Postfix Goals and Features

Postfix primary Goals

• Wide dissemination. Postfix must be adopted by lots of people in order to make a significant impact on Internet mail performance and security. Thus it is released as free software with no strings attached.

• Performance. Postfix is about three times as fast as its nearest competitor, qmail-1.01, and at the same time designed to be friendly to other mailers. With a US$ 3000,- desktop PC, Postfix can receive and deliver a million different messages per day. Postfix and qmail speed is the same when used as mailing list exploders. Postfix uses web server tricks to reduce process creation overhead and uses other tricks to reduce file system overhead, without compromising reliability.

• Compatibility. Postfix is designed to be sendmail-compatible to make migration as easy as possible. By default, Postfix supports /var[/spool]/mail, /etc/aliases, NIS, and ~/.forward files. However, Postfix does not use sendmail.cf.

• Safety and robustness. Postfix is designed to behave rationally under stress. When the local system runs out of disk space or memory, the Postfix software backs off, instead of making the problem worse. By design, no Postfix program keeps growing as the number of messages etc. increases. Postfix is designed to stay in control.

• Flexibility. Postfix is built from over a dozen little programs that each perform only one specific task: receive a message via SMTP, deliver a message via SMTP, deliver a message locally, rewrite an address, and so on. Sites with specific requirements can replace one or more little programs by alternative versions. And it is easy to disable functionality, too: firewalls and client workstations don't need local delivery at all.

• Security. Postfix uses multiple layers of defense to protect the system against intruders. Almost every Postfix program runs in a chroot jail with postfix privileges. Postfix does not even trust the contents of its own queue files, or the contents of its own IPC messages. Unlike qmail-1.01, Postfix avoids placing sender-provided information into shell environment variables. No Postfix program is set-uid.

• Last but not least, Postfix is an attempt to make sure that UNIX will be in the high-performance mailer market for a while.

Other significant features of interest

• Multiple transports. Postfix treats all email transports as first-class citizens. In the past I have configured Sendmail systems that could relay between Internet, DECnet, X.400 and UUCP. Postfix is designed to be flexible enough that it can operate in such environments without requiring virtual domain or alias kludges. However, the initial release only talks SMTP, and has limited support for UUCP.

• Virtual hosts done right. You can run multiple Postfix instances on the same machine, each listening on its own Internet address with its own Internet domain name, and each having its own resource budgets. Low-cost customers get two simultaneous SMTP sessions; premium customers can get a hundred. However, during alpha testing it became clear that my definition of virtual domains corresponds with other people's definition of real domains. Fortunately, Postfix also has support for what people usually mean with virtual domains, which is just a special-case aliasing mechanism.

• Yes, Postfix supports restrictions on what hosts can relay their mail through a Postfix system, and supports restrictions on what mail is allowed to come in, if only to preserve my own sanity. Blacklists, RBL, helo/sender DNS lookups. Content filtering maybe later.