else.
    • Qmail has a guarantee [cr.yp.to]

      But have you noticed the qualifiers? Sendmail works around bugs in the OS (and most of the CERT warnings involving sendmail are because of OS related issues and other delivery programs, not the sendmail core).

      How many of the race conditions fixed in sendmail and apache exist today in qmail? Does qmail work around any linux kernal problems?
    • by KC7GR ( 473279 ) on Monday August 25, 2003 @10:30AM (#6784326) Homepage Journal
      At the risk of sounding like one of those infomercial testimonials...

      I ran qmail for a year or so, then ended up switching to Postfix. At this point, you couldn't pay me to switch back to qmail.

      It's not that qmail's a "bad" program. It's certainly not! Dave B. did a heck of a job with it, and I know it's in service as a Sendmail replacement at thousands of sites.

      My gripes with qmail are that you practically need to be a programmer to implement it "properly" (at least that's my impression), and that, in order to have an ideal working environment for it, you have to replace the inetd daemon, and add in other tools that are far from simple for non-programmers to implement and use.

      My biggest gripe with qmail was how it implemented spam blocking. Complex and clumsy (to my view), with no way that I found to "whitelist" a given domain name or IP, and no way to block on domain name lookup either.

      Postfix solved all the problems listed above, and it came pre-installed with NetBSD [netbsd.org] (my Internet server OS of choice). As for its blocking/whitelist syntax, it couldn't be simpler. Examples...

      For blocking: some.host 554 Access denied.
      For whiteliesting: some.host OK

      You simply replace 'some.host' with an IP address or host name, and the three-digit error code with anything you want. qmail was limited to two error codes. The best part is that you can, if you wish, block entire countries that have become spam sewers simply by doing things like this in the blocklist:

      .cn 554 Access denied. China's a spammer paradise.



      With qmail, you'd have to go through and enter every single IP range assigned to China, manually. I know -- I did this at one time for qmail, and it was two hours plus worth of work! What's even worse is that you have no control over what error message text is sent back. Postfix lets you put in anything you want.

      While I will admit that Postfix's default blocking file cannot directly accomodate CIDR notation or IP ranges, Rahul Dhesi, one of the nice folks who inhabits news.admin.net-abuse.email, wrote a handy script [rahul.net] to take a source blockfile, complete with said CIDR notations and specific syntax to indicate a range, and convert it into a form usable with Postfix. He also has a bunch of other handy tools [rahul.net] for use with Postfix on his site.

      I may not know what a "milter" is, but I do know that postfix can block or pass mail on just about anything you want. It supports regular expressions, hashes, etc.

      I guess I do sound like a testimonial... Well, the heck with it! I like Postfix. ;-) The info at Postfix's home site [postfix.org] speaks for itself.

      Keep the peace(es).

    • I looked at qmail two years ago, and I have to say that qmail is the most confusing MESS I have even seen. NOTHING is in its right default place! NOTHING! Everything has this strange directory structure, and it doesn't even use the default LOGGER. Yes, you have to install this dumb logger daemon, solely for the purpose of logging stuff for your qmail.

      Sorry, but I'd perfer a mail program that puts stuff in the right place. I want my configuration files in /etc, and I want syslog to manage my e-mail log
  • Use Qmail (Score:5, Informative)

    by The Original Yama ( 454111 ) <lists.sridharNO@SPAMdhanapalan.com> on Monday August 25, 2003 @07:48AM (#6783133) Homepage
    The Qmail author offers money for any holes found. So far he hasn't had to pay a cent.
    • Re:Use Qmail (Score:5, Informative)

      by dasmegabyte ( 267018 ) <das@OHNOWHATSTHISdasmegabyte.org> on Monday August 25, 2003 @07:58AM (#6783191) Homepage Journal
      Qmail is a little tricky to set up, but it's also small, has some awesome optional features (virtualhosts and the .qmail aliasing system are wierd, but once you get them down you'll appreciate the flexibility they offer) and once you're done it's worth it. It's nice to have a service that you can say, "This is done. I no longer have to worry about it."

