Why Should I Use Postfix?
A common position in IT today is "If it isn't broke, don't fix it." This is especially true in the cost-conscious, bottom-line conditions of today's marketplace. However, in light of the continually exposed vulnerability of the Internet, a more responsible and proactive point of view would be to ask, "How fragile is this? How exposed can I be? And how can I make this easier to maintain?"
The Internet was designed, in large part, upon the honor system; programmers in the 1970s couldn't imagine that anyone would intentionally disrupt or distort the transport of data across the wire. After the door got opened in the early 1990s, a new breed of user came to the Internet and began to exploit holes in the existing security.
Postfix has many of the features required by a high-volume mail provider, with none of the additional bloat that seems to have crept into Sendmail over the years. For example, Postfix only speaks SMTP/ESMTP and a limited dialect of UUCP over TCP. There are no built-in provisions for speaking X.400, or other more esoteric forms of mail transport.
Statistics can easily be manipulated to the benefit of just about anyone, so I rarely like to quote or use otherwise meaningless data to prove a point. However, to drive home what kind of impact a large, feature-rich code-base might have on system security, I will make an exception.
The Common Vulnerabilities and Exposures (CVE) list is a dictionary of standardized names and generalized descriptions for security vulnerabilities and exposures. This dictionary can then be referenced by different vendor's databases for security updates, Intrusion Detection mechanisms, security notices, and so on.
The CVE dictionary (hosted at http://cve.mitre.org/) can be used as a reference—looking up the CVE or candidate (CAN) name, or searching for specific keywords. Table 1 is the result of searching the 20010918 release of the CVE dictionary for the listed MTAs. The 20010918 release comprises some 1,604 CVE entries and an additional 1,796 candidate entries covering the past two years.
Table 1 Number of vulnerabilities and exposures in the 20010918 CVE Dictionary for Popular MTAs
|
Mail Transport Agent |
CVE Entries |
|
Microsoft Exchange |
16 |
|
Sendmail |
34 |
|
Qmail |
2 |
|
Exim |
2 |
|
Postfix |
0 |
Like any statistic, those numbers do not tell a complete story, or even an interesting fable. The numbers are not quantified in any way, such as the number of installations, and therefore the size of cracking target. That said, the two largest MTAs—in terms of code size, complexity, and kitchen-sink features—have nearly an order of magnitude more security exposures.
So, why should you use Postfix? Postfix was designed with the following goals in mind:
Achieving high level of performance. Postfix delivery of email is fast, more than three times that of the fasted alternative MTA. Speed is nothing, however, without control, which leads to the next goal.
Robustness. Postfix has several mechanisms in place to behave considerately when delivering mail to neighboring machines, and behaves rationally when delivering mail locally. Postfix will not overwhelm machines that have been down and mail is backlogged, and it will not make matters worse when running low on local system resources.
Security. Postfix uses a layered security model because we all know that no single security mechanism is foolproof, and security is not a product you can buy off a shelf.
Flexibility. Postfix is not the single monolithic program that is Sendmail; rather Postfix is comprised of several small, task-specific programs. If you do not need the functionality those programs provide, you can remove them from the installation.
Compatibility with Sendmail. Because Sendmail is the most-installed MTA on the Internet today, there is an enormous legacy installed base of software, scripts, and expertise (or habit) to consider. Postfix has many command-line compatibility wrappers for local mail user agents (MUAs). This eases the migration from Sendmail to Postfix for both software programs, and administrators.
There are many additional features that Postfix has that are not covered past a mentioning in this article. Features include using LDAP or MySQL as a back-end for configuration data, configuring content filtering for email virus scanning, and unsolicited commercial email (UCE, or SPAM) controls. There are additional programs that allow for logfile analysis, Web-based administration, and patches that extend or change existing Postfix functionality.