Classnotes | UNIX02 | RecentChanges | Preferences Difference (from revision 4 to current revision)
(minor diff) (The revisions are identical or unavailable.)
Before we look at some specific technologies available for Mail delivery and services, it would be helpful if we could, at least pictorially, get an overview of what happens when we send an e-mail. (The following picture was based upon the ASCII-art rendition by Guylhem Aznar in his [Linux Electronic Mail Administrator HOWTO])
MUA - Mail User Agent
MTA - Mail Transport Agent
SMTP - Simple Mail Transfer Protocol
LDA - Local Delivery Agent
On some MTA's, there is an integrated LDA.
This is for a setup where the sending MUA is on the same machine as the sending MTA. More often than not, the sending MUA will be using SMTP to connect to another MTA to do the actual sending.
Some MUA's have notification agents built in.
The item in this diagram which we will now be focusing on is the Mail Transport Agent, or MTA. This is what we will be refering to when we speak of "Mail Servers", even though there may easily be other elements alongside the MTA that comprise the whole server (such as seperate LDAs).
For Linux (and UNIX) we have many MTAs available to choose from. By far the most widely used is Sendmail- it is [estimated] that "between 50 and 75 percent of all the Internet's e-mail is handled by ... various versions of Sendmail". However, you do have a number of alternatives to Sendmail such as Exim, Postfix, and qmail. Let's take a quick tour of these choices now.
Sendmail is really the "grand-daddy" of MTAs. It originated with BSD, and is now the default MTA for most Linux distributions and UNIXes. Sendmail consistes of only an MTA, and requires an additional LDA to deliver mail locally.
Sendmail has a long-standing reputation for being an administrator's nightmare -- hard to understand, tricky to configure, rife with security holes. By default, it runs as the root user, which means that any misconfiguration or security flaw inside Sendmail will expose your system to the worst kind of hurt. Everything from worms to malicious crackers have been attacking Sendmail with ferocity over the last several years. Historically, there is an argument to be made that it had been the "most exploited UNIX daemon". In fact, it has gotten so bad that the Department of Homeland Security recently issued a warning about using Sendmail (for more information, see [this]).
Reputations aside, it is still the most widely used MTA, and can be configured quite securely... if you know what you're doing. Additionally, most mail user applications rely upon Sendmail-like interfaces from the MTA, so many non-Sendmail MTA's mimick Sendmail's behaviour via command-line interfaces.
Smail was the first attempt at a replacement for Sendmail, however it has not fared well over the last several years. Very few Linux and UNIX distributions include by default anymore, and it is becoming increasingly hard to find packages for it native to a given distribution. We will only mention Smail as a historical note, and not go any further into it.
Exim is developed at the University of Cambridge and is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail. It advertises particular strengths in spam-blocking and support of several virtual hosts (virtual DNS domains) on the same host.
Exim is the default MTA for Debian and a few other Linux distributions. There are many people who swear by it, but we will not be covering it in this class.
The book does mention Exim briefly on pages 620-623.
qmail is a bit of an oddity. In order to understand qmail, we must first try to understand it's developer: D. J. Bernstein.
D. J. Bernstein (djb) is an Associate Professor in the Department of Mathematics at University of Illinois at Chicago. He teaches courses on cryptography, UNIX security and other topics. He is, by any accounts, a very bright and intelligent person.
djb has written several projects which are quite radical and even rewrite some internet functionality and protocols. In addition to qmail, he has a BIND (standard UNIX DNS) replacement called djbdns, and the fastest Fast Fourier Transform on the web (djfft). djb's supporters are typically very loyal and sometimes fanatical.
However, there are many people who think that djb is a nut. Rick Moen says "Prof. Bernstein's software is, first of all, pervaded by a bloody-minded disregard for the rest of the world, e.g., qmail's trait ... of attempting to cram as much ... mail as possible down recipient systems' throats, which was notorious for crashing destination mail systems (and thus pioneered the art of mail delivery as a Denial of Service attack)". (See [this])
Elsewhere, Marc Merlin says the biggest problems for qmail is djb's "very unorthodox ways of doing things ... In most cases the reasons for the alternatives are sound, but the author being opinionated doesn't necessarily give you the choice". Additionally Marc points out that djb places redistribution clauses on qmail that disallow patches he doesn't like from supplying alternatives to the way qmail handles things. This even includes forcing qmail to install into /var/qmail, thus breaking the Filesystem Hierachy Standard. (See [this])
Some of djb's posts to various mailing lists can actually be a pretty interesting read, such as [this one]. Or [this one].
These things being said, qmail is generally considered more secure than Sendmail.