Back in November, the OpenBSD development community first
project. OpenSMTPD is an all-new mail transfer agent implementation for
OpenBSD; it is getting ready for release sometime soon. It is an
interesting exercise in wheel reinvention which may well prove to be a
OpenSMTPD is developing most of the features that one would expect from an
SMTP daemon. It can speak the SMTP protocol, including the SSL-based
versions for added security. Virtual domains are supported, as are forward
files and external delivery agents like procmail. There are plans
to add a sendmail-like "milter" capability for mail-filtering extensions.
In summary, it is growing to the point that it can do most of the basic
things that the other MTA implementations do.
Given that those implementations represent a great deal of development and
debugging time, and that a new mail daemon will surely bring new bugs and
even security problems, one might well wonder why the OpenSMTPD developers
are doing it. It appears to come down to a combination of licensing issues
and a desire for a simpler and more OpenBSD-like tool.
Journal article which brought OpenSMTPD to the community's attention
includes this quote from Gilles Chehade, who started this project:
A few months ago, I had to dive into the configuration of sendmail
to make a very small change. It turns out I spent almost an hour
trying to make sense out of a maze of files that were plain
unreadable. Even the slightest changes would cause me to stand a
couple minutes thinking, just trying to make sure I really wanted
to make that change.
It is a rare mail system administrator who has not had a moment like this;
the lowest levels of sendmail configuration are a thing which must be seen
to be believed. The higher-level "language" implemented with a set of M4
macros has helped to keep an entire generation of administrators sane, but
it still presents its challenges. The end result is that, even though
sendmail seems to be long past its period where new remote root exploits
were a weekly experience, it is still a program with roots in the 1980's
that many administrators prefer to avoid.
So what about Postfix? It turns out that
Gilles likes Postfix reasonably well, but there is a fundamental problem
with it: the IBM Public
License under which Postfix is distributed includes copyleft-style
source availability requirements. Copyleft is not particularly popular in
OpenBSD circles, so that license ensures that Postfix will never be a part
of the OpenBSD source tree. For Gilles, that meant that he needed to
install Postfix separately after each OpenBSD installation; it also means
that Postfix does not receive the same level of attention from OpenBSD's
code auditors. So it seems that OpenSMTPD is being developed, at least
partially, out of a desire to have an MTA under a permissive license which
is less intimidating than sendmail.
Needless to say, the licensing issue is enough to exclude GPL-licensed
solutions like exim as well.
Beyond licensing, though, it seems that the OpenSMTPD developers want to
have an MTA which has more of an OpenBSD-like feel. The configuration file
format will be simplified and have a format very similar to that of the
"pf" packet filter. Techniques like privilege separation have been
designed into the program almost since the beginning. And, of course, it
will be a part of the unified OpenBSD source tree; it has been in the
OpenBSD CVS repository since November.
Some people within the OpenBSD community have questioned the need for this
kind of project, given the number of mail transfer agents already
available. Certainly there are projects which are not worth the effort
which goes into them, but, that said, it is usually a mistake to criticize
the work of people who have decided to scratch a particular itch.
Interesting things can come from such developments. From OpenSMTPD we may
get an MTA which sheds a lot of legacy requirements (sendmail still has
features that come from a time when one had to worry about routing a
message via two DECnet hops, over the NSFnet, then into a CSNet node) and
which, presumably, will offer a high degree of security.
Once it's stable, it would not be entirely surprising to see a Linux port
of OpenSMTPD as well. Whether it will take off in the Linux world remains
to be seen. Tools like OpenSSH are nearly universal on Linux systems; OpenCVS is ... less so. But
options are usually good, and the OpenSMTPD developers are busily working
toward the creation of another option for a crucial system component. It
will be interesting to see how it turns out.
to post comments)