[CLUE-Tech] RedHat & Postfix

[Jeremiah Stanley]

> Benign neglect? 
> 
> Seriously, I'd expect if there's a serious Postfix problem, they'd
> address it -- it may be that there have been no serious Postfix issues,
> or maybe they're below the radar... but it seems that RH does issue a
> lot of security updates. 

Part of the reason that Postfix isn't as supported in RH is the fact
that 1.11 (the version of postfix that ships) only supports v1 of the
SASL libraries. You need SASL to talk to LDAP servers. Since the
importance is on talking to LDAP for directory service and not
authenticating users with SMTP AUTH (also requires SASL v2) they have
yet to upgrade.

As it sits the packages cannot be compiled to support SASL v2 because
they have to talk to pre-2.1 openldap. Once the openldap packages are
upgraded in RH then postfix will hit the 2.0 series.

<deep breath> This is why RH still ships the 1.11 postfix. There have
been very few updates to this as most of the development for postfix is
happening in the 2.0 series. That's where all the bugs would be. One
major difference between the 1.11 and 2.0 is that postfix no longer runs
in a chroot by default. The dev team decided that it was causing too
much pain. The feature is still there, but the default behavior is to
not be chroot'd. Caveat emptor.

As for User Mode Linux. You hosting provider is most likely running a
product called Ensim Server Managment. I admin'd one of these a while
back. They have proprietary patches that allow them to run instances of
a kernel in another runspace. Ie, virtual machines. It works similarly
to UML, so much so that people didn't know that they didn't have real
hardware (it emulates /proc or the hardware that proc monitors).

As to my knowledge of RH support practices: they charge based on the
number of machines that you register for updates. If you registered
every UML instance then you would pay for each one. On their
notification service and their update daemon they charge $10/mo for
priority access on a consumer level and have rates for lots of machines.
Updates are always free if you mirror the release dir on
ftp://updates.redhat.com locally. Support is the only thing that RH
really gouges you on. They want lots of money for it. And rightly so,
they rock at support. It's basically a minor sponsorship where they will
package and test what you need done (at the higher levels of support)
while at the lower ones they will tell you what you need to package and
test (which is all that some people need are hints to how to fix
something). I would think you could see alot of deployment of the AS ES
and WS releases in server farms. The line is more stable than the
consumer releases and the packages are tested more. The consumer version
is mostly likely just a testbed of technology at this point for them. I
don't think they intend to make much money on it.

As a side note, if you want to play with the AS line you can download
all the packages and then "grow your own" iso's out of it. They just
won't post the ISO's as they would like $700 worth of a support contract
for that. ;)

Any hosting company that can't package their own RPM's is 1) retarded,
it's waaaaaay easy and 2) wasting time and money. If I were "growing my
own" web farm I would choose debian for flexibility of mirroring
packages for installs (granted, RH's kickstart is very powerful as an
install tool). If I had to run RH I would hit their enterprise line up
and just eat the one time fee ($700 to buy the disk, copy the disk to an
nfs partition, two floppies, remote install) for however many machines I
have. You only really need support on your test machine(s) to debug
problems.
-- 
JStanley <miah at miah.org>
http://www.slavewage.com/