This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Archivist's note: Since Joe Brenner's The Pile has now vanished from the Internet, I am mirroring this page from it to keep my knowledgebase complete. This particular file was formerly at http://www.grin.net/~mirthles/pile/contra_majordomo_plus_MTA_stuff.html.
To: svlug@svlug.org
Date: Thu, 28 Sep 2000 18:39:13 -0700
Subject: Re: [svlug] identd
From: Rick Moen <rick@linuxmafia.com>
begin wayne@qconcepts.net quotation:
> http://cr.yp.to/ucspi-tcp/tcpserver.html
Arrgh. http://crackmonkey.org/faq.html#ANSWER23
> (Ducks incoming flames regarding Bernstein's stupid (yet
> apparently nonexistant) licencing)
Indeed, it has a copyright notice, but no licence terms. You'd be
willing to rely on such things? Brave man.
===
Date: Thu, 28 Sep 2000 18:49:56 -0700
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
From: Rick Moen <rick@linuxmafia.com>
begin alvin@Mail.Linux-Consulting.com quotation:
> - probably should run crack, tiger and other tools too in addition to
> nmap.
Tiger's been unmaintained for many years. crack doesn't handle modern
password hash formats: Use John the Ripper.
> - theres problems with postfix with majordomo...
Majordomo's a crufty, proprietary perl4 script. Use Mailman. (Hey,
even Smartlist seems to run all the Debian mailing lists quite well.)
===
From the postfix FAQ:
http://www.porcupine.org/postfix-mirror/faq.html#majordomo-approve
Postfix breaks the majordomo "approve" command
The Postfix local delivery agent prepends a Delivered-To:
message header to prevent mail forwarding loops. With
majordomo mailing lists, Delivered-To: gets in the way
when the moderator wants to approve postings that were
sent to the list. The Postfix system claims that the mail
is looping.
Currently, the recommended workaround is to edit the approve
script to strip any header lines that match:
/delivered-to/i
Yes, this assumes that the moderator knows what she is doing.
A less-preferred workaround is to not insert
Delivered-To: when delivering to commands such as
majordomo. See the FAQ entry titled "Getting rid of the
ugly Delivered-To: header".
===
Date: Thu, 28 Sep 2000 20:29:25 -0700
To: Rick Moen <rick@linuxmafia.com>, svlug@svlug.org
From: "Derek J. Balling" <dredd@megacity.org>
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
At 6:49 PM -0700 9/28/00, Rick Moen wrote:
> > - theres problems with postfix with majordomo...
>
>Majordomo's a crufty, proprietary perl4 script.
... which also works great with perl5, is tried and tested by many
years in the field, and is very familiar to most mailing-list
end-users.
Let's tell the whole story, shall we?
===
Date: Thu, 28 Sep 2000 20:38:00 -0700
From: Rick Moen <rick@linuxmafia.com>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
begin Derek J. Balling quotation:
[majordomo:]
> Let's tell the whole story, shall we?
OK, then it's also slow, and pretty much unmaintained. ;->
===
Date: Thu, 28 Sep 2000 21:34:13 -0700
To: Rick Moen <rick@linuxmafia.com>, svlug@svlug.org
From: "Derek J. Balling" <dredd@megacity.org>
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
At 8:38 PM -0700 9/28/00, Rick Moen wrote:
>begin Derek J. Balling quotation:
>
>[majordomo:]
>
>> Let's tell the whole story, shall we?
>
>OK, then it's also slow, and pretty much unmaintained. ;->
The "slow" aspect is untrue, I think. It's as fast at dumping mail
into a queue as anything else, I suspect.
Unmainted... alright, well, that might be true, but there's little
maintenance NEEDED on it. :)
===
From: Alvin Oga <alvin@planet.fef.com>
Subject: Re: [svlug] Re: [lsec] svlug stuff - majordomo
To: dredd@megacity.org (Derek J. Balling)
Date: Thu, 28 Sep 2000 22:26:33 -0700 (PDT)
Cc: svlug@svlug.org
hi ya...
what the definition of "unmaintained" ???
there is an active majordomo developers...and
yeah, even more "helpers" in the users lists...
and lots of the same silly "how do i setup majordomo"
issues..." ( lots of opps.. )
theres gotta be a better way to setup autoresponders,
digests, archives, config files etc for majordomo
and majordomo2...
and am sure there are lots of alternative ways to
create mailing lists and web-based guis
mailing list managers seems like just another flame bait/wars ???
everybody has their preferences for whatever reasons...
which is good....competition will either grow it or kill it...
===
To: Rick Moen <rick@linuxmafia.com>
cc: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
Date: Fri, 29 Sep 2000 00:50:07 -0700
From: J C Lawrence <claw@kanga.nu>
On Thu, 28 Sep 2000 20:38:00 -0700
Rick Moen <rick@linuxmafia.com> wrote:
> begin Derek J. Balling quotation: [majordomo:]
>> Let's tell the whole story, shall we?
> OK, then it's also slow, and pretty much unmaintained. ;->
I worked with John Relf at SGI -- one of the Majordomo maintainers.
He'd be the first to admit its not under heavy development, but
there is work going on.
===
Date: Fri, 29 Sep 2000 09:24:41 -0700
From: Rick Moen <rick@linuxmafia.com>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
[majordomo:]
begin Derek J. Balling quotation:
> The "slow" aspect is untrue, I think.
Every time I've moved mailing lists from majordomo to Mailman, there's
been about an order of magnitude improvement in delivery times. No joke.
> Unmainted... alright, well, that might be true, but there's little
> maintenance NEEDED on it. :)
Since it's near-impossible to read the code, who can tell?
Anyhow, Chan Wilson (?) has been reportedly looking to unload that thing
onto another maintainer for a long time. If you're interested, talk to
him.
===
Date: Fri, 29 Sep 2000 11:19:21 -0700
From: Rick Moen <rick@linuxmafia.com>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
begin J C Lawrence quotation:
> Did you change MTAs or anything else in the mail system at the same
> time?
Nope.
Reminds me: I don't know how well the other variables were held constant
in its case, but I can't help noticing how much faster SVLUG's lists
seem to have become, the moment it made that change.
===
To: Rick Moen <rick@linuxmafia.com>
cc: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
Date: Fri, 29 Sep 2000 12:06:42 -0700
From: J C Lawrence <claw@kanga.nu>
On Fri, 29 Sep 2000 11:19:21 -0700
Rick Moen <rick@linuxmafia.com> wrote:
> begin J C Lawrence quotation:
>> Did you change MTAs or anything else in the mail system at the
>> same time?
> Nope.
Ahh.
> Reminds me: I don't know how well the other variables were held
> constant in its case, but I can't help noticing how much faster
> SVLUG's lists seem to have become, the moment it made that change.
They also changed from Sendmail to Exim.
===
Date: Fri, 29 Sep 2000 12:10:01 -0700
From: Rick Moen <rick@linuxmafia.com>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
begin J C Lawrence quotation:
> They also changed from Sendmail to Exim.
Thanks.
For what it's worth, Exim (which I run, here) strikes me as being in
about the same performance category as Sendmail. Qmail is of course
lightning-fast, and Postfix is said to be likewise.
===
Date: Fri, 29 Sep 2000 12:42:10 -0700
From: Don Marti <dmarti@zgp.org>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
begin Rick Moen quotation of Fri, Sep 29, 2000 at 12:10:01PM -0700:
> For what it's worth, Exim (which I run, here) strikes me as being in
> about the same performance category as Sendmail. Qmail is of course
> lightning-fast, and Postfix is said to be likewise.
Postfix freakin' _flies_. Wietse Venema is God. Seriously, I moved a
list from Mailman on Sendmail to Mailman on Postfix, and it's much
faster now.
No bastard spawn license, good performance, easy virtual host support,
human-readable config file with no m4 wanking around...Postfix is now
my MTA of choice.
I wonder how hard sendmail.com's investors are kicking themselves in
the butt right now.
===
Date: Fri, 29 Sep 2000 12:58:42 -0700
To: Rick Moen <rick@linuxmafia.com>, svlug@svlug.org
From: "Derek J. Balling" <dredd@megacity.org>
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
At 12:10 PM -0700 9/29/00, Rick Moen wrote:
>Qmail is of course lightning-fast
and, to tell the rest of the story, is about the least friendly MTA
on the market to the recipients of its mail. The "I've got <xxxxx>
messages for you, I wonder how many concurrent sessions I can slam
you with" mentality of qmail is disgusting.
===
To: "Derek J. Balling" <dredd@megacity.org>
cc: Rick Moen <rick@linuxmafia.com>, svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
Date: Fri, 29 Sep 2000 14:13:40 -0700
From: J C Lawrence <claw@kanga.nu>
On Fri, 29 Sep 2000 12:58:42 -0700
Derek J Balling <dredd@megacity.org> wrote:
> At 12:10 PM -0700 9/29/00, Rick Moen wrote:
>> Qmail is of course lightning-fast
> and, to tell the rest of the story, is about the least friendly
> MTA on the market to the recipients of its mail. The "I've got
> <xxxxx> messages for you, I wonder how many concurrent sessions I
> can slam you with" mentality of qmail is disgusting.
ObNote: It can be easily configured to be more friendly.
ObFurtherNote: Exim has the same problem, its just that the default
values are a lot smaller (and therefore friendler) than QMail's
===
To: Rick Moen <rick@linuxmafia.com>
cc: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
Date: Fri, 29 Sep 2000 14:35:24 -0700
From: J C Lawrence <claw@kanga.nu>
On Fri, 29 Sep 2000 12:10:01 -0700
Rick Moen <rick@linuxmafia.com> wrote:
> begin J C Lawrence quotation:
>> They also changed from Sendmail to Exim.
> For what it's worth, Exim (which I run, here) strikes me as being
> in about the same performance category as Sendmail. Qmail is of
> course lightning-fast, and Postfix is said to be likewise.
While I understand that Sendmail's queue and spool processing
intelligence has improved of recent versions, I also understand (ie
haven't verified) that it has yet to approach Exim's capability.
Little things like not processing the spool in linear order, unified
retry databased for MXes, multiple queue runners,
per-domain/domain-group spools, etc etc.
As for where Exim stacks up against Qmail, Postfix, etc in the
performance grounds, well, it varies. Outside of the mail bomb
problems/config silliness often associated with QMail from what I've
bene able to tell its pretty much of a wash (there's been quite a
bit of traffic on this on the Exim and Postfix lists, as well as the
relevant Usenet groups). There are some very large mail sites
running Qmail, some other very large mail sites running Exim, and
some others running Postfix. Truth is, they all seem to report
similar numbers. While there are corners of specific mail load
types (local vs remote delivery precentage, mail volume, average
message size, percentage of remote broken MXes, percentage of remote
down MXes, percentage of DNS breakages (think eastern Europe), ad
infinitum) where one or the other can be made to shine brighter than
the rest, they all have such corners (Exim seems to have a
reputation for handling broken DNS areas better than most) so it
really comes down to what your load really is -- which is where all
such high performance games always end up.
===
Date: Fri, 29 Sep 2000 14:48:22 -0700
From: Rick Moen <rick@linuxmafia.com>
To: svlug@svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
begin Derek J. Balling quotation:
> and, to tell the rest of the story, is about the least friendly MTA
> on the market to the recipients of its mail. The "I've got <xxxxx>
> messages for you, I wonder how many concurrent sessions I can slam
> you with" mentality of qmail is disgusting.
I've administered Qmail at $PRIOR_FIRM, and came to respect its
extremely high performance and security (including a meticulous, modular
design with a proper trust model). However, as you point out, Bernstein
seems to have pioneered the art of mail delivery as network attack.
Which he brags about, if memory serves.
Also, typical DJB bloody-mindedness pervades the admin-level design:
Unless you do extensive source-code editing and recompile, you end up
with everything including configuration files in /var/qmail, and
eventually be driven into a padded cell from all the itty-bitty
configuration files whose names all senselessly begin with the string
".qmail".
Licencing aside, I prefer MTAs whose design is a bit less psychopathic.
===
Date: 30 Sep 2000 00:08:02 -0000
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
From: John Conover <conover@rahul.net>
To: svlug@lists.svlug.org
Yea, I've used qmail for several years, and like it-but whether to use
exim, qmail, or postfix is kind of a ford-chevy argument, IMHO. Qmail
seems to be a little faster, but the queue handling is
problematical-DJB did not use file names, but inode number=names to
make file access in large directories faster-but the mail queue can
not be backed up and restored because of this, too. Qmail only handles
domain addressing, too, (there is no provision for header munging uucp
"bam" addressing back and forth to domain addressing-but this is
somewhat true in exim, and postfix, too-where sendmail really shines;
if one knows how to write sendmail.cf's.)
One place where qmail really does a very nice job is virtual
hosting-its a configuration blessing, (requiring only adding the
virtual domain name to three files, which can be ln -s'ed since, for
most applications, they are the same.)
But on the otherhand, exim is easier to maintain and configure for
small networks/domains, where qmail is easier for large complex
networks.
John
BTW, MS's hotmail uses qmail on BSD boxes.
===
Date: Fri, 29 Sep 2000 18:26:43 -0700
To: svlug@lists.svlug.org
Subject: Re: [svlug] Re: [lsec] svlug stuff - hardening stuff
From: Rick Moen <rick@linuxmafia.com>
begin John Conover quotation:
> whether to use exim, qmail, or postfix is kind of a ford-chevy
> argument, IMHO.
[Snip a number of good points, but I can't resist:]
o Fords and Chevys don't differ as to property / usage rights.
o Neither defaults to automatically blitzing its neighbours.
o Neither has whacked-out driving controls.
===