Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Announcements

Sendmail 8.10.0 Released 89

Eric Allman, who is one of the primary people behind Sendmail, wrote to let us know that Sendmail 8.10.0 was released. The code itself can be found at sendmail.org or from their FTP sever. A complete list of changes in sendmail 8.10.0 is available on sendmail.net.
This discussion has been archived. No new comments can be posted.

Sendmail 8.10.0 Released

Comments Filter:
  • by Anonymous Coward
    Ahem. SMTP AUTH is an RFC standard you dolt, qmail doesn't implement that; it implements its own little fscking login mechanism.

    sendmail also implements several kinds of authentication mechanisms. (Kerberos, MD5, etc.) and does it according to the standard.

    Get a fucking clue.

  • by Anonymous Coward
    I havn't come across a feature of sendmail that someone would use today, that postfix doesn't have.
    Take a look at it.
  • by Anonymous Coward
    I realize that Linuxconf [solucorp.qc.ca] is only available for mail servers running Linux, but if you are, I can really recommend it. Linuxconf will give you a web-, X-, or ncurses-based menu driven interface for configuring sendmail (and lots of other stuff). While it may not be a usability dream come true, it sure beats hand-editing sendmail's configuration files. And, if you need to customize your sendmail configuration beyond what Linuxconf offers, it will let you do that too, using your favourite command line tools.

    Cheers //Johan

  • by Anonymous Coward
    I agree. Even with the m4 macros, it's just plain stupidly designed.

    Why doesn't someone rip out the configuration part of sendmail, and replace it with something apache-style? It can't be that difficult.

    The innards of apache's "httpd.conf" file have got to be at least 80% as intimidating as the innards of "sendmail.cf". If you want an easy GUI configurator front end, then pay for the commercial version of Sendmail, it's only $99 right now.
  • by Anonymous Coward
    Here's something [newyen.com] to put security holes in perspective.
  • qmail has a patch for SMTP AUTH since a while back. Check out http://www.qmail.org/
  • I know this is highly subjective, but what is, in your opinion, the best MTA?

    I've been using exim, the default MTA that comes with Debian, and have been pretty happy with it. I also installed it on my Mandrake box cause I just couldn't figure out how to configure sendmail and I had no intention of spending lots of time on it.

    I heard a few nice things about Postfix. Besides that there is smail, qmail, vmail, and whatever-mail. Does anybody have any experience with them?

    ___
  • Some of your points above saying that 'qmail assumes' are simply what you assume that qmail assumes.

    qmail does not assume that all users have entries in the passwd file, nor does it assumes all users have different UIDs, not in fact does it assume that each user has a home directory.

    Just take a look at what vpopmail [inter7.com] does to simply provide hints to qmail as to how to handle mail. All the stuff vpopmail does is easy to do manually, and all is easily understood from the available documentation. In fact, before I knew about vpopmail, I created a utility that did basically the exact same function in an hour or two.

    Your other two points are true, although maybe not valid, and they're specific assumptions made by the code. You personally may think that a shared queue with multiple queue runners is the only way to work, but I would like to know whether you tried it qmail's way before deciding that was the way to do it. Admittedly, perhaps qmail isn't flexible in that area, but then again, perhaps qmail does it for a reason. djb is well-known for restricting people from shooting themselves in the foot, even if they might want to aim in the general direction of their foot, and are sure they won't hit it.

    That said, I currently have no preference in MTAs between exim, postfix, and qmail, since they all seem to be very good products. I haven't had the time and inclination both at the same time to learn sendmail yet, but I'm sure I'll give it appropriate time before making any judgement.
  • Hm, I apologize if we're talking apples and oranges- but can't you edit your /etc/aliases file and run 'newaliases' to redirect mail to user@blah to any particular file?
  • Okay, I wrote a long, detailed article on this topic, but Netscape crashed on me just when I was about ready to post it after an hour of composing it. Sigh. (I'll try to keep it shorter this time.)

    We were trying to make a scalable, reliable, efficient and nearly fault-tolerant mail platform based on a strategy of cheap servers clustered around more expensive (but stable) NetApp filers. The inspiration for this architecture came from the following excellent Earthlink papers:We wanted to use Maildir format to avoid NFS locking issues on the shared mail spool. (The locking problems seemed to be the main trouble that Earthlink had, using Unix mailbox format.) At the insistence of a new hire, we tried using qmail instead of sendmail as the MTA. (My preference was sendmail, since I know it well; qmail was interesting but an unknown quantity, and we were under a tight deadline.)

