Qmail [was Re: [Israel.pm] Detecting Random characters]

Yuval Yaari yuval at windax.com
Mon Oct 4 02:45:00 PDT 2004


Good points.
>> DJ Pumps wrote:
Let me just clean DJ Pumps' name before I go on : he didn't write it, I
did :)

DJB (not you, DJ Pumps) has been busy etc etc, right.
I hate his DNS server, but many people just adore it.
Obviously, anything's better than BIND.
Qmail is written very well, and thus had very few (if any?) security holes.
Sendmail needs to be patched twice a week.

AFAIK DJB pays you cash if you find a security hole in any of his code.
His website is http://cr.yp.to/ I think, so you could check if you want.

DJB is entitled for his own opinions about anything, and I don't care if
he thinks he's superior.
I really don't think we should think of the authors of the software we use.
Especially not to decide which mail-server to install.
Would you use Windows just because Alan Cox or Linus Torvalds think they
are superior?
I assume you'd rather be tortured to death :)

I do not want a piece of software that updates every month, as long as it
stays "secure" (please don't fight about the definition of the word
"secure").
Do you know how many times I re-compiled Apache???
I compiled qmail once (per server, that is).

Qmail installs on Linux very well.
The first time I installed it, it was sort of difficult - true.
Right now I can say that it was well worth the trouble.
It's very stable/fast and requires zero maintainace (for over 2 years now).

Because I am lazy, when I'm done installing anything, I keep the packages
+ install shell script.
That's what I did with Apache+mod_perl+mod_ssl, and for qmail+vpopmail.

I really don't understand why you'd want to distribute your binaries or
modified code, and not patches, anyway.

Hey, is Apache with a few modules ./configure && make && make install?
NO. Do you use it? Probably yes.
I actually found that qmail requires less dependencies than, say, Apache.

I didn't read any book about qmail, but LWQ (Life With Qmail) is available
online and it's great!

You are right about the configuration (weird, tons of files in /var/qmail/).
I don't use a mailing-list manager, so I don't know.

I agree on some issues about Qmail, but I just don't think you could find
anything better.
And hey, no one stops you from writing patches :)

What are good alternatives anyway?

  --Yuval

Shlomi Fish said:
> On Monday 04 October 2004 09:52, Yuval Yaari wrote:
>> And if you're using Sendmail, it's time to move on to qmail anyway :)
>>
>
> Just a correction - "If you're using Sendmail - it's time to move to
> _something else_ anyway." Not necessarily qmail.
>
> I help administer a qmail/ezmlm-idx configuration on eskimo.iglu.org.il.
> It's  not such a bad experience. To help me learn it better I took the
> book "The  qmail Handbook" during the last YAPC. I have read it and
> liked it, but if at  all, it convinced me that I would not voluntarily
> install qmail as an SMTP  server on new machines.
>
> Here are my reasons:
>
> 1. Its license is extremely bad: one cannot distribute modified
> binaries, one  cannot distribute modified sources - only patches are
> acceptable. This makes  deploying it extremely difficult. Usually, you
> even have to install binary  packages from their sources.
>
> In the book, when asked if the qmail license is free, the author says
> "yes and  no.". Hah! That's the joke of the month! Either a software is
> open-source or  it isn't, but it can't be both.
>
> 2. It has not been maintained for a long time. There's only a team of
> developers that heavily modified the original code, but it's not part of
> the  core distribution yet, and they are required to distribute it as a
> patch.
>
> 3. Does not even cleanly compile on Linux now.
>
> 4. Its author - Daniel J. Bernstein - is known for his bad attitude,
> (towards  contributors, etc.), feelings of superiority, etc. Not the
> kind of man I'd  like to use his software. He also obviously cares more
> about himself than  about his users, or otherwise there wouldn't be Item
> #1.
>
> 5. D.J. Bernstein has been busy with many other endeavours lately and
> neglected working on qmail. Between his job as a professor, a
> crypto-related  lawsuit he's been doing, and a DNS server he's been
> writing, he's completely  neglected work on qmail and ezmlm. In fact, an
> integer overflow vulnerability  in qmail has been left unfixed in the
> original code for a long time.
>
> 6. qmail often requires many patches just to be usable. So does ezmlm
> (hence  ezmlm-idx). This complicates the installation even further.
>
> 7. The qmail installation requires a great deal of steps. No
> ./configure;  make; make install here. I was told there are scripts to
> automate this, but  it's still a problem. Even its compilation requires
> putting various  parameters in special files, etc.
>
> 8. The paths are extremely unorthodox. Everything is under /var/qmail.
> In  fact, Bernstein has attacked the more standard LFS (= Linux
> Filesystem  Standard).
>
> 9. Configuring qmail requires dealing with a great deal of separate
> configuration files, in obscure places, many times running scripts to
> build  the databases. I was completely confused by everything there.
>
> (it's still much better than sendmail, though, but possibly not as good
> as  postfix, exim or courier)
>
> 10. ezmlm-idx has a lot of duplicacy in its configuration. For instance,
> it  encodes the E-mail address of the mailing list in many different
> places in  its configuration directory. (including several in the same
> file) As a  result, moving a mailing list to a different address is
> extremely painful.
>
> -------------------------
>
> So, in short - don't use sendmail, but I highly recommend not to use
> qmail,  either. I'll put what I wrote here in the Wiki, after the flame
> war^W^W  discussion has settled.
>
> Regards,
>
> 	Shlomi Fish
>
>
> --
>
> ---------------------------------------------------------------------
> Shlomi Fish      shlomif at iglu.org.il
> Homepage:        http://shlomif.il.eu.org/
>
> Knuth is not God! It took him two days to build the Roman Empire.
> _______________________________________________
> Perl mailing list
> Perl at perl.org.il
> http://perl.org.il/mailman/listinfo/perl






More information about the Perl mailing list