Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: Bennett Todd <bet () rahul net>
Date: Tue, 16 Jul 2002 15:16:33 -0400
2002-07-16-08:50:40 Behm, Jeffrey L.:
Is the Firewall Toolkit still a viable solution nowadays?
Select components, perhaps, but the restrictive license has kinda stifled it, other alternatives have probably taken over most if not all of the fwtk functionality with better-maintained code.
At least as an email gateway with smap/smapd-type functionality?
That'd be a big Nope, no way, no sir. Postfix or qmail. (1) smap/smapd don't have a perfect security track record. qmail and Postfix do. (2) Unlike modern, well-maintained MTAs, smap/smapd don't have powerful anti-relay and anti-spammer controls. (3) smap/smapd still need a sendmail (or something that tastes like one) to do the actual email routing and header thagomizing and whatnot; you _don't_ want sendmail on your firewall, lest some data-bourne bug be found that smap doesn't know to filter out. So you need a better MTA anyway. As long as you're gonna get one, go for one that's more secure than smap/smapd and toss them entirely. (4) smap/smapd are _SLOW_. Orders of magnitude slower than sendmail. Postfix and qmail are _FAST_ --- many times faster than sendmail. (5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd is about as complex as you can get. Either qmail or Postfix is far, far simpler than sendmail alone, let alone sendmail+smap/smapd. Simple is good. It works better.
My situation is that I want to build an email gateway, located in a DMZ that simply accepts email from the Internet, and forwards into the Internal network (and vice versa - i.e. accept from Internal network and forward to Internet).
A perfect role to fill with qmail or Postfix. As to which of those is better, that's a subtle question. Sometimes the decision can have an objective answer, but it needs external constraints that you don't have --- compatibility with existing mailbox servers, that kind of thing. On a pure bastion relay, either one could work. It really is a matter of taste. Look at each <URL:http://www.qmail.org/>, <URL:http://www.postfix.org/>, decide which one looks nicer to you, and have a happy and worry-free life. For whatever it's worth, I personally like Postfix better. But I wouldn't dispute with anybody who likes qmail better. -Bennett
Attachment:
_bin
Description:
Current thread:
- FWTK and smap/smapd Behm, Jeffrey L. (Jul 16)
- Re: FWTK and smap/smapd Jerry Wintrode (Jul 16)
- Re: FWTK and smap/smapd Kevin Steves (Jul 16)
- Re: FWTK and smap/smapd Bennett Todd (Jul 16)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Anton J Aylward, CISSP (Jul 19)
- Re: FWTK and smap/smapd Paul D. Robertson (Jul 19)
- Re: FWTK and smap/smapd R. DuFresne (Jul 19)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)