Re: a couple of postfix questions
Greetings! On Wed, 8 Dec 2004 14:25:05 +1100 Craig Sanders <[EMAIL PROTECTED]> wrote: > if you ignore really stupid annoyances like the fact that it can't > reject a message at the SMTP level, it *always* accepts and then > bounces it". Current mailstats on my private server (postfix) tell me: Connections total: 7616 User unknown: 1260 RBL-blocked: 1158 other blocked: 700 locally delivered: 692 So 50% of all connections break down (probably portscans) before any SMTP dialogue. Of the remaining other half, I'm blocking 78% due to RBL, user unknown or invalid mail protocol - so very early in SMTP dialogue. If those were accepted (i.e. stored and sent back) I'l fill my postmaster box logs with bounces of those bounces (as they usually use fake sender addresses) in no time. So rejecting already before DATA statement is a *very* good idea. Bye Volker Tanger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
also sprach Craig Sanders <[EMAIL PROTECTED]> [2004.12.08.0425 +0100]: > yes, but it's generally better to pick a good horse rather than > a three-legged, half-blind bad-tempered mule that is well past > retirement age. rofl! -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: a couple of postfix questions
On Wednesday 08 December 2004 19:18, "W.D.McKinney" <[EMAIL PROTECTED]> wrote: > > Qmail is not in Debian. Even the qmail-src package is no longer in > > Debian. This makes it significantly more difficult to manage Qmail Debian > > servers. > > Well if you don't like compiling from src, then head to > http://smarden.org/pape/Debian/ It would be good if he could revive the qmail-src package in non-free. Having lots of apt repositories listed in your server's configuration is not really what you want. > > If you want a reliable server then it's a really good idea to stick with > > software that's in the distribution whenever possible. Preferrably use > > one of the more common options too. Postfix and Exim are both commonly > > used in Debian, it's most likely that someone else will encounter bugs > > before you do and they will be fixed before you upgrade. > > Hey, Adam is one of the best guys working with Debian. See > http://www.linuxis.net for his personal biz. Heavy into qmail. > He originally helped me get going. Who is Adam? Is he a DD? If so then why doesn't he revive qmail-src? > > > "Bloated" means overweight, non essential and not availble to chuck out > > > the window up here. > > > > The way Debian generally works is that all the most commonly used > > features are compiled in. This means that the vast majority of users can > > use binary packages. Significant advantages are derived from this, there > > are situations where minor changes in code (optimisation changes etc) can > > cause programs to break. Using the same binaries as a million other > > people reduces the chance that you will be the one to first encounter a > > bug. > > Yes, I understand but thanks. Typically this is a big help. If you understand then why are you so desperate to chuck out features at the cost of using a less common system? > > > "Rock Solid" means it's been so long long since we needed to make a > > > change, it's easy to forget how. > > > > That's because changing Qmail is a PITA. > > So we didn't change, it just keeps purring. Unless you want to have mail to unknown recipients be rejected at the SMTP level or one of the other features that are missing from Qmail. Also if you develop a patch for Qmail then there's no chance of Dan accepting it... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Wed, 2004-12-08 at 19:06 +1100, Russell Coker wrote: > On Wednesday 08 December 2004 14:35, "W.D.McKinney" <[EMAIL PROTECTED]> > wrote: > > Hmm, meaning Hotmail, Yahoo and others run three legged mules ? :-) > > It's just a pity that hotmail and yahoo have so many users that it's > inconvenient to block them entirely. Hi Russell, Good to hear from you. We run Barracuda Spam Firewalls also, so no worries. > > > No worries, this list is about Debian and we really like Debian. Not > > married to any MTA, just need some. > > Qmail is not in Debian. Even the qmail-src package is no longer in Debian. > This makes it significantly more difficult to manage Qmail Debian servers. > Well if you don't like compiling from src, then head to http://smarden.org/pape/Debian/ > If you want a reliable server then it's a really good idea to stick with > software that's in the distribution whenever possible. Preferrably use one > of the more common options too. Postfix and Exim are both commonly used in > Debian, it's most likely that someone else will encounter bugs before you do > and they will be fixed before you upgrade. > Hey, Adam is one of the best guys working with Debian. See http://www.linuxis.net for his personal biz. Heavy into qmail. He originally helped me get going. > > "Bloated" means overweight, non essential and not availble to chuck out > > the window up here. > > The way Debian generally works is that all the most commonly used features > are > compiled in. This means that the vast majority of users can use binary > packages. Significant advantages are derived from this, there are situations > where minor changes in code (optimisation changes etc) can cause programs to > break. Using the same binaries as a million other people reduces the chance > that you will be the one to first encounter a bug. > Yes, I understand but thanks. Typically this is a big help. > Gentoo users like compiling everything specific to each installation. They > might get a few percent performance increase (but this is not guaranteed), > but they will definitely have more problems with reliability. > I wholeheartedly agree and stay away from Gentoo personally. > > "Rock Solid" means it's been so long long since we needed to make a > > change, it's easy to forget