|
|
|
|
|
|
|
|
|
||
|
|
||
|
Be a Commerce Partner |
QMail: A Better Sendmail?
| This modular suite of e-mail programs offers scalability, security, and simplicity of administration. Better yet, it's more efficient than Sendmail. Best of all, it's free! |
VP Core Competence, Inc. [March 2, 2000] |
 |
Last summer, during a visit to our local ISP, NetReach, Director of Technical Operations George Carey told me that he was trialing a very promising Sendmail alternative: an open source message transfer agent called QMail. Created by D.J. Bernstein, QMail is designed as a wholesale replacement for Sendmail on any UNIX platform, including AIX, BSD, FreeBSD, HP-UX, Irix, Linux, OSF/1, SunOS, and Solaris. What makes QMail so promising? According to Carey, Bernstein "built QMail from the ground up, taking a sys admin approach. Admins want more flexibility, performance, and security. QMail gives you all of that."
Carey was looking for volunteers to try QMail. I needed little convincing: Our company domain was relocated to NetReach's QMail server the next day.
Six months later, I sat down with Carey to discuss his experiences, recommendations, and thoughts about replacing Sendmail with QMail.
What is QMail?
QMail is a simple, compact, modular suite of mail programs. Its major
components include:
| qmail-smtpd
and tcpserver |
An SMTP service that recognizes local IP addresses, stops unauthorized relaying, refuses blacklisted connections. |
| qmail-send | Safe, high-volume mail queue management with human and machine readable bounce messages and routing for virtual domains |
| qmail-remote | SMTP delivery with downed host backoff, route control, and autoTURN support |
| qmail-local | Full-featured, reliable local delivery and forwarding, with user-controlled address hierarchy, address wildcards, automatic reciept identification, loop prevention. |
| qmail-popup
and pop3d |
POP3 service with modular authentication and UIDL, TOP, and APOP support |
There are also many other utilities and related packages for use with QMail, including:
| ezmlm
and ezmlm-idx |
Easy-to-use mailing list subscription manager. |
| ucspi-tcp | High-speed inetd replacement for SMTP servers. |
| dot-forward | sendmail .forward compatibility for qmail-local |
| fastforward | Table-based forwarding and sendmail /etc/alias compatibility for qmail-local. |
| rblsmtpd | Rejects mail from RBL-listed sites. |
| vpopmail | Virtual domain add-on for QMail. |
| QmailAdmin | Web-based VPOP admin for self-management of virtual domain user accounts. |
| SqWebMail | Web-based CGI mail client for send and receive using Maildir mailboxes. |
As should now be apparent, QMail is highly modular: It is this modularity that makes it so flexible, lightweight, and secure.
How does modularity make QMail secure?
As described by Carey, "QMail isn't one big, monolithic Sendmail. One
QMail program listens to the smtp port, another spools incoming mail,
and still another feeds messages to users. Each program runs with the
permissions it needs and nothing more."
Only qmail-start runs as root so that it can bind to the smtp port; only qmail-queue sets uid for user mailbox access. QMail enforces clear separation between addresses, files, and programs. Bernstein is so confident in the security of this approach that he's offered a reward for anyone who can find a loophole.
According to Bernstein, "Mail delivery is critical for users; it cannot be turned off, so it must be completely secure. This is why I started writing QMail: I was sick of the security holes in Sendmail and other MTAs."
Beyond the security inherent in QMail's architecture, application-level security features include anti-relay protection to block spam and a checkpassword plug-in that allows integration of proxy authentication. For example, you can consult an LDAP server when users log into their mailbox using SqWebMail.
goto Page 2: Efficiency: the Big Draw
ISP-Planet's
RSS feed
