LWN.net Logo

Development

A comparison of Mail Transfer Agents - Part Two

August 30, 2006

This article was contributed by Dan Shearer

[ Editor's note: Mr. Shearer is maintaining an updated version of this article on his web site.]

In part one of this article series, we covered the criterion for selecting a Mail Transfer Agent (MTA), and took a detailed look at Postfix and qmail. This week, we take a look at Sendmail and Exim, and come to some conclusions about which MTA is best.

Sendmail

Sendmail Summary
[Sendmail logo]
MTA details
Website: http://www.sendmail.org
Out since: 1982
Goals: Be backwards-compatible
Non-goals: Best practice
License: Bespoke Open Source
Classification
Config: Single control file
Releases: Regular
Commiters: many
Maj. contributors: many
Flexibility: Enormous, but complex
Subjective Comments
Administration: Hard to do well
Security: Historically bad, improving.
Performance: Ok for many
Community: Large
Sendmail compatibility: N/A

Design goals: Current Sendmail must be backwards-compatible, and the forthcoming Sendmail X is a total rewrite.

Sendmail consists of about 118k lines of code, but that does not count the functionality in the M4 scripts used to generate the config file, nor any external milters. Documentation is good, and uniquely among MTAs, there is a dominant company (Sendmail, Inc.) dedicated to Sendmail services. The Sendmail Consortium is dedicated to maintaining the Sendmail code base.

Sendmail has an extraordinarily obscure configuration file, a poor history of security breaches and a design centered around Unix in the early 1980s. It is a fact that hundreds of thousands of Sendmail sites are currently advertising themselves as having remotely exploitable security vulnerabilities. Add to this sendmail's renowned inefficiency and it might be hard to see why Sendmail is still used at all, but history has its own inertia. There is no good reason for a site without Sendmail experience to install it, given the effectiveness of the alternatives.

Despite all this, Sendmail:

  • has improved greatly in security and performance since about 2000, and has a large number of new features.
  • is installed by default on most commercial Unix operating systems.
  • works with little or no modification to the default settings
  • has a large following of systems administrators who have battled with it, and now understand to some extent how to configure and run it.
  • is a well-known MTA name, see previous comment about inertia.

Although there are no recent surveys, Sendmail usage appears to be dropping over time. Dan Bernstein's 2001 SMTP survey (without published source code, and therefore not replicable) put Sendmail at about 42% market share. In 2006 it seems reasonable to assume [4] that Sendmail is on substantially fewer than 40% of the world's SMTP servers.

Sendmail has been ported to many systems, including some that are not Unix-like such as Windows. Postfix isn't realistically portable to Windows, and Exim is something of a second-class citizen on Windows since it runs via Cygwin. So portability might be a reason to run Sendmail.

Exim

Exim Summary
[Exim logo]
MTA details
Website: http://www.exim.org
Out since: 1982
Goals: General purpose MTA
Non-goals: Security
License: GPL
Classification
Config: Single control file
Releases: Regular
Commiters: 1
Maj. contributors: many
Flexibility: Enormous
Subjective Comments
Administration: Straightforward
Security: Quite good
Performance: Very good
Community: Large
Sendmail compatibility: Very good

Design goal: General-purpose MTA for Unix machines.

Exim was inspired by the author's work with the smail 3 source code, which was itself provoked by the many problems of sendmail. So Exim too is a Sendmail drop-in replacement.

The outstanding feature of Exim is the intention that it be a general-purpose mailer. Exim is not a total rethink about how mail works, like qmail is. Nor does it restrict its feature set in order to achieve theoretical security, like Postfix. Exim instead tries to give administrators what they asked for, with a strong interest in security, reliability and performance.

Exim behaves much like any other Unix daemon, with a monolithic configuration file, a monolithic daemon, small number of log files and a standard style of spooling. It has a very good security record over the last seven years (early releases had classic security issues), it can cope with high load, and it has excellent integration facilities. Exim can be extended in many ways - it is even possible to compile in the entire Perl interpreter to call from the configuration file! If there is an MTA feature, then Exim can support that feature in some way or another. Exim is very tightly specified and documented. Many features can be omitted at compile-time, making a special-purpose Exim easy to create. Exim has its own filter language, implementing much of the functionality of procmail, and more.