      Of course, since I use DJBDNS and qmail-pop3, I have 3 services I can mostly ignore. And it only took me 8 hours curled up with lifewithqmail.org to do it.
  • No, really?

    Of course now I get al the exim, qmail and postfix fanboys blasting at me, but sendmail works well. Works good enough for most. Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?

    Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.

    • by Anonymous Coward
      Yeah, but OpenBSD is including an ancient version that they spent tons of time audding.

      After using qmail for 4 years, I can't see why anyone would touch sendmail.
      • Yeah, but OpenBSD is including an ancient version that they spent tons of time audding.

        False:

        220 xxxxxxxxxxxx ESMTP Sendmail 8.12.9/8.12.9; Mon, 25 Aug 2003 15:30:11 +0200 (CEST)

        Well well well, ancient huh? Whatever. Yes, that's openbsd's default sendmail as of version 3.3

    • by satch89450 ( 186046 ) on Monday August 25, 2003 @08:01AM (#6783213) Homepage
      Don't get me wrong, postfix is a nice MTA. Yes, it is easier to set up depending on what you think is "easy", but still, it's a nice MTA, but no reason to not use Sendmail if you can help it.

      I ditched SendMail because it made me uncomfortable as an administrator. Yes, I could get it working "good enough" that I wasn't a relay, but because of the arcane command file structure I wasn't satisfied that it was tuned the way I wanted it. (BTW, I had hand-coded a sendmail.cf from scratch before, and made it work, but that was when I had a whole day to spend on the project.)

      Back in the days when there weren't a hoard of people trying to crack your system, SendMail was OK. Nowadays, you want to make absolutely sure there are zero holes in your system -- arguably you want to PROVE there are no holes, which is an impossibility -- and SendMail makes that very hard to do.

      With PostFix, I can get a configuration file, sort it, and check each parameter against the manual. In fact, PostFix can get me EVERY setting (using postconf) so that I can verify I like the defaults, too.

      In the current Internet environment, "good enough" isn't good enough.

      • Sendmail currently ships with being a relay by default turned off. Also, all BSDs ship with sendmail set up that way. And they're not ancient versions anyway. (8.12.x, last time I checked). Of course NetBSD ships with postfix, but I harly use it. Sendmail performs well enough, and m4 isn't the hassle everyone thinks it is.

        Like some other poster says, postfix is actually pretty fussy when it comes to virtual domains. In sendmail you use a sendmail.cw, plonk all your recieving domains in there an be done wi

      • I ditched SendMail because it made me uncomfortable as an administrator. Yes, I could get it working "good enough" that I wasn't a relay, but because of the arcane command file structure I wasn't satisfied that it was tuned the way I wanted it. (BTW, I had hand-coded a sendmail.cf from scratch before, and made it work, but that was when I had a whole day to spend on the project.)

        I agree, sendmail has a steep learning curve, and I don't have to change mail settings often enough for it to sink in and become
      • by macdaddy ( 38372 ) on Monday August 25, 2003 @08:52AM (#6783551) Homepage Journal
        If you coded a sendmail.cf from scratch then you are a damned fool. There's no other way to put it. YOU DO NOT CODE THE CF BY HAND. YOU DO NOT EVEN TOUCH THE CF! The Sendmail gurus have been saying this for years and there is NO excuse for not heeding their warnings. You use the M4 macros to build your CF. There is rarely, and I do mean rarely, any reason to directly edit the cf. You can do everything you need to do in the M4 macro file. Even the Sendmail gurus themselves don't touch the CF.

        This is something that really pisses me off. People bitch and moan about Sendmail being so hard to configure when really they haven't done the tiniest bit of research or RTFM. If they had they would have known not to edit the CF. "Don't touch the CF" is the most common answer on comp.mail.sendmail. Yet these novices still feel knowledgeable enough to make claims about how hard it is to configure Sendmail. I swear the quality of sysadm nowadays is somewhere in the crapper. I've been using Sendmail since 8.8.7. I have never had an unusual configuration I couldn't quickly create with a minimal amount of online research. It's not rocket science folks.

