Linux Mail Server Postfix, qmaill, and Sendmail Competitions

Source: Internet
Author: User
Tags dsn email account qmail

A few years ago, only Sendmail was available for free mail servers in Linux. However, due to the Sendmail defect, some developers have developed several other mail server software. Currently, the free email server running in Linux, or the MTA (mail transfer agent), has several options: Sendmail, Qmail, Postfix, Exim, and zmailer. This article will describe the characteristics of MTA in mainstream Linux environments with relatively large impact, and analyze and compare the advantages and disadvantages of MTA by Venus, this gives you a basis for choosing free MTA in Linux.

Postfix

Postfix is a product of a free software project developed by Wietse Venema, funded by IBM, to provide users with choice of email servers other than Sendmail. Postfix is designed to be fast, easy to manage, and provide as much security as possible. It also tries its best to maintain compatibility with the Sendmail mail server to meet users' usage habits. At first, the Postfix was published by the vmailer name, and later changed to postfix for trademark reasons.

Main design objectives

The goal of the Postfix project is to implement an email server and provide users with choices other than Sendmail. Its design goals include:

Performance: Postfix is three times faster than similar Server products. A desktop with postfix installed can send and receive millions of emails a day. The Postfix design uses Web server design techniques to reduce Process Creation overhead and other file access optimization techniques to improve efficiency, while ensuring software reliability.

Compatibility. The compatibility of Sendmail is considered during the design of Postfix to make the migration easier. Postfix supports/var [/spool]/mail,/etc/aliases, NIS, and ~ /. Forward and other files. However, to ensure the simplicity of management, Postfix does not support the configuration file sendmail. cf.

Security and robustness. Postfix is designed to ensure program reliability when the program is overloaded. When the local file system has no available space or no available memory, the Postfix will automatically give up, instead of making the situation worse by retrying.

Flexibility. The Postfix structure consists of more than 10 small sub-modules. Each sub-module completes a specific task, such as receiving a message through SMTP protocol, sending a message, and passing a message locally, rewrite an address. When a specific requirement occurs, you can use a new version of the module to replace the old one without updating the entire program. In addition, it is easy to disable a function.

Security. Postfix uses multi-layer protection to prevent attackers from protecting the local system. Almost every Postfix daemon can run under a fixed chroot with low permissions, there is no direct path between the network and the security-sensitive local shipping program-an attacker must first break through several other programs to access the local system. Postfix does not even trust the content in its own queue file or IPC message to prevent spoofing. Postfix filters messages before outputting messages provided by the sender. In addition, the Postfix program does not have set-UID.

Postfix features

Supports multiple transmission domains: sendmai supports message forwarding between the Internet, decnet, x.400, and uucp. Postfix is flexibly designed to implement such forwarding without virtual domain (vistual Domai) or Alias. However, in the early release, only stmp was supported and uucp was supported to a limited extent. However, for Chinese users, multi-transmission domain support was meaningless.

Virtual domain: In most general cases, adding support for a virtual domain only requires changing the Postfix query information table. Other mail servers usually require multiple levels of aliases or redirection to achieve this effect.

Uce control (UCE, unsolicited commercial email): postfix can limit which host can forward mails by itself and which mails can be received. Postfix provides the following control functions: Blacklist list, RBL search, and HELO/sender DNS verification. Content-based filtering is not implemented currently.

Table view: Postfix does not implement address rewriting language, but uses an extended table view to implement address rewriting. The table can be in local dBm or DB file format.

Postfix architecture and comparison with Sendmail

Postfix is based on the architecture of semi-resident and interoperable processes. Each process completes a specific task without any specific process derivative relationship (parent-child relationship ). In addition, independent processes to complete different functions have better isolation than "single block" programs. In addition, this implementation method has the following advantages: each service, such as address rewriting, can be used by any Postfix component without overhead such as process creation, but only needs to override one address, of course, this method is not used only by Postfix.

Postfix is implemented in this way: a resident master server runs the Postfix daemon according to the command. The daemon can send or receive network mail messages and submit emails locally. The number of daemon is determined by the configuration parameters, and re-used times are determined based on the configuration. When the idle time reaches the limit specified by the configuration parameters, automatically disappears. This method significantly reduces the overhead of Process Creation, but maintains good isolation between individual processes.

Postfix is designed to be a replacement for Sendmail. For this reason, many parts of the Postfix system, such as local shipping programs, can be easily replaced by editing and modifying configuration files similar to inetd.

The core of Postfix is implemented by more than 10 semi-resident programs. To ensure confidentiality, these Postfix processes communicate with each other through a UNIX socket or a FIFO under a protected directory. Even if this method is used to ensure confidentiality, the Postfix process does not blindly trust the data it receives in this way.

The amount of data transmitted between Postfix processes is limited. In many cases, the data information exchanged between Postfix processes is only the queue file name and receiver list, or some status information. Once an email message is saved into a file, it will be saved in it and read by a mail delivery program.

Postfix uses some common measures to avoid information loss: Call flush and fsync () to save all data to the disk before receiving confirmation. Check the returned results of all system calls to avoid errors.

Most people who build the mail server will choose sendmail. In fairness, Sendmail is a good MTA (Mail Transfer Agent). Eric Allman's design considerations at the initial development mainly focus on the success of mail delivery. Unfortunately, the development of sendmai does not take into account the security problems that may occur in the Internet environment. Sendmail can only run as the root user on most systems, which means that any vulnerability may cause very serious consequences. In addition to these problems, Sendmail is not running well under high load conditions.

Security

Postfix is required to run as root, but only one master program is required to run as root. The generated process is used to process access, sending, and local mail delivery. By using a series of module components, each task is run by a separate program (which makes the audit easier ). For example, if the sent mail is uninstalled to a queue directory, the "pcikup" program obtains the mail and passes the mail to the "Cleanup" program, it then delivers the mail to "Trivial-Rewrite", which is responsible for processing the mail header, and finally delivers the mail to the "SMTP" program if the mail is for another system. In addition, Postfix is easier to set the chroot' ed environment than Sendmail. Simply edit the master. the CF (usually in the/etc/postfix) file can be implemented, and the Postfix will run chroot 'Ed, to be limited to the queue directory defined by it (usually located in/var/spool/postfix), it can also be in the master. in CF, process restrictions are set for a single module of Postfix. Users can restrict the identity of the user to which the Postfix runs. Generally, the Postfix user (similar to Apache's nobody) is used to run the Postfix. the user can access a specific queue directory. The other major advantage of Postfix is that the configuration file is clear and easy to understand.

Compared with Sendmail, mail systems such as Sendmail are designed and implemented based on a single block structure. This "single block" program implements all the functions. Of course, this structure facilitates data sharing between different parts of the system. However, this structure is prone to some fatal errors. For example, a hierarchical structure is used in the Qmail mail system to run sub-module processes of different functions in a fixed order. After the sub-module processes are executed, they are released. This method has good "insulation", but increases the overhead of Process Creation and inter-process communication. However, by reasonably planning the running sequence of sub-module processes, the overhead can be kept within the acceptable range.

Using other MTA instead of Sendmail is a very troublesome task. Users often have to spend a lot of time getting familiar with the configuration and use of the new MTA. With Postfix, you can use many configuration files. For example (access, aliases, external usertable, etc.), you only need to define it in master. Cf. In addition, Postfix also acts like sendmail. You can use the sendmail command to start Postfix.

Of course, using one software to replace another must solve specific problems. This is partly because of the security features of Postfix, which may cause some problems when configuring Postfix. The most typical problem is to send an email to the root user. Postfix generally does not improve its own permissions (required to send emails to the root user) to deliver emails. You need to define an alias for root in the alias file, for example, root: someuser. This also affects several email list modules, especially smartlist. Generally, Majordomo is recommended for implementing the mail list, which is easy to configure.

One of the most prominent problems with Sendmail is scalability and performance. For example, if you want to restart Sendmail every day to automatically update the configuration file (for example, to redirect emails to a VM), the problem may occur. Sendmail generates a new process to process the sent and received mails. These processes will exist until the transmission is complete and Sendmail can exit. In this way, your script cannot correctly restart Sendmail. For Postfix, you only need to issue the Postfix reload command, and the Postfix will reload its configuration file.

In addition, for mail servers with tens of thousands of users, files are used to store messages such as matching users' e-mail addresses (for example, Bob's mail sender is changed to sales@example.org ). For a large number of users, the file will become very huge, thus affecting the system operation efficiency. Postfix can be integrated with a database background (currently only MySQL is supported) to store its configuration information. The database mode is much more powerful than the file mode in terms of scalability.

With IBM's open-source copyright license, users can freely distribute the software for secondary development. The only restriction is that changes made to the Postfix must be returned to IBM. Because IBM funded Wietse development.

Comparison with Qmail

The disadvantage of Qmail is that the configuration method is inconsistent with Sendmail and is not easy to maintain. In addition, Qmail's copyright license has a vague meaning and is not even released together with the software. APP author's words: If you want to distribute your own modified version of Qmail, you must get my permission.