    Unfortunately, in our attempts to move to the intended server architecture, we ran into a number of assumptions in qmail which are hardcoded and scattered through the "modular" qmail code:
    • qmail assumes that all users have an entry in /etc/passwd (we needed user information to come from a database, not /etc/passwd)
    • qmail assumes that each user has a home directory which contains a ".qmail" file to control delivery (we wanted all users to be in Maildir format, and we wanted forwarding information to come from the same database, not from a ".qmail" file)
    • qmail assumes each user has a unique UID number (calls getpwuid())
    • qmail assumes its queue directory is local and plays games with the inode numbers (we wanted to experiment with an NFS-mounted queue for fault-tolerance, although the performance tradeoff may have proven unacceptable)
    • qmail assumes there is only one queue runner, so of course no locking is done on the queue (we wanted to experiment with a shared queue so multiple servers could drain a single queue in parallel and distribute load better)
    After fighting with qmail for several weeks, we ended up tossing all that work and starting over with sendmail when the new hire abruptly quit the company. In three days, we had most of the code written and working in sendmail that we fought with qmail for weeks trying to get it to do what we wanted.

    In my experience, the core qmail code is nearly incomprehensible, totally unmaintainable, and the much tauted "security" seems to be mostly through obscurity. The code is filled with idioms unique to qmail, and riddled with cross-dependencies between the ridiculous number of separate source files (many of which are one line long). While it may be easy to extend in certain ways envisioned by the author, modifying the core code can be a nightmare.

    Sendmail, on the other hand, is very clean. The code is well-modularized with clear interfaces. (I added a new map type to the sendmail source easily, in less than a day with very few lines of the original source modified.) The MDA functions are clearly separated from MTA functions, and the MTA doesn't make unwarranted assumptions. (It often doesn't even make warranted assumptions, but that's a different topic of discussion.) Making a Maildir version of "mail.local" was a breeze. Even modifying the arcane "sendmail.cf" file wasn't nearly as as hard as trying to work with the qmail source code!

    In summary, qmail has a niche it fills well -- small, simple user communities on a single server. If you have more than about 5,000 users, you may start finding that the single server no longer can handle the load, and that's when you'll start to stumble across qmail's limitations. If you want to run a serious mail platform under heavy load, sendmail is a better choice.
  • Virtuser table is highly annoying in sendmail.

    Let's say, I want to accept may for user@domainname and direct it to user foo.

    Simple, eh? Just add a virtusertable entry.

    Hmmm. Not working. oops. Gotta add, domainname into sendmail.cw so that sendmail recognizes it.
    All done, right?

    Oops, fo@domainname is being delivered to fo@mailserver instead of bounceing. Sendmail.cw has the side effect of delivering aliasing *@domainame to *@mailserver. Yuck!

    Now, I have to add another virtusertable entry to explicity bounce *@domainname.

    There we have it. Three entries, in two files where one entry in one file should have been sufficient.
  • I got 'em. I used wget. It took 3 or 4 tries to connect then got through. Try wget it is awesome!
  • I agree that SMTP AUTH has a high coolness factor, but the one thing I can't seem to find anywhere on the sendmail site is a list of clients that support it. Netscape messenger? Pine? Outlook? Does anyone know?
  • So don't fucking read it. If you don't like a post, don't read it. Better yet. Start your own fucking site and post only stories YOU want. Grow the fuck up. It reminds me of something my mom used to tell me years ago. When you get your own house you make your own rules but while you live in my house you live by my rules. And at least have the balls to post under your own account when you make complaints. If you aren't a logged in user, what you say about the site doesn't really matter. Take some accountability for once people.
  • The last I read on these issues is that this was a major concern for the sendmail guys. Does anyone know of the status of this? I feel like these two issues are really important in a modern MTA. I know there is an application on freshmeat that monitors the maillog for authenticated POP logins and adds authenticated users to sendmail for a short amount of time so they can relay mail but it seems quite the kludge.

  • You've never used mod_rewrite, have you?

    :grins.
  • Well, if you're not able to understand sendmail.cf switch to microsoft soft or maybe change job and start selling peanuts at the stadium but don't say sendmail sucks, because it's still the most powerful and flexible MTA out there. Period.
    And for me a new sendmail version with changes like SMTP AUTH it's many orders of magnitude more important than a new linux kernel point release...
  • I've always used the default MTA on my Linux servers (== sendmail, RedHat). But I've been having some major configuration trouble lately, and I was wondering if there were some more lightweight MTAs for UNIX systems around (preferrably open source for political correctness ;).

    I've read about qmail. I'd like to try it someday. Anybody care to share his experience?

    Specifically:
    - How easy is it to transfer an existing sendmail config?
    - Security? (I know sendmails reputation is bad...)
  • Well... I have the same problem. Even if I ftp with ordinary ftp (user anonymous or user ftp) i am rejected after i type in my email as password.

    Strange.

