360
Information Security

Postfix

What Is It?

Postfix is a Mail Transfer Agent, and can be considered a replacement for Sendmail, qmail, Exim, and others. It is most often found running the public facing mail gateways of ISPs and large corporations.

How did it come about?

When Wietse Venema needed a fast, secure MTA, he decided that rather than attempt to streamline an existing program, or retrofit security features, it would be better to just start from scratch. Postfix, (or VMailer as it was originally known) was born in 1997 and has enjoyed a strong following ever since.

Where would I use it?

We recommend Postfix for busy and exposed mail gateways, a corporate perimeter Internet MTA. In such deployments we typically install it on minimalist FreeBSD or Solaris systems.

Why is it so good?

How long have you got? Postfix can be installed and configured very quickly, particularly for sites currently dependent on Sendmail, with which it shares good deal of compatibility. What's more, because everything in Postfix is a table, it scales from home systems up to an ISP sized mail relays. Tables can be accessed via flat text files to full relational databases.

  • Postfix is developed by a very experienced team of just a few security conscious individuals. It is very hard to produce consistently secure code based upon large development communities and peer-review. That's not to say that peer-review isn't better than no-review of course. Ask Marcus.
  • It was written from scratch to be secure, and is resistant to buffer overflow attacks which plague other MTAs. Don't take our word for it, check with these guys.
  • The software runs as a set of daemons each performing a different set of tasks, and so facilitating a "least privilege" approach. In practice this lends itself well to running in chrooted environments or virtual containers.
  • In use since 1997 it has a long history and a solid track record, we know it doesn't bite.
  • It works well with AV/AS SMTP policy software for greylisting
  • Once installed, it just works, you can forget about it.
  • Good documentation

Who uses it?

Lehman Brothers and their 23000 staff, Email is a mission critical service. Postini, the Email security service provider, and ourselves at 360is.

Where do I start?

http://www.postfix.org/OVERVIEW.html