Book Review: <emphasis>Postfix: The Definitive Guide</emphasis>

Postfix: The Definitive Guide

by Kyle Dent

O'Reilly & Associates

ISBN: 0596002122

$34.95

Postfix: The Definitive Guide is a beautifully written book about a beautifully designed
program. Kyle Dent's writing is precise and concise without being too
dense to read--standards, for example, typically are precise and dense.
After the first chapter or two, I asked, "Has this guy written anything else?"
Answer: the Postfix section of Running Linux, 4th
Ed.

The excerpted sentence that follows is a bit long, but it covers the required ground,
including the all important except-whens: "With maildir-style delivery, Postfix
normally creates the necessary directories and files, if the user's credentials
permit it; however as a security precaution, if the parent directory is
world-writable, Postfix delivery agents will not create any additional files
or directories."

The phrase "Postfix delivery agents" is a necessary qualifier. Many
installations use a third-party mail delivery agent, such as procmail or
Maildrop, that have different security policies.

Wietse Venema wrote the initial versions of Postfix and continues to
develop it. He also scrutinizes all contributions. He is the author
of tcpwrappers and other security programs, so his scrutiny sets a high
standard. Needless to say, Postfix has a very good security record.

Postfix also is quite resource efficient: it easily can handle a thousand
messages per day on a high-end 486 machine. I've used Postfix for three
years, and it always has been several steps ahead of what I've needed for
SOHO environments without overwhelming me with what I did not (yet)
need. ISPs are using it on high-end modern PCs to handle as much as a
million messages a day. It runs on Linux and most flavors of
Unix. This book covers Postfix 2.1, which is in release candidate
status as I write this review in May 2004. One caveat: the book does not cover the
policy daemon interface; it is in the development branch only and
may not make it into 2.1 stable.

Postfix: The Definitive Guide digs a little deeper
into the hows and whys. I like that;
I've never been much good at turning the crank on rote procedures. By
explaining how Postfix's features reflect its architecture and how
they relate to real world needs, debugging configurations and
extending Postfix with third-party virus scanners and spam filter is a lot
easier.

Too many guides that claim to be definitive list all the
options and settings without explaining how they work together.
Dent's examples are well chosen to illustrate a real setup and the
underlying processing. A good example is the chapter titled "Blocking
Unsolicited Commercial Email". Postfix can enforce a dress code to
keep out the more blatantly standards non-compliant e-mail, usually sent
from viruses or spammers. Dent leads you through the dialogue
between mail clients and servers and shows how the restrictions
correspond to the steps of the dialogue. He also explains which parts
of the standards should be enforced and which skipped, plus what information you
can depend on and what is forged easily. In the past, I tried to do
this but bumped up against a couple of newsletters from big companies
that were not compliant. Usually, the domain name in the From
line does not resolve, because there is either no DNS record or no computer at
that address. Now I understand how to whitelist them. With stricter
restrictions in place, I now can refuse some of the spam before
accepting it. Also, spammers with fixed addresses can be blacklisted.
This is an area of Postfix that has improved considerably over the
past year. This update alone is worth the price of the book.

Postfix endeavors to work well with others by supporting standard
protocols in third-party programs for virus scanning and spam
filtering. Below Dent describes the differences among SMTP, the
main Internet e-mail transport protocol; LMTP, a variant used
within a LAN with the Cyrus IMAP server; and other third-party programs
and why Postfix is different:

When an MTA makes a delivery to an SMTP server, where the message
is destined for multiple recipients, and one or more recipients
cannot accept the message for some reason, the SMTP server takes
the responsibility for queuing the message to deliver it later,
and reports an overall successful delivery to the MTA. LMTP
servers do not queue messages, so they must return an individual
status reply for every recipient of a particular email message.
For those recipients that could not be delivered, the MTA, and not
the LMTP server, takes the responsibility of queuing the message
and attempting redelivery.

Dent picks his battles carefully. He covers how to integrate Postfix
with LDAP and MySQL but not their installation. The only
reason to use these databases is because you already are using them
with some other application, meaning they already are installed. For
standalone use, the native Postfix databases are more than adequate
and simpler to use.

In summary, I like this book a lot. I am tempted to buy anything
else Dent writes, sight unseen. I liked Postfix and now am more
impressed by its design, both for its security offering and its
feature mix, which is aimed at the needs of the real world--spam, hostile
Internet denizens and so on. All this is accomplished without succumbing to creeping
featuritis. I intend to keep this book within reach and to use
Postfix on any system I administer.

Jeffrey L. Taylor is a 30 year veteran of software engineering. He
has been using UNIX for over 25 years and Linux for over four.