H-SPHERE QUESTION: Postfix vs. qmail

Discussion in 'Plesk Automation Suggestions and Feedback' started by Blake@Parallels, Jan 17, 2012.

Thread Status:
Not open for further replies.
  1. Blake@Parallels

    Blake@Parallels Mega Poster

    Messages:
    216
    As we continue to move forward planning and developing our future multi-server solutions (including those designed and priced appropriately for our mid-sized hoster customers such as you guys), one area that has come up is that of e-mail.

    We are considering the possibility of not supporting qmail in the new product (but would like your feedback before making any decisions). As we develop upgrade paths from H-Sphere to this new product, it may transition some backend pieces such as: qmail -> Postfix or ezmlm -> mailman. This does bring up some interesting scenarios, and we'd like your opinion.


    Benefits:
    - Postfix is an actively maintained mail server package widely used in production environments (qmail is not)
    - Faster e-mail throughput (around 2-3x more mail/second)
    - Better scalability (we have found that qmail performance significantly degrades above 20 mail/second)
    - More standard configuration file formats and options for customizing the mail server (including greater availability of community assistance)
    - More unified codebase vs. qmail (which typically contains many third-party patches)
    - Simplified setup and possible lower support incident rate from clients
    - More extendable via Milter MTA protocol

    Differences:
    - For anti-spam, the only notable difference is that spam mails will no longer be forwarded to an address, but instead relocated to a folder in the same mail account
    - Some features such as: sender filters, ability to discard incoming messages, client's ability to tune greylisting, DKIM and SPF will not be supported


    So - generally we'd like to know if these sorts of changes would be acceptable? Are there other concerns you could have about this scenario?

    Thanks!
     
  2. GregorL

    GregorL Kilo Poster

    Messages:
    65
    I think the switch to Postfix is not a problem.
    However, while we can live without GreyListing, a loss of DKIM and SPF would be a big issue.
    For smaller hosts, a correct DKIM/SPF setup is essential to have customer emails arrive at the intended inbox.
    Without DKIM and SPF a lot of email will either be blocked or end up in the SPAM folder of larger ISPs.

    Now, one thing I do not understand though is that SPF is a DNS Setting only and not really related to the mail service.
    (it only has to know the IP's of all servers sending email)
    So I'm not sure why this would be effected by the choice of QMail or Postfix.
     
  3. bdowne01

    bdowne01 Kilo Poster

    Messages:
    12
    While I'm far more familiar with Qmail, I think a move to Postfix makes perfect sense. Having actively supported software on the backend has distinct advantages.

    That being said, I think the DKIM and SPF are pretty heavy losses. We have several customers that utilize those and I'm already trying to figure out how to explain a "step backwards" for them.
     
  4. TzahiB

    TzahiB Bit Poster

    Messages:
    1
    Is it possible to elaborate about losing SPF support?

    That's an essential feature for small hosts like ourselves, but it is supposed to be a DNS feature as Gregor said, and I'm sure there won't be a problem to create the necessary record automatically in the new software (whether it uses Postfix or qmail).
     
  5. Blake@Parallels

    Blake@Parallels Mega Poster

    Messages:
    216
    My English teacher would be angry at me for using an ambiguous comma. :)

    IMPORTANT: I did not mean to imply that DKIM/SPF are not available with Postfix - only that the client-side tuning capabilities would not be as robust (as compared with qmail in H-Sphere). I should be able to provide a list of differentiated configuration options shortly.

    Thanks,
     
  6. KristoferP

    KristoferP Bit Poster

    Messages:
    1
    Why are there these differences?

    Postfix provides the ability to allow you to accomplish these tasks.
     
  7. Andrew Andriatis

    Andrew Andriatis Odin Team

    Messages:
    437
    Hi,
    Yes, technically postfix provides the ability to set filters on a mailbox level, but on practice, normal mail users don’t do this themselves. That’s why we left these capabilities on the server admin and domain admin levels, not overloading the end user interface with spam protection details.
     
  8. GregorL

    GregorL Kilo Poster

    Messages:
    65
    That actually sounds like a great improvement to me.
    Keeping things as simple as possible for the enduser with the option for the domain/server admin to do/tweak additional things is the way to go to keep support requests to a minimum.
     
  9. conexcol

    conexcol Bit Poster

    Messages:
    1
    Hi!

    I agree having a simple interface helps. However, some users actually understand what they are doing and having the possibility to twick the settings on the client side is a must.

