[linux-elitists] MTA roundup
Sun Apr 28 17:37:58 PDT 2002
LJ asked me for a writeup on a variety of subjects, and I picked an MTA
While I wrote about sendmail, qmail, postfix, and exim, I only really know
sendmail (and not even the recent stuff) and exim. My knowledge of postfix
and qmail is limited.
If you have a little time to correct/complete this, it would be appreciated
Choosing a free mail transport agent, by Marc MERLIN
If you're looking for an open source solution for a mail transport agent,
here are your most widely used choices:
Sendmail is the well known former de-facto standard. It has a shady security
history because it was written in days where security and crackers weren't
an issue. While the code hasn't yet been completely rewritten from the
ground up to be secure, it's been a while since the last root exploit in
sendmail, and the sendmail engineering team has been hard at work to salvage
the current code base, and make it reasonably secure.
Sendmail has been known for being slow and having the worst configuration
file of any program. Sendmail is probably still slower than some of the
alternatives, but some efforts have been made to make it more efficient,
like multiple queue. The configuration file should be generated from an M4
file, which is easier to edit, but on the whole, sendmail is still a lot
harder to configure than the alternatives
As far as features go, sendmail does have a lot. Its configuration file
allows for very fine grained configuration, and with MILTERS, you have an
API to add custom checks and rejects any time during the SMTP transaction.
Qmail is listed here since it is well known, but while it is free as in
beer, it is not open source compliant
It was the most common MTA people would pick when they needed to move away
from sendmail, either for security reasons, because of the configuration
file, or because of the need for more speed.
Qmail has been put in use in some major site from back when it was the only
decent alternative to sendmail. It's probably the MTA written in the most
secure fashion, and its author, Dan Bernstein, is known to be a talented
programmer who takes security very seriously.
Qmail is also known to be very fast, especially compared to sendmail, and
it's also been deployed in many places in conjunction with ezmlm, and smart
mailing list manager which uses VERP (variable envelope return path) to know
who is bouncing in a mailing list and handle this automatically.
The problems with qmail however, are its very unorthodox ways of
doing things, like filenames for each alias or no default support for
/var/spool/mail/user or ~user/.forward. In most cases the reasons for the
alternatives are sound, but the author being opinionated doesn't necessarily
give you the choice. You can find an example here:
This wouldn't be a problem per se, since patches exist to support things
that Dan doesn't agree with and won't include in his source tree, but you
are not allowed, among other things to redistribute binaries of patched
qmail source. For that matter, you are also forced to compile qmail to
reside in /var/qmail, conflicting with the Filesystem Hierachy Standard, if
you want to redistribute binaries.
The list grows longer, the arbitrary, and in my opinion, plain silly
licensing restrictions on qmail, make qmail non open source compliant among
other things, and makes one wonder why we should bother with all these
restrictions when there are fine alternatives available nowadays.
If you are interested, you can find some more details by Rick Moen here:
My personal opinion is that while qmail is actually good software, life is
too short to have to deal with Dan Bernstein's exentricities, and the
very unclear licensing in his software, again, especially when there are
fine alternatives available.
Postfix, formerly known as VMailer, was written by Wietse Venema as another
replacement for sendmail. It has also been written from scratch with
security and speed in mind.
Just like qmail, postfix is modular, however it's much closer to sendmail
with regards to supporting alias files, .forwards, or the de-facto
Of course, there are other more powerful options available, and postfix
supports those too.
Postfix has a sane configuration file, and is also known to be very fast.
For people who like the modular approach for MTAs, and people who like some
of the features of qmail, postfix should definitely be the MTA of choice.
Exim was meant to be an improved version of the defunct smail and Philip
Hazel wrote it to fix some of the shortcomings of smail and use it locally
in his university. In turned out to be used by more and more people until
it became the widely known MTA it is today.
This means however that it wasn't initially meant to be what it is today,
and it unfortunately uses the monolithic approach (one big daemon that does
most of the work), which is a bad thing security-wise.
That said, Philip has written exim carefully, and it has a good security
record considering. However, If security is your topmost concern, exim can
be run without root priviledges and do most of its work, but if you're just
uneasy about this anyway, you should consider postfix instead.
Exim has a very clear configuration file, and loads of configuration options
allowing you do extensive rewritting without needing to speak sendmail.cf.
It can also do things like integrate with mailman and accept mail for
reciepients on the fly by checking if there is a corresponding mailman list
on your filesystem (in other words, no need to have a 10,000 line alias file
if you have a few thousand lists)
While it's hard to say that one MTA is faster than another because it all
depends on what part of the MTA's speed you're checking, exim also
noticeably faster than sendmail in most configurations, although it might be
a tad slower than postfix
Exim seems to be the MTA of choice for many mailman users, just because of
its magic rule that lets you forget about the alias file you'd need for all
your lists, but it does much more than that. Exim is the only MTA I know
that can do SMTP callbacks (checks the actual server of the envelope and
header sender before accepting an Email), a truely magnificient hack which
justifies switching to exim just for that feature.
You can look here for more details on the checks that exim can do:
Philip is also known to be very useful and helpful on the exim-users list.
To anyone looking for an MTA today, I recommend postfix or exim. Exim is my
MTA of choice because of its configurability, but if postfix's functionality
is enough for you, and you like the security model, then you should probably
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger firstname.lastname@example.org for PGP key
More information about the linux-elitists