Chris Adams
2019-Sep-20 21:07 UTC
[CentOS] Replacing sendmail with postfix (was: deprecations leading up to C8)
Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said:> Perfect. I think the only other significant customizations I have > are lines to use the MIMEDefang and OpenDKIM milters. When last I > looked into migrating, I recall that Postfix handled milters just > fine.Milters work a little different under postfix IIRC... I haven't tried them (which is a little sad, since I think I may have been the first person to write a sendmail milter :) ).> Meanwhile, I'd considered replacing procmail with the Dovecot > delivery program to get access to Sieve filtering but didn't see how > to easily invoke SpamAssassin as I do now in /etc/procmailrc. Is > Procmail still the default delivery agent in RHEL8?Postfix can use lmtp or procmail (I don't remember which is default). IIRC sieve may not provide external scripting for security reasons. I use spamassassin via amavisd-new, with messages going postfix -> amavisd -> second postfix (all via SMTP). It's more complicated, and not really necessary for the small setup (but I run larger mail servers with that setup, so I do the same for my personal servers as well). -- Chris Adams <linux at cmadams.net>
On 21/09/19 9:07 AM, Chris Adams wrote:> Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said: >> Perfect. I think the only other significant customizations I have >> are lines to use the MIMEDefang and OpenDKIM milters. When last I >> looked into migrating, I recall that Postfix handled milters just >> fine. > > Milters work a little different under postfix IIRC... I haven't tried > them (which is a little sad, since I think I may have been the first > person to write a sendmail milter :) ).Postfix has excellent milter support, it may not work exactly the same as they do in sendmail but they are designed to be fully compatible with sendmail milters. Also I believe that nowadays milters are written just as much to be support postfix as sendmail, if not moreso: http://www.postfix.org/MILTER_README.html>> Meanwhile, I'd considered replacing procmail with the Dovecot >> delivery program to get access to Sieve filtering but didn't see how >> to easily invoke SpamAssassin as I do now in /etc/procmailrc. Is >> Procmail still the default delivery agent in RHEL8?I would recommend dovecot lmtp over dovecot lda.> Postfix can use dovecot lmtp or procmail (I don't remember which is default).Postfix can use just about any delivery agent. The default in postfix is to use its own local(8) and virtual(8) delivery agents. That said, these delivery agents are very limited in comparison to dovecot lmtp or procmail.> IIRC sieve may not provide external scripting for security reasons.I'm pretty sure it does via managesieve.> I use spamassassin via amavisd-new, with messages going postfix -> > amavisd -> second postfix (all via SMTP).This is a good setup, but you may find that you can eliminate the second postfix step there and go postfix -> amavisd-new -> dovecot lmtp. Unless you need additional processing specifically from postfix after amavisd-new, that is. Peter
exim should also be considered. We have been using exim with CentOS for at least 10 years. Todd Merriman
--On Saturday, September 21, 2019 9:59 PM +1200 Peter <peter at pajamian.dhs.org> wrote:>> I use spamassassin via amavisd-new, with messages going postfix -> >> amavisd -> second postfix (all via SMTP). > > This is a good setup, but you may find that you can eliminate the second > postfix step there and go postfix -> amavisd-new -> dovecot lmtp. Unless > you need additional processing specifically from postfix after > amavisd-new, that is.I've been doing sendmail -> MIMEDefang -> SpamAssassin/clamd and then sendmail -> procmail -> SpamAssassin. Yeah, SA gets run twice, once to reject scores > 10 by the milter and then again by each user to incorporate their Bayes scores. I'd love to run it only once but haven't invested time in figuring out how to do that. But I only have a few users so it hasn't been a big enough load to worry about it. I'm the only one in my family/office doing extensive procmail filtering for my own mail, as I subscribe to lots of lists and like pre-filtering it all into separate folders. (I probably have 100-200 folders, so my MUA gets a workout looking for new mail.) I'd replace the procmail filters with sieve ones using Dovecot but I still want SpamAssassin to run first to mark the spam for filtering. (BTW, pet peeve about Thunderbird MUA: It fails to spot new folders I create when I add a new procmail filter. I have to go into Thunderbird's subscription dialog and force it to reload the folder list. I use an old copy of Mulberry in parallel and it always dependably reloads the folder list on startup.)