A few years ago, I can choose to have only Sendmail in the Linux environment, but some developers have developed several other mail server software due to Sendmail's defects. Currently, there are free mail servers in a Linux environment, or there are several options known as MTA (Mail Transfer Agent), more common with Sendmail, Qmail, Postfix, Exim, and ZMAiler, and more. This paper hopes that by describing the characteristics of MTA in the mainstream Linux environment relatively larger, it is selected to have a choice for free MTA in choosing a Linux environment. in accordance with. Postfix Postfix is a product of a free software project developed by Wietse Venema by IBM funding, with an aim of providing users with mail server other than Sendmail. Postfix is quick, easy to manage, providing as security, while trying to maintain compatibility with Sendmail mail servers to meet users' habits. At first, Postfix was released by VMAiler, and later renamed Postfix due to trademark reasons. The main design target PostFix project is to implement a mail server, providing users other than Sendmail. Its design objectives include: performance, Postfix is more than three times more than the same server product, and a desktop that installs Postfix can send and receive millions of letters one day. The postfix design uses the design techniques of the web server to reduce the process to create overhead, and use other file access optimization techniques to improve efficiency, but also ensures the reliability of the software. compatibility. The POSTFIX design takes into account the compatibility problem of maintaining Sendmail to make the transplantation make it easier. Postfix Support / Var [/ Spool] / Mail, / etc / aliases, nis, and ~ / .forward and other files. However, postfix is to ensure the simplicity of management, so no configuration file sendmail.cf is supported. Safety and robustness. POSTFIX design implements the program that is still guaranteed in the case of overload. When the local file system does not have a free space or no memory available, Postfix will automatically give up, rather than trying to make the situation worse. flexibility. The Postfix structure consists of more than 10 small submodules, each submodule completes a specific task, such as receiving a message via the SMTP protocol, sending a message, local delivery, rewriting an address, etc. When a specific requirement occurs, you can replace the old module with a new version of the module without need to update the entire program. And it is also easy to achieve a feature. safety. Postfix uses multi-storey protection to prevent attackers to protect the local system, almost every PostFix daemon can run under a fixed low permissions, there is no direct path between network and security-sensitive local delivery programs - an attack It must first break through several other procedures, it is possible to access the local system. Postfix doesn't even trust your queue file or content in the IPC message to prevent being deceived. Postfix will first filter messages before outputting the message provided by the sender. And the Postfix program has no set-uid. Some features of Postfix support multi-transmission domain: Sendmai supports forwarding messages between Internet, Decnet, X.400, and UUCP. Postfix is flexible to implement this forwarding without virtual domain (Vistual Domai) or alias. However, in early release, only STMP is only supported and to support UUCP, but for our users, there is no significance of the support of the multi-transmission domain. Virtual Domain: In most common conditions, add support for a virtual domain only needs to change a Postfix lookup information table. Other mail servers typically require multiple levels of aliases or redirects to achieve this effect.
UCE Control: Postfix can limit which host allows you to forward messages and supports what email allows access. Postfix implements usual control features: blacklist list, RBL lookup, HELO / sender DNS verification. Content filtering is currently not implemented. Table View: Postfix does not implement address rewriting language, but uses an extension table to find address rewriting function. The table can be a local DBM or DB file and other formats. The PostFix architecture and comparison with Sendmail are the architecture based on semi-resident, interoperable processes, each process completes specific tasks, without any specific process derived relationship (parental relationship). Moreover, independent processes have better isolation relative to the "single block" program. In addition, this implementation has this advantage: Each service can be used by any postfix component, without the process creation, but only needs to rewrite an address, of course, is not only postfix. A way. Postfix is implemented in this manner: a resident owner server runs the postfix daemon based on the command, the daemon completes the sending or receiving webmail messages, submitting the mail or the like. The number of daemon is determined by the configuration parameters, and the number of times the daemon is running according to the configuration of the daemon, and when the idle time arrives at the limit specified by the configuration parameter, automatically die. This approach significantly reduces the process to create overhead, but a single process still maintains good isolation. Postfix's design goals are alternatives to Sendmail. For this reason, many parts of the Postfix system, such as local delivery procedures, etc., can easily replace them by editing a configuration file similar to inetd. The core of Postfix is