        • Ah, the voice of reason.

          Moderate this up. It cuts straight through the FUD from the qmail/postfix/exim fanboys.

          I _NEVER_ touch the .cf. Never never never. Creating a sendmail.cf on e.g. FreeBSD requires no more knowlegde than how to run 'make' in /etc/mail. You don't even _need_ to mess with m4. NetBSD does the same. OpenBSD however requires you to make your own .mc, but that's not really hard, since theres lots of .mc files you can use in /usr/share/sendmail.

          Also, it strikes me that lots of the anti-

        • by rosie_bhjp ( 40538 ) on Monday August 25, 2003 @09:48AM (#6784015) Homepage
          why would I want to use a system that requires you to preprocess your configuration file, and gives you an obfuscated but still legible configuration file as an output? Does the arcane syntax of the .cf file really make it that much faster for sendmail to parse the configuration file?

          I understand sendmail is just fine for people who are used to it, I used it for four years and got by with few problems. I also understand why people shy away from sendmail and the attraction to alternative mailers like postfix and qmail. For the past year I've used postfix and feel infinitely more comfortable with its configuration, design philosphy, and inner working than I ever did with sendmail.

          Maybe I should spend my time RTFMing and doing online research into sendmail to make myself feel more comfortable with it. Nah, I'd rather just install Postfix and get on with my life.
        • by Dr. Manhattan ( 29720 ) <sorceror171NO@SPAMgmail.com> on Monday August 25, 2003 @11:17AM (#6784701) Homepage
          YOU DO NOT CODE THE CF BY HAND. YOU DO NOT EVEN TOUCH THE CF! The Sendmail gurus have been saying this for years and there is NO excuse for not heeding their warnings. You use the M4 macros to build your CF.

          If your config language is Turing-complete, and needs a parsing tool to be useful even to "gurus", something is very, very wrong.

    • Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?
      Because it's the only major MTA with a license that's acceptable to Theo.
    • Of course now I get al the exim, qmail and postfix fanboys blasting at me, but sendmail works well. Works good enough for most. Heck, if sendmail were so insecure, why is OpenBSD still including it in it's base?

      The devil is in the details. I remember when I was trying to set up a virus checker for sendmail, I screwed up, and sendmail started sending my emails to /dev/null. With qmail, at least, when I screw up my configuration, it keeps the emails in the queue until the configuration is repaired.

  • by brentlaminack ( 513462 ) on Monday August 25, 2003 @07:49AM (#6783137) Homepage Journal
    In general I found that virtual domains were a bit trickier to set up in postfix than in sendmail. Ordinary aliases were just as easy (read identical). My sites don't do enough volume to tell any difference in performance. The build/install process was probably a bit easier for postfix, i.e. didn't have to monkey around with M4. So as a sendmail admin of more years than I care to think about, postfix seems about as easy to administer as sendmail on a day-to-day basis.
    • I think postfix virtual domains are a little harder because they're two virtual methods in one package.

      You can use them old-style like Sendmail, or you can use them Postfix style. The two differ by slight syntax variations. Confusing at first, but the point is you have the option to run compatable virtuals from Sendmail, of not depending on the situatation. I won't even claim to have a full understanding of the differences.
    • by segment ( 695309 ) <sil@@@politrix...org> on Monday August 25, 2003 @07:59AM (#6783200) Homepage Journal
      I've run heavy sites with postfix when I worked at a service access provider once. We had about 5k domains (notice I typed domains... users = ? don't have an idea) on each server (back then was a VAR501) running on postfix without a problem. QMail is alright but I notice the load gets heavy a bit so it's not good for like legacy systems at least in my opinion.

      Sendmail.. ugh. Remember that old comment, if you've got nothing nice to say? At least they gave out free sendmail swiss army knives once!

    • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Monday August 25, 2003 @10:10AM (#6784159)
      In general I found that virtual domains were a bit trickier to set up in postfix than in sendmail
      postfix used to have a different way to do virtual domains (in fact, it was called the "sendmail-style" virtual domains). These were a pain. Now it is very easy to set up virtual domains. There are 3 steps, and it will take you all of 2 minutes to set this up. I kid you not...
      1. Make sure 'virtual_maps' directive is in postfix.conf; e.g. virtual_maps = hash:/etc/postfix/virtual
      2. Edit the file 'virtual' making sure you include the "Virtual domain" as the first line of a group. Include as many as of these blocks as you want, multiple domains.
        example.com Virtual domain
        ad1@example.com destuser1
        ad2@example.com destuser2

      3. Run 'postmap /etc/postfix/virtual'
  • by Crayon Kid ( 700279 ) on Monday August 25, 2003 @07:51AM (#6783146)
    ...because the article poster had to mention Postfix. Now someone's gonna say "qmail", someone else will say "exim", someone will say "fuck you, sendmail all the way" and what could have been a nice debate about the full-of-security-holes-dinosaurs of open source will be spent in 500 messages worth of flamewar. Sigh.
    • The reason why (Score:5, Insightful)

      by Overly Critical Guy ( 663429 ) on Monday August 25, 2003 @08:29AM (#6783388)
      This article was really about a hole in sendmail. However, with all the so-called "Microsoft holes" Slashdot has been reporting non-stop about, they needed to immediately offer a working alternative so they can say, "It's not that big a deal; here are well-known alternatives," and play down the hypocrisy a bit. Meanwhile, there are just as many alternatives to Outlook, but that doesn't stop people from declaring Windows unsafe (never mind that SoBig is a user-transmitted worm). They were just trying to play down the seriousness of it. "You should have been using postfix!"

      Just had to say it. Mod me down if you disagree.
  • by Harald Paulsen ( 621759 ) * on Monday August 25, 2003 @07:51AM (#6783148) Homepage
    I can see that some ISPs have a need for sendmail due to legacy UUCP-customers (yes, someone still uses UUCP), but the world should really move on with regards to MTAs. Postfix, qmail and Exim are all good alternatives. Perhaps linux-distributions should offer other mailers as standard, that would probably get the ball rolling.

    As for myself, I switched to postfix several years ago and haven't looked back even once.

    • Debian has defaulted to exim as long as I can remember. exim tends to choke pretty seriously on some of my mail, though... (fetchmail'd from an Exchange server) sendmail has never had any such trouble, and I suspect Postfix, based on my previous experience with it, also would not.

  • windows users don't have to worry about this!

    hahaha

    (it's a joke ok ? i use unix.....)
  • by Mhumble ( 701293 ) on Monday August 25, 2003 @07:52AM (#6783153)
    Phew lucky I'm running exchange and don't have these damn sendmail SECURITY fixes to worry about ;)
  • by tm2b ( 42473 ) on Monday August 25, 2003 @07:55AM (#6783171) Journal
    Just as a heads up to Mac users... the next major revision of Mac OS X, Panther, will be changing from Sendmail to Postfix. [macbuyersguide.com] So if you use Mac OS X, you don't need to do anything special other than buy Panther when it becomes available.

    Personally, that's what is pushing me over the edge to learn Postfix and use it on my OpenBSD servers. In a nostalgic way, it's too bad... I once made some seriously good money writing custom sendmail.cf files on a consulting basis.
  • Courier (Score:5, Informative)

    by dusanv ( 256645 ) on Monday August 25, 2003 @07:56AM (#6783179)
    I have been using Courier [courier-mta.org] for over two years now. No remote roots ever or problems of any kind (I am amazed!). It's open sourced and a full package (esmtp, pop, imap, webmail and a thousand other things). It gets my vote.
  • Mmmm...postfix (Score:4, Interesting)

    by ender- ( 42944 ) on Monday August 25, 2003 @07:56AM (#6783181) Homepage Journal
    I for one have used sendmail and postfix, and have tried qmail in the past [sorry, didn't like it].
    I finally settled on Postifx. I really like it. I feel I don't have to jump through nearly as many hoops to get it running well as I did with sendmail. I certainly didn't need a 900 page 'bat' book to get postfix running. :)

    With that said, to each his/her own. Use what you want, I'm sure people love qmail for reasons that make sense to them, and the same with exim and sendmail. Those of you who would flame me or others because of our choice of email servers all I can say is "Get over it..."

