Qmail [was Re: [Israel.pm] Detecting Random characters]

Shlomi Fish shlomif at iglu.org.il
Mon Oct 4 03:51:40 PDT 2004


On Monday 04 October 2004 11:45, Yuval Yaari wrote:
> Good points.
>
> >> DJ Pumps wrote:
>
> Let me just clean DJ Pumps' name before I go on : he didn't write it, I
> did :)

I was double quoting.

>
> DJB (not you, DJ Pumps) has been busy etc etc, right.

Right.

> I hate his DNS server, but many people just adore it.

Right.

> Obviously, anything's better than BIND.

I don't know - I haven't seriously worked with bind. But there are many DNS 
server alternatives.

> Qmail is written very well, and thus had very few (if any?) security holes.

True, but what if a security hole is discovered in it? That would require 
peple to write patches, to patch the source distribution, and to re-install 
qmail in a gazillion different places with a gazillion different 
configurations. Not exactly a straightforward "apt-get update all" process, 
and something that will give Internet low-life plenty of time to write a nice 
qmail worm or scanner or whatever.

> Sendmail needs to be patched twice a week.
>

That used to be the case in the past. It may still be the case or not. In any 
case, I specifically mentioned that there are also postfix 
(http://www.postfix.org/), exim (http://www.exim.org/), Courier 
(http://www.courier-mta.org/) and possibly other alternatives. These are 
fully open-source.

> AFAIK DJB pays you cash if you find a security hole in any of his code.
> His website is http://cr.yp.to/ I think, so you could check if you want.
>

Very well, but security is only part of his problems.

> DJB is entitled for his own opinions about anything, and I don't care if
> he thinks he's superior.
> I really don't think we should think of the authors of the software we use.
> Especially not to decide which mail-server to install.

His sense of superiority is the least of my problems. The problem is he thinks 
he knows better than anyone else, and has a very bad attitude. Projects used 
to fork because of the bad attitude of their developers, or their inability 
to manage it properly. And DJB has the worst possible attitude.

> Would you use Windows just because Alan Cox or Linus Torvalds think they
> are superior?
> I assume you'd rather be tortured to death :) 

Let's skip this superiority argument.

>
> I do not want a piece of software that updates every month, as long as it
> stays "secure" (please don't fight about the definition of the word
> "secure").

It's hard for me to understand this sentence.

> Do you know how many times I re-compiled Apache???
> I compiled qmail once (per server, that is).
>

Right, you need to compile it once. But according to the qmail handbook, if 
you want to add some more features, you need to apply some third-party 
patches, in which case you need to compile it again. (and again).

> Qmail installs on Linux very well.

With the help of a patch perhaps. But not the vanilla distro from Bernstein.

> The first time I installed it, it was sort of difficult - true.
> Right now I can say that it was well worth the trouble.
> It's very stable/fast and requires zero maintainace (for over 2 years now).

It's true that it's very stable fast and requires zero maintenance.

>
> Because I am lazy, when I'm done installing anything, I keep the packages
> + install shell script.
> That's what I did with Apache+mod_perl+mod_ssl, and for qmail+vpopmail.
>

I do that too.

> I really don't understand why you'd want to distribute your binaries or
> modified code, and not patches, anyway.
>

Because:

1. I'd like a qmail-1.03-6mdk rpm file that I can install using rpm or urpmi 
or whatever. A full-fledged binary package, that everyone can pass around and 
not everyone has to compile and install from source himself.

2. I want a source distribution that compiles out of the box, not a random 
collection of tarballs and patches that require a script.

> Hey, is Apache with a few modules ./configure && make && make install?

Apache itself is ./configure; make and make install. Each one of the modules 
is also usually ./configure ; make and make install. You can write a script 
to automate everything, and since everything is open-source there are also 
RPMs, DEBs, urpmi sources, apt sources, emerge sources, or your favourite 
package manager. None of this exists for qmail.

> I didn't read any book about qmail, but LWQ (Life With Qmail) is available
> online and it's great!
>

It's from the same author who wrote the book "The qmail Handbook".

> You are right about the configuration (weird, tons of files in
> /var/qmail/). 

Agreed.

> I don't use a mailing-list manager, so I don't know. 
>

Heh. Well, a mailing list service is considered quite an important thing for a 
public mail server to have. Of course, one can use mailman or Siesta or 
whatever with qmail, so it's not such an issue.

> I agree on some issues about Qmail, but I just don't think you could find
> anything better.

I think I could: postfix, exim and Courier. All of them open-source and all of 
them much better than sendmail. I don't know how they compare against Qmail 
(never used them) but they also have their following.

> And hey, no one stops you from writing patches :)
>

With the other three, I don't need to write any patches.

> What are good alternatives anyway?
>

See above.

Regards,

	Shlomi Fish

>   --Yuval
>
> Shlomi Fish said:
> > On Monday 04 October 2004 09:52, Yuval Yaari wrote:
> >> And if you're using Sendmail, it's time to move on to qmail anyway :)
> >
> > Just a correction - "If you're using Sendmail - it's time to move to
> > _something else_ anyway." Not necessarily qmail.
> >
> > I help administer a qmail/ezmlm-idx configuration on eskimo.iglu.org.il.
> > It's  not such a bad experience. To help me learn it better I took the
> > book "The  qmail Handbook" during the last YAPC. I have read it and
> > liked it, but if at  all, it convinced me that I would not voluntarily
> > install qmail as an SMTP  server on new machines.
> >
> > Here are my reasons:
-- 

---------------------------------------------------------------------
Shlomi Fish      shlomif at iglu.org.il
Homepage:        http://shlomif.il.eu.org/

Knuth is not God! It took him two days to build the Roman Empire.



More information about the Perl mailing list