Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Book of Postfix

timothy posted more than 9 years ago | from the danny-boy dept.

Communications 103

danny writes "Do you run a mail server using Postfix? If so, then you should check out the latest addition to my book reviews, a look at Hildebrandt and Koetter's Book of Postfix." Read on for the review.

When The Book of Postfix arrived, I jumped straight to the chapter "Understanding SMTP Authentication", since that was something I wanted to get working. This explains the problem -- how to allow travelling users with unknown IP addresses to send mail through a mail server without opening it up to spammers -- and clearly lays out the options: SMTP-after-POP or -IMAP, SMTP authentication, certificate-based relaying using TLS, or some kind of VPN. "If you want something simple, independent, and secure, SMTP AUTH is probably for you."

The remainder of the chapter explains how to set up a backend for SMTP authentication -- a choice between saslauthd and other options -- and the following chapter then explains how to configure Postfix to use it. This approach is typical of The Book of Postfix, which tackles many topics with paired chapters, the first covering background, theory and any ancillary systems and the second covering the actual Postifx configuration. It also emphasises progressive implementation accompanied by testing, which is most reassuring when modifying production servers.

Other chapters in Part III, "Advanced Configurations", cover running Postfix chrooted, using TLS (two chapters), mail gateways and multiple domains. There's also a chapter that works through building a complete mail system for an organisation. Part IV covers tuning and the appendices cover installing Postfix (for Debian or Redhat Linux, or from source) and troubleshooting.

Moving backwards, the hundred and twenty pages in part II cover content controls. Some basic postmaster background is followed by pairs of chapters on each of message transfer restrictions, built-in content filters, and external content filters. I've been working through these, improving my anti-spam controls, and they're proving really helpful; my next step will be implementing amavisd-new.

Part I explains how to set up a host to run Postfix, with ancillary services such as DNS, NTP and syslog, then how to set up a simple single domain configuration, either on a permanently connected machine or on a dialup machine. It then gives a brief description of Postfix's basic anatomy. Part I is concise -- just fifty pages -- but it offers everything most people will need for a basic setup.

There's no cruft in The Book of Postfix: it's a fairly chunky book, but none of it is padding. Excerpts from configuration files include just the right amount of context and the diagrams (and a very few screenshots) are integrated with the text and tightly focused. Given the scope, it's probably overkill for basic Postfix users, though the first fifty pages would make an excellent "getting started" guide for them.

There are some omissions. There's no general explanation of how the file works, for example, or of rewriting -- neither "masquerading" nor "canonical" appear in the index or glossary. The "Anatomy of Postfix" chapter could definitely have been more comprehensive.

How does The Book of Postfix compare with the O'Reilly book Postfix: the Definitive Guide ? The Book of Postfix is nearly twice the length and provides much more detailed step-by-step explanations and more on ancillary systems -- it explains how to set up backends for SMTP authentication, for example, rather than just telling you that you need one.

I highly recommend The Book of Postfix to anyone using Postfix and wanting to do more than the basics with it.

Danny Yee has written over 800 other book reviews. You can purchase The Book of Postfix from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

Dumb Question... (4, Interesting)

creimer (824291) | more than 9 years ago | (#12944577)

Why are mail servers so needlessly complicated? Seems like you have to be a PhD Rocket Scientist to change the most simplest thing.

Re:Dumb Question... (5, Insightful)

bizard (691544) | more than 9 years ago | (#12944629)

Because mail servers are more accurately mail _systems_. Complex interactions between local and remote users, spam and virus filters, strict adherence to standards and allowances for broken implementations of same and most importantly (and hardest to deal with) proper dns configuration and lack of same. Nobody wants to lose any mail, so you have to work with 30 year old mail servers just as easily as last months latest rev.

All this for a moribund standard (0, Troll)

Urusai (865560) | more than 9 years ago | (#12944890)

In Korea, only old people use email.

Re:Dumb Question... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12945001)

Fuck Slashdot.

Re:Dumb Question... (5, Informative)

toxic666 (529648) | more than 9 years ago | (#12944698)

Mail servers (I use postfix as a filtering gateway to an Exchange system) are not "needlessly complicated". They are quite easy to set up if all you want are basic, secure mail services.

However, if you want added functionality, security, filtering, spam / virus control, you need to understand what you are doing if you want to use an open source *nix-compatible mail server.

If you just want something "easy" (read: click and drool), expose Exchange to the Internet and pay through the nose for security software that is behind the times.

If you understand how the internals of a richly-functional mail server work, you too may achieve >99.99% spam and virus filtering with 0.0001% false positives. And do it much cheaper.

Re:Dumb Question... (1)

Nailer (69468) | more than 9 years ago | (#12947104)

you need to understand what you are doing if you want to use an open source *nix-compatible mail server.

That's insightful?

I believe the question was why is it so complicated. You haven't answered it. Why should Open Source or UNIX mail servers be less easier to use than proprietary or non-UNIX systems?

Re:Dumb Question... (1)

Taladar (717494) | more than 9 years ago | (#12948540)

Because you can either make it easy (and guess lots of necessary values) and have mediocre to bad performance (overall, not only speed) or you can perform well by asking the user some questions but that kills the "easy".

Re:Dumb Question... (3, Insightful)

Nailer (69468) | more than 9 years ago | (#12948566)

You need to justify those statements: why does security and ease of use have to be mutually exclusive?

