On Thu, 17 Aug 2000, Peter Green wrote:
> WARNING: this is a question-rich and clue-poor post.
Not clue-poor at all, IMO.
> I apologize if I rehash
> some of the stuff that's been going around this list. I've yet to install
> e-smith and had some thoughts/questions as I researched it.
>
> 0) Any archive for this list?
There is, and making it available is on my list of tasks (which is
somewhat large).
> 1) Re: virus scanning, are the developers aware of the scan4virus
> program[1]? It requires a simple patch to qmail (QMAILQUEUE, very stable),
These patches almost certainly violate the qmail binary distribution
licence.
> maildrop (a filtering program like procmail, but *sane*), and a perl module.
> I have not used it, but I have heard rave reviews from those who have.
I would prefer a solution which does not require a patch to qmail.
> Or is there another reason to use smtpd in front of qmail?
smtpd is a very simple daemon which runs in a chroot() jail. I have no
security concerns with qmail, but even less (what's less than none?) with
smtpd in the chroot() jail. smtpd also provides a nice interface for
blocking senders, SPAMmers, RBL/ORBs, etc. smtpd also has hooks to limit
message size and call a filter for each mail item - a nice hook for virus
scanning.
> 2) Would it be worth using a more-patched version of qmail? I refer to Bruce
> Guenter's qmail+patches RPMs[2]; see the web page for a list of features.
See above for licence issues.
> Most importantly are the RBL and CR/LF fix.
RBL can be done with smtpd. I believe RBL/ORBS/MAPS should be an option,
not a standard feature as false positives are a problem.
The CR/LF fix is not required with smtpd.
> 3) Any chance of ditching BIND for something like djbdns[3]? It looks like
> e-smith 4.0 is using 8.2.2P3; isn't that version still privy to some
> problems? Also, BIND is kinda like sendmail WRT security concerns, whereas
> djbdns, written by Dan Berstein, author of qmail, is bulletproof. Plus, the
> config files are *far* easier to parse and template-ize.
Yes - you obviously weren't at my DNS tutorial at SAGE-AU 2000! :-)
We are thinking hard about this one, but can't give a time right now.
<hint>
If someone rolled a contrib RPM (or even just the templates and
binaries) which replaced the current use of BIND, we'd be very happy
indeed.
</hint>
> 4) Some of the licensing issues may be moot now or soon. RSA will expire in
> the US in about a month, allowing you to ship crypto code to the US.
We're aware of that... :-)
> (You're in Canada, right?)
Yes - I have been for a month now :-)
> MySQL has been GPL'd. :)
Yep.
> I'm *really* impressed with the e-smith stuff. I do a bit of system
> integration for folks, but I usually piece-meal the stuff together. For
> instance, I usually use qmail+patches,
See above - I really like the simplicity of smtpd in front of any MTA.
I've done this at many sites - unpatched qmail with smptd at the front
door.
> ezmlm from tarball,
We have RPMs for this, which should be on the ftp site soonish (doing a
major re-org).
> vpopmail[4] for
> single-UID qmail virtual hosting, qmailadmin[5] for a web-based vpopmail
> interface, &c.
All good stuff. However, we can probably provide most of what they provide
for the typical situation.
> However, I really like the idea of the unified interface, of
> a pre-packaged system, and so on.
Great - glad you like it.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
