A few years ago, the only free email server software available in the Linux environment was Sendmail. However, due to Sendmail's shortcomings, some developers have developed several other email server software. Currently, there are several options for free mail servers, or MTA (Mail Transfer Agent), running in the Linux environment. The more common ones include Sendmail, Qmail, Postfix, exim, Zmailer, etc. This article hopes to elaborate on the characteristics of several mainstream MTAs in the Linux environment that have a relatively large impact, and analyze and compare their advantages and disadvantages one by one, so that users can have a choice when choosing a free MTA in the Linux environment. in accordance with.
Postfix
Postfix is a product of a free software project funded by IBM and developed by Wietse Venema. Its purpose is to provide users with a mail server choice other than sendmail. Postfix strives to be fast, easy to manage, provide as much security as possible, and at the same time try to maintain compatibility with the sendmail mail server to meet users' usage habits. Initially, Postfix was released under the name VMailer, but was later renamed Postfix due to trademark reasons.
Main design goals
The goal of the Postfix project is to implement a mail server that provides users with an alternative to sendmail. Its design goals include:
In terms of performance, Postfix is more than three times faster than similar server products. A desktop computer with Postfix installed can send and receive millions of letters a day. Postfix design uses web server design techniques to reduce process creation overhead, and uses other file access optimization techniques to improve efficiency while ensuring software reliability.
compatibility. Postfix was designed with Sendmail compatibility in mind to make porting easier. Postfix supports /var[/spool] /mail, /etc/aliases, NIS, and ~/.forward files. However, in order to ensure simplicity of management, Postfix does not support the configuration file sendmail.cf.
Security and robustness. Postfix is designed to ensure program reliability even under excessive load. When there is no free space or no available memory in the local file system, Postfix will automatically give up instead of retrying to make the situation worse.
flexibility. Postfix is structurally composed of more than ten small sub-modules. Each sub-module completes a specific task, such as receiving a message through the SMTP protocol, sending a message, delivering a message locally, rewriting an address, etc. When specific needs arise, new versions of modules can be used to replace older modules without updating the entire program. And it's also easy to turn off a feature.
Security. Postfix uses multiple layers of defense to protect local systems from attackers. Almost every Postfix daemon can run under a fixed low-privilege chroot. There is no direct path between the network and security-sensitive local delivery programs - an attack The attacker must first break through several other programs before he or she can access the local system. Postfix doesn't even absolutely trust the contents of its own queue files or IPC messages to prevent being spoofed. Postfix filters messages before outputting the message provided by the sender. And the Postfix program does not have set-uid.
Some features of Postfix
Support multiple transmission domains: sendmai supports forwarding messages between Internet, DECnet, X.400 and UUCP. Postfix is designed to be flexible and does not require a virtual domain (visual domain) or alias to achieve this kind of forwarding. However, in the early releases, only STMP and limited support for UUCP were supported, but for Chinese users, support for multiple transmission domains is meaningless.
Virtual Domains: In most common cases, adding support for a virtual domain simply requires changing a Postfix lookup table. Other mail servers often require multiple levels of aliasing or redirection to achieve this effect.
UCE control (UCE, unsolicited commercial email): Postfix can limit which hosts are allowed to forward emails through itself, and supports limiting what emails are allowed to be accessed. Postfix implements the usual control functions: blacklists, RBL lookups, HELO/sender DNS verification. Content-based filtering is currently not implemented.
Table view: Postfix does not implement the address rewriting language, but uses an extended table view to implement the address rewriting function. Tables can be in local dbm or db file formats. [Cut-Page]
Postfix architecture and comparison with Sendmail
Postfix is an architecture based on semi-resident, interoperable processes. Each process completes a specific task without any specific process derivative relationship (parent-child relationship). Moreover, independent processes to complete different functions have better isolation than "monolithic" programs. In addition, this implementation method has the advantage that each service such as address rewriting can be used by any Postfix component without the overhead of process creation, but only needs to rewrite an address. Of course, Postfix is not the only one that adopts this method. way.
Postfix is implemented in this way: a resident master server runs the Postfix daemon according to commands, and the daemon completes functions such as sending or receiving network mail messages, delivering mail locally, and so on. The number of daemon processes is determined by configuration parameters, and the number of times the daemon process runs (re-used times) is determined according to the configuration. When the idle time reaches the limit specified by the configuration parameters, it will automatically die. This method significantly reduces the process creation overhead, but still maintains good isolation between individual processes.
The design goal of Postfix is to become a replacement for Sendmail. For this reason, many parts of the Postfix system, such as the local delivery program, can be easily replaced by editing and modifying configuration files such as inetd.
The core of Postfix is implemented by more than ten semi-resident programs. For confidentiality reasons, these Postfix processes communicate with each other through Unix sockets or FIFOs under protected directories. Even though confidentiality is guaranteed using this method, the Postfix process does not blindly trust the data it receives this way.
There is a limit to the amount of data transferred between Postfix processes. In many cases, the only data information exchanged between Postfix processes is the queue file name and receiver list, or some status information. Once a mail message is saved into a file, it will remain there until read by a mail delivery program.
Postfix uses some common measures to avoid losing information: saving all data to disk by calling flush and fsync() before receiving an acknowledgment. Check the return results of all system calls to avoid error conditions.
Most people who build mail servers will choose sendmail. To be fair, sendmail is a good MTA (Mail Transfer Agent). When it was first developed, Eric Allman's design consideration was mainly on the success of mail delivery. Unfortunately, Sendmai was developed without much consideration for the security issues that may be encountered in the Internet environment. Sendmail can only run as the root user on most systems, which means that any vulnerability can have very serious consequences. In addition to these problems, Sendmail does not perform well under high load.
Safety
Postfix does not have to be run as root, but only requires a master program to run as root, which generates processes to handle access, outgoing and local mail delivery. By using a series of modular components, each task is run by a separate program (making auditing easier). For example, an outgoing email is unloaded to a queue directory, where the "pcikup" program fetches the email and passes it to the "cleanup" program, which then passes the email to "trivial-rewrite", which is responsible for processing the email header. Finally, if The purpose of the mail is that other systems will deliver the mail to the "smtp" program. And compared to Sendmail, Postfix is also easier to set up a chroot'ed environment. This is achieved simply by editing the master.cf file (usually located in /etc/postfix), and Postfix will be chrooted to the queue directory it defines (usually located in /var/spool/postfix) , you can also set process limits for a single Postfix module in master.cf. Users can restrict which user Postfix runs as. Generally speaking, it runs as the "postfix" user (conceptually this user is similar to Apache's nobody). This user can access specific queue directories. Another major advantage of Postfix is the clarity and ease of understanding of the configuration files.
Comparison with Sendmail Mail systems such as sendmail are designed and implemented according to a single-block structure. This "single-block" program implements all functions. Of course this structure facilitates sharing data between different parts of the system. But this structure is prone to some fatal errors. Mail systems such as qmail use a hierarchical structure to run sub-module processes with different functions in a fixed order, and release them after execution. This method has good "insulation" properties, but increases process creation overhead and inter-process communication overhead. However, the overhead can be kept within an acceptable range by reasonably planning the running order of submodule processes.
It is very troublesome to use other MTA to replace Sendmail, and users often have to spend a lot of time to become familiar with the configuration and use of the new MTA. With Postfix, you can take advantage of many existing configuration files. Such as (access, aliases, virtusertable, etc.), you only need to simply define them in master.cf. In addition, Postfix also behaves very much like Sendmail. Users can use the sendmail command to start Postfix.
Of course, using one piece of software to replace another requires solving specific problems. Partly because of the security features of Postfix, you may encounter some problems when configuring Postfix. The most typical problem is sending mail to the root user. Postfix generally does not increase its own privileges (necessary to send mail to the root user) to deliver mail. Users need to define an alias for root in the alias file, such as: root: someuser. This also affects several mailing list modules, especially SmartList. Generally speaking, it is best to use Majordomo to implement mailing lists, which is easy to configure.
A very prominent problem with Sendmail is scalability and performance issues. For example, if the user wants to restart Sendmail every day to automatically update the configuration file (such as redirecting mail for a virtual host), problems will arise. Sendmail generates new processes to handle sending and receiving emails. These processes will exist until the transmission is completed, and then Sendmail can exit. In this way, your script will not be able to restart Sendmail correctly. For Postfix, users only need to issue the command postfix reload, and Postfix will reload its configuration file.
In addition, for mail servers with tens of thousands of users, use files to store matching email addresses sent by users (for example, the sender of a letter sent by bob is changed to [email protected]). For a large number of users, the file will become very large, thus affecting the operating efficiency of the system. Postfix can be integrated with a database backend (currently only supports MySQL) to store its configuration information. The database method is much more powerful in scalability than the file method.
Complying with IBM's open source copyright license, users can freely distribute the software and conduct secondary development. The only restriction is that changes made to Postfix must be returned to IBM. Because IBM funded the development of Wietse.
Comparison with Qmail
The disadvantage of Qmail is that the configuration method is inconsistent with Sendmail and is not easy to maintain. Moreover, the copyright license of Qmail is very vague and is not even released together with the software. Note from the application author: If you wish to distribute your own modified version of Qmail, you must get my permission.
