David Woodhouse dwmw2@infradead.org wrote:
On Sat, 2007-02-03 at 22:59 +0100, Thomas M Steenholdt wrote:
"If we change the Default MTA in Fedora - Which should it be?"
I'm sure a lot of people will say Exim is great (i can't say, since i've never worked with it). Others will yell for Postfix, towards which i'm probably slightly biased, since that's what I currently use in most places. I'm sure yet others will have other MTA's listed as their favorite one.
Exim certainly does the job for me. None of the others do, as far as I can tell. I'd be happy to be corrected on that count though, so I'll elucidate...
I'd like to be able to do greylisting -- but not indiscriminately; I want to greylist only mail which actually looks suspicious in some way, rather than delaying perfectly genuine mail. Mail gets greylisted only if it has some SpamAssassin points, or it's HTML, or it comes from a machine with no reverse DNS or which is listed in a RBL, etc.
The /point/ in greylisting is not to expend any effort on mail that comes from suspect origins. Stopping mail from an RBLed origin or no reverse DNS (or non-matching reverse DNS) are other, independent anti-spam measures. Sure, they can be integrated into greylisting (milter-greylist for sendmail integrates RBLs), but they are still independent. So is spamassassin's score, etc.
That's a
few lines of Exim ACL code, demonstrated (the quick hack version) at http://david.woodhou.se/eximconf/include/acl-greylist or perhaps more sanely with jgarzik's better SQLite-based version which is available in the same directory although I haven't yet switched over to it.
Is it possible to do that kind of thing in other MTAs? Without writing or installing external software (or, perhaps, calling out to Exim? :)
Why is "installing external software" (specially if it is written to standardized interfaces defined exactly for such uses) off-limits?
I also need to be able to run virtual domains on the cluster of mail machines I operate, but I don't really want to set up yet another distributed database; I _already_ have DNS running, after all. I keep aliases for virtual domains in TXT records,
Lousy missuse of DNS, if you ask me.
and I use Dynamic DNS so
that owners of a given virtual domain can update their forwarding records with a trivial script round nsupdate. Currently, that's handled just a few lines of Exim router configuration in the same directory as the above (routers-dns-virtual). Can I do this in any of the other MTAs on offer?
Why does an MTA have to bend over to such abuse of DNS?
[...]
Even Postfix would also be a better choice than sendmail -- that isn't exactly a hard accolade to achieve. But it's much less versatile than Exim and much less flexible in handling and filtering of incoming mail. It might serve the newbies OK and those who really don't ask much of it, but it's less useful for anyone who actually wants to get _serious_ about running a spam-resistant mail server these days.
Better go tell that the guys at sendmail.org.