|qmail to Postfix - tuesday 2010-11-09 0612||last modified 2010-11-09 0612|
|TrackBacks Sent: None|
One of the unavoidable changes in environment post-crash was to shift away from the unmaintainable qmail over to a more modern mail transport agent, namely Postfix. While qmail was an attractive choice when it and Sendmail were the only real options, particularly after all the horror stories surrounding Sendmail security and its legendarily obtuse configuration syntax, qmail's licensing issues kept it at the same published revision for years, despite the evolution of internet mail into a much different beast from that of the early, naïve days. The gymnastics required to make qmail work involved hairy and incompatible source-level patches, late nights digging through other people's uncommented C code to figure out what might fit where; for modern software, a verified update procured with one line should be enough most days. Here's a phrase that should inspire terror in any admin: qmail + LDAP. And still, qmail lacked a way to turn off its bounce messages, which earned our mail server a black mark in some minor monitoring lists. It took a lot just to get to that point, but by the end, institutions like MIT were flatly rejecting mail from our machine.
Moving to Postfix was something I resisted due to the perceived amount of work it would take, but when I was forced to do it, I found it took comparatively no time to accomplish. About a half a day's worth of reading and a few hours experimenting, and the only thing I might complain about in a multiuser environment is the difficulty for a normal user in minting a new address (qmail's dot-file facility made that simple). But Postfix supports + extensions, so that's not necessarily a barrier. I needed to add Amavis. I needed to translate a few qmail addresses into the Postfix regular expression format. I needed to add a few SSL services and configure for security. That was about it. The rest was all already in the box. LDAP? Built in (not like I want that back again). I might complain about some of the documentation, but it's not the worst I've seen. I could help rectify some of the situation if I wanted to write a real qmail to Postfix migration guide. Ask if you need, we'll see if there's an audience.
My spam level has dropped considerably since Postfix has rules for rejecting clearly illegitimate mail, and it won't even accept mail to non-existent addresses (its own security vulnerability in some ways, but I'll live with it). While qmail is supposedly public domain code, has been for a few years, whatever that means, it's too little and too late. Nobody's adopted it and brought it into the next net century, and as far as I can tell, it will remain at version 1.03 in perpetuity. Which makes this the last thing I'll have to say about qmail: you used to do all right, but the world outgrew you. Good riddance.