
Lamson The Python SMTP Server - iamelgringo
http://lamsonproject.org/
======
dfranke
I wouldn't touch this without first giving it a very thorough security audit.
Zed is right that most MTAs in use today are Byzantine horrors, but he misses
out on why they were written that way: security. A mail server needs to bind
to a privileged port, aggregate every user's mail into a single outgoing queue
(which must be stored on disk for reliability), setuid into arbitrary users
for delivery, and sometimes execute arbitrary commands given by those users
(procmail). This is not an easy thing to get right. The reason for the strange
design of Postfix, qmail, et. al. is to allow them to implement privilege
separation wherever they possibly can. The thought of throwing all that away,
and substituting a lightly-tested, monolithic program written in a dynamic
language that permits monkey-patching at runtime and doesn't have Perl's taint
checking support, makes me nervous to say the least.

Mail servers, web servers, C compilers, libcs, and crypto libraries all seem
to share the common property that their basic functionality seems enticingly
easy to implement, inducing the naive to look at the mainstream
implementations and think, "Look how stupidly bloated these are! I can do way
better", and go on to produce nice elegant, minimalistic implementations that
immediately fall over when put into production.

~~~
mahmud
I wouldn't call the designs of Qmail or Postfix "strange", they're very well
designed systems for what they do and given their age. I intimately know the
workings of postfix, and while it's not nginx, it does everything it can to be
modular and extensible: see how many ways it allows you to access the mail
queue before a message is delivered, for example. Yep, THREE different, well
documented ways, in increasing levels of ease/performance.

P.S. Is it just me or has Exim declined in popularity? 10 years ago it was
hard to choose between Qmail and Exim, and Postfix was the hot new thing.

~~~
ghshephard
I don't know how it landed on my server (maybe it was apt-get install mail),
but:

shephard@sbwc:~$ cat /etc/issue

Ubuntu 8.04.2 \n \l

shephard@sbwc:~$ sudo netstat -anp | egrep -i tcp. _25

tcp 0 0 127.0.0.1:25 0.0.0.0:_ LISTEN 21313/exim4

Ubuntu seems to have an affinity for exim somewhere...

~~~
ralph
I think Ubuntu prefers Postfix; perhaps you did something specific to end up
with Exim.

"Postfix is the default Mail Transfer Agent (MTA) for Ubuntu." --
<https://help.ubuntu.com/community/Postfix>

------
absconditus
Attacking sendmail at this point is a bit silly. There are numerous options
available that don't require learning sendmail's configuration syntax.

While this project seems interesting, I'd be curious to see what its
performance is like. High volumes of spam make performance a top concern.

------
smhinsey
is there similar software out there anywhere else? i am kind of stunned if
this is the first attempt at solving this problem. it seems like a niche that
might be dominated by an obscure commercial package but i didn't have much
luck with google.

[later] i'm impressed so far, i haven't thought about email like this in a
long time.

~~~
kree10
Qpsmtpd is similar (Perl instead of Python):

<http://smtpd.develooper.com/>

------
jodrellblank

      body = view('confirmation.msg’).render( list=list, [...]
    

Rebinding the list builtin in the snippet on your homepage? Is there a good
reason for that?

~~~
jerf
No, there's no good reason for it. The binding doesn't "go" anywhere, so it's
not that big a deal either, but it's "bad style".

------
skwiddor
Try this one in Awk

<http://www.proweb.co.uk/~matt/awk/smtpd.awk>