    - Postfix is fast, well supported and easy to manage, so +1 on that
    - SPF, Graylisting and DomainKeys are supported long time ago by postfix
    - There are things like add-ons for roundcube that enable end users to change their spamassassin settings, so no need to develop that. I'm using roundcube with existing h-sphere boxes and it's straight forward.
    - SPF and DomainKeys settings could be left to admin
    - Please support Sieve. This can be managed from roundcube as well using a plugin and will help moving spam mails to spam folder. Deleting or forwarding spam is just non-sense and creates more confusion and noise than actually helping end users.
    - Spam filters need to have a trining system controlled by end users with a "Mark as Spam/Non-spam" button on the webmail interface or forwarding the email to a specific account (roundcube provides such button for that using a plugin)
    - Queue management via control panel or command line is a must
    - Full smtp logs are mandatory (also required by law on some countries, including US I think)
     
  10. Andrew Andriatis

    Andrew Andriatis Odin Team

    Messages:
    437
    Hi, conexcol
    Thanks for the input. We’ll consider it for the mail features specs.
     
  11. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day:

    Is SPF available on postfix?

    Is domain keys available on postfix?

    If the email is sent from the web, will the email header include the full path to the application that sent the email if postfix is used?

    In terms of finding spam on abused accounts, for qmail I go to /var/qmail/queue/mess/0 to 22 and cat files of similar size.

    In one file I can see the header and the body.

    It is easy to nail down spammers.

    What's the process for postfix?

    Thank you.
     
  12. parallelsbox

    parallelsbox Kilo Poster

    Messages:
    65
    Do you have plans to support a mail server with Enterprise level features like Mailenable, ok it's Windows based but it would be a great offer compared to Linux based mail servers like postfix or qmail.
     
  13. Andrew Andriatis

    Andrew Andriatis Odin Team

    Messages:
    437
    Yes, we are considering MailEnable and SmarterMail to be attached in the same way as postfix.
     
  14. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Hi Andrew:

    Is SPF available on postfix?

    Is domain keys available on postfix?

    If the email is sent from the web, will the email header include the full path to the application that sent the email if postfix is used?

    In terms of finding spam on abused accounts, for qmail I go to /var/qmail/queue/mess/0 to 22 and cat files of similar size.

    In one file I can see the header and the body.

    It is easy to nail down spammers.

    What's the process for postfix?

    Thank you.
     
  15. Andrew Andriatis

    Andrew Andriatis Odin Team

    Messages:
    437
    Hi, Peter,
    SPF and domain keys are available in postfix.
    I aksed our developers to comment on your way of spotting spammers. They will reply shortly.
     
  16. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    >If the email is sent from the web, will the email header include the full path to the application that sent the email if postfix is used?
    Postfix doesn't include full path like any other server but we have own implementation to identify domain name that sent the email and include to the header of email.

    >In terms of finding spam on abused accounts, for qmail I go to /var/qmail/queue/mess/0 to 22 and cat files of similar size.
    Instead of manually searching of spammers PPA supports "Spamassassin" and "Greylisting" and you will able to automate process and filter spam letters as you need.

    Best Regards,
    Andrey
     
  17. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Greetings Dobrenko Andrey:

    The reason there is a need to search raw emails is Spam Assassin doesn't work effectively. It is unreliable, and we avoid it at all cost (including the outright refusal to be forced to use it).

    When you state you have your own implementation to identify the domain name that sent an email, will that be included in MSP?

    Thank you.
     
  18. TanmayaA

    TanmayaA Bit Poster

    Messages:
    2
  19. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    Sorry for long answer. The mail feature about identifying domain name is in development stage. The scope of feature list of first release will be announced later and we will inform you about it as soon as. Regarding to managing Postfix queue, you can use utilities "mailq" and "postqueue". Additional info you can find here http://www.postfix.org/documentation.html

    Thanks!

    Best Regards,
    Andrey
     
  20. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day, Andrey:

    I'm familiar with the documentation.

    At present, it is far easier to track down spam in qmail than in postfix based on how the information is represented; so I'm hoping for tools or a better way if postfix is the answer in Multi-Server Plesk.

    ### SEPARATELY

    Right now H-Sphere uses sslserver for all email ports, not just the secure ports of 465 and 995.

    May I suggest having an interface for administrators to pick what ports will use sslserver and what ports will use tcpserver? It should allow for zero to many.

    Thank you.
     
Thread Status:
Not open for further replies.

Share This Page