[KLUG Members] God Bless Sendmail but Long Live Postfix.

[Bob Kanaley]

Bert,

My two cents on Postfix: I love it.

I can't help you with the auth module, but I know Postfix is very modular
and has lots of ways to do authentication. I suspect one of the Postfix
guru's on the Postfix list could tell you exactly how to do it.

My experience with Postfix:

As a rookie sysadmin I inherited an old and insecure version of Sendmail
that could not be upgraded but had to be replaced with a version upgrade.
The Sendmail configuration files seemed like black magic spells being cast
by C programmers to try to control the evil Sendmail daemon.

Before I could finish reading the 792 page O'Reilly Sendmail book, Mick
Bauer had a four page Paranoid Penguin cookbook article in the March 2001
Linux Journal on how to set up public and private dual chrooted Postfix
servers with a chrooted split zone DNS using a DMZ for public services.

That was exactly what I needed to do, so I setup a DMZ, split my DNS into
public and private zones and switched to Postfix.

I found Postfix to be extremely easy to setup. I setup a test server and had
Postfix working in four steps that took 15 minutes. And, I actually
understood what I was doing.

Setting up and maintaining the chrooted Postfix environment was a little
more tricky, but I was pretty green. I think it was Peter Buxton who
suggested using a make file to automate the process of running newaliases
then copying /etc/passwd and /etc/postfix/aliases to the chroot environment,
setting permissions and changing ownership after adding new users in the
normal way.

I couldn't setup the dual Postfix setup recommended by Mick Bauer because
the security guy who configured the LRP firewall for me wouldn't punch a
hole in the firewall between the DMZ and the LAN for relaying mail from the
DMZ to the LAN. I ended up installing stunnel in the DMZ and configured
Postfix to talk to stunnel. Then I had to configure all the M$ clients to
use secure POP3 to access the Postfix server in the DMZ.

Within a year I bought an anti-virus program to scan all incoming and
outgoing email. To get it to work with Postfix was very simple. I added a
new user, wrote one line and edited another in one of the two Postfix config
files, ran chkconfig to ensure everything started up OK in case of a reboot
and restarted Postfix. It has worked like a champ ever since.

Right now, I am trying to find time to build an OpenBSD anti-spam anti-virus
gateway that uses Postfix as the MTA. Once again it is cookbook stuff.

I don't have it running yet because I had a little trouble getting the
OpenBSD setup. I have become highly dependent on SSH, screen and Midnight
Commander on all of my server boxes. OpenBSD didn't have MC and I felt lost
without it. By the time I got MC working on OpenBSD I had to rip the HD out
of that test server to use it in another box that was overflowing to lockup
and death. I haven't had time to get back to it yet.

Long Live Postfix.

Bob

Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk@agdia.com
http://www.agdia.com




-----Original Message-----
Further more, I want to move from sendmail to postfix, all articles I
have read latelly say that postfix beats sendmail in ease of use and
reabillity. Do you agree or is there something tricky to say about
postfix? Does postfix have a authentication module for sending email?