Sendmail vs. Qmail
Originally Published 2003-10-15 22:16:10
Sendmail vs Qmail
Extracted from askslashdot
Tip provided by ?
ChiChiCuervo asks: "I've been wrestling with Sendmail for the past few months
because it's configuration system is a nightmare. So I was wondering what the
differences between/benefits of each (sendmail and qmail) mailer were, and what
everyone thinks of each."
Differences :
Well, there are some. At first, sendmail is an old dog - it's being hacked on for
long, much code was removed and much new was added. That's why it is at 8.9.2 now.
Of course, this gives you some kind of "guarantee" that is portable, stable and bug
free - however, there were posted many attacks against sendmail in the past which
is a nightmare from the PR standpoint. However, it really has matured and you are
on the safe side, if you use a modern version. qmail was written "with security in
mind", if you need a quick solution for e.g. a secure gateway, you should use qmail
instead of sendmail.
The configuration of both is fundamentally different. If you want to try sendmail,
you should really consider to get the sendmail book from O'Reilly, I would not have
been able to do anything useful with sendmail without that book. The documentation
on sendmail is rather non-existing, at least I have not found anything on the net
which describes sendmail comparable to the book. Once you understand, how sendmail
works, it is really easy to setup and maintain. You can do about everything you can
think of using sendmail's configuration file. You don't need to hack the source
code to use e.g. a new mapping for domains.
On the other side is qmail: It has its control files, a simple directory with 5 to
30 different files containing one special configuration (e.g. virtual domains or
host infos). These are explained nicely in their respective man page (man
qmail-control). However, I feel uncomfortable doing anything extended with qmail. I
don't like the structure of the source code, you have to dig far into it before you
understand how the things work.
Over the past, I've converted my personal boxes to run qmail. Why? There is no
special reason. Perhaps, because sendmail is updated every once in a while, while
qmail is at 1.03 since months (years?).
I'd recommened to try both - set up a personal system and play a little bit with
each MTA. Learning to administer a system is the most fun sport in the world :-)
Sendmail vs. Qmail :
Qmail is a much smaller mail server, and it lacks many of the features that most
mail servers have today. It has no spam filtering whatsoever. For example, unlike
sendmail, it does not verify the domain of the envelope sender, to make sure that
it resolves in DNS. It has no support for the RBL, the current sendmail supports
the RBL natively. Also, unlike sendmail, Qmail can't reject E-mail addressed a
mailbox that doesn't exist. Qmail will accept the E-mail message, and then it will
generate a "no such user" bounce internally.
But that's just the standard feature set. If you want extras like that, you'll be
able to find a patch or an add-on, somewhere, because chances are that someone has
already done it. Qmail's author has a reputation of being very inflexible, and over
the last couple of years people have come up with a plethora of patches and hacks.
Qmail's biggest problem is sending E-mail to many recipients. If you have a large
message with many addresses in the same domain, sendmail will connect to the
receiving mail server once, and it will send one copy of the message. Qmail will
connect multiple times, in parallel, and transmit a separate copy for each
recipient. If you routinely send large messages to many addresses, you'll waste a
lot of bandwidth. You can think of it this way: sendmail is optimized for saving
bandwidth, Qmail is optimized for saving time. If you have good bandwidth
available, Qmail will be faster. If you have limited bandwidth, and generate a lot
of mailing list traffic, sendmail will be faster.
Don't overlook the security aspect. Sendmail is bloatware. It's been hacked,
revised, and patched for years. There's so much bloat in there, Bill Gates is
envious. If it weren't for sendmail's existing large user base, Eric Allman would
be laughed off the Internet. On the other hand, Qmail is smaller and leaner, but it
still provides the basic SMTP functionality. Although the source code is not very
well commented, you'll be able to figure out how to get things done, if you need to
patch it.
One of the nice features of Qmail is that it supports an alternate mail storage
format, that's directory-based, instead of one huge file containing all your
messages. If you do a lot of POP3 serving, you can save a lot of CPU cycles and
disk activity with Qmail. Unfortunately, Pine does not natively support this
storage format. But, again, there are patches for that out there.
There, that should give you a rough idea of the strengths and weaknesses of Qmail.
Advantages of Qmail (mailing lists) :
Qmail had the advantage of having each user be able to set up a mailing list
without root permission. Thus, the "foo" account could create mailing lists called
foo-slashdot, foo-linux, foo-chickens, and foo-spam all without root permission.
For better functionality, there's ezmlm (EZ Mailing List Maker) which adds things
like auto-subscribe and unsubscribe, indexing, and all the other fun stuff you'd
see in Majordomo, but all CLI driven - few files to edit.
I've found that Qmail works great for small machines, and installed them for
domains where I have only a few accounts (or have to manage mailing lists). Larger
sites may want the vast configurability of Sendmail instead.
Postfix :
If you're gonna be looking at alternatives to sendmail, you should also check out
PostFix. (Used to be called Vmailer.) It was written by the same guy who wrote
TCPWrappers.
I've never configured it myself, so I don't know how easy or hard it is, but you
should have a look for yourself. We're running it at work, now, and it outperforms
sendmail by a fairly large margin.
http://www.postfix.org/
If you do stay with sendmail, I stronly urge you to use M4.