achieved by more than ten semi-resident procedures. In order to ensure confidentiality, these PostFix processes are communicating between the FIFO under the Socket or protected directory between the POSTFIX process. Even if this method is used to ensure confidentiality, the Postfix process does not blindly trust the data received in this way. The amount of data transmitted between the PostFix process is limited. In many cases, data information exchanged between postfix processes only queue file names and recipient lists, or some status information. Once a mail message is saved, it will be saved therein to be read by a mail delivery program. Postfix uses some usual measures to avoid loss information: All data is saved to disk by calling flush and fsync () before receiving confirmation. Check the return result of all system calls to avoid errors. Most build mail servers will choose Sendmail. Sendmail is a nice MTA (Mail Transfer agent). The design consideration of ERIC Allman is mainly placed in the success of mail delivery. Unfortunately, there is not much safety problem that may be encountered in the Internet environment when Sendmai is developed. Sendmail can only run as root user in most systems, which means that any vulnerability can lead to very serious consequences, except for these issues, in high load SENDMAIL operation is not very good. Safety Postfix and must be run as root, but only one master program runs as root, generates the process to process access, issue and local mail delivery work. By using a series of module components, each task is run by a separate program (so that the audit is easier). For example, send an email to a queue directory, here the "PCIkup" program takes the message and passes the message to the "Cleanup" program, which is passed to "Trivial-Rewrite", which is responsible for handling the mail header, and finally The purpose of the mail is that other systems passed the message to the "SMTP" program.
And POSTFIX is easier to set the chroot'ed environment relative to Sendmail. As long as you can simply be implemented by editing master.cf (in / etc / postfix) files, and postfix will run chroot'ed to define under its defined queue directory (usually located in / var / spool / postfix) It is also possible to set up process restrictions on the POSTFIX single module setting in master.cf. Users can limit the asking of POSTFIX, which is generally run with "Postfix" users (similar to the NOBODY of the user and Apache), which can access a particular queue directory. The other main advantages of Postfix are clear and easy to understand the configuration file. Compared with Sendmail, such as sendmail, the mail system, which is implemented in accordance with a single structure design, the "Single" program implements all features. Of course, this structure is conducive to sharing data between different parts of the system. But this structure is prone to some fatal errors. For example, a hierarchical structure is used on the mail system of qmail, which is released in accordance with the sub-module process of different functions in the fixed order. This method has a good "insulation", but adds the process to create overhead and inter-process communication overhead. However, the operating order of the processes through reasonable planning sub-module can be kept within an acceptable range. Using other MTA replacement Sendmail is a very troublesome thing, users often spend a lot of time to familiarize with new MTA configuration and use. With Postfix, you can take advantage of a lot of profiles. Such as (Access, AliaS, Virtusertable, etc.), just simply define it in master.cf. In addition, Postfix is also very like Sendmail in behavior, and users can use the sendmail command to launch postfix. Of course, use a software to replace another software to solve a specific problem. Part of the reason is that some problems may be encountered when postfix is configured. The most typical problem is to send mail to the root user. Postfix generally does not improve its own permissions (must be sent to the root user) to deliver the email. Users need to define alias for root in the alias file, such as: root: Someuser. This also affects the number of mail list modules, especially smartlist. Generally, the list of mail is best to use Majordomo, it is easy to configure. Sendmail a very prominent problem is scalability and performance issues. For example, if users want to restart sendmail every day to implement an automatic update profile (such as redirect mail to virtual host), there will be problems. Sendmail generates a new process to handle sending and receiving emails, these processes will always exist until the end of the transmission, after Sendmail can exit, so your script will not recover Sendmail correctly. For Postfix, users only need to issue a command postfix reload, and Postfix will reload their configuration files. In addition, for mail servers with tens of thousands of users, use files to store such as matching users to issue mail addresses (such as BOB senders to Sales@example.org). For a large number of users, the file will become great, which affects the operating efficiency of the system. Postfix can be integrated with a database back desk (currently only support MySQL) to store its configuration information, the database method is much better than file mode in scalability. Compliance with IBM's open source code copyright license, users can freely distribute the software, and carry out secondary development. The only restriction is to return to IBMs to IBMs for modifications to Postfix. Because IBM funds Wietse development.
The shortcomings of QMail's comparison with qmail are configuration methods and sendmail inconsistent, not easy to maintain. And the meaning of qmail's copyright license is very blurred, and even not released with the software. To apply the author: If you want to distribute yourself to modify the version of qmail, you must get my license. Qmail Qmail is a free download MTA developed by Dan Bernstein, its first beta version 0.70.7 on January 24, 1996, released version 1.0 in February 1997, and the current version is 1.03. QMAIL Features To verify QMAIL security, Qmail's supporters even contribute to QMAIL security vulnerabilities, which is not received, and donated to the Free Software Foundation. At present, QMAIL's author also also contributes $ 500 to seek QMAIL's security vulnerabilities. Speed: Qmail can deliver about millions of emails in a medium-sized system, and even more than 100,000 emails can be handled on a 486 day, support parallel delivery. Qmail supports parallel delivery of emails while delivering approximately 20 emails. The bottleneck currently delivered is in the SMTP protocol. It takes more than 10 seconds to deliver an email to another Internet host through STMP. The author of QMAIL proposes QMTP (Quick Mail Transfer Protocol to accelerate mail delivery and supported in qmail. Qmail's design goal is to finally deliver about millions of grades per day on a 16M machine. Reliability: To ensure reliability, qmail only returns the result of successful writing correctly in the message, so that even if the system crashes or power off occurs in the disk write, it is also possible to ensure that the email is not lost. But it is re-delivered. Specially simple virtual domain management, even a third-party developed Add-ON to support virtual POP domain. With this package, POP3 users do not need a formal account with a system. Use EZMLM to support user-controlled mailing list features. The mail users and system accounts are isolated, providing a mail account to the user does not need to set a system account for it, thereby increasing security. Sendmail VS QMAIL First: Sendmail is a long history of MTA, and the current version is 8.10.2. Of course, Sendmail has a certain guarantee in portability, stability and ensuring no bugs. However, there are many posts on the Internet, about attacking Sendmail, which is a nightmare for administrators. Sendmail has produced a number of experienced Sendmail administrators in the development process, and Sendmail has a large amount of complete documentation, except for Sendmail's Collection: O'Reilly's sendmail bookwritten by Bryan Costales with Eric Allman, there is a large number Tutorial, FAQ, and other resources. These large amounts of documents are very important for a good features that utilize Sendmail. But Sendmai is currently a mature MTA. Of course, Sendmail has some disadvantages, and its feature features are too many and the complexity of the configuration file. Of course, the generation of the configuration file is much easier by using the M4 macro. However, you have to master all the configuration options is a very difficult thing. Sendmail has experienced a lot of security vulnerabilities in the past versions, so the administrator has to upgrade the version. Moreover, Sendmail's popularity also makes it a target of attacks. This is also a bad place: this means that security vulnerabilities can be discovered soon, but SENDMAIL is more stable and safe. Another problem is that Sendmail typically default configurations have the smallest security feature, so that Sendmail is often easily attacked.
If you use Sendmail, you should make sure you understand the meaning and impact of each open option. Once you understand the working principle of Sendmail, it is very easy to install and maintain Sendmail. With Sendmail configuration file, the user implements everything that can be imagined. QMAIL is a choice that specially considers security issues in design implementation. If you need a quick solution such as a secure mail gateway, qmail is a good choice. QMail and Sendmail profiles are completely different. For QMAIL, it has its own profile, and the configuration directory contains 5-30 different files, each file implements configurations of different parts (such as virtual domains or virtual hosts, etc.). These configuration descriptions have a good document in Man, but the code structure of qmail is not very good. Qmail is much smaller than Sendmail, which lacks the features of the today's mail server. If you are not like Sendmail, Qmail does not verify the domain name of the sender of the mail envelope to ensure the correctness of the domain name. It does not provide support for RBL, and add-on is required. And Sendmail supports RBL. The same Qmail cannot reject the receiver of the receiver does not have any letters, but then receive the message and then returns the mail that does not have this user. QMAIL's biggest problem is on the processing of sending mail to multiple recipients. If a large message is sent to multiple users in the same domain, Sendmail will only send a mail copy to the destination mail server. QMail will connect multiple times in parallel, and send a copy to a user