A quick question

Fri Mar 18 20:58:56 PST 2005

We're using a setup with net-qmail, qmail-scanner, clamd, spamassassin, 
vpopmail/mysql, courier-imap, and some home brew message processing.  
We've been using qmail for almost 5 years now, and could feasibly use it 
for another 5+ without looking back.  The 2 beauties of qmail are its 
configurablity and its reliability. 

Qmail is divided in to nearly 20 separate small special purpose 
programs.  The advantage to this system is that messages can be directed 
through qmail in almost unlimited ways.  For example, our virus scanning 
boxen use the "smtproutes" configuration to proxy clean mail to our 
storage server rather than attempt to deliver it local users on that 
box.  On that main mail server we modify the default delivery 
configuration to insert our homebrew spam sorting script before delivery. 

The reliability of qmail is unmatched. Many people are kind of confused 
by the lack of qmail updates.  The latest release, 1.03 was put out in 
the mid 90s.  Quite simply there aren't bugs or exploits in qmail so why 
bother releasing newer versions.  The only maintenance we really need to 
do for our servers is related to other packages.  We spend about an hour 
a month doing a makeworld on all of our mail machines, and portupgrading 
for courier-imap, mysql, spam assassin, and clamscan.  The only real 
down time is the reboot for the make world, and the time during a mysql 
update where the database is offline. 

The other dimension of qmail's reliability is it's toughness.  We push 
about a million messages per day through qmail without it flinching, but 
that should be expected of any MTA.  What I really like about qmail is 
that it's reasonably forgiving.  A messages life time in qmail is 
essentially divided in to two portions.  The first of these portions is 
during its arrival.  Only once a message has fully arrived and has been 
written successfully in to the queue will qmail-smtpd mark the message 
as being accepted.  Once the message is in the queue it is processed for 
delivery.  If the message is bound for a local user, qmail-local reads 
the message from the queue and attempts to delivery it.  If it's 
unsuccessful, for example the user database was down, it marks a 
temporary failure and instructs qmail to try again in a few minutes.  
Only after the message is successfully in the users Maildir is the 
message removed from the queue.  This queue system guarantees that no 
mail will EVER be lost.  Last week we updated our mail storage/pop/imap 
server to a SATA RAID setup.  Our virusproxying servers mentioned above 
queued nearly 300,000 messages while the master server was down.  As 
soon as their destination on the master server was available the 
messages were delivered and removed from the queue.  We were able to 
pull a central server out of operation for 6 hours without losing a 
single message. 

The one issue commonly mentioned with qmail is the patching process.  
This is problem is largely obsolete with the advent of net-qmail.  
Net-qmail is essentially stock qmail, patched with a few blessed 
additions.  By itself qmail has pretty much everything you could need, 
there are a few patches for example to add SMTP-AUTH or TLS support.  
Simply apply the patch and wallah features.  At the same time, if you 
don't need TLS support, then why incorporate it in your MTA.

As for setting it up with NIS or LDAP, vpopmail and courier-imap offer 
an LDAP authentication module.  That should be all you need.  We use a 
mysql backend for vpopmail and courier-imap, but essentially all of the 
AuthDB stuff is hidden behind vpopmail and courier-imap.  Qmail's 
support for authentication comes through checkpassword programs.  This 
is where vpopmail's vchkpw fits in.  Therefore, your authentication DB 
is essentially abstracted behind vpopmail.

Thank You,

Cody Baker
cody at wilkshire.net
http://www.wilkshire.net

Ed Stover wrote:

>I am in the process of designing a server to be used as a "pop toaster"
>type deal. Basically, I have experience with sendmail and imap-uw but
>knowing the limitations of that combination I am wondering what you
>FreeBSD-ISP guys & gals use as your combinations on your high traffic
>environments. Also, what is your opinion on using OpenLDAP vs FreeBSD's
>built in NIS infrastructure in combination with those other your MTA MDA
>set ups. Although with a some research on the net I have found that ISPs
>and other large organization are drifting toward qmail. If you use qmail
>+NIS or LDAP what was your experience like when replacing sendmail with
>qmail on FreeBSD? Any response with be greatly appreciated. 
>
>PS Any ideas on filtering inappropriate content from emails aside from
>procmail?
>
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>  
>