Qmail is an MTA that can be freely downloaded by Dan Bernstein. Its first beta version 0.70.7 was released on December 7, 1.0 and 1.03. The current version is.

Qmail features

Security in order to verify the security of Qmail, Qmail supporters even paid a reward for Qmail security vulnerabilities. One year later, the prize was not received and donated to the Free Software Foundation. At present, the author of Qmail has also contributed 0 to seek for Qmail security vulnerabilities.

Speed: Qmail can deliver about one million emails in a medium-scale system, or even process more than 486 emails on a single 0.1 million-day basis, supporting parallel delivery. Qmail supports parallel delivery of mails and can deliver about 20 mails at the same time. Currently, the bottleneck of mail delivery lies in the SMTP protocol. It takes more than 10 seconds to deliver an email to another Internet host through stmp. The author of Qmail proposed qmtp (quick Mail Transfer Protocol) to accelerate mail delivery and obtain support in Qmail. Qmail is designed to deliver millions of mails per day on a 16 m machine.

Reliability: to ensure reliability, Qmail returns the result of successful processing only when the email is correctly written to the disk, even if a system crash or power failure occurs during disk writing, it can also ensure that the mail is not lost, but re-delivered.

Especially simple virtual domain management, even a third-party added-on called Vpopmail to support virtual pop domains. With this software package, POP3 users do not need to have a formal account of the system.

Use ezmlm to support user-controlled mail lists.

Email users are isolated from system accounts. You do not need to set a system account for the email account, which increases security.

Sendmail vs Qmail

First, Sendmail is an MTA with a long history. The current version is 8.10.2. Of course, Sendmail guarantees portability, stability, and bug-free. However, many posts on the Internet are about Sendmail attacks, which is a nightmare for administrators. In the development process, Sendmail has produced a batch of experienced Sendmail administrators, and Sendmail has a large number of complete documents, except for the typical Sendmail: O 'Reilly's Sendmail book written by Bryan costales with Eric Allman, there are a lot of tutorial, FAQ and other resources on the network. These large numbers of documents are very important to take advantage of the various special features of Sendmail. However, sendmai is currently a mature MTA.

Of course, Sendmail has some disadvantages, and its features are too many, resulting in the complexity of the configuration file. Of course, it is much easier to generate the configuration file by using the M4 macro. However, it is not easy to master all configuration options. Sendmail has encountered many security vulnerabilities in past versions, So administrators have to upgrade the version quickly. In addition, the popularity of Sendmail has also made it the target of attacks, which has the advantage and disadvantage: this means that security vulnerabilities can be quickly discovered, but it also makes Sendmail more stable and secure. Another problem is that Sendmail generally has the smallest security feature by default, making Sendmail vulnerable to attacks. If sendmail is used, make sure that you understand the meaning and impact of each opened option. Once you understand how Sendmail works, it is very easy to install and maintain Sendmail. With the sendmail configuration file, you can achieve everything you can imagine.

Qmail is a choice, and security issues are particularly taken into account in the design and implementation. If you need a fast solution, such as a Secure Mail Gateway, Qmail is a good choice. The configuration files of Qmail and Sendmail are completely different. For Qmail, it has its own configuration file. The configuration directory contains 5-30 different files, and each file configures different parts (such as virtual domains or virtual hosts ). These configuration instructions are well documented in man, but the Qmail code structure is not very good.

Qmail is much smaller than Sendmail, and lacks some of the unique features of today's mail servers. Unlike Sendmail, Qmail does not verify the domain name of the sender of the mail envelope to ensure the correctness of the domain name. Instead of providing support for RBL, add-on is required ., Sendmail supports RBL. Similarly, Qmail cannot reject emails that do not exist in the recipient. Instead, it first receives the emails and then returns emails that do not exist in the recipient. The biggest problem with Qmail lies in the processing of emails sent to multiple recipients. If you send a large email to multiple users in the same domain, Sendmail will send only one email copy to the target email server. Qmail connects multiple times in parallel and sends a copy to a user each time. If you want to send large emails to multiple users on a daily basis, using Qmail will waste a lot of bandwidth. We can think that Sendmail optimization saves Bandwidth Resources and qmail optimization saves time. If the user system has good bandwidth, Qmail will have better performance. If the user system has limited bandwidth resources and needs to send a lot of mail list information, Sendmail will be more efficient. Qmail does not support. Forward (. Forward is useful to users in many cases). Instead of using/var/spool/mail, it stores emails in the user's home directory. The following are some tasks that cannot be easily completed using Qmail. To do this using Qmail, you may need to implement it yourself or use a third-party module that is not reliable enough.

