From owner-freebsd-chat Mon Mar 25 0:47:29 2002 Delivered-To: freebsd-chat@freebsd.org Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by hub.freebsd.org (Postfix) with ESMTP id 8B07537B41C for ; Mon, 25 Mar 2002 00:47:20 -0800 (PST) Received: from [10.0.1.8] (ip-27.shub-internet.org [194.78.144.27] (may be forged)) by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g2P8krr28329; Mon, 25 Mar 2002 09:46:54 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20020325015236.A97552@futuresouth.com> References: <20020323002608.B20699@ra <000c01c1d3ab$6d2c6960$6600a8c0@penguin> <20020325015236.A97552@futuresouth.com> X-Grok: +++ath X-WebTV-Stationery: Standard; BGColor=black; TextColor=black Reply-By: Wed, 1 Jan 1984 12:34:56 +0100 X-Message-Flag: Outlook : A program to spread viri via e-mail. Try Eudora (http://www.eudora.com/), mutt (http://www.mutt.org/), or pine (http://www.washington.edu/pine/). But please, get something other than Outlook. Date: Mon, 25 Mar 2002 09:46:30 +0100 To: Tim , Brad Knowles From: Brad Knowles Subject: Re: qmail (Was: Maintaining Access Control Lists ) Cc: Taylor Dondich , chat@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 1:52 AM -0600 2002/03/25, Tim wrote: > You are kidding right? It looks to me that you are completely blinded by > your disdain for Dan. You don't think Postfix took a lot of design hints > from qmail? qmail is one of the most modular systems out there. Wietse saw qmail, and saw that there were a whole host of things wrong with it. Moreover, he also knew that the author was intractable, and there was no hope of ever getting any of these problems fixed. Since he needed to have a subject for a particular chapter of his upcoming book on "secure programming" that he is writing with Dan Farmer, he took this subject matter and began the VMailer project. This later became the program we now call postfix. IMO, qmail is modular in the same sense that a hammer is modular -- you can use it to bang on whatever you want. Hmm, make that a rock, and not a particularly sturdy one. I'm sorry, if you haven't been doing Internet mail for around a decade or so, and you haven't personally gone toe-to-toe with Dan when he gets on one of his whacked-out kicks, you just don't have the experience that you would need in order to be able to defend your position. Contrariwise, anyone who has crossed swords with Dan, or seen one of his many irrational tirades, can easily provide their personal evidence of his behaviour problems. >> For example, you can't use the standard inetd that >> ships with your system, you are instead forced to use his tcpserver. >> And heaven help you if you need to do something that isn't covered by >> his tools, because Dan sure won't. > >>From the INSTALL file on a qmail-1.03 distribution > > 16. Set up qmail-smtpd in /etc/inetd.conf (all on one line): > smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env > tcp-env /var/qmail/bin/qmail-smtpd Try that with tinydns or dnscache. I was talking about a general philosophy that Dan applies, not necessarily the specific implementation found in qmail. Moreover, you still haven't answered the issue of the size of the configuration file, or the number of lines required. Can you actually do anything useful with any program written by Dan in two lines of configuration file? > the qmail user community is more than sufficient for support. Riiiiiiiiiiiiiight. Just like C makes a perfectly good macro language. > I like Postfix myself, but you are so blatantly biased I am not sure you > are any better than what you are accusing Dan of. I loathe and despise Dan, that is correct. I am perfectly honest and upfront about that. And because I do not trust the author as far as I can bodily throw his planet of residence, I do not trust the code that he writes. Moreover, because of the reality distortion field that he seems to manifest, I also don't trust anything associated with any of the programs he writes. I've been using Unix and the Internet since 1984 -- almost twenty years. I've been administering Unix and the Internet since 1989 -- thirteen years. I've been doing DNS and Internet mail system administration since sometime around 1991, so about eleven years. In that time, I have been the Technical POC for disa.mil, I helped set up the DOD CERT (assist.mil) in just seven days from mere concept to operational reality (at a time when there was just a single NIC, and the root zone was only updated once a week), I was the Postmaster and Internet mail systems administrator for over 10,000 users on the DISAnet network, and one of my "customers" was the Milnet Manager himself (Major Dave Paciorkowski at the time). I was also responsible for turning in a number of Class A and B network numbers that were not being used, as well as convincing the SIPRnet folks (the people on the classified side) that they should use the DNS and not HOSTS.TXT files, and that they should use real network numbers assigned by the NIC, in case there ever was a time in the distant future when they were connected to the real Internet. I have also been the Sr. Internet Mail Systems Administrator for America Online, responsible for providing technical leadership to the team administering well over a hundred servers that provided the e-mail gateway to/from the Internet for millions and millions of AOL customers. I also designed what is probably still the worlds largest caching nameserver farm while I was at AOL, benchmarked at being capable of handling 32,000-64,000 DNS queries per second. I have also been a Sr. Consultant for Collective Technologies, a leading Unix/Internet consulting firm in the US. While at CT, I consulted for a number of companies, including some of the largest freemail service providers in the world. I have also been the Systems Architect for Belgacom Skynet, the largest ISP in Belgium. I have given classes on DNS for the company Men & Mice, using material written by Cricket Liu (and I will be doing so again at SANE 2002). I will soon again be a Sr. Consultant, this time for Snow BV in the Netherlands, another leading Unix/Internet consulting company in Europe. In all the time I've been in this business, and with all my hard-earned experience, I have found damn few programs that can stand up to the rigors of the kind of work that I have done. With regards to being a general-purpose MTA, sendmail is at the top of that list, especially with recent improvements that allow it to be as fast or faster than anything else on the planet. I also have very high regard for postfix, and I have heard a lot of good things about Exim (although I regret that I have not yet had an opportunity to do any work with it). I have had more or less negative experiences with every other MTA that I have encountered, and qmail ranks below dog poop in my book. IMO, you would literally be better off flinging canine excrement than using qmail. With regards to nameservers, there simply is nothing else publicly available to compare with BIND. Yes, some companies have developed internal nameserver programs that they have used to help them provide service at an unequalled level (e.g., Nominum), but those programs are not publicly available. Of the programs that are available, BIND wins hands-down. If you can show me a comparable level of experience and talent on your part, then I'd be very interested in having a private in-depth discussion on the relative merits and demerits of various programs with you, including discussions of detailed benchmarks that you have run as compared to benchmarks that I have run, etc.... However, unless you are willing and able to function on this level, I doubt that there is anything you're likely to bring to this debate that I would find useful or interesting. -- Brad Knowles, Do you hate Microsoft? Do you hate Outlook? Then visit the Anti-Outlook page at and see how much fun you can have. "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message