You are not logged in.

#1 2009-02-04 02:25:01

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

MTA solutions and the Arch Way

Schneibster started a thread before about the lack of sendmail in Arch. It had a lot of legitimate questions in it, but got off to a bad start. Schneibster and I had a good discussion over e-mail, and I decided that it would be useful to get a fresh start. The topic is going to expand out from the other. He'll be here shortly to get it rolling.

***I remind everyone that this is a new thread. Please let it start fresh***

Offline

#2 2009-02-04 03:00:05

Schneibster
Member
Registered: 2008-12-20
Posts: 32

Re: MTA solutions and the Arch Way

OK, having found out a bit of history, it's likely that at some point sendmail was in AUR but it got deleted by vandals, and the problem has been addressed and that won't be happening any more. That's important to know, because it came up in the other thread; if someone stumbles across that, we don't want them thinking it's a waste of time to contribute.

That out of the way, I've got a couple questions that I think are important about what y'all think the Arch Way should be.

Sendmail is admittedly a difficult program to configure (though using m4 macros and compiling it to the cf format makes it an awful lot easier- I can generally modify existing macros to add the stuff I want in about 10 minutes, and the build and install of the new sendmail.cf and submit.cf and alias list take under half an hour on an i686 box with 256MB memory and 66MB/s PATA disks). I see a lot about procmail searching the forum and looking at the Wiki and googling around the 'Net for "sendmail arch linux," and it almost seems as if procmail is the Arch Way, kinda sorta. Is that the consensus here? And whether the answer is "yes" or "no," what factors contribute to that consensus? And what about exim?

Here's another question. Is Arch intended to be general purpose, targeted at workstations, targeted at servers, or some fourth option I haven't mentioned? And again, what factors contribute to this consensus/perception?

And another: are there other server builders/maintainers out there who are using Arch? I absolutely don't believe I'm the first and only, this is too good a distro for that to be true, so I'm kind of expecting to hear some folks chime in and say they're using exim or procmail. The Wikipedia article on sendmail indicates that it's down from 45-odd percent to 25-odd percent on the 'Net, and the only other three that are above 10% are exim, procmail, and (ewww) M$ Exchange Server. I certainly hope we're not ceding share to M$! The idea here is to beat them and keep the 'Net more-or-less free; that's part of what Linux is all about.

So here's another question: is one or both of exim and procmail gaining share? I'm getting the sense here that procmail is becoming more popular, and I should get off my butt and start learning it, but I don't want to put the time in without a reasonable expectation of return, and I don't want to get burned later because of security problems. One thing I'll be contributing to the discussion in a little bit is the results of research into how often the procmail team is putting out new releases, how quickly security and other CERT fixes get turned around, and how inherently secure procmail is. Quick preliminary research indicates that it may be pretty secure architecturally, so I may have been dissing it on the other thread without knowing what I was talking about.

Someone mentioned sendmail in pretty deprecating fashion over on that other thread. I do this stuff for a living, and that's not something I've heard before. Civilly now, what was the reason for that? Just personal opinion, or is this something I've missed by being in the IT community and not out socializing on the 'Net? I'm honestly curious, not trolling here. What's the deal?

Thanks in advance for honest opinions and my apologies for coming off so aggressive in the OP of the previous thread.

Offline

#3 2009-02-04 03:28:31

aglarond
Member
From: Texas, USA
Registered: 2008-11-20
Posts: 129

Re: MTA solutions and the Arch Way

I personally use Postfix. Sendmail is a mess, in my opinion. It works well, but it's been hacked and slashed so much over the years, I believe the bloat hurts it, possibly by introducing unfound vulnerabilities. Postfix offers the same features (as far as I can tell), is easier to configure (I've done both) and has a smaller code base, making it far easier to audit. As far as security goes, Postfix has been heavily audited and I'm not familiar with any current vulnerabilities.

I've never configured EXIM myself, but my company uses is and it works very well. We never have any problems with it. I can't comment on the config, though.

-mS

Offline

#4 2009-02-04 03:49:35

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: MTA solutions and the Arch Way

Schneibster wrote:

Is Arch intended to be general purpose, targeted at workstations, targeted at servers, or some fourth option I haven't mentioned? And again, what factors contribute to this consensus/perception?

IMHO: the Arch base CD doesn't do a whole lot other than give you a system that you can boot to the CLI, `ls` a bunch of dirs and run pacman. It's entirely up to you what you do with Arch. The developers and community don't 'expect' you to do any one thing with it, nor 'target' it at any one use. You can install it on your desktop, laptop, server or car if you like (http://bbs.archlinux.org/viewtopic.php?id=60661)

Schneibster wrote:

And another: are there other server builders/maintainers out there who are using Arch?

Yes. I use Arch for my home File (and web, and personal IMAP, and Nagios) Server, plus on my VPS with 7 websites hosted, including e-mail for each. At the moment using qmail, but will eventually migrate to postfix because qmail on Arch is a PITA.

Schneibster wrote:

So here's another question: is one or both of exim and procmail gaining share?