The source code of Qmail is easier to understand than Sendmail, which is an advantage for people who want to learn about the MTA mechanism internally. Qmail should be more stable in terms of security. Qmail has good technical support, but it is not widely used as Sendmail and has a large number of administrator user groups. The installation of Qmail is not as automated as Sendmail and requires manual steps. Qmail documentation is not as complete and rich as Sendmail.

Qmail has fewer add-ons than Sendmail. Generally, it is better to select Qmail for administrators with less experience. Qmail is simpler, and its unique functions can meet the needs of general users. Sendmail is similar to the office suite, and 80% features are often not used. This makes Qmail more popular in some scenarios. It has some more popular and practical features not provided by Sendmail, such as Qmail with built-in POP3 support. Qmail also supports camouflage and virtual domains for hosts or users. The simplicity of Qmail also makes configuration easier.

Qmail is considered safer and more efficient than sendmail. A Pentium machine running Qmail can process about messages a day.

Qmail is much simpler than other MTA, mainly reflected in:

(1) The Email Forwarding, email alias, and email list of other MTA instances are independent of each other, while Qmail uses a simple forwarding (forwarding) allows users to process their own email lists.

(2) Other MTA provides a fast, insecure, and slow message delivery mechanism. Qmail is triggered by the emergence of new emails, therefore, there is only one delivery mode: Fast queue Mode

(3) Other MTA actually includes a specific version of inetd to monitor the average load of the MTA, while Qmail designs an internal mechanism to limit the system load, therefore, Qmail-smtpd can run securely from the system's Inet.

Sendmail has a lot of commercial support, and because of a large number of user groups, there is a lot of potential technical support on the Internet. Qmail only has limited technical support. A company, inter7.com, provides Qmail support. The company also provides free add-ons, including a web-based management tool, qmailadmin, and Vpopmail-based support for virtual domains, it even has a Web-based client borrow interface-sqwebmail.

Qmail also has some other shortcomings. If it does not fully comply with the standards, it does not support DSN. The authors believe that DSN is a technology that is about to die out, while Qmail's VERP can do the same job, unlike DSN, it depends on the support of other hosts. Another problem with Qmail is that it does not comply with the 7-bit system standard and sends 8-bit messages each time. If the recipient cannot handle this situation, the email garbled.

In terms of security, Sendmail is worse than Qmail. Sendmail has many well-known security vulnerabilities in development. Qmail is relatively short and concise, but it still provides basic stmp functions. Qmail requires less code comments. A good feature of Qmail is that it supports an optional Directory-based mail storage format, rather than using a large file to store all users' emails. If your email server performs many POP3 services, this mail storage format can improve the efficiency. Unfortunately, pine itself does not support this storage format. If necessary, you can use some patches to achieve this purpose.

Qmail has the following advantages: each user can create a mail list without having permissions of the root user. For example, user Foo can create foo-Slashdot, foo-Linux, for the foo-Chickens Mail List, to provide better functions, a tool named ezmlm (EZ mailing list maker) can support various features of Majordomo, such as automatic registration, logout, and indexing, however, they are all CLI-driven and only need to edit a few files. Qmail is very suitable for small systems. It generally only supports a small number of users or is used to manage mail lists. Qmail is fast and simple: Qmail is the best choice for security and ease of configuration. Qmail can be configured within two hours, however, Sendmail may not be able to handle the issue within two days.

Rocketmail InterNIC and so on are all built using Qmail

Zmailer

Zmailer is a high-performance, multi-process UNIX system email program. [A.k. A. MTA per x.400 parlance], which can be freely downloaded from the following server ftp://ftp.funet.fi/pub/unix/mail/zmailer. It is also designed in a single block mode. For example, Hotmail and other email systems are built with zmailer.

Exim is a GPL-compliant MTA developed by Cambridge University. Its style is similar to Smail 3, but it is better than Smail 3. The latest version is 3.15. The main site is http://www.exim.org /. Its biggest characteristic is the simplicity of configuration, but its security is not as good as Qmail and Postfix.

The following is a comparison of the characteristics of several MTA instances. In general, Qmail and Postfix are both good MTA instances. The selection criteria are often personal preferences, postfix development history is later than Qmail.

MTA maturity and security features performance Sendmail compatibility modular design Qmail medium high Addons Yes Sendmail high low X no postfix low high yes Exim medium low high medium Yes No

Of course, in addition to the MTA mentioned here, there are also Smail and post. office, the Sun Internet Mail Server (SIMS), mmdf, CommuniGate, pmdf, Netscape Messaging Server, obtuse smtpd/smtpfwdd, intermail, MD switch, and other commercial or free MTA options are available.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.