We Are All Road Warriors Now

The other day I was thinking about that old rivalry, qmail versus Postfix, and it occurred to me how very archaic the qmail way of doing things is.

This wasn't news to me, but reassessing the inherent weakness of tcpserver opened my eyes to an even bigger problem than just sending mail.

The Internet as we know it is changing.

Back in 1997, the best you could hope for in terms of identifying a host on the Internet was by its IP address, which, nine years ago, were precious numbers owned primarily by major corporations and universities. These were places that had huge address blocks, and "renumbering" was practically unheard of. As more and more ISPs emerged into the residential arena, they scooped up more IP addresses, and eventually people started to worry about running out of them.

At this point, NATting became the de facto method for rationing your 32-bit homestead. As that wonderful little technology we call "broadband Internet access" became the norm, more and more Internet users found themselves at home, Googling from their couches instead of from their dorm rooms.

This is important, goddammit. This is a true story.

As Internet use skyrocketed in homes, ISPs realistically concluded that they couldn't give a static IP address to everyone, especially when most people wouldn't know what one was or why they might want one. In case you haven't noticed, 99% of the people on the Internet should be shot dead right where they stand (or sit, or lay, or masturbate, or download pictures of Tara Reid's disgusting, butchered-up titty flopping out of her dress at a big movie premiere). Static IP addresses are a rare commodity these days, so to get around the fact that no one seems to have one anymore, software developers have moved onto better forms of authentication like SASL.

Instead of saying "yes to eveything coming from 1.2.3.4 and no to everything coming from IP 4.5.6.7", smart MTAs will say "yes to everyone, but only if you have the right username and password". We don't really have the luxury of maintaining the list of IP addresses we'll have available to us and program them into our firewalls ahead of time. VPNs and MTAs all need to be accessible to their users, even when those users aren't sitting at their trusty workstation with the same 192.168.*.* address it's always had.

qmail uses tcpserver, and tcpserver has a great way of quickly accepting or denying connections based on the IP address of the remote host, but that is so 1998. Postfix permits SASL, allowing users to provide a username and password no matter which IP they happen to be using. Granted, Postfix can also do per-IP authentication, but qmail can't do SASL without extensive third-party patching.

Is this the end of my love for qmail? Not at all. I recognize that qmail is pretty much the best e-mail server software you could get nine years ago, and that was long before residential broadband changed the Internet landscape and made DHCP common parlance in your living room. We aren't single, stationary hosts anymore, keeping the same IPs for years on end. We are fluid and transient, jumping from providers at our homes, our offices, our Starbuckses, and on our cell phones. We have so many different ways of getting onto the Internet these days that even somebody who doesn't travel around much would still need to put five or six static IPs into his firewall just to have most of his bases covered. We are all road warriors now, hopping on the web wherever we can and we demand services that are ready and able to do tasks for us without having to phone the home office and rattle off the numbers we get from ipchicken.com.

Hopefully sometime during my lifetime DJB will release a beta of qmail 2 addressing the demands of a new Internet with users popping up all over the place. I won't hold my breath. Considering how reliant the Internet is on slow change or no change, it's a miracle we've gotten services as dynamic as we have today. DNS, the most vital Internet service imaginable, still routinely takes full calendar days to propagate IP address changes, and that's only if you do it right. The Internet is just too massive to move as quickly as we wish it to move, and users won't tolerate their services constantly playing catch-up.

Today, the Internet is pretty much demanding instant-on, always accessible features and zippy interfaces that don't require rebuilding a database every time you use a different network device. We can't guarantee where we'll be coming from anymore, and we still have to get where we're going. I don't think developers were thinking that far ahead in 1997, but this is the 21st century, so the new software has to keep up.