    Sendy
  • Thanks for a very well-thought-out aand expressed answer. I'd have e-mailed you to express this, but you'd posted as an AC...

    Just as an aside, we have tried to get consulting help from Sendmail, Inc., but they don't seem to want the business --- its three weeks since we sent them a proposal, and we haven't heard back, except "its going to a different group & you'll be hearing soon". Numerous phone calls remain unreturned. If they act like this when a potential customer is standing outside their door waving money, how responsive are they going to be when its time to do the work?

    Can you (or anyone else) recommend someone who actually *wants* consulting business and who knows sendmail? I'm thinking about VA Systems (since it'll run on their hardware), but I'm open to suggestions.

  • qmail rocks!

    Security is rock solid

    Migrating a sendmail config is not trivial (postfix might be better if that's your sole aim), however, the native configuration is far more intuitive once you get there. If you've been having problems configuring sendmail, you definately ought to check out qmail. Get it here [qmail.org]

    I've been running qmail on a pair of servers (in a very low volume site) and have had no problems at all, once I got it set up OK. Sendmail was a different matter...
  • Please check the links in the story: the RELEASE NOTES one doesn't work.

    (First post? Kuhl!)
  • Don't I feel like an idiot: the FTP server merely rejected my anonymous connection attempt through my corporate firewall. I need my caffiene...

    Anyone gotta place that I can view the release noets, then?
  • All the possible responses I can think of to this post are:

    #1 There ya go. Let's criticize everything.

    #2 Here's an Idea...instead of knocking something that's useful, suggest something better than slashdot.

    #3 If every troll had there way Jon katz would be dead and slashdot would never post anything because it wasn't worthy.

    #4 If you don't like it, leave.

    There I got it out of my system. Now no one else has to do it.

    Gerald
  • Come on... at least the Apache config files use keywords, and have a comprehensible structure. Sendmail uses single letter commands with an insane structure.


    --

  • More people are running it in production environments than any other MTA.

    More people are running Win 95/98 in production enviroments than any other OS. More people run wu-ftpd than any other ftpd. More people watch TV than read newspapers.

    sendmail's bugs tend to get found very quickly, publicized immediately, and fixed very quickly.

    They have a quick response because they're already used to it. And, besides, a quick response for a software bug is common practice in the open source community, specially if security-related. But the point is: a well designed MTA wouldn't have that many bugs.
  • Check out Exim. http://www.exim.org A very simple drop-in replacement for sendmail. Easy to install and powerful.
  • Dude, there's something called m4. That's the modern, enlightened way of configuring sendmail. If you're mucking around with .cf files, then you get what you deserve...

    Now that you mention this, have you seen ever how linuxconf sets up sendmail.cf? It has a whole bunch of chopped-up pieces of m4-generated (!) sendmail.cf files, and sticks them together like a first grader with a bottle of paste sticks construction paper together. Of course, all the tags at the top from the original chopped up sendmail.cf which are generated by the m4 macros to document what was used to build the sendmail.cf file are left in, making them less than useless. Furrfu!

    I'd rather watch something calm and wholesome like an unrated horror slasher flick or a video of surgial procedures on cable TV than have to ever look at a linuxconf generated sendmail.cf file again. (shudder)
  • Upgrading to 8.10 will help performance immensely by virtue of the new multiple mail queues feature, allowing you to reduce inode depths for long queue directories. In your case, you should definitely upgrade.

    There are also other various improvements to the source overall which have increased I/O performance incremently, but the multiple mail queues is the killer feature you'll want.

  • Yeah, the ftp server isn't allowing anonymous logins. So it'll be a while before we even get to see the release notes!
  • by Anonymous Coward
    Postfix is a *much* nicer MTA. It's config makes simple things simple, while leaving complex things possbile. It's source code is very clean and readable, and it's trivial to install (RedHat 6.1 includes it, but doesn't install it by default).

    It's a drop in replacement for Sendmail, written by the author of TCP wrappers.
    Give it a spin.

    (and it supports TLS with a patch!)
  • I thought Eric Allman was the creator of Sendmail, ie *the* person behind it.
  • Enjoy..

    SECURITY: The safe file checks now back track through symbolic links to make sure the files can't be compromised due to poor permissions on the parent directories of the symbolic link target.
    SECURITY: Only root, TrustedUser, and users in class t can rebuild the alias map. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS).
    SECURITY: There is a potential for a denial of service attack if the AutoRebuildAliases option is set as a user can kill the sendmail process while it is rebuilding the aliases file (leaving it in an inconsistent state). This option and its use is deprecated and will be removed from a future version of sendmail.

    EraseMe
  • I agree that it's easy to set up. I thought that it would be a huge nightmare, but it actually turned out to be really easy.

