Intro

Welcome to what will end up being a 6 month series on qmail, "a secure, reliable, efficient, and simple message transfer agent." The purpose of this first article is to look at some of the reasons one might want to switch from the very popular sendmail program that is provided as the default MTA (message transfer agent) in a virgin FreeBSD install. While sendmail is extremely popular and is used by a vast majority of Unix hosts worldwide, I feel that qmail has some definite advantages over sendmail in security, efficiency, and reliability, and these are what we are going to take a look at this month.

Security

Security is an absolute must when dealing with any transaction on the Internet, and in this area sendmail is lacking. While sendmail, when patched, is quite secure, there are new security holes being discovered in the program all the time. Maybe security is not of major concern to you at this point, but when someone gains root access on your machine due to a sendmail security hole, you may begin to think otherwise. To date, not a single security hole has been found in qmail. The program has only two processes that run as root, qmail-start and qmail-lspawn, and only one non-root setuid process, qmail-queue. To contrast, the entire sendmail program runs as root, which allows it to be much more susceptible to exploits that could breach program security. Dan Bernstein, the author of qmail, is so confident in the security of the program that he has offered a $500 prize to anyone who can find a security hole; this prize is still unclaimed. In addition, an independent group offered a $1000 prize for finding a security hole in qmail which ran for one year (Apr. 1997-Apr. 1998), at which point the challenge ended with the prize unclaimed. The security of qmail is unparalleled.

Efficiency

In an actual test on a Pentium under *BSD, qmail sustained 200000 local messages per day (separate messages injected into the queue and delivered to mailboxes). If you are looking for speed and efficiency, especially in the area of mailing lists, then qmail is the MTA for you. By default, qmail overlaps 20 simultaneous deliveries at a time!

Reliability

Mail never gets lost with qmail. Once a message is accepted into the system, there is no way that that message can be lost. Qmail also has support for maildir, "a new, super-reliable user mailbox format." Maildirs, unlike mbox files and mh folders, won't be corrupted if the system crashes during delivery.

Replacement for sendmail

As a replacement for sendmail, qmail supports host and user masquerading, full host hiding, virtual domains, null clients, list-owner rewriting, relay control, double-bounce recording, arbitrary RFC 822 address lists, cross-host mailing list loop detection, per-recipient checkpointing, downed host backoffs, independent message retry schedules, etc. In short, qmail can do everything that sendmail can do better and more efficiently, and with a higher level of security.

Next Month

In the issues that follow, we are going to discuss an actual qmail installation on a FreeBSD system, aliasing, forwarding, virtual domains, and more. Next month's article will deal exclusively with installing qmail on a FreeBSD system running sendmail as its current MTA.

Resources

• - The official homepage.
• - The author of qmail.
• - visual representation of qmail processes.

If you are happy with your current MTA and it is working well for you, then qmail may not be the right change for you at this time. However, if you feel that your MTA should be completely secure, fast, reliable, and simple, then I recommend giving qmail a try. As an administrator, I have found qmail to be everything that I could ever wish for in an MTA, and am certain that if you try it, you won't be disappointed.

Don't forget, next in this series is: qmail: Migrating from Sendmail on a FreeBSD System.

Nate

Return to Issue #3