Re: [fw-wiz] FWTK and smap/smapd
From: ark@eltex.ru
Date: 07/17/02
- Next message: Rick Murphy: "Re: [fw-wiz] FWTK and smap/smapd"
- Previous message: Joseph S D Yao: "Re: [fw-wiz] FWTK and smap/smapd"
- In reply to: Bennett Todd: "Re: [fw-wiz] FWTK and smap/smapd"
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] FWTK and smap/smapd"
- Reply: Frederick M Avolio: "Re: [fw-wiz] FWTK and smap/smapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ark@eltex.ru To: bet@rahul.net Date: Wed Jul 17 08:22:28 2002
-----BEGIN PGP SIGNED MESSAGE-----
Bennett Todd <bet@rahul.net> said :
> 2002-07-16-08:50:40 Behm, Jeffrey L.:
> > Is the Firewall Toolkit still a viable solution nowadays?
>
> Select components, perhaps, but the restrictive license has kinda
> stifled it, other alternatives have probably taken over most if not
> all of the fwtk functionality with better-maintained code.
>
> > At least as an email gateway with smap/smapd-type functionality?
>
> That'd be a big Nope, no way, no sir. Postfix or qmail.
>
> (1) smap/smapd don't have a perfect security track record. qmail and
> Postfix do.
Were there any problems with _fwtk_ smap/smapd?
> (2) Unlike modern, well-maintained MTAs, smap/smapd don't have
> powerful anti-relay and anti-spammer controls.
They do. See patches page on fwtk.org
> (3) smap/smapd still need a sendmail (or something that tastes like
> one) to do the actual email routing and header thagomizing and
> whatnot; you _don't_ want sendmail on your firewall, lest some
> data-bourne bug be found that smap doesn't know to filter out.
> So you need a better MTA anyway. As long as you're gonna get
> one, go for one that's more secure than smap/smapd and toss them
> entirely.
You may run any simple mta that does mimick sendmail good enough.
> (4) smap/smapd are _SLOW_. Orders of magnitude slower than sendmail.
> Postfix and qmail are _FAST_ --- many times faster than
> sendmail.
qmail is _not_ fast. and the smap slowness is caused mostly by queue rescan delay
which you can tune.
> (5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd
> is about as complex as you can get. Either qmail or Postfix is
> far, far simpler than sendmail alone, let alone
> sendmail+smap/smapd. Simple is good. It works better.
Not too much. I'd say that smap/smapd+_really_simple smtp-only mta is simplier
than any full-blown mta like postfix. And it is more flexible. Store-and-forward
is good approach.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQCUAwUBPTVbkaH/mIJW9LeBAQF+VgP40mqbDgJDjJyMzX0S6cNSPVs2iGPZHfLC
GCnPgYRARtI3j+IQN2oXIM3h2SfMKWnQSwnRNzqzET10fQ1TFjBTJkrujUMDQx7p
U5EtyVX7hpzapre9crUfbS9GZ4oIKOdPSjPh5OIobBj3CZUj7Qt1ECUC7Ya8Odlc
Wacnqx404A==
=ZkQY
-----END PGP SIGNATURE-----
- Next message: Rick Murphy: "Re: [fw-wiz] FWTK and smap/smapd"
- Previous message: Joseph S D Yao: "Re: [fw-wiz] FWTK and smap/smapd"
- In reply to: Bennett Todd: "Re: [fw-wiz] FWTK and smap/smapd"
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] FWTK and smap/smapd"
- Reply: Frederick M Avolio: "Re: [fw-wiz] FWTK and smap/smapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
