Hello,

I want to set up a little LAMP-Server with Slackware, and now I wonder what would be the best MTA to use. Slackware comes with sendmail, but you always hear how insecure sendmail is. Is it really that insecure or is it "secure enough" if you keep it up-to-date?
And what are the alternetives for sendmail? I read about postfix and qmail, but which is easier to maintain and more secure?

Thanks,

cccc828

I prefer Postfix over Sendmail any day of the week. I find it easier to configure and easier to secure. For instance, a default installation of Sendmail is an open-relay to spammers (I don't know about the one packaged with Slackware, though), Postfix is not an open-relay in a default install.
One other thing I like about Postfix is the way it can interact with MySQL for deployment on large sites. Some other pros: it's Sendmail compatible, it integrates seamlessly with SpamAssassin and there are several nice administration tools available.
In other words: I recommend going with Postfix.

Sendmail is said to be secure in recent versions. A look in the 3rd edition of the "Batbook" seems to confirm this --- lots of changes in architecture and access rights. And it is said to be the most complete MTA around, though I can't tell you what others are lacking compared to it.

My preference, too, is Postfix, in general. Not on Slackware, though, because it is a little difficult to install. I had no luck with the package from LinuxPackages.net. Best bet for Postfix on Slackware is compiling from source with just the options you need, but that means that you have to care for security fixes yourself, and apply them or re-compil them using your own method. For Sendmail you get fixes from the official Slackware site, and you apply them using standard Slackware package tools. Meaning that PatV is taking care of your system, in a way, which is just less work for you.

BUT, Sendmail is a beast to configure, and Postfix tends to be faster. So it might be worth the initial hassle installing it on your system.

Other options would be:

Exim. Developed with the explicit goal of easy configuration in mind. Said to be secure, too. Intends to be a successor of Smail, which used to be a simple alternative to Sendmail.

QMail. Secure and fast, but totally different from anything else. Created by Professor Bernstein, who seem to be a brilliant mind, but a bit of a character... He permanently blames Postfix not be secure. In fact, he claims QMail to be the only seriously secure MTA. Special license that you might like or not. Bernstein invented the maildir format for storing messages for QMail, which is now used by many MTAs.

You can protect yourself against viruses, worms and spams with any of them. ISPs and mail hosters in this country tend to use Postfix, recently. It's easy to set up, has a clean archtitecture, and is well documented (online and in print).

Regards

gargamel

I agree that Sendmail is sort of a problem to configure, although I can't address whether or not the alternatives are actually easier. I have two mail servers, both run Slackware 9 and Sendmail.

But as far as the default installation being an open relay, I don't believe that has been true for some time. The reason I say that, is that getting Sendmail to actually relay for the hosts it had to relay for was the most difficult part of the job I encountered.

I'm always leery about substituting another package for the default included with Slackware. I consider myself an advanced newbie -- not an expert -- and I have had such excellent results with Slackware in our networks since the 3.6 release that I have come to rely perhaps more than I should on the judgement of Pat Volkerding.

But it has been a superb distribution for me, and Volkerding continues to supply it with Sendmail. I always assumed that isn't simply an arbitrary decision on his part, so when we had to begin hosting our own mail, I used the standard Sendmail package and Pop3 demon included with Slackware.

Thank you all for your opinions. I now installed the Postfix package from Linuxpackages.net and it works very well. As I only need the MTA to send E-Mail created with PHP's mail() Function, configuring was not much of a problem :-)
All I did was to change the host entries in /etc/postfix/main.cf and ln -s /usr/sbin/sendmail.postfix /usr/sbin/sendmail and everything worked as it should.

cccc828

I'm a newbie, and I am administering a mail server. It's a slackware 10.2 box, I installed it from scratch. I installed the sendmail package that came with it, and I had very little to do in way of configuring. Sendmail 10.2 comes preloaded with SASL support, and that helps. I have even been able to install clamAV and have the sendmail milter working with it. I am just now installing spamassassin, and I am having to learn a way to use MIMEDefang.

I have at home, a ao.1 slackware box. I had to get a lot og help from my buddy that knows a lot about linux, and even he had a difficult time getting sendmail to work correctly. With all the advances that have been arising, it's hard to tell which is the best, but surely it's not a good idea to say that any of it is "to difficult". As long as you're prepaired to spend every waking second of your life, researching, and learning, you're just taking the easy road.

I have had lots of help directly from a good friend of mine, and of course, this site. We should all understand that with open-source, there is nothing to fear, we're all in it together.

-Aubrey