Log in

No account? Create an account
entries friends calendar profile Elf Sternberg's Pendorwright Projects Previous Previous Next Next
Why is email so goddamn hard under the hood? - Elf M. Sternberg
Why is email so goddamn hard under the hood?
It never ceases to amaze me just how goddamned esoteric configuring a mail transport agent is. I wasted all goddamned day trying to get postfix to work, only to realize that I'd probably blown two setting up a virtual server system I didn't need, and is probably not as secure as I'd like.

I mean, why isn't there a simple email server setup with some reasonable spam filtering for Unix? Is it really that difficult? I can feel my brain leaking out my ears and I'm stressed to the max.

It is time for some herbal tea.

Current Mood: stressed stressed

10 comments or Leave a comment
solarbird From: solarbird Date: January 26th, 2009 06:13 am (UTC) (Link)
I enjoy sendmail, but am often told that this is an indicator of insanity. So I've never found any of the other systems difficult. If you have to start over, tho', try exim + milter (for greylisting) + spamassassin (for baysnian filtering) next time. exim is considered far and away the easiest to configure and is simple enough and common enough to be will-surveyed for security issues.
zanfur From: zanfur Date: January 27th, 2009 02:10 am (UTC) (Link)
I second Exim as the easiest to configure and maintain.

To answer your "why is it hard" question...you pretty much have to make a choice: Do you want easy to install, or easy to maintain? Exim is a good balance, but it's still not as easy as, say, exchange. Of course, it's mountains easier to maintain.
gromm From: gromm Date: January 26th, 2009 06:44 am (UTC) (Link)
Oh thank god, I thought it was just me.

And I'm responsible for 5,000 email accounts!
mouser From: mouser Date: January 26th, 2009 06:58 am (UTC) (Link)
Any solution that is easy would become widespread and targeted by spammers.

dossy From: dossy Date: January 26th, 2009 01:15 pm (UTC) (Link)
Uh, there's a really good reason why you aren't using Qmail, right?

"DJB is a nutcase" is not a good reason.

Qmail is so simple, it's hard to believe.
lucky_otter From: lucky_otter Date: January 26th, 2009 01:27 pm (UTC) (Link)
"QMail doesn't follow standards" is a good reason. Oh, and that horrendous backscatter it spews is another one, though perhaps that can be configured away.

Use exim. As solarbird said, it's the easiest to configure.
gromm From: gromm Date: January 27th, 2009 07:32 am (UTC) (Link)
Actually, Qmail does follow standards. But those standards are about what, 15 years out of date?

Yes, backscatter can be configured away, but with the license restrictions DJB put on it (it's perfect at version 1.03 damn you! Noone will ever touch my perfect code!), applying patches to code isn't really what I call "configuring".

Yes, "DJB is a nutcase" is in fact a good reason not to use Qmail. If it were worth the trouble of converting everything to Postfix, I would in a heartbeat, but it's not (and it sure as hell would take longer than a heartbeat - our site is Not Small).
From: technoshaman Date: January 26th, 2009 02:50 pm (UTC) (Link)
This is on Redhat or Debian?

On Debian, debconf puts Postfix in a sane initial state, to which I add about a screenful of lines, half of which are personal blacklists I've built up over time, and half of which are general protocol things which catch a surprising number of spammers out.... add greylisting on top of that, and bogofilter in the backend for per-user context filtering, and I'm done. Now, if you've got some serious volume going on, putting a stripped-down spamassassin in as a milter is a good idea, since the more you can reject in the front end (while the SMTP session is going on) the more they'll get a bad taste in their mouth and won't come bug you anymore. (Why stripped-down? Because full-house S/A is a PIG, and really isn't worth it for other than URL checking and Bayesian filtering.)

If you're trying to do this on Red Hat? I'd say pop yourself an Ubuntu server VM, apt-get install postfix, grab main.cf out of /etc/postfix, and start from there. The initial config from Red Hat is just *nuts*. No idea if you're doing Gentoo, see previous suggestion.
lovingboth From: lovingboth Date: January 26th, 2009 05:59 pm (UTC) (Link)
I use Postfix on Debian and, yes, some of its defaults are not optimal.

I followed a recipe to get rid of most of the problems (e.g. insisting on decent HELOs) and postgrey doing greylisting gets rid of most of the spam. Anything that gets through is left to Thunderbird or POPMail or Gmail to spam filter, depending on where it ends up. (I never found SpamAssassin worth the resources it takes.)
gromm From: gromm Date: January 27th, 2009 07:25 am (UTC) (Link)
Oh, and by the way, that's nothing compared to sending or receiving faxes through an Asterisk server.

"You are in a twisty maze of kernel patches, all ever-so-slightly different."
10 comments or Leave a comment