---------------------- Forwarded Message: --------------------- From: Richard Welty Subject: [offtopic] how to do email Date: Wed, 28 Jan 2004 08:55:52 -0500 (EST) there are six different paths a unix/linux/*bsd admin can go down on email transport. Mail Transport Agents the MTA is a program that speaks SMTP (Simple Mail Transport Protocol) to other MTAs, and to MUAs (Mail User Agents) that are injecting mail into the system. MTAs relay mail onwards, and may or may not do final delivery. some do it directly, others depend on MDAs (Mail Delivery Agents) to deposit mail into mail stores. sendmail -- traditional. sendmail is a very complex program with mixed history. the current version is much better than it was back in the mid-90s, when it was virtually unmaintained and bugs showed up pretty much every week. this is the default mail transport on many unix type systems. design is a monolithic binary that runs as root. licensing is BSD, as it was originally written for BSD 4.2 back around 1983. qmail -- almost like an alternate universe. sophisticated security model, often the design is deliberately as different as possible from sendmail. has some design features in its delivery methods that some (myself included) don't like very much. author, dan bernstein, is a very smart and incredibly obnoxious guy. some dislike qmail just because djb is so obnoxious. licensing is djb's odd creation, and he's not a lawyer so many find it confusing. discussions about qmail often taken on a near religious quality. postfix -- very nice piece of software. security model is derived from qmail, but maintains more sendmail compatibility. sendmail compatibility is usually a command line feature where the same flags are honored so that programs that make "sendmail assumptions" continue to work when an alternative is installed. licensing is the IBM public license, a very complex license that is supposed to have the look and feel of an open source license, but it's not, really. smail -- been around a long time. intended as a simpler alternative to sendmail. fell behind for some years, but greg a woods has been actively developing it for a few years now. greg is an, um, "interesting" guy and smail shows it. i forget what license smail uses. exim -- this is what i use. the author, Philip Hazel, was influenced by smail (pre greg woods), but there is no smail code in exim. it is a full featured program with a lot of spam control built in. design is a monolithic binary that runs as root, so many security wonks will opt for postfix or qmail instead. on the other hand, the number of remote exploits that have been found since i started using it in 1996 can be counted on the fingers of one hand. i switched to exim to run mailing lists back then because sendmail of that period had some serious deficiencies in how it managed outbound mail queues. exim is licensed under the GPL, and version 3 is the default mailer in some versions of Debian Linux. hopefully Debian will go to exim 4 soon, exim 3 is quite obsolete. there is a good book on exim, the second edition is available from a small british publisher. the first edition (covering exim 3) is still available from O'Reilly, but there are enough differences between exim 3 and 4 to render the first edition of limited value. i don't have much use for my exim 3 book anymore, but it's signed by Philip, so it's not going anywhere. courier -- from the author of the well regarded courier-imap package. don't know a lot about it, but i use courier-imap with exim to provide pop3 and imap services, and like it. so you pick your poison and and then consider other issues. pop3 and imap services are generally considered a separate issue, MTAs like the above don't generally provide them. options that provide both pop3 and imap: UW-IMAP -- this is stock in many unix type installations. it also has scalability problems and the code is pretty notorious. stores incoming email in mbox format in central spool directories, e.g. /var/spool/mail or /var/mail. i do not do new installtions of UW-IMAP under any circumstances. Courier-IMAP -- popular change from UW-IMAP. uses Maildir style for delivery (Maildir was invented by djb for qmail, it has a number of advantages over the centralized system, among which are the fact that it works correctly on NFS mounted file systems, which is impossible for UW-IMAP. the one message per file model also scales better than the monolithic mailbox method. underlying filesystems can affect performance here; reiserfs might be a higher performance choice than ext3 on a linux system with a lot of users with big mail stores, as reiserfs is tuned for lots of small files.) all modern MTAs can be configured to deliver to Maildir one way or another. if they can't, courier provides a program they can call to deliver the mail anyway. Cyrus -- Cyrus is a very large scale subsystem for managing mail, with its own internal database format. the cyrus-sasl security stuff is a side project to the cyrus mail store. supposed to be very high performance, but it's very much its own alien creature. i don't have any experience with it other than looking at the web site. Virus scanning there are numerous commercial products that run on un*x/linux servers, but one good free one -- clamav. clamav is reliable on linux and unix, flaky right now on some *BSD systems due to bugginess in the portable thread libraries. integration of virus checking varies from MTA to MTA. there are two different methods of doing it with exim. i normally use the exiscan patches (which also can be used to hook up spam assassin.) Spam control this requires its own book, and will get its own, separate message. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security RICHARD IS A CONSULTANT FOR HIRE - contact him at the phone number above, he is located in New York State. Richard also runs several internet servers including digest.net which hosts the FSJ, XJ and Diesel-Benz lists that were created by the webmaster from wagoneers.com.