[gentoo-user] netqmail and qmail

[gentoo-user] netqmail and qmail

[Suranga Kasthuriarachchi]

[-- Attachment #1: Type: text/plain, Size: 84 bytes --]

Dear All,

Which is the best for organization mail server.

Thanks & rgds.

Suranga

[-- Attachment #2: Type: text/html, Size: 110 bytes --]

Re: [gentoo-user] netqmail and qmail

[Alexander Skwar]

Suranga Kasthuriarachchi wrote:

> Which is the best for organization mail server.

NOT qmail - too many holes and not good performancewise.
sendmail has had numerous holes "way back then". And I
dislike the configuration "language".

So, I'd suggest postfix or exim. I personally use Postfix
always. It's featureful and easy enough to configure.

Alexander Skwar
-- 
Ontogeny recapitulates phylogeny.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Michael Crute]

On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> Suranga Kasthuriarachchi wrote:
>
> > Which is the best for organization mail server.
>
> NOT qmail - too many holes and not good performancewise.
> sendmail has had numerous holes "way back then". And I
> dislike the configuration "language".
>
> So, I'd suggest postfix or exim. I personally use Postfix
> always. It's featureful and easy enough to configure.

I would beg to differ with the statement about security. Qmail is
arguably THE MOST secure mail server
(http://cr.yp.to/qmail/guarantee.html).

That said, I use postfix and love it.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Ronald Vincent Vazquez]

On Mon, July 31, 2006 8:28 am, Alexander Skwar wrote:
> Suranga Kasthuriarachchi wrote:
>
>> Which is the best for organization mail server.
>
> NOT qmail - too many holes and not good performancewise.
> sendmail has had numerous holes "way back then". And I
> dislike the configuration "language".
>
> So, I'd suggest postfix or exim. I personally use Postfix
> always. It's featureful and easy enough to configure.
>
> Alexander Skwar
> --
> Ontogeny recapitulates phylogeny.
> --
> gentoo-user@gentoo.org mailing list
>

Alexander:

Would you care to share the known holes on qmail?  As I have read, the
qmail community regards qmail as the *most* secure email server available.

Thanks in advance,

/////////////////////////////////////////////////
Ronald Vincent Vazquez
Senior Unix Systems Administrator
Senior Network Manager
Christ Tabernacle Church Ministries
http://www.ctcministries.org
(301) 540-9394 Home
(240) 401-9192 Cell

For web hosting solutions, please visit:
http://www.spherenix.com/

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Jonathan Wright]

Michael Crute wrote:
> I would beg to differ with the statement about security. Qmail is
> arguably THE MOST secure mail server
> (http://cr.yp.to/qmail/guarantee.html).

It may be 'secure' from that respect, but not from any other. In it's 
default settings, it's far too accepting and is a pain to close down.

It uses non-standard locations and configuration, and is popular with 
Spammers as they can use it 'bounce' spam onto third parties by send 
mail (via the server) to the server with an invalid delivery address and 
the destination as the recipient.

It also find it generally flaky when running and a poor performer (I 
love it when it decides to restart itself, but fails because the old 
process hasn't shutdown quick enough and stops the new process form 
running).

> That said, I use postfix and love it.

Same here - it's so easy and straight forward to configure, stable (I've 
had it running for months without even having to think about it) and 
good support for newer technologies (such as RBL, MAPS, SPF and 
Greylisting).

qmail doesn't support any of them by standard - to use it, you must 
either find a binary that supports it (via binary distributions, or 
compile them in yourself).

Plus, IIRC, there's no active development in qmail.


-- 
  Jonathan Wright
   ~ mail@djnauk.co.uk
   ~ www.djnauk.co.uk
--
  2.6.17-gentoo-r3-djnauk-b1 AMD Athlon(tm) XP 2100+
  up 21:58, 0 users, load average: 0.16, 0.41, 0.49
--
  cat /dev/random (because u never know, u may see something u like)
--
  "Some see the move as an attempt to  preserve  traditional  values,
  while others see it as a cynical ploy to ensure that Vice President
  Dick Cheney will never have to pay for his gay daughter's wedding."

~ Jon Stewart, on President Bush's proposal for a constitutional 
amendment to ban gay marriage
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Alexander Skwar]

Michael Crute wrote:
> On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
>> Suranga Kasthuriarachchi wrote:

>> > Which is the best for organization mail server.
>>
>> NOT qmail - too many holes and not good performancewise.

> I would beg to differ with the statement about security. Qmail is
> arguably THE MOST secure mail server
> (http://cr.yp.to/qmail/guarantee.html).

Actually, it is NOT. DJB made this statement but he doesn't
stand to it. See http://home.pages.de/~mandree/qmail-bugs.html
for a quite big collection of bugs and RFC violations of qmail.

To quote from that page:

| The security guarantee is a smoke ball. Several people, among
| them Wietse Venema and Georgi Guninski, have documented exploitable
| qmail security bugs, yet the USD 500 have never been paid to either
| of them.