how. > > That's because changing Qmail is a PITA. So we didn't change, it just keeps purring. I'll go ahead and give Postfix/Exim4 another whirl though. Cheers, Dee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Wednesday 08 December 2004 14:35, "W.D.McKinney" <[EMAIL PROTECTED]> wrote: > Hmm, meaning Hotmail, Yahoo and others run three legged mules ? :-) It's just a pity that hotmail and yahoo have so many users that it's inconvenient to block them entirely. > No worries, this list is about Debian and we really like Debian. Not > married to any MTA, just need some. Qmail is not in Debian. Even the qmail-src package is no longer in Debian. This makes it significantly more difficult to manage Qmail Debian servers. If you want a reliable server then it's a really good idea to stick with software that's in the distribution whenever possible. Preferrably use one of the more common options too. Postfix and Exim are both commonly used in Debian, it's most likely that someone else will encounter bugs before you do and they will be fixed before you upgrade. > "Bloated" means overweight, non essential and not availble to chuck out > the window up here. The way Debian generally works is that all the most commonly used features are compiled in. This means that the vast majority of users can use binary packages. Significant advantages are derived from this, there are situations where minor changes in code (optimisation changes etc) can cause programs to break. Using the same binaries as a million other people reduces the chance that you will be the one to first encounter a bug. Gentoo users like compiling everything specific to each installation. They might get a few percent performance increase (but this is not guaranteed), but they will definitely have more problems with reliability. > "Rock Solid" means it's been so long long since we needed to make a > change, it's easy to forget how. That's because changing Qmail is a PITA. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Tue, Dec 07, 2004 at 06:35:47PM -0900, W.D.McKinney wrote: > > > To each his own though and as I always say, pick a horse and learn to > > > ride. :-) > > > > yes, but it's generally better to pick a good horse rather than a > > three-legged, > > half-blind bad-tempered mule that is well past retirement age. > > > > craig > > Hmm, meaning Hotmail, Yahoo and others run three legged mules ? :-) yes. the fact that some large sites run a particular piece of software isn't terribly significant. huge companies like Microsoft run Windows, but that doesn't in any way mean that Windows isn't a huge steaming POS. and many large mail sites still use sendmail. ditto. they either don't know any better or it would take too much effort and/or cause too many problems to change that it's not worth it. > "Bloated" means overweight, non essential and not availble to chuck out > the window up here. it's stretching the imagination way beyond credibility to call postfix in any way "bloated". even with all the extra features (many of which are *essential* these days), postfix still out-performs qmail in every way. in fact, some of the extra features help it to outperform qmail. > "Rock Solid" means it's been so long long since we needed to make a > change, it's easy to forget how. the fact that a) qmail makes it hard to make changes, and b) qmail doesn't even support many of the things required in a modern MTA, means that you have no choice but to ignore important things like backscatter and recipient validation. that's not a feature, that's a bug. that doesn't mean you *SHOULD* ignore them, it means that the software you choose to use makes it impossible to do anything about them. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Wed, 2004-12-08 at 14:25 +1100, Craig Sanders wrote: > On Tue, Dec 07, 2004 at 06:13:58PM -0900, W.D.McKinney wrote: > > On Wed, 2004-12-08 at 08:14 +1100, Craig Sanders wrote: > > > migrating to/from qmail is always a PITA. aside from being ancient (and > > > thus > > > not keeping up with current mail practices, especially spammers and > > > viruses), > > > the main problem with qmail is that it is a dead-end trap.it makes no > > > attempt at backwards/forwards- compatibility with other MTAs, so any > > > migration > > > basically involves re-doing everything from scratch. you won't be able to > > > re-use map files (like /etc/aliases) or make the fairly trivial > > > transformations > > > to convert them, e.g., a sendmail mailertable to a postfix transport > > > table. > > > > Wow Craig, > > > > We moved over from the bloated Postfix box to a lean mean qmail install, > > been rock solid since. > > you obviously speak a different language, with strange and bizarre definitions > for common words & phrases like "bloated" and "rock solid". > > trying to interpret here, "bloated" must mean something like "has essential > features", and "rock solid" probably means "reasonably solid if you ignore > really stupid annoyances like the fact that it can't reject a message at the > SMTP level, it *always* accepts and then bounces it". > > > To each his own though and as I always say, pick a horse and learn to > > ride. :-) > > yes, but it's generally better to pick a good horse rather than a > three-legged, > half-blind bad-tempered mule that is well past retirement age. > > craig Hmm, meaning Hotmail, Yahoo and others run three legged mules ? :-) No worries, this list is about Debian and we really like Debian. Not married to any MTA, just need some. "Bloated" means overweight, non essential and not availble to chuck out the window up here. "Rock Solid" means it's been so long long since we needed to make a change, it's easy to forget how. Cheers, -Dee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Tue, Dec 07, 2004 at 06:13:58PM -0900, W.D.McKinney wrote: > On Wed, 2004-12-08 at 08:14 +1100, Craig