Development [LWN.net]

A comparison of Mail Transfer Agents - Part Two

August 30, 2006

This article was contributed by Dan Shearer

[ Editor's note: Mr. Shearer is maintaining an updated version of this article on his web site.]

In part one of this article series, we covered the criterion for selecting a Mail Transfer Agent (MTA), and took a detailed look at Postfix and qmail. This week, we take a look at Sendmail and Exim, and come to some conclusions about which MTA is best.

Sendmail

Sendmail Summary

MTA details
Website:	http://www.sendmail.org
Out since:	1982
Goals:	Be backwards-compatible
Non-goals:	Best practice
License:	Bespoke Open Source
Classification
Config:	Single control file
Releases:	Regular
Commiters:	many
Maj. contributors:	many
Flexibility:	Enormous, but complex
Subjective Comments
Administration:	Hard to do well
Security:	Historically bad, improving.
Performance:	Ok for many
Community:	Large
Sendmail compatibility:	N/A

Design goals: Current Sendmail must be backwards-compatible, and the forthcoming Sendmail X is a total rewrite.

Sendmail consists of about 118k lines of code, but that does not count the functionality in the M4 scripts used to generate the config file, nor any external milters. Documentation is good, and uniquely among MTAs, there is a dominant company (Sendmail, Inc.) dedicated to Sendmail services. The Sendmail Consortium is dedicated to maintaining the Sendmail code base.

Sendmail has an extraordinarily obscure configuration file, a poor history of security breaches and a design centered around Unix in the early 1980s. It is a fact that hundreds of thousands of Sendmail sites are currently advertising themselves as having remotely exploitable security vulnerabilities. Add to this sendmail's renowned inefficiency and it might be hard to see why Sendmail is still used at all, but history has its own inertia. There is no good reason for a site without Sendmail experience to install it, given the effectiveness of the alternatives.

Despite all this, Sendmail:

has improved greatly in security and performance since about 2000, and has a large number of new features.
is installed by default on most commercial Unix operating systems.
works with little or no modification to the default settings
has a large following of systems administrators who have battled with it, and now understand to some extent how to configure and run it.
is a well-known MTA name, see previous comment about inertia.

Although there are no recent surveys, Sendmail usage appears to be dropping over time. Dan Bernstein's 2001 SMTP survey (without published source code, and therefore not replicable) put Sendmail at about 42% market share. In 2006 it seems reasonable to assume [4] that Sendmail is on substantially fewer than 40% of the world's SMTP servers.

Sendmail has been ported to many systems, including some that are not Unix-like such as Windows. Postfix isn't realistically portable to Windows, and Exim is something of a second-class citizen on Windows since it runs via Cygwin. So portability might be a reason to run Sendmail.

Exim

Exim Summary

MTA details
Website:	http://www.exim.org
Out since:	1982
Goals:	General purpose MTA
Non-goals:	Security
License:	GPL
Classification
Config:	Single control file
Releases:	Regular
Commiters:	1
Maj. contributors:	many
Flexibility:	Enormous
Subjective Comments
Administration:	Straightforward
Security:	Quite good
Performance:	Very good
Community:	Large
Sendmail compatibility:	Very good

Design goal: General-purpose MTA for Unix machines.

Exim was inspired by the author's work with the smail 3 source code, which was itself provoked by the many problems of sendmail. So Exim too is a Sendmail drop-in replacement.

The outstanding feature of Exim is the intention that it be a general-purpose mailer. Exim is not a total rethink about how mail works, like qmail is. Nor does it restrict its feature set in order to achieve theoretical security, like Postfix. Exim instead tries to give administrators what they asked for, with a strong interest in security, reliability and performance.

Exim behaves much like any other Unix daemon, with a monolithic configuration file, a monolithic daemon, small number of log files and a standard style of spooling. It has a very good security record over the last seven years (early releases had classic security issues), it can cope with high load, and it has excellent integration facilities. Exim can be extended in many ways - it is even possible to compile in the entire Perl interpreter to call from the configuration file! If there is an MTA feature, then Exim can support that feature in some way or another. Exim is very tightly specified and documented. Many features can be omitted at compile-time, making a special-purpose Exim easy to create. Exim has its own filter language, implementing much of the functionality of procmail, and more.

Exim is used at some very high-volume sites where it provides good service. Performance comparisons that say qmail and Postfix are faster and handle queuing better don't necessarily have any bearing on real-world conditions (in 2006 on current hardware and with current definitions of high load.)

Open Source at Work

One of the interesting things about the three non-Sendmail MTAs here is the ideas and code that are shared. Postfix uses the Perl Compatible Regular Expressions library developed for Exim. Exim understands the Constant Database Format developed for qmail, and the Maildir mail file format, also from qmail. Postfix can use the Constant Database Format and Sendmail milters.

When Local Security Isn't a Problem

The main reason why MTAs have to work so hard at security is because of the Unix tradition of local delivery. The mixture of setuid binaries, specially-owned directories, pedantic authentication of local destinations and paranoia over filesystem access all has to do with having the MTA write to a file owned by some other user, usually by becoming that user. Of course that is fraught with danger. No matter how well the code is written, a careless administrator can still make it behave in an unsafe manner.

But in millions of sites this is no longer an issue because mail is kept in a central IMAP mailstore until the user chooses to view it. Mail comes into the SMTP daemon, which then makes an LMTP delivery to the IMAP daemon. In this scenario, local deliveries are completely avoided.

It is possible to compile at least two of these mailers so that none of the potentially dangerous code is even in the mailer. Here's how it is done with Exim:

All routers, directors, and transports are compiled only when specified in the Local/Makefile. You can compile Exim with only the SMTP transport - and make that use LMTP to address 127.0.0.1 for "local" delivery. Then you can run Exim entirely in "unprivileged" mode, where it runs as user exim the entire time, except during startup of the listening daemon.

Usability comparison

The following table compares the above MTAs for usability:

MTA Suitability from 0 (bad) to 3 (good)
if you are...	qmail	Exim	Sendmail	Postfix	Notes
Inexperienced	0	3	1	3	Exim and Postfix have good documentation and clear examples.
Worried about security	3	2	0	3	Postfix is modern and reliable; qmail is secure but very old and cranky.
Relying on Sendmail milters	0	1	0	3	Postfix can run milters, or use equivalent Exim routers/filter scripts.
Wanting minimum hassle	0	3	0	3	Sendmail has some easy front-ends, but remains very difficult to master. Postfix and Exim are easily configured.
size-constrained	3	1	0	2	qmail doesn't support modern email standards, but may work for a very tiny embedded MTA. Licensing issues may be a concern.
On Windows	0	2	3	0	Sendmail has a native Windows port; Exim is available in the Cygwin distribution.
Needing commercial support	1	3	3	3	There are competent companies for all of the above MTAs; qmail is inherently less supportable due to its age.

The quick answer

My recommendation for an MTA choice is Exim, here's why:

Exim can solve any MTA problem at least as well, if not better than any of the other MTAs listed here. It has very good documentation and a most supportive community. It is the only modern mailer which expressly aims to be general-purpose. That is why it is my first choice. There are no ordinary circumstances where Exim is a bad choice, although there may be special circumstances where another MTA may be superior.

Think of Exim as the Linux of free MTAs. There are many free Operating Systems and some of them are better than Linux for specific tasks. But Linux can do (at least) a good job for nearly everyone [5].

Some Home Truths

Sendmail can be made to do anything, but is for people with a Sendmail background. It makes little sense for people who don't have a specific need for specific Sendmail features to learn it. If everyone follows this recommendation, Sendmail will be dead in a generation.
qmail is a specialist product with a lot of drawbacks in general use. qmail requires a very substantial commitment to master. Unless you have a good reason to use it, don't. A hunch that qmail is more secure is not a good reason, for most normal purposes Postfix and Exim are just as secure. The usage terms (there isn't a license, it is worth reading why) is a serious issue for longevity considerations.
Postfix is limited by design (for security considerations) and has a tiny development community (not to be confused with its large user community.) So it has a less predictable future. The license is odd (no longer used by anyone) and precludes sharing with GPL code.
Still wondering about Sendmail? Well, there will be those who say that there is life after Sendmail in the form of Sendmail X. Sendmail X will probably be released in 2008 or so, and since it is the first ever redesign it will be a completely different product. Since the Sendmail developers are highly competent mail professionals I expect it will be a good product.

Footnotes

4. I'm working on doing a survey of my own. Let me know if you want to help.

5. Which doesn't stop me learning from the others -- thank you NetBSD for ISBN 0-201-79940-5 and ISBN 0-321-16607-8.

More articles by Dan Shearer are available here.

Comments (26 posted)

System Applications

Database Software

Mayfly 0.2 released

Version 0.2 of Mayfly, a Java-based SQL in-memory database for unit tests, is out. "Background: although there are a vast number of free and non-free SQL implementations in Java, few of them are really good for unit testing. A database for unit testing should be very fast on small data sets and should not present performance or other obstacles to setting up databases, adding and removing tables, and destroying databases. A typical unit test run will want to create thousands of databases. With most SQL databases, this is not achievable, and one must resort to compromises such as keeping the tables around and only setting up data on each unit test run. Mayfly aims to make creating an in-memory SQL database as easy as creating any other in-memory data structure."

Full Story (comments: none)

LDAP Software

LAT 1.1.6 released

Version 1.1.6 of LAT, the LDAP Administration Tool is out. "This release is the 7th of the 1.1.x development cycle which will eventually become v1.2. If you need a stable release stick with the 1.0 branch."

Full Story (comments: none)

Desktop Applications

Audio Applications

eSpeak 1.12 released

Version 1.12 of eSpeak, a text to speech synthesizer, is out with improved Greek and Italian language support and other changes. See the release notes for details.