People assume these things, and I don't think it's warranted. I think the UI for the security is probably just badly designed. Many people would say Windows sets users up as admins because that's easy, and doing things securely would be hard. But is 'type your admin password to continue' like Fedora or OS X uses really that hard?

Maybe the problem is that you're fucking braindead (1)

Sexual Asspussy (453406) | more than 9 years ago | (#12951127)

Jesus. Had you shared your worthless opinion about 10 years ago, when all the world was using Sendmail, then you'd have some weight to it. Sendmail's config was arcane and didn't immediately make much sense to people who weren't expecting it. But now, in the world of Postfix and Qmail, I can only conclude that you are a cock-chugging idiot.

How fucking easy does a computer program have to be before you are satisfied? Do you want a shiny button saying "CLICK HERE FOR MAIL SERVER TO WORK"? Like a cup of warm milk and some arrowroot cookies with that? Mail servers do a hard job. They need to have a precise language of configuration. If you can't hack Postfix's plain-English config files, you have no fucking business operating a shell account. Go back to Win 95, strangle yourself while beating off to gay scat, and leave the big boys to play with the big toys.

Seriously. If you are so inept as to not be able to handle mail servers, learn a trade like HVAC or roofing or something. We don't want you here.

Re:Maybe the problem is that you're fucking braind (1)

Nailer (69468) | more than 9 years ago | (#12957019)

Dear not-particularly-good troll:

I'm actually quite competant at both Sendmail and Postfix. I wasn't actually talking about myself. You just assumed I was, and made yourself look like a dick as a result.

Qmail isn't Open Source you fucking idiot.

Re:Dumb Question... (3, Interesting)

ZosX (517789) | more than 9 years ago | (#12944704)

I'll bite.

Mailservers are complex that is why. Just take a look at Exim to see what happens when a mailserver gets a bit too complex. In Exim you have this whole transport pipeline that the message must pass through before it gets delivered. Along the way you can change headers, filter for spam, virus check and about a million other things including sender id.

Thankfully (at least in debian) it comes with a script that will do quite a few basic configurations after asking a few questions. Your e-mail needs may not be as complex as others, but when a site needs a an e-mail server to handle 10,000+ e-mails an hour, streamlining and tweaking the process allows things to be much smoother. I admit I am not anywhere near an expert when it comes to SMTP servers, but I can see the value in wanting to make things run smooth and streamlining the process is a part of that.

Personally, I've found that postfix is pretty easy to set up and maintain compared to other daemons out there. As far as I am concerned, anything has to be better than configuring Sendmail, though I guess it has become a lot more secure over the years.

I'm sure others will have a lot more to say on this subject.

Re:Dumb Question... (2, Informative)

Armadni General (869957) | more than 9 years ago | (#12944844)

I would still never trust Sendmail with anything reaching above the level of "joke."

It has gotten more secure, sure, but that still doesn't stop a large number of attackers from successfully compromising the system.

And, on top of that, Sendmail is hell to configure.

Again, much love for Postfix.

Re:Dumb Question... (0)

Anonymous Coward | more than 9 years ago | (#12944856)

The question is, do they HAVE to be so complex?

Here's an example: I run a Linux desktop. I have a server that runs a mail server, and use it for sending and receiving email via SMTP and POP3. I have a few cron jobs that run at night on my desktop. I'd like to get the output of those cron jobs as an email. Why do I have to install a full-fledged, complex mail server and go through all kinds of configurations on my desktop box just to get the output of cron jobs?

Re:Dumb Question... (2, Informative)

dodobh (65811) | more than 9 years ago | (#12945145)

Basics []
Standard configs []

You shouldn't need to really configure much more than that.

Re:Dumb Question... (2, Interesting)

Romeozulu (248240) | more than 9 years ago | (#12945345)

JFC!!! You're links just proved the parents point.

Pages and pages of stuff that you already have to understand to understand. I agree, mail servers are needlessly complex. All I want to do is receive mail and send it to 3 users on my machine, and have them be able to send mail via TB to the server without it become a spam relay. Why is this so damn hard.

Maybe it isn't but they people that document mail servers don't have a clue.

Why is it so damn hard to have the mail server require a user and password to send mail though it. I don't want to set up a hole SSL TSL BFD system with certificates and crap.

Why is the that the same program that receives mail from the outside world is the one that accepts connections from clients. This is silly and contributes to the spam problem. Much like POP3 or IMAP is a separate program, so should the one that accepts mail from a client like TB or Outlook. Then we wouldn't have this will spam problem.

Mail servers are still stuck in the mainframe days. Time for someone to rethink this mess.

Re:Dumb Question... (3, Informative)

dodobh (65811) | more than 9 years ago | (#12945411)


Mail server documentation is written for IT professionals and system administrators who know what they are doing.

This is not meant for end users.

And if you had bothered to read those links, they are newbie friendly and actually explain in depth what the changes you are doing do to the mail system.

Also, MUAs are supposed to submit mail on 587/tcp via SMTP. I recommend you follow that rule.