Bye,

Alexander Skwar
-- 
"I'm in Pittsburgh.  Why am I here?"
		-- Harold Urey, Nobel Laureate
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Michael Crute]

On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> Michael Crute wrote:
> > On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> >> Suranga Kasthuriarachchi wrote:
>
> >> > Which is the best for organization mail server.
> >>
> >> NOT qmail - too many holes and not good performancewise.
>
> > I would beg to differ with the statement about security. Qmail is
> > arguably THE MOST secure mail server
> > (http://cr.yp.to/qmail/guarantee.html).
>
> Actually, it is NOT. DJB made this statement but he doesn't
> stand to it. See http://home.pages.de/~mandree/qmail-bugs.html
> for a quite big collection of bugs and RFC violations of qmail.
>
> To quote from that page:


I'm not here to start a war over the merits of any one MTA... but I
think it's worth reading DJBs rebuttal of the accusations made by
Postfix's author.

http://cr.yp.to/qmail/venema.html

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[kashani]

Alexander Skwar wrote:
> Suranga Kasthuriarachchi wrote:
> 
>> Which is the best for organization mail server.
> 
> NOT qmail - too many holes and not good performancewise.


Some clarification on the security of qmail:

	qmail has no known holes be default other than still playing the MTA 
game by 1998 rules which is are problems and almost as annoying as 
security issues. Patches like 0.0.0.0, limit-bounce size, etc solve most 
of those. It also has very few features which is sort of the root of the 
problem. In order to get features (and performance) you have to patch 
the hell out of qmail which is of course no longer the secure default 
build. The 1.0.3-r16 ebuild has 29 possible patches. It's through the 
patches that security problems are likely to be introduced, but IIRC 
there has one been one or two that have been found at least in mature 
non bleeding edges patches.

and then on performance:

	qmail can be made to perform, but you have to add the performance 
patches (qmailqueue, big-todo, big-concurrency) and do much more tuning 
that you'd need to do with any other mail servers. However the one mail 
per TCP session is one thing you can't get around and will limit the 
speed of large installations. Most home user or small business users 
won't run into that.

Or you can install Postfix/Sendmail/Exim which have had actual 
development over the last eight years.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Alexander Skwar]

Michael Crute schrieb:
> On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
>> Michael Crute wrote:
>> > On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
>> >> Suranga Kasthuriarachchi wrote:
>>
>> >> > Which is the best for organization mail server.
>> >>
>> >> NOT qmail - too many holes and not good performancewise.
>>
>> > I would beg to differ with the statement about security. Qmail is
>> > arguably THE MOST secure mail server
>> > (http://cr.yp.to/qmail/guarantee.html).
>>
>> Actually, it is NOT. DJB made this statement but he doesn't
>> stand to it. See http://home.pages.de/~mandree/qmail-bugs.html
>> for a quite big collection of bugs and RFC violations of qmail.
>>
>> To quote from that page:
> 
> 
> I'm not here to start a war over the merits of any one MTA... but I
> think it's worth reading DJBs rebuttal of the accusations made by
> Postfix's author.

Well, that page that I quoted from is NOT from the Postfix
author. It's from somebody else. Also, the page you mentioned
is from no later than 1998, it seems. My page was from 2006 (!),
so it really seems as if nothing has been changed in qmail in
8 years! Not really convincing, if you ask me. Finally, the
500$ offer isn't worth anything, as it's not awarded, although
it should've been.

And in closing, I'd like to just add, that the personality of
DJB also doesn't make qmail or his software favorable to me.

Anyway - I stand to what I wrote. I'd suggest any MTA, *BESIDES*
qmail and sendmail. qmail, as it's too buggy, too few features
and too "complicated". sendmail, as the configuration is a nightmare
(compared to easier systems available nowadays).

Alexander Skwar
-- 
   "Professional certification for car people may sound like an
   oxymoron." -The Wall Street Journal, page B1, Tuesday, July 17,
   1990.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Michael Crute]

On 7/31/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> > I'm not here to start a war over the merits of any one MTA... but I
> > think it's worth reading DJBs rebuttal of the accusations made by
> > Postfix's author.
>
> Well, that page that I quoted from is NOT from the Postfix
> author. It's from somebody else. Also, the page you mentioned
> is from no later than 1998, it seems. My page was from 2006 (!),
> so it really seems as if nothing has been changed in qmail in
> 8 years! Not really convincing, if you ask me. Finally, the
> 500$ offer isn't worth anything, as it's not awarded, although
> it should've been.
>
> And in closing, I'd like to just add, that the personality of
> DJB also doesn't make qmail or his software favorable to me.
>
> Anyway - I stand to what I wrote. I'd suggest any MTA, *BESIDES*
> qmail and sendmail. qmail, as it's too buggy, too few features
> and too "complicated". sendmail, as the configuration is a nightmare
> (compared to easier systems available nowadays).

Anyhow, now the OP can make a semi-informed decision. As previously
stated I would recommend Postfix.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] netqmail and qmail

[Bryan Whitehead]

> Anyway - I stand to what I wrote. I'd suggest any MTA, *BESIDES*
> qmail and sendmail. qmail, as it's too buggy, too few features
> and too "complicated". sendmail, as the configuration is a nightmare
> (compared to easier systems available nowadays).

I object to this statement. Sendmail is a solid MTA. Calling it as bad as 
qmail is just going to far... I've maintained some pretty large sendmail 
systems without a problem.

That said - I now use postfix if given a choice.

-- 
Bryan Whitehead
Email:driver@megahappy.net
-- 
gentoo-user@gentoo.org mailing list