fantastic-summary-of-why-qmail-still-sucks-eight-years-after-it-was-abandoned-by-djb

To: linux-elitists@zgp.org
From: Rob McGee <list+Elite@nodns4.us>
Date: Sat, 5 Nov 2005 13:50:41 -0600
Subject: Re: [linux-elitists] My Anti-Qmail Page
User-Agent: KMail/1.8.2
Organization: No DNS 4 Us
List-Id: An experiment in MUA-based list moderation <linux-elitists.zgp.org>
In-Reply-To: <200511051641.42360.shlomif@iglu.org.il>
Message-Id: <200511051350.41717.list+Elite@nodns4.us>
References: <200511051641.42360.shlomif@iglu.org.il>

On Saturday 2005-November-05 08:41, Shlomi Fish wrote:
> I set up an anti-qmail page:
>
> http://www.shlomifish.org/open-source/anti/qmail/

I started one myself about a year ago, which was more a comparison of 
qmail and Postfix in anti-spam capabilities. But I quit working on it 
before it got to a point of being published.

My boss was (is?) a qmail zealot. I had learned a few tricks in Postfix 
for curbing spam. I found that those tricks would not be easily done in 
qmail, if at all. On that basis I recommended deploying Postfix. I was 
overruled on a religious basis: "Dan said it, I believe it, we're 
staying with qmail!"

I was given the job to find qmail patches to do the things I was doing 
in Postfix. I declined. He tried to do it himself. 3 days later I was 
asked to install Postfix.

> Comments, suggestions, corrections and flames are welcome.

I could nitpick a few things, but it's probably better to point out 
qmail's biggest crime: backscatter spam. By deliberate design it will 
accept all mail for its domains, doing no recipient validation in the 
SMTP dialogue. Then if a user does not exist, a bounce is generated, 
almost always spamming the mailbox of an innocent victim (forged 
envelope sender.)

The backscatter problem is addressed by a few patches and drop-in 
replacements for qmail-smtpd, but TTBOMK the most popular HOWTOs 
available do not apply these patches.

You might want to elaborate on the free vs. proprietary software issue. 
I think qmail is a vivid illustration of the superiority of free 
licenses. Without Bernstein's restrictive license, someone else might 
have picked up the abandoned project and added the missing features. It 
possibly could have become a complete MTA.

My own pet peeve about qmail and other DJBware is the radical departure 
from Unix norms. Putting everything in /var/qmail, ugh! A secure system 
might have /var mounted noexec. And the logging for qmail is a poor 
excuse; timestamps down to the nanosecond (yeah, right) and the 
information you need isn't there. Syslog isn't perfect, but it's the 
best we have.
-- 
    Rob - /dev/rob0
_______________________________________________
linux-elitists 
http://zgp.org/mailman/listinfo/linux-elitists

To: linux-elitists@zgp.org
From: Rick Moen <rick@linuxmafia.com>
Date: Sat, 5 Nov 2005 08:50:33 -0800
Subject: Re: [linux-elitists] My Anti-Qmail Page
User-Agent: Mutt/1.5.9i
List-Id: An experiment in MUA-based list moderation <linux-elitists.zgp.org>
In-Reply-To: <200511051641.42360.shlomif@iglu.org.il>
Message-Id: <20051105165033.GA21839@linuxmafia.com>
References: <200511051641.42360.shlomif@iglu.org.il>

Quoting Shlomi Fish (shlomif@iglu.org.il):

> I set up an anti-qmail page:
> http://www.shlomifish.org/open-source/anti/qmail/

1.  And immediately fell for the obvious rhetorical trap of allowing people
to dismiss it as an anti-Dan page:  The first sentence of item #3 ("The
author, Daniel J. Bernstein, is full of bad attitude, is incredibly
stubborn, has a feelings of superiority, and routinely attacks everyone
else") comes across as sophomoric personal wrangling, and has no bearing 
on the merits of the MTA itself.  

If you want to be taken seriously, don't go there.  Also, much as I was
annoyed at the idiocy of Dan making legal threats at me over my
"libeling" his software, I object to your using that sort of rhetoric.
It's both irrelevant to the issue at hand and unseemly.

2.  Re: "It is no longer actively maintained".  You might mention:
Since 1998-06-15 -- i.e., currently, seven years and counting.  Abandonware.

3.  Re:  "The ezmlm-idx has a lot of duplicacy in its configuration."
I doubt there's such a word as "duplicacy".  I believe you mean
"duplication".  (Bevakasha.  ;->  )

4.  Re:  "qmail lags behind other MTA's in its feature-set."  The best 
way to form the plural of an acronym is with "s" rather than
apostrophe-s, thus cleanly distinguishing plural from possessive.

_______________________________________________
linux-elitists 
http://zgp.org/mailman/listinfo/linux-elitists