Exim is used at some very high-volume sites where it provides good service. Performance comparisons that say qmail and Postfix are faster and handle queuing better don't necessarily have any bearing on real-world conditions (in 2006 on current hardware and with current definitions of high load.)

Open Source at Work

One of the interesting things about the three non-Sendmail MTAs here is the ideas and code that are shared. Postfix uses the Perl Compatible Regular Expressions library developed for Exim. Exim understands the Constant Database Format developed for qmail, and the Maildir mail file format, also from qmail. Postfix can use the Constant Database Format and Sendmail milters.

When Local Security Isn't a Problem

The main reason why MTAs have to work so hard at security is because of the Unix tradition of local delivery. The mixture of setuid binaries, specially-owned directories, pedantic authentication of local destinations and paranoia over filesystem access all has to do with having the MTA write to a file owned by some other user, usually by becoming that user. Of course that is fraught with danger. No matter how well the code is written, a careless administrator can still make it behave in an unsafe manner.

But in millions of sites this is no longer an issue because mail is kept in a central IMAP mailstore until the user chooses to view it. Mail comes into the SMTP daemon, which then makes an LMTP delivery to the IMAP daemon. In this scenario, local deliveries are completely avoided.

It is possible to compile at least two of these mailers so that none of the potentially dangerous code is even in the mailer. Here's how it is done with Exim:

All routers, directors, and transports are compiled only when specified in the Local/Makefile. You can compile Exim with only the SMTP transport - and make that use LMTP to address 127.0.0.1 for "local" delivery. Then you can run Exim entirely in "unprivileged" mode, where it runs as user exim the entire time, except during startup of the listening daemon.

Usability comparison

The following table compares the above MTAs for usability:

MTA Suitability from 0 (bad) to 3 (good)
if you are... qmail Exim Sendmail Postfix Notes
Inexperienced 0 3 1 3 Exim and Postfix have good documentation and clear examples.
Worried about security 3 2 0 3 Postfix is modern and reliable; qmail is secure but very old and cranky.
Relying on Sendmail milters 0 1 0 3 Postfix can run milters, or use equivalent Exim routers/filter scripts.
Wanting minimum hassle 0 3 0 3 Sendmail has some easy front-ends, but remains very difficult to master. Postfix and Exim are easily configured.
size-constrained 3 1 0 2 qmail doesn't support modern email standards, but may work for a very tiny embedded MTA. Licensing issues may be a concern.
On Windows 0 2 3 0 Sendmail has a native Windows port; Exim is available in the Cygwin distribution.
Needing commercial support 1 3 3 3 There are competent companies for all of the above MTAs; qmail is inherently less supportable due to its age.

The quick answer

My recommendation for an MTA choice is Exim, here's why:

Exim can solve any MTA problem at least as well, if not better than any of the other MTAs listed here. It has very good documentation and a most supportive community. It is the only modern mailer which expressly aims to be general-purpose. That is why it is my first choice. There are no ordinary circumstances where Exim is a bad choice, although there may be special circumstances where another MTA may be superior.

Think of Exim as the Linux of free MTAs. There are many free Operating Systems and some of them are better than Linux for specific tasks. But Linux can do (at least) a good job for nearly everyone [5].

Some Home Truths

  • Sendmail can be made to do anything, but is for people with a Sendmail background. It makes little sense for people who don't have a specific need for specific Sendmail features to learn it. If everyone follows this recommendation, Sendmail will be dead in a generation.
  • qmail is a specialist product with a lot of drawbacks in general use. qmail requires a very substantial commitment to master. Unless you have a good reason to use it, don't. A hunch that qmail is more secure is not a good reason, for most normal purposes Postfix and Exim are just as secure. The usage terms (there isn't a license, it is worth reading why) is a serious issue for longevity considerations.
  • Postfix is limited by design (for security considerations) and has a tiny development community (not to be confused with its large user community.) So it has a less predictable future. The license is odd (no longer used by anyone) and precludes sharing with GPL code.
  • Still wondering about Sendmail? Well, there will be those who say that there is life after Sendmail in the form of Sendmail X. Sendmail X will probably be released in 2008 or so, and since it is the first ever redesign it will be a completely different product. Since the Sendmail developers are highly competent mail professionals I expect it will be a good product.

Footnotes

4. I'm working on doing a survey of my own. Let me know if you want to help.

5. Which doesn't stop me learning from the others -- thank you NetBSD for ISBN 0-201-79940-5 and ISBN 0-321-16607-8.

More articles by Dan Shearer are available here.

