on Sat, May 01, 2021 at 03:18:49AM +0000, MRob via mailop wrote: > Can I ask what are mailop's opinions about Exim? Thanks you!
I'm a dinosaur who at one point had 15K lines of custom m4 code in my sendmail setup (I removed a few thousand a few years back for various reasons), and am still running it because it Just Works, so take any of this with a massive grain of salt, but I've also looked at some 97%+ of IPv4 and can tell you that AFAICT the only people actually running Exim are on cPanel shared webhosting servers, and the folks who wrote it in the first place at Cambridge. This despite claims that it's the most popular MTA on the Internet with a 60% market share[1]. This is not to denigrate Exim, just to suggest that its userbase probably isn't even really aware that they're running Exim and configures what they need to configure via some Web hosting management console. Postfix in my experience is solid, and has lots of knobs to tweak, but if you need something special, such as say, blocking mail from the idiot with infinite Gmail accounts having common Vietnamese surnames in them who keeps trying to sell t-shirts to your role accounts, you're out of luck. I know, you can write a policy daemon, but I haven't had much luck with that, for various performance-based reasons which may no longer be applicable many years on. (I ran Postfix for a year as a trial and had a lukewarm response to it.) For context, I run a project called Enemieslist which has reduced the PTR naming conventions for much of IPv4 down to regular expressions with classifications of assignment type (static, dynamic) and other special subclasses like NATs, resnets, shared and dedicated webhosts, etc. The idea being that you ought to be able to set policy regarding where you're blocking or accepting and/or quarantining mail from based on such factors, though it's been applied in a wider variety of ways than we first imagined, it's the darling of big data scientists. We made the dataset queriable via a patch to rbldnsd over fifteen years ago, and our original users wanted to include checks against the mirrors in their MTAs, which included Exim, Postfix, qpsmtpd, ecelerity, and obviously sendmail, as well as SpamAssassin. Vincent wrote some custom code to integrate into Cloudmark as well. So we have some old contrib policy daemons for postfix, config info for Exim, an SA plugin, and various other forms of custom integration. The common aspect to all was that they could query our DNSBL with the PTR of the connecting host and then implement some policy based on the result (eg, block dynamic, quarantine generic static, etc.) Exim could do this via configuration; Postfix required a policy daemon, the others required custom plugins or modules or as with sendmail, custom rulesets. Of the 149424 patterns we have for known outbound mail servers and server farms, only 4003 are known to run Exim. Of the 68266 shared webhost patterns, 21260 run cPanel and therefore are also running Exim by default. Postfix is on at least 17395 of those surveyed, by comparison. These are based on banner scans, which you can obviously configure to obscure the software make and model but that's a baseline for you. I'd say go with whatever MTA has the most active development and support community, if you don't already have a lot invested in customization and configuration of your current MTA. We did a banner survey of the edu space some fifteen years ago and found that a ridiculous proportion of them were running Barracuda boxes, like 80% or so, but this was back when you couldn't walk through an airport without seeing a Barracuda advertisement on the wall; I suspect things have changed since then. Proofpoint seems to have surged ahead. I know that sendmail rulesets have been compared to modem line noise and Mr. Dithers' cursing, and can attest to the fact that writing them is far more satisfying than reading them, but you have almost infinite customization capacity if you can stand it. I once mentioned to a friend (who used to write for sendmail.net when that was a thing) that you could probably fit all of the people with as much experience writing sendmail rulesets as I had into a Volvo station wagon, and his reply was "you could fit more if you pulped them first", so don't take this as a recommendation for sendmail; I'll eventually have to give up on it and surrender to whatever the vox populi says I need to use. As for Haraka, I haven't followed it closely but know Matt to be a solid coder; the impression I got when he was writing it was that it was on a lark to see if he could write an RFC-compliant SMTP server in Javascript. I think the quote was "that's why there are weekends". Having written a lot of JS code over the years, including an entire library and book on how to use it to produce Web-based GUIs, I was amazed that it actually worked. I've only ever seen 11 hosts that were actually running it. HTH, Steve [1] http://www.securityspace.com/s_survey/data/man.202102/mxsurvey.html -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop