[TCLUG] mail server

Mon Jul 14 09:47:17 CDT 2003

After reading through the thread and seeing everyone argue about qmail, I'll
tell you what I think of it.

About 3 years ago, I was tasked to build a large mail cluster to handle
stock pricing alerts and opt-in stock newsletters for my employer.  At the
time, the only mailserver that could give me any sort of decent performance
was qmail running under FreeBSD.  Running it under linux presented problems
because linux has a limit where a single process can only have 1024 file
descriptors.  Contrary to popular belief, this is *not* easily changable by
echoing something into /proc or using ulimit.  If you don't believe me, try
it, it won't work.  I later confirmed this with a kernel developer, and it's
something that was supposedly going to change in the 2.5/2.6 kernel.

Anyway, I had 5 machines running qmail.  4 acted as the slave servers and
did the actual sending.  Actual lists were handled by a fifth server which
doled out the messages to the slaves.  Administration was a nightmare.  If I
wanted to make a change, it likely involved finding one of the hundreds of
patches listed on qmail.org.  I wrote a simple load balancing algorithm for
qmtp which is now up on qmail.org.  However, much of functionality that I
patched into qmail was available out of the box on other mailservers
already.  I needed qmail for the performance though.  One nice thing about
qmail was a patch which could put a person's email address in the body of
the message, replacing a variable when the message was on it's way out to
the remote mailserver.  Say a news story went out...  Instead of sending
several thousand different messages, I could send one to the mailserver with
thousands of recipients, and a varible in the body would be replaced with
each person's email address.  Very useful for an account modification
message at the bottom "To modify your account settings, go to
http://www.bigcorporation.com/stuff/account.asp?email=you@yourdomain.com"

Anyway, I started to run out of capacity, and the administration of qmail
was driving me nuts.  So I started testing the newest versions of postfix.
I was able to get a significant performance boost using postfix.  The bonus
was that settings could all be changed using the postconf command.  Since
changes could be made with a command rather than editing a file, I could use
a script with ssh to execute a single command across the entire cluster.
All of the functionality I needed, postfix had out of the box, except for
the address replacement.  90% of everything was cut over to postfix, and a
couple of lonely boxes remained to handle things that needed address
replacement.  Let that be another lesson to you all, if you have a feature
in a piece of software that most other software does not have, do not tell
people that might come to depend on it.  :)

Both Qmail and Postfix have been designed with security in mind, I don't
necessarily think that one is more secure than the other.  Postfix is faster
than qmail now, and it's much nicer to administer.

> -----Original Message-----
> From: Ben Lutgens [mailto:blutgens at us-admins.com]
> Sent: Sunday, July 13, 2003 10:06 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] mail server
> 
> 
> 
> On Sunday, Jul 13, 2003, at 19:38 US/Central, David Phillips wrote:
> > The code for the core part of OpenSSL has almost twice as lines as 
> > qmail.
> > It has also had several security holes.  Do you really want 
> to stuff 
> > all of
> > that into the SMTP server?
> 
> Actually yes i would. Either way the code is open for peer review.
> 
> > Due to qmail's modularity, you can add SMTP AUTH or TLS without 
> > modifying
> > qmail-smtpd:
> 
> Why when my choice of smtp does it all. And does it well. And does it 
> safely. And doesn't create additional administration overhead.
> 
> > http://www.suspectclass.com/~sgifford/smtp_auth/
> > http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/
> >
> 
> Additional pieces means more to update, and more to 
> configure, and more 
> to maintain. No thanks. I update my smtp server in one fell swoop.
> 
> I may yet evaluate postfix. We shall see.
> 
> > You might also take an alternate approach: replace 
> qmail-smtpd with a
> > different SMTP server:
> >
> > http://untroubled.org/mailfront/
> >
> > -- 
> > David Phillips <david at acz.org>
> > http://david.acz.org/
> >
> >
> > _______________________________________________
> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > http://www.mn-linux.org tclug-list at mn-linux.org
> > https://mailman.real-time.com/mailman/listinfo/tclug-list
> >
> >
> --
> 
> Ben Lutgens
> System Administrator, Server Wizard, Email Guru
> US Admins, Inc
> 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list
> 

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list