A comparison of Mail Transfer Agents - Part One

[ Editor's note: Mr. Shearer is maintaining an updated version of this article on his web site.]

Mail Transfer Agents - Tool for the Job

For a lot of people the choice of the Mail Transfer Agent is important. The wrong choice can mean lost time and money, lower reliability and increased risk to networks.

Debates over MTAs sometimes last for years, and this article covers the main points that come up over and over. Unfortunately, apart from this article there are no general comparisons of MTA characteristics on the Internet, and even very little benchmarking. The remarks here are personal opinions drawn from readily-verifiable facts and subjective comments drawn from experience. Nearly every MTA has a vociferous and sometimes combative group of supporters, not always including the principal authors of the MTA.

It is easy to see why administrators care about which MTA they use. Large installations require a lot of time spent tuning the MTA, and for any site email is without doubt the most important use of the Internet. [1] End users can get by without a web site or a browser for a little, but without email business stops. And so countless administrators invest time in learning how to tweak their internet mail delivery tool in order to meet their various goals. But which tool should they use when?

Most Internet email seems [2] to be delivered by one of four MTAs:

• Postfix
• Exim
• qmail
• Sendmail

There are other worthy free MTAs to talk about, such as zmailer and smail3, but since they are not so widely used I decided to omit them. There are some unworthy MTAs too, these I am delighted to omit.

How To Compare MTAs

Each of these four widely-used MTAs have broadly similar features. All of them can handle large amounts of mail; can interact with databases in many formats; have an extensive knowledge of the many SMTP variants in use; are not trivially exploitable; have the source code available in a free manner; have third-party documentation available; and have significant user communities. They even have logos!

There are some assumptions implicit in the rest of this article. If you are looking for a product that presents an administrative interface and performance results similar to Microsoft Exchange or Lotus Notes, this document is not for you. I do not believe either of these products and their aspiring competitors can be classed as MTAs, since they attempt to address dozens or hundreds of other functions besides delivering mail. On the other hand, if you want some guidance for selecting between credible alternatives for an important mail hub, read on.

No MTA can score well in every way of measuring an MTA. The needs of users vary greatly and some criteria are mutually orthogonal. Commonly cited MTA selection criteria are:

• Ease of administration
• Security
• Performance
• Long-term viability

Design features decide how much each MTA meets these criteria. But since opinions vary widely there are many equally valid different comparisons. Contradictory examples of these features are:

• single configuration file, so everything is in one place
• many single-purpose and optional configuration files
• minimal and careful syntax
• powerful embedded scripting language
• maximum code stability
• source code contributions regularly incorporated
• minimum possible features added

Just about every mail delivery scenario can be met, in one way or another, by all four MTAs. So there is no one right answer.

 

qmail

qmail Summary
MTA details
Website:	http://www.qmail.org
Out since:	1996
Goals:	Security; Simplicity; Efficiency
Non-goals:	Unix conventions, ease of admin
License:	not open source or free
Classification
Config:	Many simple control files
Releases:	Never (since 1997!)
Commiters:	1
Maj. contributors:	0
Flexibility:	Very, if you study hard
Subjective Comments
Administration:	Buy one of the books!
Security:	Good record
Performance:	Excellent
Community:	Smallish but very active
Sendmail compatibility:	Good

Note: qmail is unmaintained: the author has not released since 1997 and does not permit others to make releases. It is also not Open Source Software, although the source is visible and usable within very tight restrictions.

So why should anyone care about qmail? Perhaps they shouldn't in 2006, but there were good reasons to notice qmail in its first five years of life:

• qmail had a radical and seemingly impregnable [3] security design.
• qmail solved in one stroke all the problems of the hideous BSD mailbox format with the Maildir message format.
• qmail was fast. If your only other choices were Sendmail or smail, and high-volume list management was done on IBM mainframes, qmail was a welcome alternative.

These days these advantages are at least equaled by other MTAs, and Maildir has become Maildir++. Yes, qmail taught MTA users and developers some lessons. No, qmail isn't a realistic option these days: it doesn't support modern mail standards or even IPv6; it isn't maintained; it isn't possible for someone else to maintain it; its many oddities are increasingly painful relative to any benefits qmail has.