Re:Dumb Question... (2, Informative)

Tassach (137772) | more than 9 years ago | (#12945682)

All I want to do is receive mail and send it to 3 users on my machine, and have them be able to send mail via TB to the server without it become a spam relay. Why is this so damn hard.
The default postfix config that comes with Fedora Core is probably all you need. FC installs sendmail by default, so you need to install postfix and switchmail (and probably dovecot, if you want pop3/imap capability:
yum -y install postfix dovecot system-switch-mail
rpm --erase sendmail
Assuming you already have your MX record set up and port 25 open to the world, you should then only have to change 3 lines in /etc/postfix/ to be able to send & recieve email from any machine on your LAN to anywhere in the world:
myhostname = mail.mydomain.tld
mydomain = mydomain.tld
mynetworks =
The only gotcha is that if you are on a cable modem / dsl, some ISPs (AOL) might not accept your mail based on your IP. In that case you need to make one more change to
relayhost =
This forces all outbound mail to go through your ISP's official mail server.

Then all you have to do is (re)start postfix:

service postfix restart
It's that easy.

You can do more tweaking to improve security and set up spam & virus filtering, but those are complicated topics and are therefore complicated to configure. Switching to use maildir delivery (vs the default mbox format) is trivial to do, and is left as an exersize for the reader.

Re:Dumb Question... (1)

merlyn (9918) | more than 9 years ago | (#12948681)

All I want to do is receive mail and send it to 3 users on my machine, and have them be able to send mail via TB to the server without it become a spam relay. Why is this so damn hard.
Because spammers (read: "the people who shameless use the resources of innocent third parties to shove unwanted advertising down our throat") are getting more clever about finding open relays.

Yes it sucks, but yes, the moment you're on the net you have to play like the big boys and do everything right.

Re:Dumb Question... (1)

gothfox (659941) | more than 9 years ago | (#12948852)

Why is the that the same program that receives mail from the outside world is the one that accepts connections from clients. This is silly and contributes to the spam problem.

Maybe that's because mail delivery from MUA and other MTAs are done (sometimes, not always) over one standard protocol - SMTP?

I'm sorry, really, but with this level of understanding you have no business whatsoever in configuring mail servers. Ask your sysadmin to do it for you.

Re:Dumb Question... (1)

stilwebm (129567) | more than 9 years ago | (#12945431)

The question is, do they HAVE to be so complex?

Here's an example: I run a Linux desktop. I have a server that runs a mail server, and use it for sending and receiving email via SMTP and POP3.

They don't have to be so complex if you're only using it for one or a few users, and especially if you are using it for local delivery only. Postfix is not designed for what you described, so it is a bit of an overkill. Take a look at mailx and TistedMail. There probably others out there as well. I left smail off the list because it has an unresolved buffer overflow vulnerability, but if that gets fixed it might be perfect for you.

Re:Dumb Question... (0)

stilwebm (129567) | more than 9 years ago | (#12945593)

That should read "TwistedMail"

Re:Dumb Question... (0)

Anonymous Coward | more than 9 years ago | (#12944750)

If you want to do complicated things, it gets complicated. If not, not.

Re:Dumb Question... (0)

Anonymous Coward | more than 9 years ago | (#12944863)

I hear ya, but I don't think that it is the mail server that is needlessly complicated, but rather the documentation.

Take a look at the Postfix or Exim documentation -- it's like a Debian manual.

Re:Dumb Question... (1)

Rasta Prefect (250915) | more than 9 years ago | (#12944968)

Why are mail servers so needlessly complicated?

They're not. If you think they are, this probbaly indicates you have no clue whats involved in running a large mail installation.

Seems like you have to be a PhD Rocket Scientist to change the most simplest thing.

Rather ironically I'm currently taking over mail service from a department of Rocket Scientists who no longer have the in house skillset to do it themselves.

Re:Dumb Question... (1)

Alphabet Pal (895900) | more than 9 years ago | (#12945108)

Fortunately, according to Charles Fitzgerald [] , Microsoft is about to put the rocket scientists who do AJAX programming out of work when they release their new AJAX development platform, so there will be plenty looking for Postfix admin jobs.

Re:Dumb Question... (0)

Anonymous Coward | more than 9 years ago | (#12945253)

Try qmail, it's about as simple as a mail server could get, and it's still pretty complicated.

Postfix has a zillion bizzare options that you don't need all at once, so it seems complicated

Re:Dumb Question... (1)

hildeb (896211) | more than 9 years ago | (#12945637)

The point is that YOU don't usually need them. But when you do: Postfix: Set them differently qmail: It's Patch time again.

Reliability, Security, Spamblocking are hard (1)

billstewart (78916) | more than 9 years ago | (#12945285)

I supposed it depends on what you mean by "needlessly complicated". Basic mail delivery that works 95% of the time across a reliable Internet is pretty easy.
  • Some complexity is necessary, because mail servers are trying to solve hard problems, like getting the reliability from 95% to 99.999%, detecting failure conditions and responding appropriately, providing various levels of security for the users and for the system, and blocking whatever new trick the spammers came up with this week to get around the new trick you deployed last week, and fixing the reliability problems that happened because somebody else's mailer didn't get along with the anti-spammer trick you installed the week before.
  • Some complexity is because mail systems used to solve much harder problems (delivery across half a dozen network architectures, such as UUCP, that are mostly less reliable than SMTP over dedicated Internet connections), and they implemented it in highly extensible generalizable ways, like Sendmail config files, which can probably still be used to implement Turing Machines.
  • Some complexity is because of ugly Baroque programming styles - there's no particular need for a mailer config file to implement Turing Machines, when simple pattern-matching table-driven mailers like UPAS did the work without all that ugliness, and there's no need for file formats that not only steal bytes but even bits because the output might occasionally be a bit shorter, like the ASN.1 used in X.509 security certs.
  • Some complexity is because of historical leftovers - splitting MTAs and MUAs really does simplify the MTA, especially when the destination address can follow a single DNS-based addressing standard, instead of arbitrary complexities like mixtures of UUCP, Bitnet, and ARPAnet names. And the early BSD operating system insistence that Port 25 only be listenable by root meant that any mailer running SMTP in that environment needed to run at least with setUID-root privileges, exposing the mail server to lots of security risks, so the mail system had to be much more complex to defend itself against lots of little security hacks that would be much less serious if the mailer ran as a non-root user like uucp and used setgid-mail to deliver mail into mailboxes.
  • Some complexity is because splitting up the MUA and MTA functions means that sometimes the MTA doesn't know as much as it needs, e.g. a firewall email-relay proxy might not have access to the database of valid user names, which makes it harder to do good bouncegrams and good spammer rejection. Furthermore, it frees the MUA and MTA to be produced by different people, which means there's a need for standardization so all of the subtle features work (like user directories and security.) (Just because I said in the previous paragraph that splitting up the MTA and MUA simplified things, that doesn't mean that simplifying things always makes your life simpler....)
  • Some complexity is because Microsoft-adopted file sharing protocols were the closest available standard-like-thing that some little development shop had around, so they built a mail system that used file sharing instead of sockets, without learning from the experience of the UUCP-based mail systems, and they were building it entirely as a LAN-based system without thinking of how it would scale outside a closed environment, and they built mailboxes in a fragile and unmaintainable format, and when the thing suddenly got itself named "Microsoft Mail", it spent a decade growing into a much larger thing that was a cornerstone of an Evil Plan to lock users into Microsoft Office by aggressive use of feature creep and anti-standardization, and while it's really much much more reliable than it used to be, it's still the Mos Eisely of mail systems.

Re:Dumb Question... (0)

Anonymous Coward | more than 9 years ago | (#12945290)

It's not a dumb question. On some level mail servers are so complex because in general the same mail system(s) are intended to be used by folks with 25 or 250k users. There are a few mail servers out there which are designed for a small number of users with a limited set of functionality. In general those systems are relatively simple and a lot of the 'needless complexity' has been filtered out of the system.

Windows 2003 for example offers the ability to use the IIS SMTP service and a POP3 service to provide a relatively simple mailer to users. There are a number of other products built by smaller companies which fall into this category as well.

That being said, the "Simple" portion of SMTP refers to the basic interaction of servers when communicating to send mail messages. The fundamental dependencies to allow communication that to happen in the first place are much more complex.

Re:Dumb Question... (1)

zerocool^ (112121) | more than 9 years ago | (#12945591)

When I worked at a webhosting company, I dealt with email extensively (and I still run my own qmail-vpop-courrier-squirrelmail-qmailadmin server). When email would break, and people would call in asking why it took so much effort/time/whatever to fix, we'd have to explain to them:

1.) Email is the killer application of the internet. Not everyone uses mysql. EVERYONE uses email. Without email, the internet is useless to a large group of netziens.
2.) Email is the *MOST COMPLICATED* thing that happens on the internet. More shit happens to an email to get it from person A's outlook to person B's outlook than anything else I can think of. It's dependant on DNS, Firewalls, rbl's, sender white/blacklisting, spam scoring, format checking, forwarding, local user checking, virtual user table matching, queueing, delivery via web/pop3/imap, sending via web/smtp through firewalls with sender verification/temporary IP whitelisting, mailbox sorting, listservs, distribution lists, digesting, etc.

And that's every server it passes through!

Email was origionally very simple. telnet 25 helo mail from rcpt to data . go. Since then, there have been 189218953 extentions and addons to the protocols and standards, and the same number of un-regulated features and whizbangs added, all while trying to keep the end user experience of the "send-recieve all" button the same. Add to that, the worlds most popular, and worst, mail server (sendmail) has come up with a config file and a set of rules/instructions/etc that have spawned a cottege industry of book publishers trying to explain them (I own an *800 page* book on sendmail). There is no worse sentax in the world than a, perl included.

So: to answer your question, it's complicated because it's complicated. However, once you get all your stuff installed correctly, managing through something like qmailmgr is pretty easy.


Because users need needless complexity too (1)

wsanders (114993) | more than 9 years ago | (#12945619)

Just read the Postfix list sometime - people who want to rewrite headers for some virtual domains but not others, then filter those for spam and bounce the spam with a 500-error variant based on the phase of the moon, all the while rejecting 50000-message per minute mail bombs and extracting every 300th incoming spam to convert into a realtime blackhole list, then offering users a choice whether they want TLS or SMTP-after-POP, all the while making sure the CEO doesn't get any spam and that outgoing mail headers are rewritten to obfuscate the originating subdomain based on what floor the email is sent from.

Postfix is perfect for that kind of stuff.

Re:Dumb Question... (1)

Cal Paterson (881180) | more than 9 years ago | (#12946436)

Seems like you have to be a PhD Rocket Scientist to change the most simplest thing.

Correct grammar might help.

