MTA comparison (postfix, exim4, ...) - Debian

This is a discussion on MTA comparison (postfix, exim4, ...) - Debian ; Hi, After seeing recent post(*) on the default MTA issue, I did some research and experiment on MTAs. They are summarized at: http://wiki.debian.org/DefaultMTA Also good review was found at: http://shearer.org/MTA_Comparison Although both exim4 and postfix daemons are negligibly small ones ...

+ Reply to Thread
Results 1 to 16 of 16

Thread: MTA comparison (postfix, exim4, ...)

  1. MTA comparison (postfix, exim4, ...)

    Hi,

    After seeing recent post(*) on the default MTA issue, I did some
    research and experiment on MTAs. They are summarized at:

    http://wiki.debian.org/DefaultMTA

    Also good review was found at: http://shearer.org/MTA_Comparison

    Although both exim4 and postfix daemons are negligibly small ones on
    a desktop machine, exim4 one was a bit smaller on memory.

    So far, I did not see strong reason to switch to postfix here but I am
    runing it anyway now.

    Osamu

    (*) http://lists.debian.org/debian-devel.../msg00717.html


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: MTA comparison (postfix, exim4, ...)

    Osamu Aoki wrote:
    > After seeing recent post(*) on the default MTA issue, I did some
    > research and experiment on MTAs. They are summarized at:
    > http://wiki.debian.org/DefaultMTA


    Although I am identified as running Postfix there, that was installed
    as a test a while ago. Most of my upstream servers (including those
    which I control) run Exim and I will probably switch nail back to Exim
    on next upgrade. There are problems with Postfix that I just haven't
    figured out and cause me problems:

    1. it doesn't seem to have as many anti-spam possibilities as Exim -
    there's postgrey for greylisting, but how can I tarpit RBL matches and
    other offences?

    2. when an email that I'm forwarding (due to /etc/aliases or a
    ..forward or whatever) comes in, can I start trying to send it straight
    out and SMTP-reject it if the remote host doesn't want it? My only
    production postfix server generates some blowback from joe-jobs if
    users forward mail to a more restrictive host, which I think is a
    serious problem.

    I'd love to know if the above are solved problems whose solutions I've
    not found. Otherwise, you may want to discount my appearance on
    http://wiki.debian.org/DefaultMTA as that Postfix won't last.

    Best wishes,
    --
    MJ Ray http://mjr.towers.org.uk/email.html tel:+44-844-4437-237 -
    Webmaster-developer, statistician, sysadmin, online shop builder,
    consumer and workers co-operative member http://www.ttllp.co.uk/ -
    Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: MTA comparison (postfix, exim4, ...)

    Just to be sure...

    I am running postfix now just to find out the same questions you have...

    I see no practical reason to run postfix on desktop machine now except
    if postfix is something you are very familiar with... As you mght have
    expected, Manoj who is one of the best DD and wants to package
    everything without debhelper seems to be running sendmail on his desktop
    machine. I am not taking this data to say we should follow him. This
    data was meant to give some objective status view.

    Just because popcon says exim4 is the one everyone running, it is not
    the whole truth. That is the context of my survay.

    Instead of removing data on you, it may be interesting to edit the
    following text to provide information on you and also add section on why
    you think exim is better as note on wiki.


    Please edit text as you wish... and correct English of mine :-)

    Let me comment on your comment as below....
    On Fri, Nov 16, 2007 at 10:36:06AM +0000, MJ Ray wrote:
    > Osamu Aoki wrote:
    > > After seeing recent post(*) on the default MTA issue, I did some
    > > research and experiment on MTAs. They are summarized at:
    > > http://wiki.debian.org/DefaultMTA

    >
    > Although I am identified as running Postfix there, that was installed
    > as a test a while ago. Most of my upstream servers (including those
    > which I control) run Exim and I will probably switch nail back to Exim
    > on next upgrade. There are problems with Postfix that I just haven't
    > figured out and cause me problems:


    Me too.

    > 1. it doesn't seem to have as many anti-spam possibilities as Exim -
    > there's postgrey for greylisting, but how can I tarpit RBL matches and
    > other offences?
    >
    > 2. when an email that I'm forwarding (due to /etc/aliases or a
    > .forward or whatever) comes in, can I start trying to send it straight
    > out and SMTP-reject it if the remote host doesn't want it? My only
    > production postfix server generates some blowback from joe-jobs if
    > users forward mail to a more restrictive host, which I think is a
    > serious problem.
    >
    > I'd love to know if the above are solved problems whose solutions I've
    > not found. Otherwise, you may want to discount my appearance on
    > http://wiki.debian.org/DefaultMTA as that Postfix won't last.


    Please list possible issues with postfix there. This will make exim4
    position better.

    For me, exim4 is better:
    * less memory on run time
    * mailname is implimented as expected by the policy.

    Osamu


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  4. Re: MTA comparison (postfix, exim4, ...)

    Osamu Aoki wrote:
    > Instead of removing data on you, it may be interesting to edit the
    > following text to provide information on you and also add section on why
    > you think exim is better as note on wiki.
    > > > http://wiki.debian.org/DefaultMTA


    There is no link to edit that page. IIRC, if I do some combination of
    reconfiguring the web browser, making Yet Another Login, sacrificing a
    kitten and wrapping this building in silly putty, then it appears, but
    it's simpler to send email than edit the wiki. You could add this
    thread http://lists.debian.org/debian-devel.../msg00350.html to
    "ML Discussion" if you're set up for editing it.

    (BTW, your message-ids are @localhost - MTA config OK? ;-> )

    Regards,
    --
    MJ Ray http://mjr.towers.org.uk/email.html tel:+44-844-4437-237 -
    Webmaster-developer, statistician, sysadmin, online shop builder,
    consumer and workers co-operative member http://www.ttllp.co.uk/ -
    Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: MTA comparison (postfix, exim4, ...)


    > 1. it doesn't seem to have as many anti-spam possibilities as Exim -
    > there's postgrey for greylisting, but how can I tarpit RBL matches and
    > other offences?


    Look at policyd-weight, for example.

    >
    > 2. when an email that I'm forwarding (due to /etc/aliases or a
    > .forward or whatever) comes in, can I start trying to send it straight
    > out and SMTP-reject it if the remote host doesn't want it? My only
    > production postfix server generates some blowback from joe-jobs if
    > users forward mail to a more restrictive host, which I think is a
    > serious problem.



    Definiteyl not a feature I'm missing. I hope exim caches the reply from
    the final MX for some time, otherwise this sounds like a good way to run
    a DOS attack.

    --
    Bernd Zeimetz



    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  6. Re: MTA comparison (postfix, exim4, ...)

    On Fri, 16 Nov 2007 10:36:06 +0000
    MJ Ray wrote:

    > 1. it doesn't seem to have as many anti-spam possibilities as Exim -
    > there's postgrey for greylisting, but how can I tarpit RBL matches and
    > other offences?


    A quick 'apt-cache search postfix' lists a number of different policy
    daemons, one of which might do what you want out of the box. Add in
    the recent support for the sendmail milter interface, and I would be
    surprised if you couldn't find something appropriate.

    Still, if not...well, I wrote an event-driven postfix policy daemon in
    perl using POE that's able to handle > 100 queries/second on consumer
    hardware in a few dozen lines of code.

    > 2. when an email that I'm forwarding (due to /etc/aliases or a
    > .forward or whatever) comes in, can I start trying to send it straight
    > out and SMTP-reject it if the remote host doesn't want it? My only
    > production postfix server generates some blowback from joe-jobs if
    > users forward mail to a more restrictive host, which I think is a
    > serious problem.


    I believe http://www.postfix.org/ADDRESS_VERIFICATION_README.html
    details the facility you're looking for.

    Mike.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  7. Re: MTA comparison (postfix, exim4, ...)

    Michael Alan Dorman wrote: [...]
    > Still, if not...well, I wrote an event-driven postfix policy daemon in
    > perl using POE that's able to handle > 100 queries/second on consumer
    > hardware in a few dozen lines of code.


    Thanks for the pointers. Can a policy server delay an incoming mail?
    I suspect that sleeping in the perl would delay all incoming mail and
    there's no access(5) response like Exim's delay, else I could do it
    another way. How can it be done? (I want to increase the connection
    cost to maybe-spammers of sending to my postfix...)

    > MJ Ray wrote:
    > > 2. when an email that I'm forwarding (due to /etc/aliases or a
    > > .forward or whatever) comes in, can I start trying to send it straight
    > > out and SMTP-reject it if the remote host doesn't want it? [...]

    >
    > I believe http://www.postfix.org/ADDRESS_VERIFICATION_README.html
    > details the facility you're looking for.


    I don't believe it does. I don't want to verify the recipient address
    - I want to try delivering the redirected mail and avoid being left
    holding the baby if the destination MX doesn't want it or is MIA.

    About Bernd Zeimetz's comment: I think it's not a way to DoS any more
    than delivering directly to the destination MX is a way to DoS.
    Sending hosts generally can't tell that the message is being
    redirected and they'd be caught in neg-exp rate limits for trying to
    send too much bad mail before it becomes a DoS on most hosts, as well
    as whatever the target MX is doing. Even so, redirecting mail is
    discouraged because it increases the number of links in the chain.

    Thanks for the comments,
    --
    MJ Ray http://mjr.towers.org.uk/email.html tel:+44-844-4437-237 -
    Webmaster-developer, statistician, sysadmin, online shop builder,
    consumer and workers co-operative member http://www.ttllp.co.uk/ -
    Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  8. Re: MTA comparison (postfix, exim4, ...)

    On Sat, 17 Nov 2007 00:31:17 +0000
    MJ Ray wrote:

    > Thanks for the pointers. Can a policy server delay an incoming mail?
    > I suspect that sleeping in the perl would delay all incoming mail and
    > there's no access(5) response like Exim's delay, else I could do it
    > another way. How can it be done? (I want to increase the connection
    > cost to maybe-spammers of sending to my postfix...)


    Well, you could write one that would handle the delay itself---slowing
    its response to policy inquiries at various points---but that seems
    like a bit of a rathole to start down. The data management necessary
    to do that with an non-blocking daemon would be easy to get subtly
    wrong. Subtly wrong and MTAs are a poor mix.

    Hmmmm.

    You could play with the tarpit controls that smtpd has ('man smtpd'
    look for TARPIT), and set the limits so low that tarpiting would kick
    in immediately. That might produce the result you're looking for. It
    feels a _little_ hacky, but not totally so.

    You could bug Weitse for an access(5) response that would cause those to
    kick in---given that there are tarpit controls, the infrastructure is
    obviously in there somewhere, you just need a button to push to
    activate the mechanism---but that would obviously be a longer-term
    solution.

    I am personally skeptical of the value of tarpiting such hosts since
    these days so many spam machines are zombies and the supply seems nigh
    infinite---it seems like you're courting running your own host out of
    resources, since each open connection does incur some cost, and the
    real solution is to sever the connection the moment you know it's
    crap---but if you really want it, I'm not sure postfix is your ideal
    MTA.

    > I don't believe it does. I don't want to verify the recipient address
    > - I want to try delivering the redirected mail and avoid being left
    > holding the baby if the destination MX doesn't want it or is MIA.


    Hrm, you're right, it only does about half what you want---it won't
    accept a mail unless it knows it can pass it on to that recipient, but
    if there are other factors about the particular mail that would cause
    the final destination to deny it, it's not gonna ferret those out.

    I don't know of any pre-queue mechanism for doing exactly what you
    want. The fact is, postfix wants to be fast, but even more,
    it wants to be robust, so it was designed pretty much from the ground
    up to get things to stable storage first and foremost. Things that
    work pre-queue are newer, and consequently less comprehensive in
    capabilities.