    However, it doesn't work like it *should*. I'm hoping that 8.10 will fix this. Apache's treatment of virtual servers is how I want Sendmail to treat them. Let's say that I have two domains: example.org and example.com. And I (waldo) want to get mail at each of those, but in separate POP accounts. And my mail server is named mail.example.com. I have to do this:

    1. Let CW recognise example.org & example.com.
    2. Get virtusertable to recognise waldo at both accounts and redirect them to separate accounts.
    3. Create two system user accounts: example.org-waldo and example.com-waldo.
    4. Give them shells of /bin/false.
    5. Set up my mail program to check both accounts on mail.example.com with the two e-mail addresses, and have to outgoing reply-to set to the "real" address.

    This is really ugly. I'm certain that there must be more elegant work arounds (probably involving MySQL), but I don't mind quite enough to get up to that.

    What would be *way* nicer would be a setup where the domains are truly apart from one another. No redirecting accounts. mail.example.org and mail.example.com would be recognised differently by my mail server.

    Now, I kind of got this working once, involving (*shudder*) linuxconf. I don't know how it worked, but there was all kinds of weird directories, like /vhome. But when I had to add a new account, wary of linuxconf, I ended up reinstalling sendmail and setting up a convoluted system like I've described above.

    Hopefully, a more Apache-like system will come into being with 8.10. I can't take much more of this. :) BTW, do yourself a favour -- don't get the bat book [oreilly.com]. It'll only scare you. I mean, it's a great book, don't get me wrong, but it's just more information than you need to get a basic server up. You'll just get overwhelmed.

    -Waldo
  • I know you mean well, but I just want to point out the FUDdy nature of this 'revelation' about Lotus.

    1) What is described (part of the 'international' in NSA escrow) is common practice for the US Software industry. Netscape and Microsoft do it in their mailers. Yeah, it sucks, but that's our gubernmint.

    In fact, if you have the export version of Netscape Communicator on your desktop, as many Linux users do, the NSA has part of your encryption key.

    2) It's now OK to export the 'North American' version of Notes to most countries. This version supposedly doesn't have any part of the key in escrow.

    3) AFAIK, sendmail is just an MTA and doesn't do any encryption. If it does, it's configured as a site policy which means that the NSA may or may not have all or some of your key in escrow, depending. Anyway, I'm not sure what sendmail has to do with Lotus/MS/Netscape's mail encryption, which is all done on the MUA side.
    --
  • You are correct. You also forgot that sendmail is a swiss army knife. You can configure it to do almost anything short of dry cleaning and laundry. The only pending rival here may be the new exim with perl-like capabilities in the config.

    But at the same time,

    Qmail still rips the guts out of sendmail as performance.

    Qmail does not have the record of the second most security-troubled sofwtare after Washington University

    Qmail still has more flexible local delivery support which sendmail gets only via various external delivery agents.

    Qmail as is does not have SPAM filtering. If you want to kill SPAM you can

    • easily integrate it into the local delivery.
    • Modify the RBL patches to refer to your own antispam database. This is elementary. Been there done that (not myself, by one of my colleges, I did the sendmail rulesets ;-). As a result you can get network wide synchronized SPAM filtering. As you probably deduced it can be done with sendmail as well ;-)
  • "it would seem that qmail has gotten the upper hand as far as features were concerned."

    You have to be kidding, right?

    At least as of a couple of weeks ago (haven't checked recently), Qmail hasn't been updated in three years. Here are some features in sendmail that are nowhere to be found in Qmail:

    ESMTP AUTHentication/some kind of SASL support

    RFC 1894 Delivery Status Notifications

    Any kind of spam filtering

    LDAP support

    UUCP support

    Qmail is still incapable of batching recipients for the same domain into one transaction

    And there's more where that's came from. I suppose DJB has been a bit occupied, the last couple of years, fighting the US Commerce Dept on the crypto issue, so Qmail has gotten a bit moldy.
    --

  • "Qmail still rips the guts out of sendmail as performance."

    Only in low/medium bandwidth situation. A properly tuned sendmail will beat the pants off Qmail in high volume mailings, mostly because of sendmail's ability to batch recipients to the same domain, and ability to recycle SMTP sessions.

    I agree on the remaining points.
    --

  • At least two of those security breaches are nothing to do with the fact that Microsoft technology was involved.
    They were down to bad working practices.

    I'm not an MS fan, but I would be wary of a company that tries to promote itself on the back of ill-researched half-facts that question the integrity of their main competitor.
  • Sendmail 8.10 Supports SMTP Authentication; it'l interoperate with Outlook Express, Netscape, Eudora etc. To avoid reinventing the wheel, it uses the cyrus SASL Library to supply the authentication funnctions. See ftp://ftp.andrew.cmu.edu/pub/cyrus-mail [cmu.edu] for the current libraries. To install sendmail with Authentication, look for sasl in the src/README file in the distribution.
  • qmail has performed very well here, albeit with only three virtual domains. We use the free add-on vmailmgr (http://em.ca/~bruceg/vmailmgr/), which allows you to add users to a virtual domain without requiring a new Linux logon for each one. (It's very handy.)

