A quick question

Vlad GALU vladgalu at gmail.com
Sat Mar 19 03:08:10 PST 2005 

On Fri, 18 Mar 2005 23:58:21 -0500, Cody Baker <cody at wilkshire.net> wrote:
> We're using a setup with net-qmail, qmail-scanner, clamd, spamassassin,
> vpopmail/mysql, courier-imap, and some home brew message processing.
> We've been using qmail for almost 5 years now, and could feasibly use it
> for another 5+ without looking back.  The 2 beauties of qmail are its
> configurablity and its reliability.
> 
> Qmail is divided in to nearly 20 separate small special purpose
> programs.  The advantage to this system is that messages can be directed
> through qmail in almost unlimited ways.  For example, our virus scanning
> boxen use the "smtproutes" configuration to proxy clean mail to our
> storage server rather than attempt to deliver it local users on that
> box.  On that main mail server we modify the default delivery
> configuration to insert our homebrew spam sorting script before delivery.
> 
> The reliability of qmail is unmatched. Many people are kind of confused
> by the lack of qmail updates.  The latest release, 1.03 was put out in
> the mid 90s.  Quite simply there aren't bugs or exploits in qmail so why
> bother releasing newer versions.  The only maintenance we really need to
> do for our servers is related to other packages.  We spend about an hour
> a month doing a makeworld on all of our mail machines, and portupgrading
> for courier-imap, mysql, spam assassin, and clamscan.  The only real
> down time is the reboot for the make world, and the time during a mysql
> update where the database is offline.
> 
> The other dimension of qmail's reliability is it's toughness.  We push
> about a million messages per day through qmail without it flinching, but
> that should be expected of any MTA.  What I really like about qmail is
> that it's reasonably forgiving.  A messages life time in qmail is
> essentially divided in to two portions.  The first of these portions is
> during its arrival.  Only once a message has fully arrived and has been
> written successfully in to the queue will qmail-smtpd mark the message
> as being accepted.  Once the message is in the queue it is processed for
> delivery.  If the message is bound for a local user, qmail-local reads
> the message from the queue and attempts to delivery it.  If it's
> unsuccessful, for example the user database was down, it marks a
> temporary failure and instructs qmail to try again in a few minutes.
> Only after the message is successfully in the users Maildir is the
> message removed from the queue.  This queue system guarantees that no
> mail will EVER be lost.  Last week we updated our mail storage/pop/imap
> server to a SATA RAID setup.  Our virusproxying servers mentioned above
> queued nearly 300,000 messages while the master server was down.  As
> soon as their destination on the master server was available the
> messages were delivered and removed from the queue.  We were able to
> pull a central server out of operation for 6 hours without losing a
> single message.
> 
> The one issue commonly mentioned with qmail is the patching process.
> This is problem is largely obsolete with the advent of net-qmail.
> Net-qmail is essentially stock qmail, patched with a few blessed
> additions.  By itself qmail has pretty much everything you could need,
> there are a few patches for example to add SMTP-AUTH or TLS support.
> Simply apply the patch and wallah features.  At the same time, if you
> don't need TLS support, then why incorporate it in your MTA.
> 
> As for setting it up with NIS or LDAP, vpopmail and courier-imap offer
> an LDAP authentication module.  That should be all you need.  We use a
> mysql backend for vpopmail and courier-imap, but essentially all of the
> AuthDB stuff is hidden behind vpopmail and courier-imap.  Qmail's
> support for authentication comes through checkpassword programs.  This
> is where vpopmail's vchkpw fits in.  Therefore, your authentication DB
> is essentially abstracted behind vpopmail.
> 
> Thank You,
> 

   While you're at it, you might want to try this:
http://freshmeat.net/projects/uqmail/

-- 
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.

More information about the freebsd-isp mailing list