Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: ark () eltex ru
Date: Wed, 17 Jul 2002 15:57:06 +0400
-----BEGIN PGP SIGNED MESSAGE----- Bennett Todd <bet () rahul net> said :
2002-07-16-08:50:40 Behm, Jeffrey L.:Is the Firewall Toolkit still a viable solution nowadays?Select components, perhaps, but the restrictive license has kinda stifled it, other alternatives have probably taken over most if not all of the fwtk functionality with better-maintained code.At least as an email gateway with smap/smapd-type functionality?That'd be a big Nope, no way, no sir. Postfix or qmail. (1) smap/smapd don't have a perfect security track record. qmail and Postfix do.
Were there any problems with _fwtk_ smap/smapd?
(2) Unlike modern, well-maintained MTAs, smap/smapd don't have
powerful anti-relay and anti-spammer controls.
They do. See patches page on fwtk.org
(3) smap/smapd still need a sendmail (or something that tastes like
one) to do the actual email routing and header thagomizing and
whatnot; you _don't_ want sendmail on your firewall, lest some
data-bourne bug be found that smap doesn't know to filter out.
So you need a better MTA anyway. As long as you're gonna get
one, go for one that's more secure than smap/smapd and toss them
entirely.
You may run any simple mta that does mimick sendmail good enough.
(4) smap/smapd are _SLOW_. Orders of magnitude slower than sendmail.
Postfix and qmail are _FAST_ --- many times faster than
sendmail.
qmail is _not_ fast. and the smap slowness is caused mostly by queue rescan delay which you can tune.
(5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd
is about as complex as you can get. Either qmail or Postfix is
far, far simpler than sendmail alone, let alone
sendmail+smap/smapd. Simple is good. It works better.
Not too much. I'd say that smap/smapd+_really_simple smtp-only mta is simplier
than any full-blown mta like postfix. And it is more flexible. Store-and-forward
is good approach.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQCUAwUBPTVbkaH/mIJW9LeBAQF+VgP40mqbDgJDjJyMzX0S6cNSPVs2iGPZHfLC
GCnPgYRARtI3j+IQN2oXIM3h2SfMKWnQSwnRNzqzET10fQ1TFjBTJkrujUMDQx7p
U5EtyVX7hpzapre9crUfbS9GZ4oIKOdPSjPh5OIobBj3CZUj7Qt1ECUC7Ya8Odlc
Wacnqx404A==
=ZkQY
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Firewalls breaking stuff: [Was re: fwtk], (continued)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: FWTK and smap/smapd David Lang (Jul 16)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 16)
- Re: FWTK and smap/smapd Paul Robertson (Jul 16)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 16)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Paul Robertson (Jul 17)
- Message not available
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Bennett Todd (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Brian Hatch (Jul 17)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 17)