    Ender
  • Stupid question... (Score:5, Interesting)

    by Skirwan ( 244615 ) <skerwin.mac@com> on Monday August 25, 2003 @07:56AM (#6783186) Homepage
    Is Sendmail still used because it ships as the default mailer with almost every flavor of Unix?
    Yes. Yes it is.

    Just like Internet Explorer is still used because it ships as the default browser with every flavor of Windows, and Apple Mail is still used because it ships as the default mail client with every flavor of Mac OS X, and so on. This surprises you because...?

    --
    Damn the Emperor!
    • That and also its a bitch to get sendmail uninstalled from a package based system (rpm or deb). I havn't tried in a long time, but when I did, I could not install a new mailer because it conflicted with the old mailer, and I could not uninstall the old mailer because things like cron depended on it, and so on.
      • by johnnyb ( 4816 )
        Red Hat has "alternatives" set up, which make it real easy to switch MTAs. For RH8, I only have to do the following:

        alternatives --set mta /usr/sbin/sendmail.postfix

        service sendmail stop

        chkconfig sendmail off

        service postfix start

        chkconfig postfix on

        And you now run Postfix!
    • by Basje ( 26968 ) <bas@bloemsaat.org> on Monday August 25, 2003 @08:32AM (#6783414) Homepage
      No it doesn't. Debian has Exim as it's default MTA.
    • Not Debian (Score:5, Informative)

      by autechre ( 121980 ) on Monday August 25, 2003 @08:34AM (#6783430) Homepage
      I think they switched which MTA was installed by default between Potato and Woody, but neither one was Sendmail. And of course, they have you configure it when it's installed, and you can just tell it to not run the daemon and deliver local mail only (so you still get important stuff sent to root).

      I've used Postfix, and like it very much. Currently, the email server for which I'm responsible runs Sendmail, because I haven't had time to figure out how to port the virtusertable over to Postfix.

      As for hackstraw's comment, Debian makes it easy because packages depend on "an MTA", and all of the MTAs conflict, so you just use APT to install your MTA of choice, and it replaces the existing one.

    • Is Sendmail still used because it ships as the default mailer with almost every flavor of Unix?

      Yes. Yes it is.

      No, SuSE and Mandrake have been shipping Postfix by default for a few years (Mandrake at least since 7.1). Of course, sendmail is still available and supported (pity, otherwise there may be space for other secure mail servers ...).

      I think it's only the Redhat users who get an insecure MTA by default ...

      It seems Debian may have also seen the light ...

  • Debian may switch (Score:5, Informative)

    by mcgroarty ( 633843 ) <brian.mcgroarty@nOSpAm.gmail.com> on Monday August 25, 2003 @07:58AM (#6783195) Homepage
    Debian has been installing exim [exim.org] by default forever now. It's also remarkably easy to use and configure, and it's just as versatile as sendmail.

    There's been discussion about switching to postfix as the default for new installs however, and it may even be a done deal. A lot of arguments have been tossed about for this, however the biggie seems to be its simplicity: with something as complex as exim or sendmail, there are just more opportunities for something to go wrong. Postfix is quite enough for most users.

    • Re:Debian may switch (Score:3, Informative)

      by HoserHead ( 599 )

      If you've bothered to read any of that particular thread ("default MTA for sarge" [debian.org]), you'd have found that Postfix isn't actually very likely to be the default MTA for any Debian release any time soon. exim4 is simple and powerful, and what's more, it builds on the legacy of exim as the default mailer in Debian.