Re:Dumb Question... (1)

cloudmaster (10662) | more than 9 years ago | (#12949265)

They aren't. All of the concepts involved with SMTP are complicated, and it takes a complicated system to be able to handle that effectively. Postfix is one of the easiest to configure, but the key here is that you need to know what your goal is. If you don't know what you're trying to do, then sure, any mail system will seem pretty complicated. Setting up any other complicated service with specialized needs (say, a web server, for example) is much the same - you've gotta know what you're trying to do *first*.

That said, a default postfix install wil work for basic needs, and most user-oriented Linuxes (SuSE, Fedora, not Gentoo, etc) have friendly config tools to make basic changes. :)

NFP (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12944578)

Not First Post... or is it?

I already do a lot of that stuff... (1)

platos_beard (213740) | more than 9 years ago | (#12944594)

The only reason I'd read the Book of Postfix is if I actually wanted to understand what the heck I was doin'

Re:I already do a lot of that stuff... (1)

jacksonj04 (800021) | more than 9 years ago | (#12944980)

You're a student of the 'Prod and Pray' school then?

Re:I already do a lot of that stuff... (1)

Calyth (168525) | more than 9 years ago | (#12944985)

Wait until you get to clean out thousands (I just cleaned out 3000 and gleaned some useful emails, by hand) and you'll want to know what you are doing.

3000? (0)

Anonymous Coward | more than 9 years ago | (#12945171)

Thanks to a vacation autoresponder loop this past weekend, I had the pleasure of cleaning up ~1.5 million messages. Took me 10 minutes to write the script and I was out smoking a fag.

Great timing (3, Informative)

stevey (64018) | more than 9 years ago | (#12944627)

I also reviewed The Book Of Postfix [] this week.

I also enjoyed it, and recommended it.

Re:Great timing (2, Funny)

drauh (524358) | more than 9 years ago | (#12945526)

I also enjoyed it...

How to tell when it's time for you to read some alt.sysadmin.recovery.

Just picked this book up a month ago (5, Informative)

DarkFencer (260473) | more than 9 years ago | (#12944656)

We had been running sendmail as the MTA for our mail gateway (for a medium size university). I had been getting fed-up with sendmail, and have had a collegue raving about postfix for a long time.

Long story short: This book has let me (in less then a month) not only switch our mail servers over to postfix, but let me do things more efficiently (in terms of stopping spam at the SMTP receive stage) and many other things better then I had with sendmail before.

I'm not going to make this a sendmail vs. postfix thread, but if you're going to use postfix, this book is a great resource!

Re:Just picked this book up a month ago (2, Insightful)

fjf33 (890896) | more than 9 years ago | (#12945456)

I tried to setup sendmail a while back and quit in disgust. Postfix on the other hand is straight forward to the point that you can setup all the configuration files without having to copy some strange files that do some magic and actually understand what's going on. Well mostly understand what's going on. :)

Re:Just picked this book up a month ago (1)

Pete (2228) | more than 9 years ago | (#12948940)

I must say I'm a little surprised at the strength of the negative opinions on sendmail (in the comments) so far. It's not that bad. I now use postfix or exim as my default mailserver on most machines, but sendmail still has a significant "it's known, it's documented, it's mature, if you can follow the instructions then it should Just Work" advantage. Note that I did say "should". ;-)

But then I'm usually happiest with Debian's wonderful set-it-all-up-for-me exim-config script :). "Yes, I'm installing a system and no, I don't want to buggerise around setting up email. Just ask one or two simple multi-choice questions (with sensible defaults), then set it up for me. Thank you."

Grey listing.. (4, Informative)

login: (155941) | more than 9 years ago | (#12944673)

For anyone using Postfix, I would highly recommend setting it up to work with Postgrey [] .

This reduced the spam at our installation by over 80% overnight, and has so far had no complaints of false positive.

For a detailed explanation of how this works, see here.. []

Re:Grey listing.. (0)

Anonymous Coward | more than 9 years ago | (#12944870)

Indeed. That's why it's being mentioned in the German edition of our book. You know, so much to write, so little time.

Re:Grey listing.. (0)

Anonymous Coward | more than 9 years ago | (#12945014)

Grey listing is great but I have seen many people abuse it. Either they dont understand it or they go crazy on the time constraints. I think it was earthlink (which uses this process to eliminate spam) who has the craziest listing time at over 4 hours. Trying to keep queue times very low, we have had frequent problems with bounces from them. Its a great too, just keep it sane ;)

Re:Grey listing.. (1)

stevey (64018) | more than 9 years ago | (#12945085)

I concur.

Greylisting has its drawbacks, and can cause problems in some cases, but it's singlehandedly reduced my incoming SPAM by at least a third.

The attraction is that it's 100% automatic, and requires no retraining, etc.

Re:Grey listing.. (1)

kashani (2011) | more than 9 years ago | (#12945227)

It stopped 99% of my spam overnight when I installed it on my server. And it doesn't peg my CPU with complex content filtering rules like other things. You should keep an eye on it because some mail servers/services don't resend correctly after a 450 code, but you can whitelist those domains if you need to.


Re:Grey listing.. (1)

jbrw (520) | more than 9 years ago | (#12945914)

Me too!!!!!!oneone

greylisting is a beautifully simple concept that works insanely well. I only picked up on it thanks to the recent /. posting about mail filtering at Installed postgrey, and my end users have been much happier ever since. ...j

Re:Grey listing.. (1)

Just Some Guy (3352) | more than 9 years ago | (#12946893)

Two words: A. Men.

FWIW, in my experience a 5 minute timeout is every bit as effective as a 4 hour (?!?!?) delay, so don't assume that more is better.

<plug>More good ideas at Free Software Magazine [] .</plug>

Slashvertisement, but... (1, Funny)

inkdesign (7389) | more than 9 years ago | (#12944705) least its honest and to the point!


ZosX (517789) | more than 9 years ago | (#12944833)

Come on. A book review is an advertisement? Get a fucking clue. Just because a review endorses a product does not mean that they paid for that endorsement (I realize there are exceptions *cough*Tom's Hardware*cough*) It was a detailed review to boot! In case you didn't know, reviews are there to let people know what a product is like, therefore providing a service to people that may find the information useful.

If you are looking just to bitch about slashdot, you could easily find better things to complain about. Next time don't waste my bandwith (and time) with your idiotic comments.


inkdesign (7389) | more than 9 years ago | (#12945947)

Perhaps you missed that the individual who submitted the article to slashdot is the author of the review, and owner of the site it is on? If your time is so valuable, why did you bother with the "I somehow believe you think all reviewers are paid endorsers, and I'll be a smart guy by correcting you" post? Grow up, and please worry about your "bandwith" elsewhere.


mabinogi (74033) | more than 9 years ago | (#12946469)

> Perhaps you missed that the individual who submitted the article to slashdot is the author of the review, and owner of the site it is on?

That's how book reviews on Slashdot _always_ work.

Someone writes a review and submits it to slashdot. They don't submit someone else's review - that would be a copyright issue at best, and plagiarism at worst.
It just happens that in this case the person who submitted the review also has it on his web site, so he linked to it. That's fair enough if you ask me, and a few reviewers have done that in the past.

If the concept bugs you, then turn off the review section in your preferences, because pretty much every review will be like that.


inkdesign (7389) | more than 9 years ago | (#12946714)

I know man.. Thus the humor in the original comment. The gentleman who replied really didn't seem to get the joke, thus the redundant explanation.

An apology (1)

ZosX (517789) | more than 9 years ago | (#12952759)

Sorry. I was cranky and quick on the trigger. I'm real sick of all the slashdot whiners and complainers. Please accept my apology. I will now bow my head in shame for a while.

Re:An apology (1)

inkdesign (7389) | more than 9 years ago | (#12954753)

Wow.. Thanks! :0]

Shouldn't that be... (3, Funny)

currivan (654314) | more than 9 years ago | (#12944706)

"You a mail server run Postfix using do?"

Re:Shouldn't that be... (1)

dozer (30790) | more than 9 years ago | (#12946637)

Oh, Yoda speaks in postfix? Man, that little guy is elite!

I would tend to disagree a little (1)

Armadni General (869957) | more than 9 years ago | (#12944708)

I agree that this book is a very useful tool, however, I disagree with the writer of the review. Some of the sections on SMTP protocol and behavior seem entirely superfluous, especially for anyone who even knows what Postfix is.

However, the book is, overall, a good read, and a great tool. Definitely recommended.

Re:I would tend to disagree a little (1)

hildeb (896211) | more than 9 years ago | (#12945850)

Even Wietse complained and said the SMTP section has to be enhanced when we met him. So, don't keep your fingers crossed - it will get bigger still in the German edition.

Missing: advantages of postfix (1, Offtopic)

powdered toast dude (800543) | more than 9 years ago | (#12944711)

I'd consider buying a book about postfix if it clearly and objectively outlined the advantages that postfix offers over other MTAs such as exim and qmail. This book doesn't sound like it offers that kind of information for the potential postfix noob.

I've run heavy-load MTAs under qmail for some time now, and since djb won't bring it in to the current century, integrating all of the new features necessary for today's SMTP world becomes more and more hacky and patchy. Thankfully, gentoo eases it for me by including all of the most useful patches in its qmail ebuild, but some features remain unintegrated or can't easily be done early in the SMTP conversation.

I'd love to see a simple, objective, and comprehensive comparison made between postfix, exim, and qmail (include sendmail if you like, although I won't use sendmail for admittedly emotional and historic reasons).

Once you've made the commitment to go postfix, though, this review makes it sounds like this book might be a good resource.


Re:Missing: advantages of postfix (1)

Gerald (9696) | more than 9 years ago | (#12944765)

...and since djb won't bring it in to the current century, integrating all of the new features necessary for today's SMTP world becomes more and more hacky and patchy.

You've outlined an (important IMHO) advantage yourself.

Re:Missing: advantages of postfix (3, Insightful)

Armadni General (869957) | more than 9 years ago | (#12944973)

I think by the time most people decide they want to go with Postfix, hence a purchase of this book, they're already pretty knowledgeable with the advantages and disadvantages. Most of the network admins I speak to do all their pre-selection research from more open sources, such as (who'd-a thunk it!) the Internet.

I can't speak for anyone else, but I usually just skip right past advantages and disadvantages in these such books.

Re:Missing: advantages of postfix (1)

zerocool^ (112121) | more than 9 years ago | (#12945613)

Let me put it this way:

When I read the line in the submission: Do you run a mail server using Postfix? If so, then you should..., I internally finished it with "...blow your head off?".


