What will you miss when this site closes?





198 votes ~ 6 comments

This site will turn read-only at the end of September 2017.

Book Review: The Book of Postfix

Posted by Steve on Mon 27 Jun 2005 at 16:29

I was recently offered the opportunity to review a copy of "The Book of Postfix", published by NoStarch press. This book aims to be complete guide to Postfix whether used by the home user, as a mail relay or virus scanning gateway, or as a company mail server.

Disclaimer

I assume most book reviews, and product reviews published online are "paid", or "bought" - in the sense that the reviewer received the product for free.

However I've never been in that position myself, until now. I recently received an email from a publisher asking me if I would be interested in reviewing two of their books. One of which covered something I knew nothing about, so I didn't feel that I would be a fair reviewer, because I couldn't judge how accurate the coverage was (although I could have treated it as an introduction I didn't feel that was entirely fair).

The other book was the subject of this review, concerning the Postfix mailserver something I'm familiar with - and something that visitors here appear to prefer to Debian's default mailserver - exim.

So after some deliberation I decided that reviewing a book received gratis would be fair, so long as I explained that I'd received the book as a donation.

If you're wary of trusting a review conducted on this basis feel free to stop reading now. If this is something you've accepted in the past from other sites then I hope this introduction hasn't been too long.

(And if you have items which you wish me to review I'll try to do a fair job; but only if it's on a subject I believe I can review fairly and accurately. That's cryptography, computer security, shellcode, mail-servers, webservers, programming, etc).

About The Book

The book describes itself as suitable for both complete beginners and advanced users of the Postfix mailserver. With that in mind it starts out by describing the simplest setup possible for a mailserver: handling mail for a single domain. Once this topic is covered more advanced scenarios are covered.

Each of the four parts of the book begins with a short introduction to each of the following chapters. These summaries are a useful way of looking forward to what is about to occur, and seeing how the grouped chapters relate to each other.

The full table of contents is:

  • About This Book
  • 1. An Introduction To Postfix
  • Part I: Basics
    • 2. Preparing Your Host and Environment
    • 3. Mailserver for a Single Domain
    • 4. Dial-up Mail Server for a Single Domain
    • 5. Anatomy of Postfix
  • Part II: Content Control
    • 6. A Postmaster's Primer to Email
    • 7. How Message Transfer Restrictions Work
    • 8. Using Message Transfer Restrictions
    • 9. How Built-in Content Filters Work
    • 10. Using Built-in Content Filters
    • 11. How External Content Filters Work
    • 12. Using External Content Filters - This chapter is available online
  • Part III: Advanced Configurations
    • 13. Mail Gateways
    • 14. A Mail Server for Multiple Domains
    • 15. Understanding SMTP Authentication
    • 16. SMTP Authentication
    • 17. Understanding Transport Layer Security
    • 18. Using Transport Layer Security
    • 19. A Company Mail Server
    • 20. Running Postfix in a chroot Environment
  • Part IV: Tuning Postfix
    • 21. Remote Client Concurrency and Request Rate Limiting
    • 22. Performance Tuning
  • Appendix A : Installing Postfix
  • Appendix B : Troubleshooting Postfix
  • Appendix C : CIDR and SMTP Standards Reference
  • Glossary
  • Index

It should be obvious from reading the contents that this book aims to cover a lot of material. But despite this the information is imparted in a very clear, concise, and readable fashion.

The layout of the book itself helps make it easy to read, with clear diagrams where appropriate and useful "tips", "cautions" and "notes" included to clarify things, or provide warnings where appropriate.

There's a lot of information covered in the book which isn't obvious from the content listing too. You really would have to spend a lot of time searching for all the information contained here, and that makes this book a very useful reference volume.

The later chapters build upon the earlier ones in a natural fashion making the later examples simple enough to follow along with, even for a relative newcomer.

Whilst it is possible to dive into a particular example scenario and start working on replicating the setup without reading the preceding chapters this would only be recommended for somebody already familiar with postfix.

The Introductory Material

The introduction material in the early chapters is well written and should be readily accessible even if you're not familiar with the job of a mailserver, and general system administration.

Rather than waste time describing how to install the software from source code at the start of the book this information is relegating to an appendix. This appendix includes coverage of the Debian binary packages, which was a neat touch for me and visitors to this site. Unfortunately the packages mentioned were for the previous stable release, Woody, rather than the recently released Sarge distribution. I'm sure this will be updated in a later edition of the book.

I thought the introductory text was very useful, covering basic host setup such as:

  • Ensuring your system has a fully qualified domain name
  • Making sure your clock is current
  • Checking that you have syslog running, so that logfiles work
  • The importance of having reverse DNS setup and working

postfix was initially designed to be more secure than the monolithic sendmail. To that end there are several binaries which worth together to form the postfix system.

