[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim/postfix comparisons

koffiejunkie wrote:

That's odd. Someone who would go through the time/effort to set up qmail didn't secure their box? Weird.

Well, it's like this. I work for a hosting company, a lot of our clients use a certain hosting panel whose name I won't mention. This

Smells like Plesk.  (GRIN)

There, you didn't have to say it.  :-)

I get at least one box that's compromised in one of the above ways per day. Clients call saying their mail isn't going out. This is usually because there are tens of thousands of mails in the queue and the box is paralised.

Ick. Do you monitor port 25 outbound at your border for spikes in traffic? Seems like in some cases that would be the only way you'd ever see it when dealing with the low-end ultra-clueless hosted customers.

Ever had your entire netblock dumped into one of the major spam "fighting" sites... have seen that many years ago at a large datacenter... sure pissed off the other customers.

The "spam-fighters" were their usual unresponsive, uncaring selves and didn't care that they'd been overzealous in their "crusade" against spam. Little discipline in many of those groups... but a lot of emotion.

I hate spam, but engaging in such a way as to cause mass collateral damage to real businesses and people trying to make a living to "make a point"? Give me a break. It's like someone coming to your brick-and-mortar store and pointing a gun at you and saying, "Get the guys next door to stop selling XYZ product! And if you don't we stand here and you're out of business until you do!" It's retarded.

(We had already found the problem in the original customer's server and stopped it from happening with them. But getting an entire Class-C that was properly SWIP'ed and reverse-DNS tagged as NOT just being that one customer, off the spam lists, was a long and annoyingly difficult process, even when I could prove the other problem was gone, and that there WERE people overseeing that netblock who weren't criminal or insane spammers.)

The real answer has been, and always will be... a method to authenticate both servers and end-users of e-mail, end to end. Until that day, spam reigns supreme, no matter how hard anyone tries.

Take note, I'm talking about undeliverable mail. qmail doesn't deal well with this. It is pretty fast if all the mail can be delivered without problems.

Yep. It sucks at that. Ties up tons of resources. The way the place I saw using it heavily dealt with that is that they had separate inbound and outbound servers... and more than one outbound... what a waste of time... but it worked for them.

Postfix is quite a different beast. The one and only time I saw it straining under load, a client phoned and complained that his mail was slow. Turns out he set up a mysql backend, but couldn't get smtp authentication working with it (forgot to install pam_mysql) and instead decided to just allow relay for Let your imagination do the rest. His humble little server (I think it was a duron with 512MB ram and a single IDE disc) had over a million mails in the queue, but was still spitting out mail, just not as fast as he was used to.


What made this a pleasure to work with, was that after fixing the relay issue, I could move all the mail in the active queue to the hold queue, so mail was instantly flowing as normail, which gave me all the time in the world to delete the spam and requeue the legitimate mail. qmail (to the best of my knowledge) doesn't have a way to do this.

Yeah. Managing mail via moving files is far more sane than dealing with specific mail queue commands, different on every system. Moving files seems much more "Unix-like" to me.

Never seen a queue quite that high, but I would assume the box would get both CPU and I/O bound for most values of "box". (GRIN)
Yeah, it gets to them. Another silly thing with qmail is that when you restart it, it doesn't kill existing outgoing smtp sessions. So if your remoteconcurrency is set to 100, you'll now have 200 sessions, until the first 100 all timed out.

Hahaha, I don't think I ever noticed that, but makes sense!

Well, maybe after reading along here, the original poster (if he's even still here or paying attention to the list...) is thoroughly scared off of qmail now. Which probably isn't a Bad Thing(TM), since there's just better options available... and have been for quite a while...

Nate WY0X

Reply to: