login
Search
Hi, I want to install a mailserver. What is the easiest and the most secure solution ? OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead Sendmail. Is there someone to advice me about the choice of the MTA ? Thank's.
Why do you think OpenBSD ships with (a custom and secure) sendmail by default? Do you think it is because that is the easiest and most secure option or do you think by installing postfix you'll be all secure and stuff? -- chs
I only want to know what is better (easiest way, most secure) to use. And have your advice. On Fri, 13 Aug 2010 09:04:01 +0200, Christer Solskogen
I would never use sendmail for anything halfway serious. -- Henning Brauer, hb@bsws.de, henning@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
<beavis> huh, hurr, he said qmail </beavis> -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
What are your views on qmail versus Postfix? Note that I'm *not* criticising your choice of qmail, and especially not now that it's in the public domain. I simply want to learn more about the subject. /Fredrik Henbjork
irrelevant here anyway. -- Henning Brauer, hb@bsws.de, henning@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
++ sendmail is fine if you have a few users at a relatively quiet domain, all of whom you want to have system accounts on the mailserver. smtpd does similarly but has unpredictable behavior at best. i spent many hours fiddling with smtpd until i gave up on it. postfix is great because of the virtual user support, meaning that your mail users do not require system accounts, and configurability. hosting several domains, all with separate mailboxes e.g. user@domain1.com and user@domain2.com is done pretty easily by postfix. in the instance that you need support from the postfix-users mailing list don your douchebag-proof-suit and you should be ok so long as you don't subscribe to that list. i have heard good things about qmail but never used it myself. FYI - this is a very old and contentious question - 'which mta is best?'
Qmail has worked for me for many years. We get about 50.00 smtp connections a day and do about 200K deliveries a month.
On Fri, 13 Aug 2010 12:27:56 +0200 qmail first grabbed my attention which it already had when I noticed a large defense organisation using it. I love qmail especially for it's use of the unix philosophy of many small parts and that it was built with security and simplicity in mind. It's not too easy to setup or keep track of vulnerabilities in patches, but spamcontrol at "www.fehcom.de" makes it easier to turn qmail into a fully functional and modern MTA, possibly even more functional and patched than you would desire, but still great. qmail is almost definately easier than messing with sendmails configs, ONCE the install is over with too. I don't know but believe postfix has the shallowest learning curve and has always had a good security record. Sendmail will likely make OpenBSD upgrades easier and inherits the eyes of OpenBSD developers.
On 8/13/2010 at 3:43 AM Peter Miller wrote: |> I only want to know what is better (easiest way, most secure) to use. |> And have your advice. | |He just gave it to you. sendmail. ============= My opinion, and my opinion only - if you do notd to change any of the configuration settings from the base install, then stay with sendmail. Once you need to start "getting into" the sendmail configuration files to use, for example, one transport for one domain and another transport as the default, then sendmail's configuration rapidly becomes daunting. I moved over to Postfix because of its excellent security and ease of configuration. YMMV and all that stuff.
Easiest doesn't necessarily fit with most secure ... or everyone would be using Windows and Macs? You have to understand what you are setting up, and sometimes that understanding doesn't come "easy" and security isn't a check box. What is easy for you - is it the same as what is easy for me? I started from scratch with the O'Reilly sendmail book ... It's your network, your requirements, your time. Webmail? TLS? POP? IMAP? Volume of email? Why do you think there are so many choices in open source - what one person found easy/useful/secure didn't work for someone else. sendmail, popa3d, and openwebmail have worked for /me/ for a very low volume mail server. I didn't find it that easy (but I learnt a lot on the way, it wasn't time wasted.) I don't know how secure it is. But as Christer has said, if it's in the OpenBSD base, that should mean something. As always - YMMV!
Just because it's in base doesn't mean that it's the "best" choice. After all, it *could* just mean that noone has had the time and/or energy to replace it with something "better" in base. I think few would argue that all things in base are perfect, and that there is no room for improvement. /Fredrik Henbjork, who hates Sendmail from a usability point of view.
Hmmm. Sendmail was in base and is still in the system, but was replace as the default MTA by smtpd a few release ago. So, I sure don't thin you will see smtpd being replace again by something else in base. It was already done. Check the archive. It was announced and done in 4.6 http://openbsd.org/46.html New tools: * Added smtpd(8), a new privilege-separated SMTP daemon. Are you saying you want the replacement in place now to be replace again!?!?!?...
bullshit. -- Henning Brauer, hb@bsws.de, henning@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
You are right as out of the box MTA in standard operation. I should
phase it differently. Like I said sendmail is still there. smtpd is in
base as well, but sendmail is the one in default operation. My mistake
in the details.
# man smtpd | grep appeared
The smtpd program first appeared in OpenBSD 4.6.
But bullshit it was from me. sendmail is still the default MTA yes, but
you have the choice and can use smtpd.
No. For clarification; I don't believe there is such a thing as the universal "best" MTA, since different users have different requirements. I personally like a smallish MTA, like smtpd(8), as the default MTA in base. But I also like my network servers to have been "field proven in the nasty wilderness" by others for some time before starting to use them myself in production, and smptd(8) is still a rather fresh piece of software. Were there any other reasons for writing smtpd(8), instead of just importing Postfix into base as the default MTA, besides Postfix's license? /Fredrik Henbjork, who also wonders if anyone here has any strong opinions regarding the feature set and security of the Apache in base, when compared to recent versions of (the BSD- licensed and C-based) Nginx and lighttpd?
Men, that's rather very selfish! So, you want everyone one else to do the work, but not you!? You don't want to participate in testing things and improving them, but rather, just sit back and demand that you are served on a silver plate? Or may be gold even here... Sorry if that sound ash here, but I can't believe what I read here.... It does come out that way as you put it. I hope it's not what you mean right? I must be wrong for sure... Yes, license and that's in the archive. Help yourself to the answer. Same here. It's been explore in the archive as well. Help yourself to the answer. Or is it like your first statement. You want others to do the work for you and point you to the answer? Best, Daniel
Yes, I'm "selfish" enough to want to run stable and secure software on my *production* systems. It's hard enough to find software that works really well as it is, and especially if it faces the Internet and the Bad People on it who want to exploit your systems, even if you limit yourself to "stable" releases from quality driven projects. So I prefer to do testing on designated test systems, instead of taking unnecessary risks with the production systems I'm responsible for. But I bet you're the kind of guy who gladly volunteers to put yourself and your family in a car running freshly written, and poorly tested, 0.0.0.0.0.1-alfa version brake system software to help iron out the bugs in it. Or are you also a selfish bastard, just like me? ;-D /Fredrik Henbjork
The one that you are most familiar with will always be the most secure solution. If you think choosing a particular product will ensure security you are wrong from the start. I happen to like sendmail and use it still --- James A. Peltier james_a_peltier@yahoo.ca
On 8/13/2010 at 9:04 AM Christer Solskogen wrote: |On Fri, Aug 13, 2010 at 8:55 AM, <openbsd@e-solutions.re> wrote: |> Hi, |> |> I want to install a mailserver. |> What is the easiest and the most secure solution ? |> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead |> Sendmail. |> Is there someone to advice me about the choice of the MTA ? |> | |Why do you think OpenBSD ships with (a custom and secure) sendmail by |default? ============= sendmail has an OpenBSD compatible license? :)
On Fri, 13 Aug 2010 10:55:13 +0400 "It depends" - as mentioned before, you need to specify the environment, mail volume etc. My opinion: *) Since 4.6 OpenBSD ships with its own daemon: "man smtpd". From what I remember it's not meant for production yet, but just for sending internal traffic (logs, notifications etc.) it works fine for me. *) Use qmail for large volume traffic, but be sure to read a bit about its "developer environment" before ;) *) If none of those two seem to be right for you, well, then use Postfix... regards, Robert