    The only real complaint I have about qmail is that the add-ons are all over the map, and it's very difficult to know which, if any, are part of the Received Canon, and which, if any, are heretical upstarts doomed to wither.
  • Alexey from Messaging direct has been keeping lists of all things that support SASL. I'm not sure if the sites moved but here's a cached copy http://www.google.com/search?q=cache:www.taxxi.com /homerus/mail/SASL_ClientRef.html

    Hopefully you'll be able to add mozilla to that list shortly too.
  • I don't have to fsck with the black magic of the sendmail.cf

    Dude, there's something called m4. That's the modern, enlightened way of configuring sendmail. If you're mucking around with .cf files, then you get what you deserve...

    James

  • That being said, OS sendmail configuration got much easier since m4 configuration files came about.

    There are two truths in the universe:

    • Figuring out how to use m4 with the templates, features, hacks, etc, is very difficult
    • Configuring sendmail using the m4 macros made it all much easier to handle.

    :-)

    btw, I'm not a GUI admin NT yuck yuck. I've done some incredible things with sendmail.cf files and I can't fathom doing the same things with other MTAs. But, you know, damn, it can be a bitch!

    Anyway, thanks for replying.

    P.S. Have you guys noticed that you can still release commercial software *AND* be open source at the same time?

  • read that "bat book" from o'reilly ...
    and look at those m4 files.

    You don't need to edit a .cf file in order to configure sendmail ... using the m4 files is very easy ... want to use cyrus deliver ?
    use MAILER(cyrus)
    Thats it ! :)

    I think sendmail is quite EASY to configure ... :)

    (and its still FAR more configurable than qmail or postfix :)

  • In reality it is really as safe as you care to make it.

    Majority of the "security issues" come from mis-configured configuration files. There have been others issues of course but misconfiguration is one of the biggest.

    Admittedly it takes a bit of time and effort to configure one correctly but from my experiance it is safer than my Exchange servers I run at work overall.
  • Qmail is a bit more logical in it setup than Sendmail, but that's not saying much. Setup is fairly simple (an hour at most after reading the docs).

    There are two places where Qmail really shines for me:

    1) Security. There was a $1,000 reward to anyone who could find a bug in Qmail that would allow access to the host. The deadline was a year (IIRC) and it came and went without being paid. Sure, it's not as gone over as Sendmail, but in three years, noone has reported a security bug of this nature.
    2) Mailing Lists. There's a package for mailing lists called ezmlm that really works. Normal users can create their own mailing lists as a part of their name (like markk-linux@fixbang.com) with all the regular features of Majordomo - automated sub/unsub, digests, etc. Creation is two or three commands - no editing files, no running "newaliases". It's available immediately.

    I'm not sure how it handles big loads, but I have it on a few smaller boxes and I've never had trouble with it.
  • > I'm not sure how it handles big loads, but I have it on a few smaller boxes and I've never had trouble with it.

    Actually Qmail is way much faster than Sendmail and requires a lighter load with the same ammount of traffic.
    I don't even think of using Sendmail. Why would one want to use a monolithic, buggy system like this? Sendmail has been designed WRONG from the very beggining (it's a monolithic program running as root most of the time). That's why so many security holes appeared. OTOH, a program whose compromise is with security (i.e. Qmail) runs as root the less time possible. No root account has been compromised via Qmail. The only problem that appeared is a possible DoS.

    I sincerely can't understand why people go for crappy software. Another very popular example is wu-ftpd. Sorry to say that folks, but IMO wu-ftpd sucks. Have you ever tried to chroot an user using wu-ftpd ? Gee... Not only it's a pain in the ass, it's also messy. How many bugs have been reported to wu-ftpd ? It's also historically insecure. There are much better ftp daemons. My favorite is ncftpd [ncftp.com] (yes, this one is commercial).

    So I just want to understand: Why are wu-ftpd and sendmail so popular ?
  • Dahling, if you want Qmail eeeasily, then you really must try e-smith Server and Gateway [e-smith.net].

    Installs in an hour, add addresses via a web interface and so much more, it's really quite exhilarating....;-)

  • We had sendmail running on one of our Linux machines in the the computer lab. A sysop came up to us and said "What? You don't need sendmail, shut that down." I said, "You gotta have sendmail, what if you forget the root password? You gotta be able to find a bug in sendmail and hack root!"
  • Now I know sendmail is a great program that has helped the whole community of linux/unix users alike. It stands right up there with apache as one of the highest servers around. I personally grow weary of it though. Of all the security issues involved with senmail ... is it really that safe?

