Qmail [was Re: [Israel.pm] Detecting Random characters]
shlomif at iglu.org.il
Mon Oct 4 03:51:40 PDT 2004
On Monday 04 October 2004 11:45, Yuval Yaari wrote:
> Good points.
> >> DJ Pumps wrote:
> Let me just clean DJ Pumps' name before I go on : he didn't write it, I
> did :)
I was double quoting.
> DJB (not you, DJ Pumps) has been busy etc etc, right.
> I hate his DNS server, but many people just adore it.
> Obviously, anything's better than BIND.
I don't know - I haven't seriously worked with bind. But there are many DNS
> Qmail is written very well, and thus had very few (if any?) security holes.
True, but what if a security hole is discovered in it? That would require
peple to write patches, to patch the source distribution, and to re-install
qmail in a gazillion different places with a gazillion different
configurations. Not exactly a straightforward "apt-get update all" process,
and something that will give Internet low-life plenty of time to write a nice
qmail worm or scanner or whatever.
> Sendmail needs to be patched twice a week.
That used to be the case in the past. It may still be the case or not. In any
case, I specifically mentioned that there are also postfix
(http://www.postfix.org/), exim (http://www.exim.org/), Courier
(http://www.courier-mta.org/) and possibly other alternatives. These are
> AFAIK DJB pays you cash if you find a security hole in any of his code.
> His website is http://cr.yp.to/ I think, so you could check if you want.
Very well, but security is only part of his problems.
> DJB is entitled for his own opinions about anything, and I don't care if
> he thinks he's superior.
> I really don't think we should think of the authors of the software we use.
> Especially not to decide which mail-server to install.
His sense of superiority is the least of my problems. The problem is he thinks
he knows better than anyone else, and has a very bad attitude. Projects used
to fork because of the bad attitude of their developers, or their inability
to manage it properly. And DJB has the worst possible attitude.
> Would you use Windows just because Alan Cox or Linus Torvalds think they
> are superior?
> I assume you'd rather be tortured to death :)
Let's skip this superiority argument.
> I do not want a piece of software that updates every month, as long as it
> stays "secure" (please don't fight about the definition of the word
It's hard for me to understand this sentence.
> Do you know how many times I re-compiled Apache???
> I compiled qmail once (per server, that is).
Right, you need to compile it once. But according to the qmail handbook, if
you want to add some more features, you need to apply some third-party
patches, in which case you need to compile it again. (and again).
> Qmail installs on Linux very well.
With the help of a patch perhaps. But not the vanilla distro from Bernstein.
> The first time I installed it, it was sort of difficult - true.
> Right now I can say that it was well worth the trouble.
> It's very stable/fast and requires zero maintainace (for over 2 years now).
It's true that it's very stable fast and requires zero maintenance.
> Because I am lazy, when I'm done installing anything, I keep the packages
> + install shell script.
> That's what I did with Apache+mod_perl+mod_ssl, and for qmail+vpopmail.
I do that too.
> I really don't understand why you'd want to distribute your binaries or
> modified code, and not patches, anyway.
1. I'd like a qmail-1.03-6mdk rpm file that I can install using rpm or urpmi
or whatever. A full-fledged binary package, that everyone can pass around and
not everyone has to compile and install from source himself.
2. I want a source distribution that compiles out of the box, not a random
collection of tarballs and patches that require a script.
> Hey, is Apache with a few modules ./configure && make && make install?
Apache itself is ./configure; make and make install. Each one of the modules
is also usually ./configure ; make and make install. You can write a script
to automate everything, and since everything is open-source there are also
RPMs, DEBs, urpmi sources, apt sources, emerge sources, or your favourite
package manager. None of this exists for qmail.
> I didn't read any book about qmail, but LWQ (Life With Qmail) is available
> online and it's great!
It's from the same author who wrote the book "The qmail Handbook".
> You are right about the configuration (weird, tons of files in
> I don't use a mailing-list manager, so I don't know.
Heh. Well, a mailing list service is considered quite an important thing for a
public mail server to have. Of course, one can use mailman or Siesta or
whatever with qmail, so it's not such an issue.
> I agree on some issues about Qmail, but I just don't think you could find
> anything better.
I think I could: postfix, exim and Courier. All of them open-source and all of
them much better than sendmail. I don't know how they compare against Qmail
(never used them) but they also have their following.
> And hey, no one stops you from writing patches :)
With the other three, I don't need to write any patches.
> What are good alternatives anyway?
> Shlomi Fish said:
> > On Monday 04 October 2004 09:52, Yuval Yaari wrote:
> >> And if you're using Sendmail, it's time to move on to qmail anyway :)
> > Just a correction - "If you're using Sendmail - it's time to move to
> > _something else_ anyway." Not necessarily qmail.
> > I help administer a qmail/ezmlm-idx configuration on eskimo.iglu.org.il.
> > It's not such a bad experience. To help me learn it better I took the
> > book "The qmail Handbook" during the last YAPC. I have read it and
> > liked it, but if at all, it convinced me that I would not voluntarily
> > install qmail as an SMTP server on new machines.
> > Here are my reasons:
Shlomi Fish shlomif at iglu.org.il
Knuth is not God! It took him two days to build the Roman Empire.
More information about the Perl