Comments (26 posted)

System Applications

Database Software

Mayfly 0.2 released

Version 0.2 of Mayfly, a Java-based SQL in-memory database for unit tests, is out. "Background: although there are a vast number of free and non-free SQL implementations in Java, few of them are really good for unit testing. A database for unit testing should be very fast on small data sets and should not present performance or other obstacles to setting up databases, adding and removing tables, and destroying databases. A typical unit test run will want to create thousands of databases. With most SQL databases, this is not achievable, and one must resort to compromises such as keeping the tables around and only setting up data on each unit test run. Mayfly aims to make creating an in-memory SQL database as easy as creating any other in-memory data structure."

Full Story (comments: none)

LDAP Software

LAT 1.1.6 released

Version 1.1.6 of LAT, the LDAP Administration Tool is out. "This release is the 7th of the 1.1.x development cycle which will eventually become v1.2. If you need a stable release stick with the 1.0 branch."

Full Story (comments: none)

Desktop Applications

Audio Applications

eSpeak 1.12 released

Version 1.12 of eSpeak, a text to speech synthesizer, is out with improved Greek and Italian language support and other changes. See the release notes for details.

Comments (none posted)

Desktop Environments

GNOME 2.16.0 Release Candidate 1 released (GnomeDesktop)

Release candidate 1 of GNOME 2.16.0 (AKA GNOME 2.15.92), has been announced. "This is one of the last releases in the 2.15 development series and represents a release that is now API/ABI, feature, string and UI frozen. Hard code freeze is quickly approaching : this means that we're pretty close to the final 2.16.0 release. The GNOME contributors are now busy fixing the most important bugs that are still out there, localizing the whole desktop or updating our documentation."

Comments (none posted)

GARNOME 2.15.92 (2.16.0 RC) announced

Version 2.15.92 (2.16.0 RC) of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.16.0 Release Candidate (2.15.92), tweaked and updated with love by the GARNOME Team."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The August 27, 2006 edition of the KDE Commit-Digest has been announced. The content summary says: "In this week's KDE Commit-Digest: as the Summer Of Code draws to a close, a mass code import in the Physiks project, and other notable commits for several of the other affiliated projects. Work begins on a Kexi importer for KSpread. Numerous improvements for displaying data in forms and table view in Kexi, including support for default values and tooltips for large content. Lots of work on the Kross scripting framework. Improved functionality in Konversation and KFTPGrabber. Speed and memory optimisations in KDevelop and Filelight. An experimental project begins to integrate the Orca Screen Reader into KDE 4 using D-Bus."

Comments (none posted)

Quickies: Okular, Desktop Survey, Krusader, Presidential Wedding (KDE.News)

KDE.News has posted a Quickies update. "Ten days ago we got the first snapshot of KDE4. If you already played a bit with it, now you can continue discovering more interesting things playing with the unstable package of Okular, a universal document viewer for KDE4 based on the KPDF code."

Comments (none posted)

Electronics

gEDA/gaf 20060824 released

Snapshot 20060824 of gEDA/gaf, a collection of electronic design tools, is out. See the release announcement for details.

Comments (none posted)

kicad 2006-08-28 announced

Release 2006-08-28 of Kicad, an electronic schematic and printed circuit CAD system, is out. Changes include wxWidgets 2.7.0 support, documentation improvements, bug fixes and more.

Comments (none posted)

PCB 20060822 snapshot announced

Snapshot 20060822 of PCB, an electronic printed circuit CAD application, is out. See the release announcement for details.

Comments (none posted)

Financial Applications

SQL-Ledger 2.6.17 released

Version 2.6.17 of SQL-Ledger, a web-based accounting system is out with bug fixes.

Comments (none posted)

Games

Cyphesis 0.5.9 released

Version 0.5.9 of Cyphesis has been announced. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development. This release is intended for server administrators wishing to run a Mason server and World developers developing new worlds or game systems."

Comments (none posted)

In search opinions on GNOME Games module games (GnomeDesktop)

GnomeDesktop.org is collecting opinions on which games to include in the next release of GNOME Games. "The GNOME Games maintainers are planning to deprecate one GNOME Games game which is unpopular and difficult to maintain during the 2.18 release cycle and replace it with a more popular game with better, more maintainable code. To this end, we are seeking input from our users to decide which game to remove and also opinions on which game to include."

Comments (none posted)

Interoperability

Wine 0.9.20 released

Version 0.9.20 of Wine has been announced. Changes include: XEmbed system tray support, Many improvements to NTLM support, Many messages made localizable instead of hardcoded to English, Improved support for various OpenGL platforms, More improvements to the IDL compiler and Lots of bug fixes.

Comments (none posted)

Medical Applications

Eclipse Open Healthcare Framework and OpenEHR at Stuttgart (LinuxMedNews)

LinuxMedNews covers an effort to use Eclipse for building medical applications. "The Eclipse Open Healthcare Framework (OHF) Project is an open source project whose aim is to build an e-health computing platform (tools, run-times and community) on which developers can more effectively build useful and interoperable applications. We believe that the openEHR community could leverage the Eclipse platform - the tooling, run-time and governance support, to improve the coherence of the the tools, implementations and uptake of openEHR. OHF will propose an openEHR component at the European EclipseCon meeting."

Comments (none posted)

Mirth HL7 Engine - Community Site now open (LinuxMedNews)

LinuxMedNews has an announcement for version 1.1 of Mirth, an open-source HL7 interface engine. "We've just released a milestone 1.1 version of Mirth, and have just launched our new site at http://www.mirthproject.org. Head over and contribute to the messages boards, wiki, and submit any bugs to our issue tracker. As always, thanks to our users and contributors!"

Comments (none posted)

Miscellaneous

Wyneken 0.4 rc2 released

Version 0.4 rc2 of Wyneken is out with new capabilities, documentation updates and bug fixes. "Wyneken is a content-oriented text processor that makes your life as a student easier by allowing you to create and manage digital notebooks. Wyneken also allows you to create PDF presentations, letters, articles, and reports. Wyneken creates highly professional documents in PDF, DVI, HTML, RTF, and Ascii Text."

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The August 29, 2006 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

JSP

The XSLDataGrid: XSLT Rocks Ajax (XML.com)

Lindsey Simon works with XSLDataGrid on O'Reilly's XML.com. "Most web applications have a requirement somewhere in their interface for a tabular view of data -- often, a view of the rows in a database table. In some cases, the use of a static HTML <TABLE> is appropriate, but users have become increasingly accustomed to richer, more malleable interfaces that let them change column widths, order, etc. Among the application widgets in the web developer's toolbox, the dynamic datagrid is an often cumbersome one to set up. This article will outline a datagrid component powered by XSLT and JavaScript that aims to achieve easy setup, high performance, and minimum dependence."

Comments (none posted)

Lisp

SBCL 0.9.16 released

Version 0.9.16 of Steel Bank Common Lisp has been announced. "This version provides performance optimizations, better introspection and debugging support, several bug fixes, and more."

Full Story (comments: none)

Perl

Weekly Perl 6 mailing list summary (O'Reilly)

The August 20-26, 2006 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.

Comments (none posted)

PHP

PHP 5.1.6 Released

Version 5.1.6 of PHP has been announced. "The PHP development team would like to announce the immediate availability of PHP 5.1.6. This release contains a fix for memory_limit restriction on 64 bit systems that was not included in PHP 5.1.5."

Comments (none posted)

Python

Dr. Dobb's Python-URL!

The August 23, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

PyTables 1.3.3 released

Version 1.3.3 of PyTables is out with better NumPy compatibility and bug fixes. "PyTables is a package for managing hierarchical datasets and designed to efficiently and easily cope with extremely large amounts of data."

Comments (none posted)

Ruby

Ruby 1.8.5 Released

Version 1.8.5 of the Ruby language has been announced. "This is a bug fix release. There should be no big difference from 1.8.4. We hope 1.8.5 is more stable and reliable than its preceding versions." See the change log file for details. (Thanks to Pat Eyler.)

Comments (none posted)

Tcl/Tk

Dr. Dobb's Tcl-URL!

The August 29, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

IDEs

Wing IDE 2.1.2 released

Version 2.1.2 of Wing IDE has been announced. "We're happy to announce version 2.1.2 of Wing IDE, an advanced development environment for the Python programming language. This is a bugfix release that improves support for Python 2.5 (2.5c1 is required) and fixes a number of bugs."

Comments (none posted)

Page editor: Forrest Cook
Next page: Linux in the news>>

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.