  • Move yourself... I think a new release of a really massive used SMTP Server can be classified as "News for Nerds. Stuff that matters".
  • Version 8.10 represents the largest new feature release in sendmail's history.

    Hmmm... I think I'll wait 'til the first or second dot release.

  • by Anonymous Coward on Wednesday March 08, 2000 @11:25AM (#1218220)
    IDE drives were never "fairly happening." They were a cheap, low performance technology to keep desktop prices low. They were never high performance or designed for servers.

    Mail (and mail) is usually fairly IO bound (it must commit messages to disk per RFC 82(1|2) before passing them on). Get good disk and you'll go faster.

    That said, I've been told that sendmail can't do more than a couple messages a second by "experts". Fortunately, my machines which ran a typical 30,000 messages/hour with bursts to 50 or 60k per hour didn't know about these "experts."

    • Run SCSI. For more, run SCSI RAID. For more, run high performance SCSI RAID.
    • Use tools like bulk_mailer on lists.
    • Sort lists first by domain (better to send all the messages to hotmail over one single connection that tear down/start up the connections each time).
    • Ponder hiring someone with experience to reviews your setup at the least. Common questions are answered on comp.mail.sendmail, but if you've got an unusual setup, or need someone to come in and help you, it's often cheaper in the end to hire a consultant with a clue to help for a couple days than to spend three weeks learning how to do it yourself.

    Rob Kolstad wrote a paper for Usenix on tuning for lists a few years ago. If you're a member, you can find it. If not, join and find it.

    8.10 pluses:
    8.10 (and the commercial product that uses it) allows multiple queues. This means that you can have 6 queues (each on a separate spindle) running mail for you. This should fill a T1 quite handily.

    A big sendmail advantage is that you can get consulting and support. A company I did work for had those guys make some recommendations and help them and they seemed to benefit a lot. I figure if email is a production service, then buying support for it is a Good Thing. If the authors of Sendmail provide that, then great, money well spent - give back to the people who gave it to you (and these clients pay Sun a LOT for 24x7 hardware support).

    Much of the tuning that can be done applies to any mailer. Sendmail, by default, is fairly "nice" to the machine. You can tune it a thousand ways so that it runs on machines from a 12MHz Sun 3 with 8MB RAM to a 128 way SGI at peak performance. If you want to tune it to chug out 120,000 message per hour and destroy the bandwidth of a 10baseT network, that can be done with some experience. If you don't have it, you can hire that experience.

    Will 8.10 make a huge difference? Well it's been out for what, 15 hours? Beta for a while, but this has diffs from Beta12, so I don't think we know yet.

    RE: the qmail/postfix rants. Showing release notes of security fixes of Beta releases doesn't offer that there was a hole that was exploited. It shows that the code has been reviewed (in beta and alpha, largely) and that potential problems have been removed. I thought that's was beta was for.

  • by Syberghost ( 10557 ) <syberghost@@@syberghost...com> on Wednesday March 08, 2000 @03:39AM (#1218221) Homepage
    More people are looking at the sendmail source for bugs than any other MTA.

    More people are running it in production environments than any other MTA.

    In fact, most sites that run something else are *ALSO* running sendmail.

    sendmail's bugs tend to get found very quickly, publicized immediately, and fixed very quickly.

    Compare to, say, Exchange or Domino. Especially with the recent renewed attention to the old revelations [heise.de] that Lotus cripples their encryption to make it easier for the NSA to break messages.
  • by garver ( 30881 ) on Wednesday March 08, 2000 @06:51AM (#1218222)

    I can speak for qmail with a little larger number of users. I have qmail running for a small ISP with 3000+ accounts. The same machine is handling authentication, file serving, POP, etc.

    The machine is bored and its a low-end PC. You could build it for $1500 today. We push 15000+ messages a day.

    We switched from sendmail/qpopper to qmail. I got tired of administrating sendmail, not having real virtual email account support, watching qpopper slam my disk by copying the user's mail file everytime they popped, etc, etc. sendmail just has too much baggage and isn't elegantly designed in the first place.

    qmail is built very modular, tiny programs to handle every stop of the MTA process. This makes it more secure, setuid'ing whenever it can, reducing the amount of code that ever sees root permissions. Also, it is very easy to extend. I have qmail-pop authenticating from a SQL database, just by replacing the the checkpassword program.

    After using it, Maildir support is a must. In a Maildir, each message is a file. It sounds like a waste of inodes, and it is, but the performance benefits are incredible. Now when a user POPs, they don't have to lock their mailbox, and only touch the messages that they want. Before qmail, qpopper was causing my server (then running 1000 users) to write 4 GB/sec on my little 4 GB drive. In addition, my secondary mail server can deliver into the same mailboxes without locking, etc.

    I will give you that qmail can be a pain to administer by hand since its configuration is kind of distributed, with .qmail files in user's homedirs, redirecting their mail, etc. But I built a management system on top of it. This is where qmail really sings for us. We can change damn near anything just by twiddling some files, no restart, rebuilding config files, etc.

    And the best part, in my opinion, I have been using qmail for 1 year and I'm still using the same version. It does what it does and is rock solid stable and secure.

    How's that for a testimonial?

  • by tadas ( 34825 ) on Wednesday March 08, 2000 @06:09AM (#1218223)
    Will the new release of sendmail perform faster?

    This may be mildly off-topic, but it's a genuine plea for help -- see if you can recognize the symptoms and propose a solution. I thank you in advance.

    I'm in charge of a system which sends out approximately 50,000 emails a day to a list of subscribers.

    We were running this on a dedicated box. When I built it, this Pentium 120 with 128 megs of RAM and IDE drives was a fairly happenin' machine. It was running Red Hat Linux 5.2 and sendmail 8.8. The system queues outgoing mail into one of about 40 queues, depending on destination domain. A cron job runs sendmail against each one of the queues (the relevant invocation is:

    /usr/sbin/sendmail -OQueueDirectory=name of directory -OQueueLA=24 -OQueueSortOrder=host -OTimeout.connect=1m -OTimeout.helo=1m -q
    ).

    We were getting peak throughput as high as 20,000 messages delivered per hour.

    Due to the relaying holes in old versions of Sendmail, I wanted to upgrade to the then-current 8.9.3 Because of the Great C Library Change, the sendmail rpm available from redhat didn't want to work. So I upgraded the entire box to Red Hat 6.1.
    (please redirect all comments about the evils of RedHat, the rpm format, or how I should have compiled it myself from a tarball to /dev/nul).

    Now, the same volume of mail takes 6 times longer than before the sendmail 8.8->8.9.3, RHL 5.2->6.1
    upgrade. Moreover, it takes the same time on a VA Linux Full-On rack system, so hardware isn't an issue.

    Does anyone have a theory? Will upgrading to 8.10 help/hurt/be neutral?

    Again, thanks in advance
  • by weave ( 48069 ) on Wednesday March 08, 2000 @05:35AM (#1218224) Journal
    I know those guys deserve to make money and all, we all do, but I worry that it will come at the expense of the open source sendmail. A lot of the complaints from the NT camp and managers is the difficulty in managing sendmail configurations. Sendmail Inc sells nifty management tools to ease the management of sendmail, but they are closed-source commercial products.

    Basically it means we'll never see them improve sendmail management issues in the open source version in order to drive business to their commercial product.

    In my capacity as as a manager, I understand the need for commercial support and do pay for that. But my goals to have everything open-sourced are circumvented by this product extension scheme.

    (Disclaimer: I could be horribly misinformed and stuff like Sendmail switch *is* open sourced, but I've been poking around their sites and haven't seen it downloaded anywhere without paying.)

  • by mbyte ( 65875 ) on Wednesday March 08, 2000 @04:14AM (#1218225) Homepage
    is SMTP AUTH .. it rocks my world ! :)

    for those who don't know ... with SMTP AUTH you can "login" to an smpt server to permit relaying. This feature is a MUST for most ISP's !

    It uses the cyrus SASL library, so if the client supports it, it can handle nearly any authentication method, from Kerberos to CRAM-MD5 :)

    There is even a patch (or allready included in sasl) so that OutlookExpress (which uses an VERY OLD SMTP LGOIN command) can use SMTP auth !

    I'm still using one of betas for exact this functionality .. NO other competitor (qmail,exim, etc...) has it ... GO SENDMAIL GO !

    regards,
    Michael
  • by Tim Behrendsen ( 89573 ) on Wednesday March 08, 2000 @04:58AM (#1218226)

    I agree. Even with the m4 macros, it's just plain stupidly designed.

    Why doesn't someone rip out the configuration part of sendmail, and replace it with something apache-style? It can't be that difficult.


    --

  • by autechre ( 121980 ) on Wednesday March 08, 2000 @07:30AM (#1218227) Homepage
    I have a server which is doing 3, soon to be 5 virtual domains. Apache configuration is simple. Sendmail was also very easy to configure. All you need to do is this:

    1. Have support for a sendmail.cw file, so that it will accept mail for all the hostnames. Put the hostnames in that file :)

    2. Add in support for virtusertable, which is similar to /etc/mail/aliases, but a bit different. This allows you to redirect, say, webmaster@host1 to a different place than webmaster@host2, redirect all mail for 1 domain to one place, etc.

