Hello all, Where I work, we have a mix of MTA's, and are in the process of reevaluating what we want to support. We currently have exim3, exim4, sendmail, one qmail, and one postfix install. Both the qmail and postfix installs are rather ancient - they are legacy that came with the system, were not set up by us, and have not been updated recently. The previous admins of these two systems installed from source and used equivs-likes hacks to to do so. I quite like exim4, have gotten used to it's quirks, and can make it do some really effective anti-spam things fairly easily now. So, if we are going to have an suid single binary MTA around, this is the one I want. As for other systems that are changeable, I think I like the multi-binary security model of both postfix and qmail, but am leaning towards postfix for the eventual implementation. Most of the systems really only do low volume system email, although a few are fairly high volume. I would like to keep a mix of MTA's in our systems, partly just to avoid the downsides of a homogeneous network, but also because different suites do different things well. I think that I would like to migrate to all exim4 and postfix (I would basically like to dump the sendmail and qmail systems). But before we begin migrating the sendmail systems to postfix, I wanted to ask some questions about it. The things that are vitally important are the ability to reject at smtp time for invalid localparts and for viruses - I believe that postfix (at least in recent versions) can do this, but I am just not sure. I do not want to have to rely on something like amavis + a seperate listener to do content scanning, if I don't have to - that means either blackholing them (in which case a false positive gets thrown away) or bouncing them (which means adding to the spam already out there), AFAICT. I guess what I am asking for is people's experiences migrating existing (especially sendmail) systems to postfix, and how easy it is to tie other things into it, especially at smtp time. We're talking about migrating something like 100 machines from one MTA to another, so I have been tasked with coming up with a relatively fool proof (heh) migration scheme - watching the mail logs of 100 machines is clearly not doable. Of course we'll do the usual migrate the low volume machines first, test, retest and watch, then move on, but you get an idea of the headache involved. I am not trying to start the usual 'my MTA rules' flamewar, although I am sure some of that will ensue. Thanks for any pointers to docs, experiences, or anything else. Martin and Craig - I know you two in particular are both big advocates of postfix, so I guess I am partly addressing this to you two, although feel no obligation to give free tech support :) Thanks all, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgpuX2SyzaFqa.pgp
Description: PGP signature