Here's how to do it on a RedHat system:
First, create your mc file:
# cd /usr/lib/sendmail-cf/cf
# cp redhat.mc myconfig.mc
# vi myconfig.mc
Customize it using information found on the links from http://www.sendmail.org . Pray for
divine inspiration.
Now build a cf file:
# cp -p /etc/sendmail.cf /etc/sendmail.cf.orig
# m4 ../m4/cf.m4 myconfig.mc > /etc/sendmail.cf
# /etc/rc.d/init.d/sendmail restart
Good luck!
Sendmail configuration nightmare-> SOLUTION :
Check this site
http://www.harker.com/webgencf
Also check out Exim :
Open source, very easy to configure, quite secure. Big installations would probably
prefer Postfix but I like exim and run it at home and so (now) do all my friends -
I also hacked up a mailing list manager for it.
http://www.exim.org/
Easy Sendmail Configuration w/ Linuxconf :
I use sendmail because linuxconf will generate all your configuration files for
you. It even does virtual hosts. So grab sendmail and linuxconf:
http://www.solucorp.qc.ca/linuxconf/
Use postfix :
I've never actually used sendmail, but I've looked at the config files, and they
look nasty. sendmail also is a big suid root, sgid bin binary which scares me to
death.
qmail is easier to configure, a whole lot more secure (from a design standpoint, I
neither know nor care how many holes are actually left in sendmail), and allows
users to admin their own lists (which is quite useful). It, however, is not a
sendmail replacement. It doesn't use .forward (which all of your users probably
use), it doesn't use /var/spool/mail (or the incorrect /usr/mail, /var/mail or
/var/spool/mail) but instead insists on putting mail in the users home directory.
It also lacks some of the more obscure features of sendmail (such as mail to news
gateways). I would say that qmail is just fine if you're the only user of your
system or if you have all very educated users. qmail's license prohibits
redistribution differing from the original package unless said distribution is
approved by the DJB (the author)
Postfix (www.postfix.org) is a new mailer by Wietse Venema co-author of SATAN and
author of TCP Wrappers and it's very cool. It was designed from the ground up to be
secure. It has an extremely easy to use configuration syntax allows for mail to be
places either under the users name in a specified directory (/var/spool/mail) or
under a specified name in the users directory, and allows for mbox or maildir
formatted mailboxes (most people use mbox, but maildir has better integrity). It
also is extremely flexible and can (I believe) do everything that sendmail can at
this point. It also allows for users to maintain their own lists. Basically the
only reason I would suggest you choose something other than postfix is that postfix
is currently in Beta and still under development. (Note that I'm not saying it's
not stable. I've been running it and it appears quite stable and secure to me, but
it is beta software) postfix is licensed by IBM and the license is sort of odd: it
tries to guarantee that the source will be available but makes if very clear that
all changes are to be available.
In summary:
* If you absolutely demand truly open software, use sendmail. Though the other
two licenses aren't awful, they leave much to be desired.
* If you're running a large server and demand high security (i.e. Hotmail, pobox,
Yahoo), do a lot of research and write your own so that it's optimized to your
system.
* If you have a bunch of lusers; you don't demand much security, and don't have
time to keep up with updates to a beta daemon go with sendmail.
* If you are the only user on your system, or it's just you and your Linux hacker
buddies and you don't want to bother with keeping up with updates to beta
software go with qmail
* If you want a really cool MTA and don't mind tracking updates (about one a
month) go with postfix
Qmail is quick and simple :
Qmail is the best if you want something secure and easy to configure. I was able to
set it up in about an 2 hours compared to 2 days with sendmail, and I still didn't
have sendmail working how I wanted it.
It will do many of the things that sendmail does - you just need to download some
additional packages. Qmail will do .forward with the dot-forward package, you can
use procmail or what ever one you want. You can use the /var/spool/mail setup all
you have to do is change a setting in the /var/qmail/rc file. It contains great
documentation.
It has some spam filtering abilities with add-on packages. I am using it on a
dial-up connection and masquerading as another user and machine. It will work with
pine, just just need to set some env variables and use /v/s/m
Qmail runs very well :
I've been using qmail for a couple years and it works great. It does feature SPAM
filtering and prevention techniques, though some of them aren't distributed with
the man package. However from being on the qmail mailing list for a while I can
tell you SPAM prevention was a big focus.
Additionally when paired with serialmail qmail runs really well over modem links.
You can setup a virtualdomain to hold mail in a queue until a user connects and
then flush the mail to the users personal linux box for delivery into user's
mailboxes. I realize this can be done with other tools, but qmail does this easily
and it works great.
Also regarding a POP server, personally I use a patched version of the University
of Washington's POP/IMAP server and it runs really well. I know a large ISP who
does this as well.
Finally you may be interested to know that there are some very large sites on the
net using qmail, or at least they appear to be (you never know for sure). I believe
Rocketmail (or maybe it was hotmail), and Internic were both believed to be using
qmail.
Overall I highly recommend using qmail, it runs great and is easier to configure
than sendmail.
No comments:
Post a Comment