Qmail qmail is a freely downloadable MTA developed by Dan Bernstein. Its first beta version 0.70.7 was released on January 24, 1996. Version 1.0 was released in February 1997. The current version is 1.03. [Cut-Page]
Features of Qmail
Security In order to verify the security of Qmail, supporters of Qmail even offered a $1,000 bounty to find security vulnerabilities in Qmail. A year later, the bounty was not claimed and was donated to the Free Software Foundation. Currently, the author of Qmail has also invested $500 to find security vulnerabilities in Qmail.
Speed: Qmail can deliver approximately one million emails on a medium-sized system. It can even handle more than 100,000 emails a day on a 486, and supports parallel delivery. Qmail supports parallel delivery of emails and can deliver approximately 20 emails at the same time. The current bottleneck of email delivery lies in the SMTP protocol. It takes more than 10 seconds to deliver an email to another Internet host through STMP. The author of Qmail proposed QMTP (Quick Mail Transfer Protocol) to speed up mail delivery, and it is supported in Qmail. The design goal of Qmail is to eventually be able to deliver approximately one million emails per day on a 16M machine.
Reliability: In order to ensure reliability, Qmail will only return a successful processing result when the email is correctly written to the disk. This way, even if a system crash or power outage occurs during disk writing, the email can be guaranteed not to be lost. Instead, redeliver.
Especially simple virtual domain management, there is even a third-party developed add-on called vpopmail to support virtual POP domains. To use this package, POP3 users do not need to have an official account on the system.
Use ezmlm to support user-controlled mailing list functions.
Mail users and system accounts are isolated. Providing users with mail accounts does not require setting up system accounts for them, thus increasing security.
Sendmail vs Qmail
First of all: sendmail is an MTA with a long history of development, and the current version is 8.10.2. Of course, Sendmail has certain guarantees in terms of portability, stability, and ensuring that it is bug-free. But there are many posts on the Internet about attacking Sendmail, which is a nightmare for administrators. During the development process of Sendmail, a group of experienced Sendmail administrators have been produced, and Sendmail has a large number of complete documentation. In addition to Sendmail's collection: O'Reilly's sendmail book written by Bryan Costales with Eric Allman, there are a large number of tutorials on the Internet. , FAQ and other resources. These large amounts of documents are very important for making good use of Sendmail's various features. But Sendmai is currently a mature MTA.
Of course, Sendmail has some shortcomings. It has too many features that lead to the complexity of the configuration file. Of course, the generation of configuration files becomes much easier by using the m4 macro. However, it is not easy to master all the configuration options. Sendmail has had many security vulnerabilities in past versions, so administrators had to upgrade the version quickly. And Sendmail's popularity also makes it a target for attacks, which has both advantages and disadvantages: it means security holes can be discovered quickly, but it also makes Sendmail more stable and secure. Another problem is that the default configuration of Sendmail generally has minimal security features, making Sendmail often vulnerable to attacks. If you use Sendmail, you should make sure you understand the meaning and impact of each option you open. Once you understand how Sendmail works, installing and maintaining Sendmail becomes very easy. Through Sendmail's configuration file, users can fulfill all imaginable needs.
Qmail is an option that is designed and implemented with security issues in mind. If you need a quick solution such as a secure email gateway, Qmail is a good choice. The configuration files of Qmail and Sendmail are completely different. As for Qmail, it has its own configuration file. The configuration directory contains 5-30 different files, and each file implements the configuration of different parts (such as virtual domains or virtual hosts, etc.). These configuration instructions are well documented in man, but the code structure of Qmail is not very good.
Qmail is much smaller than Sendmail and lacks some of the features found in today's mail servers. Unlike Sendmail, qmail does not verify the domain name of the sender of the email envelope to ensure the correctness of the domain name. It does not provide support for RBL itself, but requires add-on to implement it. , and Sendmail supports RBL. Similarly, Qmail cannot refuse to receive emails whose intended recipient does not exist. Instead, it will receive the emails first and then return emails that do not belong to this user. The biggest problem with Qmail lies in the processing of sending emails to multiple recipients. If you send a large email to multiple users in the same domain, Sendmail will only send a copy of the email to the destination mail server. Qmail will connect multiple times in parallel, sending a copy to a user each time. If users need to send large emails to multiple users on a daily basis, using Qmail will waste a lot of bandwidth. You can think of it this way: Sendmail optimization saves bandwidth resources, and Qmail optimization saves time. If the user system has good bandwidth, Qmail will have better performance. If the user system has limited bandwidth resources and needs to send a lot of mailing list information, Sendmail will be more efficient. Qmail does not support .forward (.forward is very useful to users in many cases); it does not use /var/spool/mail, but stores mails in the user's home directory. The following are some tasks that are not easy to complete using Qmail. To complete these tasks using Qmail, users may need to implement them themselves or use unreliable modules provided by third parties.
The source code of Qmail is easier to understand than Sendmail, which is an advantage for those who want to understand the MTA mechanism internally. Qmail should also be more stable in terms of security. Qmail has good technical support, but it is not as widely used and has a large administrator user base like Sendmail. The installation of Qmail is not as automated as Sendmail and requires manual steps. Moreover, Qmail's documentation is not as complete and rich as Sendmail's.
Qmail has fewer add-ons than Sendmail. Generally speaking, for administrators with slightly less experience, it is relatively better to choose Qmail. Qmail is simpler, and its special functions can meet the needs of ordinary users. Sendmail is similar to an office suite, and 80% of its functions are often not used. This makes Qmail more popular in some situations. It has some more popular and practical features that Sendmail does not have. For example, Qmail has built-in pop3 support. Qmail also supports host or user camouflage, virtual domains, etc. Qmail's simplicity also makes configuration relatively easy.
Qmail is considered more secure and efficient than Sendmail. A pentium machine running Qmail can process approximately 200,0000 messages a day.
qmail is much simpler than other MTAs, mainly reflected in:
(1) Other MTAs use independent mechanisms for mail forwarding, mail aliases, and mailing lists, while qmail uses a simple forwarding mechanism to allow users to process their own mailing lists.
(2) Other MTAs provide mail delivery mechanisms in a fast and unsafe way and a slow queue method; while qmail delivery is triggered by the appearance of new mail, so its delivery has only one mode: fast queue method
(3) Other MTAs actually include a specific version of inetd to monitor the MTA's average load, while qmail has designed an internal mechanism to limit the system load, so qmail-smtpd can safely run from the system's inet
sendmail has a lot of commercial support, and due to its large user base, there is a lot of potential technical support on the Internet. Qmail only has very limited technical support. There is a company inter7.com that provides support for Qmail. The company also provides free add-ons, including a web-based management tool-QmailAdmin and support for virtual domains through vpopmail, and even a web-based client. Borrow interface—SqWebMail.
Qmail also has some other shortcomings. For example, it does not fully comply with standards and does not support DSN. The author believes that DSN is a dying technology, and Qmail's VERP can complete the same work without relying on the support of other hosts like DSN. Another problem with Qmail is that it does not comply with the 7bit system standard and sends 8bit every time. If the receiving party of the email cannot handle this situation, the email will be garbled.
In terms of security, Sendmail is worse than Qmail. Sendmail has experienced many famous security vulnerabilities during its development; while Qmail is relatively short and concise, but still provides basic STMP functions. Qmail's code comments are fewer. A nice feature of Qmail is its support for an optional directory-based mail storage format, rather than using one large file to store all of a user's mail. If the user's mail server performs many POP3 services, this mail storage format can improve efficiency. Unfortunately, Pine itself does not support this storage format. If necessary, you can use some patches to achieve this purpose.
The advantage of Qmail is that each user can create a mailing list without having root user permissions. For example, user foo can create a mailing list named foo-slashdot, foo-linux, foo-chickens. In order to provide better functions, There is a tool called ezmlm (EZ Mailing List Maker) that can support various functions of Majordomo such as automatic registration and logout, indexing, etc., but it is all CLI-driven and requires only a few files to be edited. Qmail is very suitable for working on small systems, which generally only support a small number of users or are used to manage mailing lists. Qmail is fast and simple: Qmail is the best choice when you want security and easy configuration; Qmail can be configured in 2 hours, while Sendmail may not be able to be configured in two days.
rocketmail internic, etc. are all built using qmail
ZMailer
ZMailer is a high-performance, multi-process mail program for Unix systems. [aka MTA per X.400 parlance], which can be freely downloaded from the server ftp://ftp.funet.fi/pub/unix/mail/zmailer/. It is also designed in monoblock mode. Mail systems such as Hotmail are built using Zmailer.
Exim Exim is a GPL-compliant MTA developed by Cambridge University. Its style is similar to Smail 3, but it is more complete than Smail 3. The latest version is 3.15. Its main site is http://www.exim.org/. Its biggest feature is the simplicity of configuration, but its security is not as good as Qmail and Postfix.
The following is a comparison of the characteristics of several MTAs. Generally speaking, Qmail and Postfix are both very good MTAs. The selection criteria is often a matter of personal preference. Postfix has a later development history than Qmail.
MTA maturity security features performance Sendmail compatibility modular design qmail medium high high high addons yes Sendmail high low high low x no Postfix low high high high yes yes exim medium low high medium yes no
Of course, in addition to the several MTAs introduced here, there are also other commercial or Free MTAs are available.