• Choose a category
• All
• Classic-Fiction

Recall that a message logged to syslog at a particular level is reported to that level and all those above it. The /etc/syslog.conf file determines the eventual destination of each message. Table 19.20 gives an approximate mapping between log levels and syslog severity levels.

Table 19.20 sendmail log levels vs. syslog levels

19.13 THE POSTFIX MAIL SYSTEM

The Postfix project started when Wietse Venema spent a sabbatical year at IBM’s T. J. Watson Research Center. It is an alternative to sendmail that tries to be fast, easy to administer, and (hopefully) secure. It is a direct competitor to qmail by Dan Bernstein. Postfix’s design goals included an open source distribution policy, speedy performance, robustness, flexibility, and security.

The most important things about Postfix are probably, first, that it works almost out of the box (the simplest config files are only one or two lines long), and second, that it leverages regular expression maps, especially with the PCRE (Perl Compatible Regular Expression) library to filter mail effectively. Very powerful, but the complicated regular expressions remind you of sendmail’s raw config file syntax. Postfix is compatible with sendmail in the sense that Postfix aliases and .forward files have the same format and semantics as those of sendmail.

Postfix speaks ESMTP and has limited support for UUCP. Virtual domains and spam filtering are both supported. Postfix does not use an address rewriting language as sendmail does; instead, it relies on table lookups from flat files, DB, dbm, LDAP, NIS, or NetInfo.

Postfix architecture

Postfix comprises several small, cooperating processes that send network messages, receive messages, deliver mail locally, etc. Communication among the processes is performed through UNIX domain sockets or FIFOs. This architecture is quite different from that of sendmail, wherein a single large process does everything.

Postfix uses four different mail queues:

• Maildrop – where the user agent puts outgoing messages

• Incoming – for mail that is arriving

• Active – an in-memory queue of mail being processed for delivery

• Deferred – mail for which delivery has failed in the past

A queue manager process moves messages among queues. It uses a round robin strategy that balances between the incoming and deferred queues to determine what goes into the active queue. Messages in the active queue are sorted by destination before processing, so if several messages are bound to the same destination, they can be transferred over a single TCP connection.

In order not to overwhelm a receiving host, especially after it has been down, Postfix uses a slow start algorithm to control how fast it tries to deliver mail. Deferred messages are given a try-again time stamp that exponentially backs off so as not to waste resources on undeliverable messages. A status cache of unreachable destinations avoids unnecessary delivery attempts (similar to sendmail’s host status option; see page 588).

Security is implemented at several levels. Most of the Postfix daemons can run in a chrooted environment. The daemons are separate programs with no parent/child relationship. None of them are setuid. Memory for strings and buffers is dynamically allocated, and long lines are broken and reassembled for delivery to prevent buffer overrun issues. The mail drop queue is world-writable (but not world-readable), so Postfix does not need to trust user agents.

A world-writable directory opens opportunities for a malicious local user to mess around, but Postfix averts most problems by using a special file format for queue files. It does not try to process invalid files. Optionally, the mail drop directory can be set to be only group-writable if the postdrop program is setgid; this feature was added under pressure from Dan Bernstein’s bashing on the bugtraq mailing list.

At the center of the Postfix system are the master daemon that starts the other daemons and