    My solution for the blowback stuff was, simply, to write a perl script
    to parse through the mailq output and delete the messages that were
    obviously crap. I handle a couple of million messages a day through
    postfix, relaying for several hundred small domains, and even when one
    of those domains gets joe-jobbed, my queue cleaner (which is very
    conservative) make sure I don't have to deal with a bunch of crap.

    Mike.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  9. Re: MTA comparison (postfix, exim4, ...)

    * MJ Ray:

    >> I believe http://www.postfix.org/ADDRESS_VERIFICATION_README.html
    >> details the facility you're looking for.

    >
    > I don't believe it does. I don't want to verify the recipient address
    > - I want to try delivering the redirected mail and avoid being left
    > holding the baby if the destination MX doesn't want it or is MIA.


    I didn't know that Exim 4 supports cut-through forwarding. How do you
    enable this feature?


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  10. Re: MTA comparison (postfix, exim4, ...)

    Osamu Aoki writes:
    > For me, exim4 is better:
    > * less memory on run time
    > * mailname is implimented as expected by the policy.


    Postfix has a reputation for being faster and more secure than exim.

    Why is it worth worrying about, though? Are the difference between exim
    and postfix really great enough to matter for typical use?!?

    [If you're a high-volume mail site, of course, you will care about the
    difference, but then you should be doing your own analysis...]

    -MIles
    --
    My books focus on timeless truths. -- Donald Knuth


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  11. Re: MTA comparison (postfix, exim4, ...)

    On Tue, 20 Nov 2007, Miles Bader wrote:
    > Why is it worth worrying about, though? Are the difference between exim
    > and postfix really great enough to matter for typical use?!?


    No, they are not. And I speak this as a Postfix user (I replace exim with
    postfix in every box I use or admin, and all central MTAs I admin are
    postfix).

    Most users only need a proper forwarding MTA, and Debian already made it
    sane to setup such a thing with either postfix or exim a long time ago.

    > [If you're a high-volume mail site, of course, you will care about the
    > difference, but then you should be doing your own analysis...]


    Indeed. Exim is supposed to be better (faster or less resource-intensive)
    than postfix for some workloads, and obviously the inverse would also be
    true.

    But the old sysadmin maximum of "all things being nearly the same, do use
    what you know best how to operate and configure" is what really should drive
    one to choose between exim and postfix (and apparently, sendmail), IMO.

    --
    "One disk to rule them all, One disk to find them. One disk to bring
    them all and in the darkness grind them. In the Land of Redmond
    where the shadows lie." -- The Silicon Valley Tarot
    Henrique Holschuh


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  12. MTA religious wars (was: Re: MTA comparison (postfix, exim4, ...))

    On Tue, Nov 20, 2007 at 03:41:20PM +0900, Miles Bader wrote:
    > Postfix has a reputation for being faster and more secure than exim.


    When talking about security, exim doesn't exactly have a horribly bad
    track record. It's not qmail, but then I wouldn't *want* to use qmail
    for other reasons.

    > Why is it worth worrying about, though? Are the difference between exim
    > and postfix really great enough to matter for typical use?!?


    If flexibility matters (and I think it does, even in "typical use",
    which is a myth):

    A fair while back (January 2006), a customer asked me to configure a new
    system using postfix in such a way that it'd do some fairly complex
    things (LDAP lookups and virtual users, amongst others).

    As an exim fanboy, I have to admit that I found postfix much more
    contrived at the time. For instance, it was easy to do a virtual users
    setup, and it was fairly easy to do an LDAP setup; but the postfix
    subsystem that one needed to use to do virtual users had a totally
    different idea about how LDAP works than did the rest of the system,
    requiring me to jump through a number of hoops and create a few ugly
    hacks to even make it possible (eventually I got it to work, but it took
    much longer than expected, and almost nobody on mailinglists or IRC
    channels could explain to me how to do it).

    In exim, by contrast, "lookups" are done using "string expansion", and
    string expansion can be done almost everywhere in the exim configuration
    file; the lookups can even be nested. This makes exim much more
    flexible; if you were insane, you could even perform a lookup in a file
    to find the name of another file containing the value of the primary of
    a database tuple in which to look up the URL of the LDAP directory to
    find the location of the Maildir in which to store the current email[1].