In 2006 a qmail maestro is someone who knows which collection of patches to apply to a nine year-old program. In 2004 a group of qmail experts put together netqmail, a distribution of qmail patches. But even that hasn't been touched for two years, and now there are patches for the netqmail patch collection.

qmail is still used on some very high-volume sites, and there are still people who strongly believe that qmail is very correct code. qmail source is legal to copy, use and patch. The author's licensing analysis is thought-provoking but thus far irrelevant to the copyright debate.

qmail comes with more free personality than nearly any other program -- what other MTA is likely to ask "hath the daemon spawn no fire?" when it can't start? See qmail.org for the source code.

Postfix

Postfix Summary
MTA details
Website:	http://www.postfix.org
Out since:	1997
Goals:	Security; Easy of use; Standards
Non-goals:	General purpose MTA
License:	IPL (a disused license)
Classification
Config:	Single control file
Releases:	Infrequent
Commiters:	1
Maj. contributors:	3
Flexibility:	Easy to change
Subjective Comments
Administration:	Intermediate, good docs
Security:	Good record. Credible team.
Performance:	Excellent
Community:	Medium-sized
Sendmail compatibility:	Very good

Design goals: Secure, easy to administer, efficient.

Postfix is, like qmail, written by a prolific freeware security specialist, this time Wietse Venema although the result is a recognizable ordinary Unix suite of programs. It is almost entirely the work of Wietse, with occasional contributions in isolated areas such as integrating the Transport Layer Security (TLS) libraries. Releases come in bursts, with very small improvements at times. Release management is by Wietse personally.

Postfix has a monolithic main configuration file like Exim and Sendmail. It is table-driven, everything is a table and a table can be represented in all kinds of ways from plain text files to databases to relational databases and more. It handles regular expressions in many contexts, using the Perl Compatible Regular Expression library developed for Exim. Postfix consists of about 150k lines of code.

Postfix fits somewhere between qmail and Exim. It consists of several programs (but fewer than qmail), and has a monolithic configuration file. Postfix has a strong emphasis on security, but not to the extent of imposing unusual Unix management practices. Postfix is quite flexible in its configuration file, but not to the extent of Exim. Postfix postdates qmail and follows a vaguely analogous security approach, an approach which was relatively much more important in 1997.

Postfix has been measured by many as being extremely fast, and I have found it very efficient. My impression is that it is more efficient than Exim but not to a noticeable degree even with very high load. Postfix and qmail seem to use about the same amount of memory but by deliberate design qmail uses more bandwidth than Postfix because qmail only ever sends a single message per SMTP session even if there are multiple messages going via the same host. Postfix is quite Unix-centric with its secure design and is not maintained on very non-Unix platforms such as Windows.

Postfix is, like Exim, a drop-in replacement for Sendmail. Besides just implementing the sendmail command line interface, Postfix is compatible with Sendmail milters, an impressive and unequaled achievement to those that have investment in such modules.

The Postfix community is very active. Online documentation is quite good but scattered. There are three Postfix books in English. See postfix.org and postfixwiki.org for the source code.

Footnotes

1. Possibly changing fast since in 2006 many young people almost exclusively use instant messaging or similar communication models

2. Established by talking to the people who run busy mail hubs in public ISPs, lurking in the email community and from taking small samples of what is running behind the world's MX records. However there is an astonishing lack of information about what SMTP servers are actually in use, with no equivalent to the Netcraft Web Survey. Dan Bernstein last ran a limited survey of one million hosts in 2001, which he wrote up here without publishing his code. Many administrators do not change the MTA that comes with their Unix distribution, and popularity contests such as the Debian Popularity Contest are flawed in many ways.

3. The Georgi Guninski vulnerabilities have been multiply confirmed, and one of them is a root vulnerability. DJB rejects this in typical style claiming it is an improbable configuration, but security analysis is always seeking improbable setups! DJB is wrong, but qmail still has an outstanding record.

More to come

The second half of this article will be posted on next week's LWN.net development page, it will contain a detailed look at Sendmail and Exim come to some conclusions about which MTA is best.

More articles by Dan Shearer are available here.

---

(Log in to post comments)