Re:Missing: advantages of postfix (1)

MikeDawg (721537) | more than 9 years ago | (#12945627)

I've been using postfix for quite a few years now, and I wouldn't think of switching to anything else. I'm sure there are published benchmark's out there that compare the system to another, but that isn't what this book is about. This book is about configuring Postfix, why should it spew worthless info about why it is better that MTA X? Essentially this book is assuming, "you bought this book? You're using Postfix".

One thing that I think really goes unnoticed about Postfix is that it is a drop-in replacement for sendmail, you have to admit, that generally (ala in most cases) *nix is built around sendmail as the MTA. Postfix can drop-in and act in any part just like sendmail, keeping current sendmail commands and directories, whilst being secure like it is.

As far as the book is concerned, my biggest disappointment with the book is the large errata that they have posted on their site. I would have waited until the 2nd publishing of this book if I had any idea that it was going to be published soon, but there are several key mistakes in the book that sort of bothers me. Don't get me wrong, I understand that nothing is perfect, and that all books and published articles have their mistakes, but some of the mistakes that were made in this book stand out. That would be my biggest disappointment with the book. I have printed off the errata and placed it in the book and noted areas that were incorrect.

Re:Missing: advantages of postfix (1)

hildeb (896211) | more than 9 years ago | (#12950140)

So we should have kept the errors secret instead? We're at least honest and report the errors. Have you reported an error yet?

Re:Missing: advantages of postfix (1)

MikeDawg (721537) | more than 9 years ago | (#12953029)

Don't challenge me. I'm not the one writing books and getting paid for it. I'm also not a professional editor by any means.

I stated that I enjoyed the book, and I would recommend it, since I have been running Postfix for quite sometime, I used the book as a backup to the older Richard Blum book. I have not yet had the opportunity to proof-read the entire book. I've only been though parts that has been revised as of the latest few releases of Postfix.

Yes, I am glad you have posted an errata, as I said in my original post, I have it printed and placed in the book, I also have astrisks noting the mistakes in case I ever use something from the book. Learn to handle some constructive criticism, and make your latter publishings better from them.

Re:Missing: advantages of postfix (1)

hildeb (896211) | more than 9 years ago | (#12954427)

I have yet to see money from the book.... The point is, no matter how careful you and the editor are, there's always errors in a book - fortunately most of them were odd typos in our case - except for the showstopper "maildrop" bug... With the Blum book it was different: I stopped after the first 80 pages, sent the sheer amount of bugs to the publisher. Never SAW errata for that book after that.

Re:Missing: advantages of postfix (1)

hildeb (896211) | more than 9 years ago | (#12945741)

What for? It's "The book of Postfix" and not the "Book of I shall convert thee to Postfix". No point in converting people who like to patch their MTAs to make them usable for today's internet.

Postfix... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12944722)

Bah, Postifx, that is old hat. We need more book reviews on books like Asp.Net 2.0 Beta edition. You know, the latest shit-in-a-box technology, that is where the money is.

From the description (2, Funny)

scrow (620374) | more than 9 years ago | (#12944736)

..I had hoped that it would be a Hildebrant [] illustrated guide to Postfix.

Dissapointed (3, Funny)

CableModemSniper (556285) | more than 9 years ago | (#12944744)

I am dissapointed. I clicked on this link expecting it to be about Forth or PostScript or HP. Boy was I sadly mistaken.

PostFix crosslisted in hardware? (2, Insightful)

Viltvodlian Deoderan (877359) | more than 9 years ago | (#12944930)

Maybe I am just being picky, but it seems a little strange to crosslist a book on mail server/system/whatever software in the hardware section.

Let's review:
hardware = something you can kick when it breaks, or, kick to break it
software = the little 0's and 1's that live in hardware.

YUO FAIL It (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12944950)

say I'm packing luck I'lL find NIGGER AASOCIATION And she ran reasons why anyone posts. Therefore a BSD over other posts. Therefore All our times have Fellow travellers?

Hmm (0, Troll)

pete-classic (75983) | more than 9 years ago | (#12944975)

Shouldn't it be "The Book Postfix of"?


Re:Hmm (1)

pete-classic (75983) | more than 9 years ago | (#12947841)

Dear Moderator,

If you don't understand a post, don't moderate it.

Postfix [] is an alternative notation to infix. [] For example 2 + 5 becomes 2 5 +. So "The Book of Postfix" becomes "The Book Postfix of". Maybe it isn't funny after all, but it isn't a troll by any reasonable definition.


Re:Hmm (1)

ZeekWatson (188017) | more than 9 years ago | (#12948282)

Pretty much every post I've every made here has been moderated down by tards.

slashtards they be!

over 800 book reviews? (0, Offtopic)

jspectre (102549) | more than 9 years ago | (#12945006)

ok. but can someone please explain to me how someone has all the time to read over 800 books, in-depth, and write a decent review on them all? even at it for a full-time job. hmm...

Fewer Open Relays (1)

shiller (893451) | more than 9 years ago | (#12945009)

It should be obligatory to read such a book for everyone who administrates a mail server, because hopefully it helps to decrease the number of open relays out where.

Re:Fewer Open Relays (1)

jcuervo (715139) | more than 9 years ago | (#12945319)

Postfix is not an open relay out of the box.

Re:Fewer Open Relays (1)

Kevin DeGraaf (220791) | more than 9 years ago | (#12945437)

1. Running a mail server without turning it into an open relay doesn't require that one read some silly book. It simply requires that one not be an idiot. For example, in qmail, all that's needed is to ensure that the rcpthosts file exists (and is populated with your domains).

2. How do you plan to enforce this? Mandatory licensing for sysadmins? No thanks.

3. "Administrates"? "out where"? "hopefully it helps"?

Comparisons with Blum? (0)

Anonymous Coward | more than 9 years ago | (#12945023)

Postfix by Richard Blum was the quintessential guide to Postfix. But, do to newer releases of Postfix, it is now somewhat out of date. I had very much hoped that Richard Blum would revise it but, that does not seem to be in the cards, yet.

Can anyone who has read both Blum's and this new Postfix book offer any comparisons between the two.

Re:Comparisons with Blum? (1)

hildeb (896211) | more than 9 years ago | (#12948661)

The Blum book was outdated when it came out. I personally found it extremely superficial and also imprecise.

Another source of postfix information :) (3, Informative)

lordsilence (682367) | more than 9 years ago | (#12945088) #postfix

Say hello to us in irc.
We're always happy to help.

Re:Another source of postfix information :) (1)

dodobh (65811) | more than 9 years ago | (#12945143)

And your handle is?

Just call me f3ew

Re:Another source of postfix information :) (0)

Anonymous Coward | more than 9 years ago | (#12945377)

Posting AC (lordsilence here btw) w|edge here at your service. :>

qMail (0)

Anonymous Coward | more than 9 years ago | (#12945210)

Are there any comprehensive documents on getting qMail up and running on a simple network? a starting place for us newbies?

Re:qMail (0)

Anonymous Coward | more than 9 years ago | (#12945667)

A good place to start is [] if you

1. do not want to use Postfix [] which runs almost perfectly for small networks in its default installation on many distributions.
2. want to run a powerfull, MANAGEABLE open-source mailserver

I strongly advise against using qmail. It is not open-source [] and may not be redistributed in a changed form. So you have to patch it up yourself if you want to add some features it didn't have at its latest release 1998(!). Furthermore it uses DJBs obscure daemontools which are so unlike init it hurts. It is a nightmare alone to get rid of them.

Hope this helps.

ps. Flame me, I know you will. You know who you are.

Re:qMail (1)

DA-MAN (17442) | more than 9 years ago | (#12946633) []

This is an easy and simple way to get Qmail going.

EEEEEEEEE (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12945440)

You guys are retarded.

Mutt (1)

water-and-sewer (612923) | more than 9 years ago | (#12945598)

This post is ancillary to the discussion at hand, but I use Postfix for one reason only: to get mail from my favorite email client (mutt) to my ISP's server, which requires authentication and sometimes encryption. And for that purpose alone, it's a pain in the butt. I see how Postfix is a great program for people running servers or routing hundreds of messages of day. I only need it because Mutt's dogmatic adherence to the Unix philosophy (each tool does one trick and one trick only, but interfaces nicely with other tools) means I need to go through a lot of work to get my mail to the ISP. SUSE made this easy for me, through YAST2, which dealt with all the tricky configuration necessary to get Postfix talking to my server, but I never understood how it worked. When I moved to Kubuntu I was forced to dive into the Postfix config files more deeply than I felt confident doing. I'd love either a mutt patch that provides SMTP-auth capability (whoops, google is my friend: [] - why isn't it used by default?) or a simple DEB package that provides mini-SMTP-auth capability for people like me that only send out 10-20 emails per day, and always to our smarthost.

Re:Mutt (1)

dacarr (562277) | more than 9 years ago | (#12945728)

You might also look into apt-getting webmin and webmin-postfix accordingly. Yeah, it's a bit of a hack, but it lays things out fairly logically so you don't have to dive into the config file much.

Re:Mutt (2, Informative)

value_added (719364) | more than 9 years ago | (#12945817)

You do know mutt has a mailing list [] ?

Try ssmtp [] . I use it when running mutt on Win32 under Cygwin.

# .muttrc
set sendmail="/usr/sbin/ssmtp -audUserName@domain -apSecretPassword"

Re:Mutt (0)

Anonymous Coward | more than 9 years ago | (#12947711)

See the "Tiny mail sending agents" section at []

third post (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12945789)

what's the difference between slashdot and a bucket of shit?

the bucket.

mod uP (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12946178)

that comPriSe []

yep (1)

jefe7777 (411081) | more than 9 years ago | (#12947048)

"It's a little known fact, but mail servers were the 10th plague that God visited upon the egyptians." -j.d. illiad frazer btw koetter has been a huge help for years with his postfix/cyrus/tls howto on the web.

Rather use qmail, but.... (1)

Neo-Rio-101 (700494) | more than 9 years ago | (#12947198)

The only reason why I'm even using Postfix at the moment is because Trend Micro went and basically made their whole Interscan Messenging Security Suite co-dependant on it... and since customer wants support, we pretty much have to do what Trend wants in that regard.

I managed to hack it to work on qmail and qmail-scanner, and it turned out to be much faster than postfix. It's just that Postfix is a safer bet than qmail I guess.

(DJB, if you are reading this then PLEASE update qmail and try to incorporate other people's patches. Your codebase is slowly being patched to hell and is slowly becoming a PITA to administer. Thanks.)

It's not Ralf Hildebrandt (1)

slashflood (697891) | more than 9 years ago | (#12949741)

It is Ralf "Ficken" Hildebrandt!

Don't mod me down, that is his official name - at least for those who know him.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?