      There isn't really any compelling reason to switch away from exim, and that more than anything else is likely to leave exim as the default for years to come.

  • Alternatives (Score:3, Informative)

    by rf0 ( 159958 ) <rghf@fsck.me.uk> on Monday August 25, 2003 @07:59AM (#6783204) Homepage
    Postfix is cool and words but so does Exim, Qmail et al. Sendmail is a large code base that has devloped over many years but its secret is its ability to do alomst anything required. Of course its almost impenterable if you don't want to learn rule sets but you can just get the Orielly book which is only about 1000 pages long :)

    Rus
  • Qmail just works (Score:3, Interesting)

    by esconsult1 ( 203878 ) * on Monday August 25, 2003 @08:03AM (#6783221) Homepage Journal
    The combination of Qmail and Vpopmail is perfect for our company with multiple virtual domains. No other solution comes close.

    If you run virtual domains, Postfix or Sendmail is not an option, especially if you dont want to deliver john@d1.com and john@d2.com to john@localhost. Heck, with virtual domains, you don't want to have user accounts anyway.

    I wish there were other easy to use open source options, because Qmail really suffers under Sobig at this point.

    • If you run virtual domains, Postfix or Sendmail is not an option, especially if you dont want to deliver john@d1.com and john@d2.com to john@localhost.

      Obviously, you haven't heard of virtusertable [sendmail.org]...

      • Obviously, you haven't heard of virtusertable...

        Actually, I have. It still requires you to have user accounts on the box, or to forward the mail to some other mail server.

        AFAIK, with virtusertable, you can't have multiple "john" accounts on the box. I could be wrong, or horribly misinformed, but to get the functionality of vpopmail in bare Postfix or Sendmail has not been done so far. In fact, you can't even get that functionality with bare Qmail either.

    • Re:Qmail just works (Score:5, Informative)

      by InsaneGeek ( 175763 ) <slashdot AT insanegeeks DOT com> on Monday August 25, 2003 @08:24AM (#6783353) Homepage
      What you talking about Willis?

      Sendmail & Postfix support virtual domains with no problems.

      Postfix: http://www.postfix.org/faq.html#virtual_domains

      Sendmail you can do it extremely easily with the virtualusertable (and I have for years and years)
    • Postfix can do virtual domains with sasl authentication and imap/pop daemons from Project Cyrus [cmu.edu].

      Its also real cool because you can use a mysql database to manage the accounts over the domains so that the users do not need real shell accounts.
  • by heironymouscoward ( 683461 ) <heironymouscowardNO@SPAMyahoo.com> on Monday August 25, 2003 @08:05AM (#6783233) Journal
    I'm expecting certain people to make much of this news, citing the "insecurity that comes with open source".

    All it demonstrates is that large complex pieces of software are inherently more difficult to secure than smaller simpler ones.

    Sendmail is great but we switched to another MTA about four years ago, also because Sendmail had exploits.
    • All it demonstrates is that large complex pieces of software are inherently more difficult to secure than smaller simpler ones.

      What happens to this when it's Windows, and it's suddenly "WINDOWS WAS DESIGNED FROM THE BEGINNING WITHOUT SECURITY IN MIND!!1." You know, the standard hysterical absolutes.

      Oh? You mean nothing is 100% secure? You mean Linux has more monthly than Windows? People need to get off their high horse and gain some perspective. [linuxsecurity.com]
      • by dspeyer ( 531333 ) <dspeyer.wam@umd@edu> on Monday August 25, 2003 @09:03AM (#6783618) Homepage Journal
        Sendmail vs Windows makes an interesting comparison.

        Both were designed as insecure -- sendmail because the net was so small in those days that you could trust it, windows because it was intended for single-user off-net PCs.

        Neither is securable. Both need to be replaced while maintaining backwards compatibility. Windows got Windows NT, Sendmail got qmail, postfix, exim and others.

        Windows NT is still terribly insecure, qmail/postfix/exim are rock solid. Why?

        Because the mail compatibility relies on a well thought out open standard (RFC822) whereas Windows relies on an entire slapped-together API.

        So stop being overly critical and learn something! :-)

  • by Gyorg_Lavode ( 520114 ) on Monday August 25, 2003 @08:14AM (#6783289)
    My postfix installation is extremely secure, I can't get it to receive any email at all. If anyone could help me unsecure it by teaching it to deliver mail to my computer, could they shoot me an email? (bassettgabriel @qwest.net). I'm not a system administrator, just a guy w/ linux at home and the simple setup just isn't working for some reason.
  • by Apostata ( 390629 ) <apostata@NOSpam.hotmail.com> on Monday August 25, 2003 @08:17AM (#6783306) Homepage Journal
    Sorry for the flamebait, but how would it seem if an "objective" news-headline site said the following:

    "The Dodge Ram has had a number of documented problems over the years. However, for less problems, try the Ford Explorer."

    Come on...
  • by shoppa ( 464619 ) on Monday August 25, 2003 @08:20AM (#6783326)
    Citing a long history of security holes and patches is one way of justifying going with a less-populare but maybe more secure package. Right off the top of my head are these long-standing open-source packages with long histories of security holes:
    • wu-ftpd. Most recently known for the crack of alpha.gnu.org.
    • sendmail. "Not having sendmail is like not having VD", according to popular wisdom
    • vixie-cron. I don't even know of a "virgin" distribution of this, which is probably a good thing; all the Linux vendors have their own set of extensive patches to vixie-cron.
    There are multiple choices for replacing each of these, most of them a written-from-scratch replacement. Not all of these are perfect, either, but at least they're less popular, so (hopefully?) less likely to get hacked.

    I personally run fcron, postfix, and proftpd instead of the more popular packages. I don't honestly claim that they're any more secure, in all cases they were mostly personal choices having to do with cleanness/installation ease.

  • SMTP (Score:3, Troll)

    by FrostedWheat ( 172733 ) on Monday August 25, 2003 @08:23AM (#6783349)
    SMTP is a fairly simple protocol, so why are there so many security problems with mail servers? Am I missing something obvious?
    • Re:SMTP (Score:4, Insightful)

      by shoppa ( 464619 ) on Monday August 25, 2003 @08:29AM (#6783394)
      Sendmail started out with lots of regex ability because it was designed from the start to route mail not only through SMTP but into/out-of other mail systems - i.e. uucp mail, bang paths, corporate-internal mail systems, etc. So it needed to be able to dynamically rewrite and forward mail to non-SMTP systems.

      This configurability honestly isn't needed today in 99% of cases. The number of people I know who need a bang-path to get mail to them (uucp) is now down to two.

      But the ability to do things dynamically in sendmail through its configuration file isn't necessarily a weakness, the regex abilities are often used for other things today.

  • Old News (Score:5, Insightful)

    by Accipiter ( 8228 ) on Monday August 25, 2003 @08:40AM (#6783468)
    This is a security problem from March. Sendmail 8.12.9 was released on March 31st, correcting this problem.

    Why is this being posted nearly half a year later? Solely to advertise Postfix?
  • Postfix virus filter (Score:4, Informative)

    by hey ( 83763 ) on Monday August 25, 2003 @08:42AM (#6783479) Journal
    I love postfix. A while ago I added a filter to
    stop executable (ie virus) content. And nobody
    in my company got the recent SoBig virus. Here's the line:

    /(filename|name)=".*\.(asd|chm|dll|com|exe|hlp|hta |js|ocx|pif|lnk)"/i REJECT Executable content not allowed

    • by cloudmaster ( 10662 ) on Monday August 25, 2003 @10:09AM (#6784153) Homepage Journal

      Even more fun than than that (in newer versions o' postfix) is this one:



      /^Content-(Type|Disposition):.*(file)?name=.*\.(as d|bat|chm|cmd|dll|exe|hlp|hta|jse|lnk|ocx|pif|scr| shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)/ REJECT Sorry, we do not accept .${3} file types.



