[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> We are in the midst of making a decision to choose an mta and I am pretty
> much convinced on qmail but have read some trash talk that has raised some
> doubt in my mind. I would really appreciate if someone could give a quick
> yes/no and how answer to the following issues that have been raised.
Sigh -- advocacy. I'll try to be objective.
> 1) qmail can't reject mail addressed to a box that doesn't exist? (ie. bounce
> back to original sender)
qmail will indeed bounce mail if it tries to deliver to a local user and
can't find an appropriate delivery instruction (.qmail-specific file,
.qmail-default file, .qmail file, etc).
What the objectors probably don't like is that qmail doesn't reject it during
the RCPT TO phase of the SMTP conversation. This is because the list of
valid users is not easily determined, due to the flexibility of .qmail files.
> 2) qmail does not verify domain of envelope sender? (ie. does not do a
> DNS/reverse lookup)
I think there are patches to do this, if you like. I personally don't think
it's a good idea, because if your DNS resolver is broken, you can reject
legitimate mail. I've received many a bounce complaining my domain didn't
exist, when it was a problem in the receiver's DNS resolver.
> 3) qmail forks off a new qmail-remote process for each recipient of every
> message...susceptible to easy DoS attack?
No. concurrencyremote (a qmail control file) specifies a maximum number of
qmail-remote processes to have going at a time. It has a sane default value.
If you want to raise or lower it, it's very simple to do.
Similarly, concurrencylocal specifies the maximum number or qmail-locals
to have going.
You can specify the maximum number of qmail-smtpds to have going with an
appropriate switch to tcpserver.
The only 'DoS attack' which qmail facilitates is when you have a lot of
messages to deliver to a single remote MTA which is misconfigured. The number
of connections which qmail opens to a remote MTA may be large; if the remote
system admin has not properly configured their smtpd concurrency, it may
overload their system. That's not qmail's fault; it's a sysadmin failure.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
