From owner-freebsd-questions@FreeBSD.ORG Tue Jun 22 14:37:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8352116A4CE for ; Tue, 22 Jun 2004 14:37:53 +0000 (GMT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E69B43D2F for ; Tue, 22 Jun 2004 14:37:53 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.10/8.12.10) id i5MEbP57026678; Tue, 22 Jun 2004 09:37:25 -0500 (CDT) (envelope-from dan) Date: Tue, 22 Jun 2004 09:37:25 -0500 From: Dan Nelson To: Andy Holyer Message-ID: <20040622143724.GE86471@dan.emsphone.com> References: <200406181113.i5IBDh1E035926@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 5.2-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.6i cc: Martin McCormick cc: freebsd-questions@freebsd.org Subject: Re: Sendmail for Large Sites X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2004 14:37:53 -0000 In the last episode (Jun 22), Andy Holyer said: > The advantages of Postfix are as follows: Just a comment on some of these. Postfix is a fine mailer, but some of your reasoning against sendmail is inaccurate. > 1) It's not sendmail - it acts identically, but shares no code, so > it's immune to the sendmail exploits which sometimes appear in the > cracker communtiy (rather like my iBook accepts viruses, and then > watches as they fail to execute, being written for the wrong OS and > processor) Note that there were two vulnerabilities found in Postfix 1.1.13 in 2003. Both sendmail and postfix run in non-root, optionally chrooted environments so exploits should never cause any more damage than a DoS. > 2) Sendmail is written as a single monolithic program, so each > executable sendmail uses a big chunk of memory to operate. Postfix is > written as a network of small programs each of which does a single > thing. This has a number of advantages: different components can be > reinforced as need be to respond to minute-to-minute changes in load; > the overally impact on system resources is smaller; and it's easier > to spread processing power over multiple threads, processors and even > hosts. Also if the spooler falls over the rest of the system carries > on, so you don't have a total panic. Sendmail is a forking system like Apache 1, and most of the process space is shared between processes. They balance across multiple CPUs just fine. Email systems are more I/O than CPU bound, though (spam filtering is a different story and on a busy system may be on a separate cluster of machines). And what email system do you know of that panics the system if it crashes? This is just FUD. > 3) Sendmail's configuration file is written in an obscure style which > has sent many brave souls to their deaths (recent versions are > improved, but still AFAIK far from crystal clear. Postfix's > configuration files are huge, but you colud at least read them out > loud and they'd make some form of sense. Sendmail's .mc files are readable as well. You could edit the raw .cf files, just like you could write programs in assember, but most people use a higher-level language. -- Dan Nelson dnelson@allantgroup.com