each time. If the user needs to send a big mail to multiple users, use qmail will waste a lot of bandwidth. It can be so much: sendmail optimization saves bandwidth resources, QMAIL optimization saves time. If the user system has a good bandwidth, qmail will have better performance, and if the bandwidth resources of the user system are limited, and to send a lot of mailing list information, Sendmail is more efficient. Qmail does not support .forward (.forward is very useful to the user in many cases); not using / var / spool / mail, but stores mail in the user home directory. Here are some jobs that use qmail to complete, to complete these work with qmail, you may need to do your own yourself or use a third party's insufficiently reliable module. QMAIL's source code is more easily understood relative to Sendmail, which is an advantage for people who want to deepen to understand the MTA mechanism. QMAIL is also stable in terms of security. QMail has good technical support, but there is no extensive application and a large number of administrator user groups as Sendmail. QMAIL installation is not automated as Sendmail, requiring manual steps. And qmail's document is not as complete and rich as Sendmail. Qmail's Add-Ons is less than sendmail. Generally speaking some administrators who have a little less, choose QMail to be better. QMAIL is simple, and its feature features meet the needs of general users. Sendmail is similar to the Office kit, and 80% of features often are not used. This makes qmail may be more popular in some occasions, which has some more popular and practical features that Sendmail, such as: Qmail has built-in POP3 support. QMAIL also supports camouflage, virtual domains, etc., such as host or users. The simplicity of qmail is also relatively easy to configure. QMail is considered to be more secure and efficient relative to Sendmail, and a Pentium machine running QMail can handle approximately 200,000 messages a day.
Qmail is simpler than other MTAs, mainly in: (1) other MTA mail forwarding, email alias and mailing lists are independent mechanisms, while qmail uses a simple forwarding mechanism Allow users to handle their mail list (2) Other MTAs provide fast and unsafe ways and slow queue methods for mail delivery mechanisms; and QMAIL is triggered by new mail, so it is only one Mode: Fast queue mode (3) Other MTA actually includes a specific version of inetd to monitor the average load of the MTA, and qmail designs internal mechanism to limit system load, so Qmail-SMTPD can safely from the system's inet There are a lot of business support running Sendmail, and due to a large number of user groups, there is a lot of potential support on the Internet. QMail is only very limited technical support. There is a company INTER7.COM to provide QMAIL support, which also provides free add-Ons, including a web-based management tool-QMailAdmin and a support for virtual domains via vpopmail, and even web-based customers Borrow the interface-SQWebmail. Qmail also has some other shortcomings. If it is not fully compliant, it does not support DSN, the author believes that DSN is a technology that is about to die, and QMail's VERP can complete the same job, and it is not like DSN dependent on other hosts. Qmail Another problem is that it does not comply with the 7BIT system standard, and 8bit each time. If this is the case where the message does not handle this situation, there will be a mess with messages. In terms of security, Sendmail is better than qmail, and Sendmail has experienced a lot of well-known security vulnerabilities in development; and qmail is relatively hard, but still provides basic STMP functions. And qmail's code annotation should be less. A good feature of qmail is that it supports an optional directory-based mail storage format, rather than using a large file to store all user emails. If the user's mail server makes a lot of POP3 services, this mail storage format can improve efficiency. But unfortunately, Pine itself does not support this storage format, and if you need some patches to achieve this. QMAIL's advantage is that each user can create a mailing list without having to have a root user, such as user foo can create a mailing list named foo-slashdot, foo-linux, foo-chickens, in order to provide better features. There is a tool called EZMLM (EZ Mailing List Maker) to support the various functions of Majordomo, etc. QMAIL is ideal for working under small systems, usually only supports fewer users or to manage mailing lists. QMAIL is fast and simple: Qmail is the best choice for easy configuration security; QMAIL can configure within 2 hours, while Sendmail may not be in two days. RocketMail InterNic, etc. use qmail to build ZMAILER ZMAILER is a high-performance, multi-process UNIX system mail program. [A.K.A. MTA Per X.400 parlance] can be freely downloaded from the server ftp://ftp.funet.fi/pub/unix/mail/zmailr/. It is also designed according to the single block mode. If Hotmail and other mail systems are built with ZMAILER. EXIM EXIM is a MTA, which is developed by Cambridge University, similar to SMAIL 3, but is more perfect than SMAIL 3. The latest version is 3.15. Its primary site is http://www.exim.org/.
