Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: ark () eltex ru
Date: Wed, 17 Jul 2002 15:57:06 +0400
-----BEGIN PGP SIGNED MESSAGE----- Bennett Todd <bet () rahul net> said :
2002-07-16-08:50:40 Behm, Jeffrey L.:Is the Firewall Toolkit still a viable solution nowadays?Select components, perhaps, but the restrictive license has kinda stifled it, other alternatives have probably taken over most if not all of the fwtk functionality with better-maintained code.At least as an email gateway with smap/smapd-type functionality?That'd be a big Nope, no way, no sir. Postfix or qmail. (1) smap/smapd don't have a perfect security track record. qmail and Postfix do.
Were there any problems with _fwtk_ smap/smapd?
(2) Unlike modern, well-maintained MTAs, smap/smapd don't have powerful anti-relay and anti-spammer controls.
They do. See patches page on fwtk.org
(3) smap/smapd still need a sendmail (or something that tastes like one) to do the actual email routing and header thagomizing and whatnot; you _don't_ want sendmail on your firewall, lest some data-bourne bug be found that smap doesn't know to filter out. So you need a better MTA anyway. As long as you're gonna get one, go for one that's more secure than smap/smapd and toss them entirely.
You may run any simple mta that does mimick sendmail good enough.
(4) smap/smapd are _SLOW_. Orders of magnitude slower than sendmail. Postfix and qmail are _FAST_ --- many times faster than sendmail.
qmail is _not_ fast. and the smap slowness is caused mostly by queue rescan delay which you can tune.
(5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd is about as complex as you can get. Either qmail or Postfix is far, far simpler than sendmail alone, let alone sendmail+smap/smapd. Simple is good. It works better.
Not too much. I'd say that smap/smapd+_really_simple smtp-only mta is simplier than any full-blown mta like postfix. And it is more flexible. Store-and-forward is good approach. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQCUAwUBPTVbkaH/mIJW9LeBAQF+VgP40mqbDgJDjJyMzX0S6cNSPVs2iGPZHfLC GCnPgYRARtI3j+IQN2oXIM3h2SfMKWnQSwnRNzqzET10fQ1TFjBTJkrujUMDQx7p U5EtyVX7hpzapre9crUfbS9GZ4oIKOdPSjPh5OIobBj3CZUj7Qt1ECUC7Ya8Odlc Wacnqx404A== =ZkQY -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Firewalls breaking stuff: [Was re: fwtk], (continued)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: FWTK and smap/smapd David Lang (Jul 16)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 16)
- Re: FWTK and smap/smapd Paul Robertson (Jul 16)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 16)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Paul Robertson (Jul 17)
- Message not available
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Bennett Todd (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Brian Hatch (Jul 17)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 17)