On Tue, 8 Feb 2005 10:19:43 -0900, Tim Jordan <tim@xxxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Danny, I'm getting ready to build on opensource mail filter box but have > not decided on which mail server to use. I'm curious why you went with > Postfix? In addition to my last post on this topic, the website for Postfix says it best: " Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different." Reason #2 - For the purposes of Internet facing (accessible to untrusted networks) SMTP services, here is *my* quick comparison of the preperation necessary to setup an IIS based SMTP MTA vs. Postfix on any BSD (FreeBSD, OpenBSD, and NetBSD) based OS. Role: MTA Server #1) Windows 2000 (or Windows Server 2003 web edition) with IIS SMTP server installed. Server #2) FreeBSD (any version within the last 2 years without any patches!) with Postfix installed. Configuration & Preparation: Server #1) -Put behind locked down firewall before plugging into Internet to download updates (or enable Windows Firewall on Windows Server 2003). Threatfocus: "According to a recent article by USA Today working with Kevin Mitnick, it takes less than 4 minutes for an unpatched Windows XP SP1 system to be taken over and added to a "Bot network." -Download and install dozens of patches and hope that MBSA, WindowsUpdate, or hfnetcheck report and verify successful installation -Reboot -Run MBSA if you don't have all the recommended lockdown tips memorized -Disable unessential services -Disable unnecessary accounts -Verify NTFS permissions, specifically the file system hosting these services -Disable uncessary IIS extensions -Install URLScan and/or IISLockdown -Rename admin account - although SID (500) can be retrieved to identify built-in admin acct -Verify IIS SMTP configuration - test for open relay -Cross fingers Server #2) (P.S. No software to purchase with this one) -No firewall necessary -vi /etc/rc.conf to disable sendmail -cd /usr/ports/mail/postfix && make install clean -vi main.cf and enter your domains. It ain't an open relay out of the box, so test if you like -postfix check (check your config for errors) -postfix start For more in-depth guides: http://www.flakshack.com/anti-spam/wiki/index.php http://www.securitysage.com/guides/postfix_uce.html http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt http://www-personal.umich.edu/~malth/gaptuning/postfix/ Happy MTA'ing, ...D