[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (OT) Prejudice against sendmail?

[This message has also been posted to linux.debian.user.]
In article <6QhSL-64o-49@gated-at.bofh.it>, dsr@tao.merseine.nu wrote:
> qmail has the least Debian support, due to uninteresting
> licensing issues, but has a large user community and excellent
> documentation (www.lifewithqmail.org, qmail.org). It runs nicely
> on Debian systems, and is unlikely to require upgrading.

Sorry, no.  On anything bigger than your personal mail
server, Qmail is going to require replacing with a modern MTA.

There's a denial of service bug.  When the queue gets too big,
qmail-send just spins around deciding what to send next and
never gets around to actually sending anything.
There's a backscatter bug, due to Qmail's inability to
reject at SMTP time stuff it won't be able to deliver.
It bounces spam at random victims instead of rejecting it.
There's a mailbombing bug.  Say you have a mailman list with
a thousand subscribers, and 250 of them are Yahoo.com.
A modern MTA will connect to Yahoo once, give 250 RCPT TOs,
and one DATA.  (Or maybe break them up into chunks of a hundred.)
Qmail will connect to Yahoo 250 times, amd give one RCPT TO and
the same exact DATA.  Yahoo will block you for that.

All three of these bugs are architectural.  You can't fix them
without such extensive changes that the result isn't
Qmail any more.  And there's nobody in charge, taking
responsibility for those changes.  Pick a patch at random from
qmail.org.  Chances are it's been abandoned by its author
already.  Pick any three large patches.  Chances are they'll
break each other.

Qmail's not missing from Debian because of "uninteresting
licensing issues," it's missing because it's broken and can't
be fixed.

I ran Qmail for eight years.  Two of those bugs finally forced
me to switch to Postfix.  Luckily I never ran into the DoS bug.


Reply to: