O'Reilly logo

Building Secure Servers with Linux by Michael D. Bauer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Postfix

Wietse Venema’s program, Postfix, provides an alternative to Sendmail that is simpler in design, more modular, and easier to configure and administer. Equally important, it’s designed with scalability, reliability, and security as fundamental requirements.

The remainder of this chapter brings you up to speed quickly on how to use Postfix as a secure means of exchanging your network’s email with Internet hosts. In particular, I’ll focus on deploying Postfix on firewalls, in DMZs, and in other settings in which your SMTP server will have contact with untrusted systems.

I won’t go into nearly as much depth with Postfix as I just did with Sendmail. The whole point of Postfix is ease of use: you’ll have no problem figuring out how to use Postfix given little more than the documentation and example configurations included with Postfix itself.

Postfix Architecture

On the one hand, since Postfix can do most of what Sendmail can, its architecture is arguably as complex or even a little more so than Sendmail’s. Postfix consists of a suite of daemons and helper applications, whereas Sendmail is essentially monolithic.

On the other hand, Postfix’s modularity actually makes it much simpler in practice. For Mr. Venema and the others who maintain Postfix’s code, it’s easier to fix a bug in the SMTP daemon if that daemon’s code is self-contained and not part of a much larger whole. As for end users, Postfix is administered mainly with the postfix command and a few others (most users only need ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required