I wish I was as cool as DJB

I should throw up a fanboy alert right here.  You have been warned. =)

I was reading a heated discussion about security (no link, MARC is read only right now) on the PHP internals list this past week.  In the middle of it, Zeev Suraski writes: “No remotely accessible software has a perfect track record, perhaps other than qmail.”  For those that don’t know, qmail is the second most used MTA (Mail Transfer Agent) on the internet.  It was written by Dan J. Bernstein (DJB).  DJB, as I like to refer to him around the office, is a professor at University of Illinois at Chicago.  You can read all about him at his web site.

The basis for Zeev’s comments is DJB’s qmail security guarantee.  As Dan writes, he was fed up with security holes in sendmail.  So, he decided to do something about them.  He just avoided the whole app and wrote his own.  Besides being rock solid, the application takes a very intuitive (to me) approach to internet mail.  DJB believes in separating jobs into separate daemons that run with separate users and permissions.  One daemon accepts incoming mail and puts it in a queue.  Another reads that queue and then decides if it is an internal or external delivery.  I then hands that to an local or remote daemon responsible for those jobs.  Everything has its job.  Nice and neat.

DJB did not stop there.  He also wrote (IMO) the best darn DNS server ever in djbdns.  Like qmail, it has a security guarantee.  It uses the same logical design as qmail.  Honestly, DNS propagation is a bit of mystery to me.  Bind zone files confused the hell out of me.  But, djbdns is easy as pie to use.

I have been lucky enough to use qmail for my entire career.  The first host I ever signed up with used qmail and it was all I ever wanted to use.  When our current systems administrator, a life long sendmail and bind user, came to work for us, I showed him qmail and djbdns.  It took a little while, but now he will never go back.  Even with the occasional annoyance, its better than the alternative to him.

You do have to adjust to the DJB style.  His applications don’t have the normal configure, make, make install setup.  He is a FreeBSD user.  At times there are errors on non FreeBSD systems that are in his opinion flaws of those systems and not qmail.  He is usually right.  At the least, you can’t say he is wrong.  djbdns for example does propagate data between hosts “automatically” like bind does.  You have to rsync the data somehow yourself.  That is a turn off at first for some.  Then they realize how much more control that will give them.
He is very diligent when it comes to sticking strictly to whatever RFC exist for each daemon he writes.  One guy I know complains that qmail is the only  MTA that requires the \r\n at the end of emails.  qmail will reject them straight away.  As you soon discover, there is a huge community of “patches” to make qmail do all sorts of things.  There is a patch for that “feature” as well.

For more on qmail, see qmail.org, a collection of patches, documents and add-ons.  The most popular of those documents is likely Life with qmail.  It is sort of a noobs guide to qmail.

For more on djbdns, see DJB’s page about it.

Advertisements

9 Responses to I wish I was as cool as DJB

  1. I really respect DJB for his deep knowledge, but in my opinion, qmail is not that great. First of all, it is not fully RFC compliant – for example, when MX returns temporary local error, MTA should try to deliver the message to next MX (if there is any). Qmail simply tries to deliver to primary mx once more.

    Secondly, qmail lacks a lot – starting from a such a basic features as smtp-auth or greylisting.

    And last but not lease, qmail’s licensing is simply plain sick. Any distribution / operating system can provide qmail in binary form only if it is unpatched and directory’s structure is the one that DJB’s uses.

    To sum it up – qmail could probably become a really col MTA, if only DJB relicensed it under some sane license (GPL/BSD) and let others fix this software.

    Until this happens (and I doubt it ever will), I am using exim.

  2. doughboy says:

    I am not sure its needs to be “fixed”. I can see where people want new features. SMTP-AUTH is a real, useful feature of smtp servers. Greylisting is arguable as a “required” feature of an smtp server. I was unaware of the MX thing. What RFC is that?

  3. Aaron says:

    Adam, maybe the security has something to do with not allowing any changes? I know if I wanted my software to be rock solid (and known for its security) I’d do something to keep just anyone from changing and re-distributing the software.

  4. @doughboy:
    rfc2821
    ===
    5. Address Resolution and Mail Handling
    (…)
    When the lookup succeeds, the mapping can result in a list of alternative delivery addresses rather than a single address, because of multiple MX records, multi-homing, or both. To provide reliable mail transmission, the SMTP client MUST be able to try (and retry) each of the relevant addresses in this list in order, until a delivery attempt succeeds.
    (…)

    ===

    Of course there are patches which fix that issue, but even if there is a distro which decided ot conform to DJB’s licensing, then I’m sure no distro has this issue patched, and if there is, it violates the license.

    @aaron: but that’s kinda stilly approach: I will not touch my code, because I am afraid that any changes may provide security risk.

    When a software doesn’t have the functionality I need, than the argument that it is so damn secure doesn’t really count. I expect such a critical software as MTA to follow the trends.

  5. Aaron says:

    @adam: it would indeed be silly not to write code because you’re afraid it might have security issues. But allowing people to patch your secure code is a different issue entirely.

    The correct way to do this would be to place your code under BSD license but then mandate that your name not be used in patched distributions, like Firefox or PHP to a lesser degree. This way if there are security issues in third-party code then your name will not suffer.

  6. doughboy says:

    @Adam: Gentoo supplies patches for qmail. It can do so as the code is compiled locally. Portage contains the original source and the patches. Emerging qmail applies the patches and compiles the new source. Works great.

  7. I should have made it clear – no binary distro.

  8. and i don’t know, how to make it bette. Masood Garfield.

%d bloggers like this: