Experiences with Mail servers

[Ed Weinberg]

On Mon, 2004-12-06 at 10:24 -0400, Chris Mason wrote:
> You advice is well received and the linked HOWTO is excellent. However, I
> don’t know if I want to move to postfix, is ther eany reason to do this, and
> if I don’t, what would be different in configuring sendmail to deliver to
> the dovecot maildir format?

First, Postfix is an excellent mail server.  Maildir format is superior
to mailfile format in a few ways, but there is one problem (I think)
with Postfix that I already have with Qmail.  Next time I will go with
Courier email.  I use that IMAP server now and it works great.

I have been using Qmail since '96 or so.  It is secure and fast.  It's
only drawback, and I think that Postfix shares this issue (let me know
if it does not), is that it receives all messages sent to it before it
bounces the messages.

This means that if you suffer a dictionary email attack and you bounce
mis-addressed email, you could end up with a million outgoing messages
in your queue.

This might sound far fetched, but I have three domains which receive
close to 30k emails a day to users who do not exist.  Some other mail
servers, like Courier, look at the addressee of incoming email and do
not accept the email if the user does not exist.

The next issue comes up with email and spam/virus checking.  Processing
30K messages on a Qmail machine with no spam/virus checks are easy.  You
can probably do it with a 400Mhz machine and 128MB of ram.  If you want
to spam/virus check that number, though, you need more resources.

Can you block the dictionary attack by cutting off the server?  Probably
not this attack since I get no more than 25 pieces from any one host!
This is a very distributed attack.

Will this happen to you?  Who knows.  I never thought It would happen to
me.  This obviously comes from a network of compromised machines.  

--
   Ed Weinberg