Sanders wrote: > > migrating to/from qmail is always a PITA. aside from being ancient (and > > thus > > not keeping up with current mail practices, especially spammers and > > viruses), > > the main problem with qmail is that it is a dead-end trap.it makes no > > attempt at backwards/forwards- compatibility with other MTAs, so any > > migration > > basically involves re-doing everything from scratch. you won't be able to > > re-use map files (like /etc/aliases) or make the fairly trivial > > transformations > > to convert them, e.g., a sendmail mailertable to a postfix transport table. > > Wow Craig, > > We moved over from the bloated Postfix box to a lean mean qmail install, > been rock solid since. you obviously speak a different language, with strange and bizarre definitions for common words & phrases like "bloated" and "rock solid". trying to interpret here, "bloated" must mean something like "has essential features", and "rock solid" probably means "reasonably solid if you ignore really stupid annoyances like the fact that it can't reject a message at the SMTP level, it *always* accepts and then bounces it". > To each his own though and as I always say, pick a horse and learn to > ride. :-) yes, but it's generally better to pick a good horse rather than a three-legged, half-blind bad-tempered mule that is well past retirement age. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Wed, 2004-12-08 at 08:14 +1100, Craig Sanders wrote: > recipients on the RHS. > > migrating to/from qmail is always a PITA. aside from being ancient (and thus > not keeping up with current mail practices, especially spammers and viruses), > the main problem with qmail is that it is a dead-end trap.it makes no > attempt at backwards/forwards- compatibility with other MTAs, so any migration > basically involves re-doing everything from scratch. you won't be able to > re-use map files (like /etc/aliases) or make the fairly trivial > transformations > to convert them, e.g., a sendmail mailertable to a postfix transport table. > Wow Craig, We moved over from the bloated Postfix box to a lean mean qmail install, been rock solid since. To each his own though and as I always say, pick a horse and learn to ride. :-) Just stick with Debian though ! -Dee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
On Tue, Dec 07, 2004 at 03:57:30PM -0500, Stephen Gran wrote: > I think that I would like to migrate to all exim4 and postfix (I would > basically like to dump the sendmail and qmail systems). good choices. > The things that are vitally important are the ability to reject at smtp > time for invalid localparts and for viruses - I believe that postfix (at > least in recent versions) can do this, but I am just not sure. I do not postfix can. in fact, it does it by default. you can also configure it with a relay_recipient map to reject at stmp level for unknown users in relay domain as well as local domains (by listing all the valid users in the relay_recipient map)particularly useful for backup MX machines and gateway boxes that forward to an internal/firewalled mail server. > I guess what I am asking for is people's experiences migrating existing > (especially sendmail) systems to postfix, and how easy it is to tie other > things into it, especially at smtp time. We're talking about migrating migrating from sendmail to postfix is easy. in fact, migrating between sendmail, postfix, exim, smail and most other MTAs except qmail is fairly straight-forward - as long as you plan out what you're going to do in advance and follow the plan, you're unlikely to run into any problems. they're all similar enough that you can even re-use some of the map files, although some require minor transformations. e.g. sendmail and postfix virtual user tables are almost identical, except that postfix's virtual table allows multiple recipients on the RHS. migrating to/from qmail is always a PITA. aside from being ancient (and thus not keeping up with current mail practices, especially spammers and viruses), the main problem with qmail is that it is a dead-end trap.it makes no attempt at backwards/forwards- compatibility with other MTAs, so any migration basically involves re-doing everything from scratch. you won't be able to re-use map files (like /etc/aliases) or make the fairly trivial transformations to convert them, e.g., a sendmail mailertable to a postfix transport table. > Thanks for any pointers to docs, experiences, or anything else. Martin > and Craig - I know you two in particular are both big advocates of > postfix, so I guess I am partly addressing this to you two, although > feel no obligation to give free tech support :) well, if you've read the archives, you've already seen my reasons for preferring postfix, so i won't repeat them here. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: a couple of postfix questions
also sprach Stephen Gran <[EMAIL PROTECTED]> [2004.12.07.2157 +0100]: > The things that are vitally important are the ability to reject at smtp > time for invalid localparts http://www.postfix.org/LOCAL_RECIPIENT_README.html > and for viruses - I believe that postfix (at least in recent > versions) can do this, but I am just not sure. I do not want to > have to rely on something like amavis + a seperate listener to do > content scanning, postfix is a MTA not a content scanner. you will need to use something like amavisd, but you *can* make postfix refuse a message if the content scanner refuses it. i don't, so i don't have it handy. > I guess what I am asking for is people's experiences migrating > existing (especially sendmail) systems to postfix, and how easy it > is to tie other things into it, especially at smtp time. there is nothing you would want from an MTA which postfix cannot do. it all depends on your requirements. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature