Fedora Core 2 wishlists

Chris Ricker kaboom at gatech.edu
Wed Dec 10 23:41:37 UTC 2003 

On Wed, 10 Dec 2003, Chris Adams wrote:

> What I do is this: to reduce DNS lookups and improve DNSBL performance,
> I use rbldnsd (which would be a nice addition to FC, but I guess is more
> of an Extras kind of thing).  I merge all the DNSBLs I use into one zone
> (we do some type of zone transfer for all of them), with a different IP
> returned for each zone (i.e. an IP in the MAPS RBL returns 127.0.0.2, an
> IP in the MAPS DUL returns 127.0.0.3, etc.).  That way sendmail only has
> to do one DNS lookup to get DNSBL information.
> 
> I also wrote a patch to the sendmail DNS map that allows it to use a
> different set of nameservers for a DNS map, so sendmail doesn't even
> talk to the normal nameservers for DNSBL info (this has been submitted
> to sendmail, so hopefully it will show up in a future release).
> 
> I use sendmail's delay_checks feature so that not all addresses get spam
> checking (postmaster and abuse don't for example), but I'm switching the
> primary MXes to have some DNSBLs reject for all addresses (so virus
> infected cable modem computers spewing spam get rejected sooner to lower
> the load on the primaries; this will block postmaster and abuse on the
> primaries but I won't do this on secondary MXes).

Okay, that's about where I thought you were going. That configuration is 
doable with Postfix.

> > Not that are as usable and any more secure. SSH alternatives that are open 
> > source are worse than OpenSSH. Other web servers don't support all the 
> > modules Apache does....
> 
> My point is that postfix is also not necessarily as usable as sendmail,
> and I think sendmail's security is just about as good as anyone else's
> these days.

I can't think of anything significant sendmail can do (other than deliver
mail to /var/mail/root ;-) which postfix can't do. It might require you to
do it in a different fashion (such as your milter configuration), but
they're very similar in terms of feature set these days.

That said, I've never seen Brightmail used with Postfix and discussions
about it on the Postfix mailing list don't suggest anyone else has either.  
The features Brightmail offers are available in other products which are
commonly used with Postfix and which interface in other ways, and they tend
to be preferred by Postfix users for technical and cost reasons.  I presume
Brightmail has non-milter hooks and is usable w/ Postfix, but it might not.

later,
chris

More information about the fedora-devel-list mailing list