[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VMailer/postfix: Am I really the only one ?
Hi,
On Wed, 3 Feb 1999, Amos Shapira wrote:
> Can you tell us what are your (or others) experience with it so far?
> What MTA did you switch from (I'm particularly interested in Qmail,
> but any comparision is interesting) and how does it compare to it in
> terms of speed, reliability, security, configurability (virtual hosts,
> virtual users, mail hubbing, relaying, whatever...), convenience?
I switched from sendmail. I am running qmail on our loaded servers (in
terms of messages), but I tried installing postfix to see what happens.
First, about security. If you've been following BUGTRAQ (with Dan
Brenstein and Wietse Venema throwing mud at each other), you could figure
both have security issues, some are pressing, some are not. All in all,
(and this is a personal POV, so skip the flames) qmail seems like a more
secure MTA than postfix is.
qmail has been around for a very long time and no serious (compromising)
bug has been found. I can't say the same for Postfix simply because of the
short time it's in use. Postfix has a world writable mail-drop directory
which is the essence of all its denial of service attacks. One such attack
that can be used is making hard links to files in queue (which have almost
no random bits in filename), thus delaying mail delivery, perhaps
indefinitely.
Postfix was once a muddy, big chunk of code running set-uid root, quite
like sendmail, but that was changed after a while, I'm not sure in what
fasion exactly. qmail, on the other hand, is using set-uid code only when
absolutely needed (dropping the message in a user's mailbox) and all other
code is run as 5 dedicated users & in 2 dedicated groups, all in the name
of security.
About performance, qmail eats Postfix for breakfast, period. I've timed
(yes, timed, with a stopwatch) 100,000 deliveries, both local and remote.
qmail did these 700% and 180% faster, respectively.
Reliablity - I've never had a problem with qmail. I had a minor thing with
a load it caused by causing syslogd to sync() after every log write, but
that can be fixed within 10 seconds. Postfix behaved well, too, but I've
been using it for a relatively short time and in a relatively cozy
environment. It once went zombie on me, but I think it was me who did it.
As for features (relaying, hubbing, RBLs, virtual anythings etc) - they're
both rather equal in feature. sort of. I confess, sendmail is easier to
upgrade to Postfix than qmail. I prefer the qmail way of configuration,
keeping things in easy-to-remember (well, for me it's easy) files. Postfix
has a main.cf file, which has a similar syntax to sendmail. Creating
user-level mailing list and user-extension@host (a la qmail) are things I
find very convenient to use (more than procmail, anyway).
If you're upgrading a complex system which had sendmail on it, listservs,
majordomos etc, and you don't have the time to configure qmail against all
these, then go for Postfix. But I highly recommend to try qmail. It's a
very efficient, very convenient MTA, that never failed me in the last 4
years.
BTW - there's a reward on qmail's head since mid-1995, I think. $3000 for
the person who can find a bug that causes more than simple denial of
service. No one found any yet, and qmail traveled 3 versions since
created: 1.0, 1.01, 1.02, 1.03. All changes are minor bug fixes. Postfix
had a major change in queue structure a week after public release. You be
the judge.
Legal stuff: I am biased. You can guess which side I am on.
Shachar Tal
-------------
finger me for contact info or PGP key.