    Of course nobody in their right mind would do such a thing for a
    production server, but the point is that it's possible because of the
    flexibility given by exim's string expansion system; it appeared to me
    that postfix doesn't have this flexibility.

    [1] As in this transport:

    insane_local_delivery:
    driver = appendfile
    directory = ${lookup ldap{
    ${lookup pgsql{select url from ldapuris where id=
    ${readfile{
    ${lookup{$local_part}lsearch{/etc/primary-keys}}
    }{}}
    }{$value}}
    }}
    maildir_format

    --
    Home is where you have to wash the dishes.
    -- #debian-devel, Freenode, 2004-09-22


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  13. Re: MTA comparison (postfix, exim4, ...)

    * Miles Bader:

    > Postfix has a reputation for being faster and more secure than exim.


    Nowadays, the Postfix code base is larger than the Exim code base.

    > Why is it worth worrying about, though? Are the difference between exim
    > and postfix really great enough to matter for typical use?!?


    "/usr/sbin/exim4 -bt" or even "/usr/sbin/exim4 -d+all -bt" can be a real
    lifesaver if need to figure out what's going on. Older versions of
    Postfix lacked -bt support (I just had a brief encounter with 2.0 on a
    customer machine *shivers*), partly due to its non-monolithic design.
    If this has improved (and the documentation seems to suggest that, but I
    couldn't test it yet), I see no pratical problems with using Postfix
    instead of Exim in most environments--and vice versa, of course.

    Personally, what made me stick to Exim so far is the ability to
    configure retry behavior on a per-domain basis. One of my mail servers
    delivers mail to some hosts which a reachable only intermittently, and
    I've set a lower retry value for these domains. With Postfix, I'd have
    to configure ETRN on the receivers instead, I guess. But this kind of
    setup is somewhat unusual.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  14. Re: MTA comparison (postfix, exim4, ...)

    On Fri, 23 Nov 2007, Florian Weimer wrote:
    > Personally, what made me stick to Exim so far is the ability to
    > configure retry behavior on a per-domain basis. One of my mail servers


    Postfix does that too. You direct the domains to a different transport, and
    setup that transport with whichever parameters you want.

    --
    "One disk to rule them all, One disk to find them. One disk to bring
    them all and in the darkness grind them. In the Land of Redmond
    where the shadows lie." -- The Silicon Valley Tarot
    Henrique Holschuh


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  15. Re: MTA comparison (postfix, exim4, ...)

    * Henrique de Moraes Holschuh:

    > On Fri, 23 Nov 2007, Florian Weimer wrote:
    >> Personally, what made me stick to Exim so far is the ability to
    >> configure retry behavior on a per-domain basis. One of my mail servers

    >
    > Postfix does that too. You direct the domains to a different transport, and
    > setup that transport with whichever parameters you want.


    I don't think you can specify a transport-specific retry time. Retry
    times are global, and there's just one queue manager. A specific
    configuration example would be helpful.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  16. Re: MTA comparison (postfix, exim4, ...)

    On Fri, 23 Nov 2007, Florian Weimer wrote:
    > > On Fri, 23 Nov 2007, Florian Weimer wrote:
    > >> Personally, what made me stick to Exim so far is the ability to
    > >> configure retry behavior on a per-domain basis. One of my mail servers

    > >
    > > Postfix does that too. You direct the domains to a different transport, and
    > > setup that transport with whichever parameters you want.

    >
    > I don't think you can specify a transport-specific retry time. Retry
    > times are global, and there's just one queue manager. A specific
    > configuration example would be helpful.


    Oops, you're correct. What you can do is: subscribe the relevant domains to
    the fast flush service, and using a crontab, flush the domains you want
    using postqueue -s.

    It is almost the same as an ETRN, as it was said previously in this thread.
    My bad.

    --
    "One disk to rule them all, One disk to find them. One disk to bring
    them all and in the darkness grind them. In the Land of Redmond
    where the shadows lie." -- The Silicon Valley Tarot
    Henrique Holschuh


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread