The Book of Postfix 103
The Book of Postfix | |
author | Ralf Hildebrandt + Patrick Koetter |
pages | 464 |
publisher | No Starch Press |
rating | 9 |
reviewer | Danny Yee |
ISBN | 1593270011 |
summary | understanding and implementing Postfix mail systems |
When The Book of Postfix arrived, I jumped straight to the chapter "Understanding SMTP Authentication", since that was something I wanted to get working. This explains the problem -- how to allow travelling users with unknown IP addresses to send mail through a mail server without opening it up to spammers -- and clearly lays out the options: SMTP-after-POP or -IMAP, SMTP authentication, certificate-based relaying using TLS, or some kind of VPN. "If you want something simple, independent, and secure, SMTP AUTH is probably for you."
The remainder of the chapter explains how to set up a backend for SMTP authentication -- a choice between saslauthd and other options -- and the following chapter then explains how to configure Postfix to use it. This approach is typical of The Book of Postfix, which tackles many topics with paired chapters, the first covering background, theory and any ancillary systems and the second covering the actual Postifx configuration. It also emphasises progressive implementation accompanied by testing, which is most reassuring when modifying production servers.
Other chapters in Part III, "Advanced Configurations", cover running Postfix chrooted, using TLS (two chapters), mail gateways and multiple domains. There's also a chapter that works through building a complete mail system for an organisation. Part IV covers tuning and the appendices cover installing Postfix (for Debian or Redhat Linux, or from source) and troubleshooting.
Moving backwards, the hundred and twenty pages in part II cover content controls. Some basic postmaster background is followed by pairs of chapters on each of message transfer restrictions, built-in content filters, and external content filters. I've been working through these, improving my anti-spam controls, and they're proving really helpful; my next step will be implementing amavisd-new.
Part I explains how to set up a host to run Postfix, with ancillary services such as DNS, NTP and syslog, then how to set up a simple single domain configuration, either on a permanently connected machine or on a dialup machine. It then gives a brief description of Postfix's basic anatomy. Part I is concise -- just fifty pages -- but it offers everything most people will need for a basic setup.
There's no cruft in The Book of Postfix: it's a fairly chunky book, but none of it is padding. Excerpts from configuration files include just the right amount of context and the diagrams (and a very few screenshots) are integrated with the text and tightly focused. Given the scope, it's probably overkill for basic Postfix users, though the first fifty pages would make an excellent "getting started" guide for them.
There are some omissions. There's no general explanation of how the master.cf file works, for example, or of rewriting -- neither "masquerading" nor "canonical" appear in the index or glossary. The "Anatomy of Postfix" chapter could definitely have been more comprehensive.
How does The Book of Postfix compare with the O'Reilly book Postfix: the Definitive Guide ? The Book of Postfix is nearly twice the length and provides much more detailed step-by-step explanations and more on ancillary systems -- it explains how to set up backends for SMTP authentication, for example, rather than just telling you that you need one.
I highly recommend The Book of Postfix to anyone using Postfix and wanting to do more than the basics with it.
Danny Yee has written over 800 other book reviews. You can purchase The Book of Postfix from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Great timing (Score:3, Informative)
I also reviewed The Book Of Postfix [debian-adm...ration.org] this week.
I also enjoyed it, and recommended it.
Just picked this book up a month ago (Score:5, Informative)
Long story short: This book has let me (in less then a month) not only switch our mail servers over to postfix, but let me do things more efficiently (in terms of stopping spam at the SMTP receive stage) and many other things better then I had with sendmail before.
I'm not going to make this a sendmail vs. postfix thread, but if you're going to use postfix, this book is a great resource!
Grey listing.. (Score:4, Informative)
This reduced the spam at our installation by over 80% overnight, and has so far had no complaints of false positive.
For a detailed explanation of how this works, see here..http://projects.puremagic.com/greylisting/ [puremagic.com]
Re:Dumb Question... (Score:5, Informative)
However, if you want added functionality, security, filtering, spam / virus control, you need to understand what you are doing if you want to use an open source *nix-compatible mail server.
If you just want something "easy" (read: click and drool), expose Exchange to the Internet and pay through the nose for security software that is behind the times.
If you understand how the internals of a richly-functional mail server work, you too may achieve >99.99% spam and virus filtering with 0.0001% false positives. And do it much cheaper.
Re:Dumb Question... (Score:1, Informative)
It has gotten more secure, sure, but that still doesn't stop a large number of attackers from successfully compromising the system.
And, on top of that, Sendmail is hell to configure.
Again, much love for Postfix.
Another source of postfix information :) (Score:3, Informative)
Say hello to us in irc.
We're always happy to help.
Re:Dumb Question... (Score:3, Informative)
Standard configs [postfix.org]
You shouldn't need to really configure much more than that.
Re:Dumb Question... (Score:4, Informative)
Mail server documentation is written for IT professionals and system administrators who know what they are doing.
This is not meant for end users.
And if you had bothered to read those links, they are newbie friendly and actually explain in depth what the changes you are doing do to the mail system.
Also, MUAs are supposed to submit mail on 587/tcp via SMTP. I recommend you follow that rule.
Re:Dumb Question... (Score:3, Informative)
Then all you have to do is (re)start postfix:
It's that easy.You can do more tweaking to improve security and set up spam & virus filtering, but those are complicated topics and are therefore complicated to configure. Switching to use maildir delivery (vs the default mbox format) is trivial to do, and is left as an exersize for the reader.
Re:Mutt (Score:3, Informative)
Try ssmtp [debian.org]. I use it when running mutt on Win32 under Cygwin.