Each of the these components have a distinct role to play in the processing of mail by postfix. The description of each of these parts, and what they actually do, was very informative and well written. (In the past I can recall looking at all the programs and having no idea how they related to each other).

It might have been nice to see this explanation of how the different processes relate to each other presented slightly earlier in the text, but I didn't feel like the lack of this knowledge was a handicap to understanding the earlier text.

The Examples

Once we get past the introductory material the real meat of the book is the examples, and the discussion that accompanies each one.

The major examples have been listed already in the table of contents. Each one is discussed in depth, and if you're looking to setup something similar to one of the named examples you're in for a real treat.

The discussion of the various options is both detailed and clear to understand. The authors have done a good job choosing their words carefully and explaining why things are done as they are - rather than choosing options and leaving you wondering why.

One of the nice suprises in this book was not just seeing how to handle various jobs, such as setting up mail for a single domain, or a complete filtering system for multiple domains but seeing how to test the setups.

In all of the later examples there are notes on how to make sure things are working correctly, complete with sample logfile entries which show you what failure and success both look like.

It's probably fair to say that the chapter headings don't do the coverage justice. For example chapter 14 covering setting up a mailserver for multiple domains doesn't just explain this once. It first starts with the traditional virtual domain alias handling, then follows up with looking up account details from a MySQL database.

Similarly the various chapters on content filtering cover multiple techniques to combat SPAM, malformed mail. (Including virus filtering)

Conclusion

In summary I like this book a lot. If I was to give it a "score" I'd easily give it 4/5.

I find it hard to say anything bad about the book, because it does cover a lot of material to a very high standard, whilst also remaining very readable.

I do think that perhaps the earlier sections could be reworked a little to be more "beginner friendly", to explain DNS briefly when discussing checking MX records for example. That's only a slight criticism.

Presentation-wise the book is clear and readable, but at times I did think there were too many distractions with "tips", "notes", and "cautions". These were all well placed, and well timed. But having more than one on a single page was sometimes distracting.

It would also be nice to see a summery of each setup which is worked through. (Maybe at the end of a chapter, or in a separate appendix). The discussion following each worked example does explain each setting but there isn't a reference copy of the relevant configuration files to examine in isolation. (Just having the contents of the main.cf, master.cf files would be useful)

Details
Title The Postfix Book
Authors Ralf Hildebrandt & Patrick Koetter
Publishier No Starch Press
ISBN 1-59327-001-1
Cover Price $44.95
Availability

 

 


Re: Book Review: The Book of Postfix
Posted by Anonymous (193.237.xx.xx) on Mon 27 Jun 2005 at 19:51
Can't speak for others, but I don't prefer Postfix especially, I was just put off by the approach to security in Exim in comparison to Postfix and Qmail. Any advice on this appreciated.

The one time I braved Exim I managed to add the quite sophisticated functionality my mate wanted to the config file with a quick Google, and a read of the excellent documentation, very easily.

I think the Postfix online documentation lacks "overview", which is necessary in a product that nearly always seems to have an option for doing what you want. i.e. Lots of "How To" but not many - it is like this because....

I've pondered the Postfix book before, but that cover price has got to hurt. I wonder if they take Waterstone vouchers?

[ Parent | Reply to this comment ]

Exim?
Posted by Anonymous (212.18.xx.xx) on Mon 27 Jun 2005 at 20:33
Whats wrong with the approach to security in Exim?

[ Parent | Reply to this comment ]

Re: Exim?
Posted by simonw (193.237.xx.xx) on Mon 27 Jun 2005 at 21:13
[ View Weblogs ]
Specifically I'm concerned with the security of the software itself to answer Steve's question.

Postfix goes to some lengths to mitigate any possible errors in the coding from leading to any significant compromise of the box, as well as fairly keen coding standards to start with.

I'm not in a position to judge how important these are as security measures, but Exim has had rather more security vulnerabilities than Postfix, and they have tended to be more significant, so I'm inclined to think the difference in this area are significant.

Indeed I don't immediately recall any Postfix vulnerabilities that weren't denial of service, and successful denial of service attacks aren't that hard, whatever software you choose to run.

However I did like Exim, so I guess I want to be assured it isn't likely to be a problem in future, or that they have tightened it down somewhat.

[ Parent | Reply to this comment ]

Re: Exim?
Posted by Anonymous (193.175.xx.xx) on Tue 28 Jun 2005 at 09:46
Which security?

Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
2005-05-25
http://www.securityfocus.com/bid/12268

Exim Illegal IPv6 Address Buffer Overflow Vulnerability
2005-03-29
http://www.securityfocus.com/bid/12185

Exim SPA Authentication Remote Buffer Overflow Vulnerability
2005-03-29
http://www.securityfocus.com/bid/12188

Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
2004-05-14
http://www.securityfocus.com/bid/10291

Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
2004-05-11
http://www.securityfocus.com/bid/10290

Exim EHLO/HELO Remote Heap Corruption Vulnerability
2003-09-07
http://www.securityfocus.com/bid/8518

Exim Internet Mailer Format String Vulnerability
2002-12-16
http://www.securityfocus.com/bid/6314

Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
2002-02-21
http://www.securityfocus.com/bid/4096

Exim Pipe Hostname Arbitrary Command Execution Vulnerability
2002-01-04
http://www.securityfocus.com/bid/3728

Exim Format String Vulnerability
2001-06-20
http://www.securityfocus.com/bid/2828

Exim Buffer Overflow Vulnerability
1999-06-01
http://www.securityfocus.com/bid/1859

[ Parent | Reply to this comment ]

Re: Exim?
Posted by Steve (82.41.xx.xx) on Wed 29 Jun 2005 at 00:50
[ View Weblogs ]

To be fair some of those didn't affect all versions, configurations, or setups. Or all Debian packages.

Although seeing them all listed together is an eyeopening moment!

Steve
-- Steve.org.uk

[ Parent | Reply to this comment ]

Re: Book Review: The Book of Postfix
Posted by Steve (82.41.xx.xx) on Mon 27 Jun 2005 at 20:40
[ View Weblogs ]

When you talk about security for a mailserver there are two different and distinct things you could be meaning:

  • The security of the server software itself.
  • The array of security measures you can put into place to stop your mailserver from relaying, accepting viral mails, etc.

It's not clear which of these things you're referring to - but historically both postfix and exim have had a good security record.

Whilst exim hasn't been bugfree it's had a good record compared to sendmail. Postfix I'm sure is equally good - I cannot recall any security advisories relating to postfix recently, although that doesn't mean there haven't been any.

When it comes to security of handling mails, viruses, spam, relaying, etc. Both postfix and exim have lots of information out there on how to tighten things - indeed the filtering chapter in this book shows a lot of different ways of rejecting bogus mail, etc.


As for vouchers .. maybe you could use them in the store - if you can persuade them to order a copy of the book for you? I know that when I've ordered books in stores before I've not been under any obligation to purchase them when they did eventually arrive.

Order a copy, flick through it, and if you like it spend your vouchers!

Steve
-- Steve.org.uk

[ Parent | Reply to this comment ]

Re: Book Review: The Book of Postfix
Posted by Anonymous (193.175.xx.xx) on Tue 28 Jun 2005 at 09:44
The online docs have EXTENSIVE sections containing HOWTOs...

[ Parent | Reply to this comment ]

Re: Book Review: The Book of Postfix
Posted by Anonymous (168.24.xx.xx) on Mon 27 Jun 2005 at 20:56
summary, not summery (Unless that's the UK spelling or something.)

[ Parent | Reply to this comment ]

Re: Book Review: The Book of Postfix
Posted by Steve (82.41.xx.xx) on Mon 27 Jun 2005 at 20:59
[ View Weblogs ]

I tend to use UK-English, but you're correct that's just a mistake.

Fixed now. Thanks!

Steve
-- Steve.org.uk

[ Parent | Reply to this comment ]

Re: Book Review: The Book of Postfix
Posted by Anonymous (216.117.xx.xx) on Tue 5 Jul 2005 at 17:08
My own review of "The Book of Postfix" was similar to this one in many respects, and I did not get a free copy of the book from the authors, or the publishers.

http://www.postfix-book.com/testimonial.html

However, I feel that Steve did bring up a couple of good points in this review.

When I originally learned Postfix, I read through the example configurations of Len Conrad, Ralf Hildebrandt, and Wietse Venema. This was very helpful to me.

So I agree with Steve that a similar published main.cf could have added to the effectiveness of the book. How much it could have helped is the only thing I question.

As I recall, the book does comment on the use of web sources for more up to date information.

It is very easy to download current configuration files from a number of sources. And if you download Ralf's, the reasoning behind the configurations and those listed in the book will be from the same basic source!

The Postfix web site has links to many good references. After reading the book you should be able to more easily understand even the poorest of these:

http://www.postfix.com/docs.html

"The Book of Postfix" web site has many other downloads to complement the book:

http://www.postfix-book.com/downloads.html

I feel that these references do address the very valid comments on a more complete setup.

The other two points that Steve brings up are the number of "tips", "notes", and "cautions" per page, and the beginner friendliness of the starting chapters.

I find this to be a very hard balance. The "tips", "notes", and "cautions" help keep the book more beginner friendly. So more could help, but as you say, too many can be a distraction. I think they managed a good mix.

At the same time, both Ralf and Patrick are not a huge fans of books that re-hash the basics for no reason. So how much they put in for the complete novice was tempered by this point of view.

The one thing I completely agree with Steve on is that the key to "The Book of Postfix" is the layout of the book. It makes the text readable, and accessable.

--Eric
Cybertime Hostmaster

[ Parent | Reply to this comment ]