      Mostly I like that because you include the actual extension in the return message and it allows the string "file=blah.exe" in headers other than those two that might cause a problem



      Note that I left .com out of the list because that one also catches messages with URLs attached (like, http://domain.com/). Since we mail URLs a lot where I work, that's not so good to block.

  • by Florian ( 2471 ) <cantsin@zedat.fu-berlin.de> on Monday August 25, 2003 @08:50AM (#6783528) Homepage
    For running an MTA on a desktop/client PC, I strongly recommend solutions like Nullmailer [untroubled.org] or, for computers with permanent Internet connectivity, ssmtp [debian.org]. Both work as just local gateways/bouncers to a remote SMTP server; they don't open any network ports and thus prevent remote exploits/attacks/spam relaying by design. Nullmailer offers local spooling (important for dialup connections) while ssmtp bounces everything immediately to the smarthost. Both are very small (ssmtp: 22k, nullmailer-send: 25k), ridiculously simple to configure even for people with low administration skills, both provide sendmail-compatibility to work with MUAs like mutt.

    (Offtopic: A similarly nice, elegant solution for desktop/clients PC printing is pdq [sourceforge.net], which unlike lpd and cups runs only as a local spooler without opening a network port, and is lean (65k), dead-simple and functional. With nullmailer/ssmtp & pdq, I managed to close all ports (except of course SSH) on my two desktop PCs under Debian GNU/Linux without any firewalling. AFAIK, Debian is the only OS offering all the aforementioned pieces of software as part of its main distribution.)

  • by ChrisCampbell47 ( 181542 ) on Monday August 25, 2003 @10:12AM (#6784174)
    While Sendmail runs half the mail servers in the world

    According to http://cr.yp.to/surveys/sendmail.html [cr.yp.to] and http://cr.yp.to/surveys/smtpsoftware6.txt [cr.yp.to], Sendmail has long been trending towards less and less hosts running it. As of his last survey two years ago, it was at 42%. And if you look only at "serious" MTAs, those for sites that have heavy mail volumes, you'll probably see even less Sendmail.

    • by MS ( 18681 ) on Monday August 25, 2003 @02:08PM (#6786435)
      Sendmail "handles an estimated 75 percent of the Internet's email traffic."

      Assuming each e-mail passes on average 3 MTAs, and sendmail is used on 50% of those servers, that gives:

      • .50 (probability first server rung sendmail)
      • .50*.50 = 0.25 (probability second server runs sendmail, if first didn't)
      • .50*.50*.50 = 0.125 (probability third server runs sendmail if first two didn't)
      Summarizing: in 87,5% of cases, the e-mail was handled (= routed through) by at least one MTA running sendmail.

      If sendmail is deployed on 40% of the servers, the same reasoning gives a total of 62,4%. So the newspaper talking about "routing" and not about the percentage of servers running sendmail, may be correct.

      My 2c.

  • by stinkfoot ( 21610 ) on Monday August 25, 2003 @11:21AM (#6784768) Homepage
    http://www.mailsoftware.cjb.net/ [cjb.net]

    "major" being: courier, sendmail, postfix, exim and qmail.

    it looks like it's about a year old, and has some missing information, but it's a place to start for anyone looking to switch MTAs.

  • by Eric Smith ( 4379 ) * on Monday August 25, 2003 @01:04PM (#6785811) Homepage Journal
    If you need to run a backup MX for a lot of domains, you don't have to configure them all manually. You can just tell Postfix that it's allowed to backup domains that have MXes on specific networks. For instance, my Postfix main.cf includes:

    smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup, reject
    permit_mx_backup_networks = 64.15.260.112/27, 282.66.92.0/22, 67.91.305.33/32

    (specific addresses changed to protect the innocent, and yes, I know that a byte can't exceed 255, that was deliberate)

    This tells Postfix to accept mail for any domain that has an MX in one of the specified networks. So whenever I add a new domain to one of my primary MX servers, I don't have to change the configuration on my backup MX servers at all.

To be is to program.

Working...