Well I work for a security company who specialize in UTM devices. We have hundreds of clients worldwide, and we run qmail. (I know it's not procmail, but it's not sendmail either). We've never had a security issue due to qmail (at least none due to the software. Maybe a couple due to stupid client configuration requests "allow relay for this /20 range of public ip addresses please! yikes")

Schneibster wrote:

Someone mentioned sendmail in pretty deprecating fashion over on that other thread. I do this stuff for a living, and that's not something I've heard before. Civilly now, what was the reason for that?

As far as I'm concerned, sendmail is just a PITA to configure. Granted I've never really taken the time to bother learning more than I've needed to, but why bother when there's perfectly good other MTA's around the do the job just as well and are much easier to learn / admin? I don't think it's just me, or just Arch that is finding this... Debian comes with exim as default, I believe Ubuntu uses postfix.

Schneibster wrote:

Thanks in advance for honest opinions and my apologies for coming off so aggressive in the OP of the previous thread.

You're welcome, and apology accepted tonguecool

Last edited by fukawi2 (2009-02-04 03:51:17)

Offline

#5 2009-02-04 06:43:09

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: MTA solutions and the Arch Way

I have used postfix for a while now, both with a more classical amavisd (or amavisd-new) with clamav and spamassassin, and with MailScanner.

I have used it as a large MTA for inbound edge delivery.
I have used it as a large mail relay for a 'cloistered' network acting as send only with ip based ACLs.
I have used it as a workstation node for host relaying (but arguably the small msmtp is a better fit here).

I was forced to use exim on occasion (existing install), and it worked well enough. I found some of the rulesets for it .. unusual.

Once upon a time I fiddled with sendmail, but pretty much any server I install these days sendmail comes off, and postfix goes on.

Haven't used qmail.

All that said, if you really do want sendmail, I recommend just making a pkgbuild for it yourself (if you can't find one).

EDIT: http://rubixlinux.org/pub/rubixlinux/cu … /sendmail/
rubixlinux was based off archlinux, so the pkgbuild format is _very_ similar. You probably need to update it to work more with an arch environment, but it could be a start at least.

Last edited by cactus (2009-02-04 06:43:19)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#6 2009-02-04 06:57:27

Schneibster
Member
Registered: 2008-12-20
Posts: 32

Re: MTA solutions and the Arch Way

Please ignore my brain fart mixing procmail (an MDA) and postfix (an MTA); all them p's. tongue

Offline

#7 2009-02-04 07:03:24

Schneibster
Member
Registered: 2008-12-20
Posts: 32

Re: MTA solutions and the Arch Way

Fine, sigh, guess I'm learning postfix. I have to say I'll be happy to escape the subfolder problem in UW imapd, Dovecot's lookin' pretty good about now. See you in about a week or two.

Offline

#8 2009-02-04 22:08:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: MTA solutions and the Arch Way

Best of luck.
I had great luck with dovecot in the past as well.

Report any successes/failures/interesting-outcomes.
I would be interested to hear them.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#9 2009-02-05 00:55:23

XazZ
Member
From: Munich, Germany
Registered: 2006-12-30
Posts: 72

Re: MTA solutions and the Arch Way

evening

I'm using postfix here, combined with dovecot and spamassassin
works great here

never had any problems with that combination (well only once - it was my fault because I deleted /etc/postfix/ big_smile)

Only thing that's a bit, well, "disturbing" is that I always have to restart dovecot when it's getting updated
as soon as new packages arrive I can't use my imap mailbox anymore since logging in won't work anymore (due to the dovecot update)
but that's probably not the fault of any arch maintainer/packager/developer/you know what I mean but an upstream "problem"

Regards,
"XazZ"

Offline

#10 2009-02-06 05:01:08

Schneibster
Member
Registered: 2008-12-20
Posts: 32

Re: MTA solutions and the Arch Way

So far, so good. Dovecot is relatively easy, but I have yet to validate the config; I'm gonna try some crackers and scripts on it and see if I can violate it before I put it on the open 'Net. Haven't validated that postfix is working yet outside of the box itself; it works fine within it. I'll prolly test that over the weekend. As far as whether Dovecot works or not, I'm moving my MS Outlook emails into it slowly but surely; once that's done I'll be free of the d*** thing. Which will be nice because I can then check email from my Arch laptop instead of having to use Windoze. So even if I find a hole it was already worth doing.

Offline

#11 2009-02-09 11:09:50

bitsuid
Member
Registered: 2007-11-06
Posts: 3

Re: MTA solutions and the Arch Way

Try Courier MTA, is a complete EMAIL SERVER solution: http://wiki.archlinux.org/index.php/Courier_MTA

Regards

Offline

#12 2009-03-02 22:59:20

Schneibster
Member
Registered: 2008-12-20
Posts: 32

Re: MTA solutions and the Arch Way

It's taking an awfully long time to move all the email out of the Outlook data files; I'm finding I'm only able to move about 2k or so at a time, otherwise Outlook runs out of memory and freaks out. So I'm still working on getting everything moved over. I'll report back once I've got it all up and running.

Offline

Board footer

Powered by FluxBB