    I have the O'Reilly book, but I didn't actually need it; I found all the info I needed on www.sendmail.org. It took about 1/2 hour. In case you're wondering, I'm a college student who's been using Linux for about 2 years, not a 60-year-old UNIX guru.
  • Yes. Easily. qmail [qmail.org] with the vpopmail [inter7.com] addon from Inter7 [inter7.com] will make you wonder why you ever bothered to try and configure Sendmail.

    You might also be interested in their qmailadmin [inter7.com] addon which allows web-based management of domains, and sqwebmail [inter7.com] which adds a hotmail-esque web interface for checking & sending email.

    qmail is different than Sendmail, considerably so. But once you understand how it works, I think it's design is far superior to that of Sendmail. It's much more unixy, IMNSHO. There is ample evidence [cr.yp.to] that qmail is considerably faster and less resource intensive than Sendmail, but what really made the difference for me was the security [cr.yp.to] focus of qmail.

    As I said, qmail is different from Sendmail, but there is a lot of contributed documentation [qmail.org] available as well as commercial support [qmail.org]. The qmail community is large, capable and very motivated. They do have one problem though, they don't have a 4-inch-thick O'Reilly [oreilly.com] book dedicated to their MTA...
    ...hmmm, maybe there's a reason for that!

  • by cying ( 132283 ) on Wednesday March 08, 2000 @06:54AM (#1218229) Homepage
    <CYA>Mini-disclaimer: I work for Sendmail, Inc., am one of Sendmail Switch's developers, but my opinions are not necessarily representative of those of Sendmail, Inc.</CYA>

    Sendmail Switch isn't open source software, it's commercial software. It does many sophisticated management thingies besides configuring sendmail.

    That being said, OS sendmail configuration got much easier since m4 configuration files came about. And while it's not an Apache-style configuration, etc., it's on the same level in terms of difficulty.

    The OS sendmail developers work pretty much orthogonal to the commercial component developers. Feature sets of OS sendmail are driven by the OS community. They are aware of the inherent difficulty of configuring sendmail, and consider it to be quite a shortcoming of OS sendmail, independent of whether management components exist in a commercial software product.

    You will probably see OS sendmail become easier to use somewhere down the line.

    One final note, Sendmail Switch was built using open source technology. It's not apparent to people outside the company, but if you bought the product you'd see we use open source technology extensively in the product. The commercial component developers also believe in OS principles, which is why our products use open source technology where possible.

    Sendmail Switch is commercial software. But buying it supports the company. Supporting the company supports the OS developers - giving a secure "home" and dedicated resources to OS sendmail development. Benchmarking, compatibility labs, food, and clothing are examples of such.

    Hope that gives a small view from the inside.

    Regards,

    Charles

  • by zaius ( 147422 ) <jeff.zaius@dyndns@org> on Wednesday March 08, 2000 @03:53AM (#1218231)
    IMHO, sendmail is not the best mail server in the world. Sure, its the most powerful and the most scalable, and it is probably the best solution for servers with 10,000+ users, but it's a bear to configure. Sometimes I stay up late at night wondering weather or not the sendmail people intentionally made it difficult to configure for their own job security.

    MHO also says that if you are looking at setting up a mail server, you should check out Postfix [postfix.org] by Wietse Venema, or qmail [qmail.org] first. I have been using postfix instead of sendmail for quite some time now, and have not had a single problem. Of course, I only have 600-1000 users, so my system is certainly not a true test of its capabilities.

  • by EraseMe ( 7218 ) on Wednesday March 08, 2000 @03:35AM (#1218232)
    I found this to be interesting:

    Support multiple queue directories. To use multiple queues, supply a QueueDirectory option value ending with an asterisk. For example, /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with 'q' in /var/spool/mqueue as queue directories. Keep in mind, the queue directory structure should not be changed while sendmail is running. Queue runs create a separate process for running each queue unless the verbose flag is given on a non-daemon queue run. New items are randomly assigned to a queue. Contributed by Exactis.com, Inc.

    This could be great for my Solaris box with 50,000+ active SMTP connections, as we may be able to segregate the mail queue onto seperate partitions! :)

    EraseMe
  • by noeld ( 43600 ) on Wednesday March 08, 2000 @03:28AM (#1218233) Homepage
    For lots of really good information on Sendmail 8.10 checkout Sendmail.net

    They have a series of articles [sendmail.net] such as Spam control in 8.10 [sendmail.net], Performance and usability in 8.10 [sendmail.net] and many more.

    Noel

    RootPrompt.org -- Nothing but Unix [rootprompt.org]

Put not your trust in money, but put your money in trust.

Working...