Slashdot Mirror
What are the Differences between Sendmail and QMail?
ChiChiCuervo asks:
"I've been wrestling with Sendmail for the
past few months because it's configuration
system is a nightmare. So I was wondering
what the differences between/benefits of
each (sendmail and qmail) mailer were,
and what everyone thinks of each."
Noone uses qmail, so noone hacks it :)
Seriously: qmail is secure. Sendmail, there are bugs up the arse for every version.
Well, there are some. At first, sendmail is an old dog - it's being hacked on for long, much code was removed and much new was added. That's why it is at 8.9.2 now. Of course, this gives you some kind of "guarantee" that is portable, stable and bug free - however, there were posted many attacks against sendmail in the past which is a nightmare from the PR standpoint. However, it really has matured and you are on the safe side, if you use a modern version. qmail was written "with security in mind", if you need a quick solution for e.g. a secure gateway, you should use qmail instead of sendmail.
:-)
The configuration of both is fundamentally different. If you want to try sendmail, you should really consider to get the sendmail book from O'Reilly, I would not have been able to do anything useful with sendmail without that book. The documentation on sendmail is rather non-existing, at least I have not found anything on the net which describes sendmail comparable to the book. Once you understand, how sendmail works, it is really easy to setup and maintain. You can do about everything you can think of using sendmail's configuration file. You don't need to hack the source code to use e.g. a new mapping for domains.
On the other side is qmail: It has its control files, a simple directory with 5 to 30 different files containing one special configuration (e.g. virtual domains or host infos). These are explained nicely in their respective man page (man qmail-control). However, I feel uncomfortable doing anything extended with qmail. I don't like the structure of the source code, you have to dig far into it before you understand how the things work.
Over the past, I've converted my personal boxes to run qmail. Why? There is no special reason. Perhaps, because sendmail is updated every once in a while, while qmail is at 1.03 since months (years?).
I'd recommened to try both - set up a personal system and play a little bit with each MTA. Learning to administer a system is the most fun sport in the world
Qmail is a much smaller mail server, and it lacks many of the features that most mail servers have today. It has no spam filtering whatsoever. For example, unlike sendmail, it does not verify the domain of the envelope sender, to make sure that it resolves in DNS. It has no support for the RBL, the current sendmail supports the RBL natively. Also, unlike sendmail, Qmail can't reject E-mail addressed a mailbox that doesn't exist. Qmail will accept the E-mail message, and then it will generate a "no such user" bounce internally.
But that's just the standard feature set. If you want extras like that, you'll be able to find a patch or an add-on, somewhere, because chances are that someone has already done it. Qmail's author has a reputation of being very inflexible, and over the last couple of years people have come up with a plethora of patches and hacks.
Qmail's biggest problem is sending E-mail to many recipients. If you have a large message with many addresses in the same domain, sendmail will connect to the receiving mail server once, and it will send one copy of the message. Qmail will connect multiple times, in parallel, and transmit a separate copy for each recipient. If you routinely send large messages to many addresses, you'll waste a lot of bandwidth. You can think of it this way: sendmail is optimized for saving bandwidth, Qmail is optimized for saving time. If you have good bandwidth available, Qmail will be faster. If you have limited bandwidth, and generate a lot of mailing list traffic, sendmail will be faster.
Don't overlook the security aspect. Sendmail is bloatware. It's been hacked, revised, and patched for years. There's so much bloat in there, Bill Gates is envious. If it weren't for sendmail's existing large user base, Eric Allman would be laughed off the Internet. On the other hand, Qmail is smaller and leaner, but it still provides the basic SMTP functionality. Although the source code is not very well commented, you'll be able to figure out how to get things done, if you need to patch it.
One of the nice features of Qmail is that it supports an alternate mail storage format, that's directory-based, instead of one huge file containing all your messages. If you do a lot of POP3 serving, you can save a lot of CPU cycles and disk activity with Qmail. Unfortunately, Pine does not natively support this storage format. But, again, there are patches for that out there.
There, that should give you a rough idea of the strengths and weaknesses of Qmail.
Help me out here. What is so special about SPAM filtering aside from accumulating a blacklist of SPAM accounts and sharing that list with other sites?
Have a chat with Pacific Bell Internet, who on one occasion had their mail servers go down due to a sudden burst of junk E-mail. Have a chat with AOL, where 30% of incoming mail is spam.
Spam filtering has become a de-facto requirement for a mail server, in my opinion. Sadly, this is one area where Qmail lags far behind the competition. For example, if my.dom.ain is IP 10.100.0.25, I can send mail to user@my.dom.ain, but not to user@10.100.0.25...
But you can to user@[10.100.0.25] which how the RFC specifies it.
But this is not what I'm talking about. What I'm saying is that unlike other MTAs, Qmail does not verify that the domain portion of the sender envelope address can be resolved via DNS. Do this: telnet to one of AOL's mail server, and try to do a MAIL FROM: .
It's not going to work. Although most of the spam today does have a forged return address that can be resolved via DNS, some of it still doesn't, and this simple check blocks it.
Since it is the envelope sender address which is supposed to receive any bounces, an MTA has a valid reason for rejecting mail if it knows that a any bounces would clearly not be deliverable.
Qmail had the advantage of having each user be able to set up a mailing list without root permission. Thus, the "foo" account could create mailing lists called foo-slashdot, foo-linux, foo-chickens, and foo-spam all without root permission.
For better functionality, there's ezmlm (EZ Mailing List Maker) which adds things like atuo-subscribe and unsubscribe, indexing, and all the other fun stuff you'd see in Majordomo, but all CLI driven - few files to edit.
I've found that Qmail works great for small machines, and installed them for domains where I have only a few accounts (or have to manage mailing lists). Larger sites may want the vast configurability of Sendmail instead.
True, but that is very easily helped by wrapping the qmail-smtpd with a small shell script.
Something like this will do it:
#!/bin/sh
if
then
export RELAYCLIENT="";
else
echo Possible spammer
fi
exec
Trivial, isn't it? How would you have done it with the old Sendmail?
I've worked with Qmail quite a lot and I really like the way you can have control over various stages of the mail delivery with simple shell scripts, Perl scripts or the occasional C program.
Qmail is made up out of small, well defined components, that together make for a fast and flexible mailsystem. In the *real* Unix tradition. Sendmail is more like Windows NT, big, bloated and hard to understand.
I have used Qmail in building a Linux based mail server together with the Cyrus Imap server. Tied together with some glue scripts & a backend mySQL database I am quite pleased with its performance.
If you're gonna be looking at alternatives to sendmail, you should also check out PostFix. (Used to be called Vmailer.) It was written by the same guy who wrote TCPWrappers.
I've never configured it myself, so I don't know how easy or hard it is, but you should have a look for yourself. We're running it at work, now, and it outperforms sendmail by a fairly large margin.
http://www.postfix.org/
If you do stay with sendmail, I stronly urge you to use M4.
Here's how to do it on a RedHat system:
First, create your mc file:
# cd
# cp redhat.mc myconfig.mc
# vi myconfig.mc
Customize it using information found on the links from www.sendmail.org. Pray for divine inspiration.
Now build a cf file:
# cp -p
# m4
#
Good luck!
Check this site
www.harker.com/webgencf
wayout
I tried once qmail and qmail-pop, It isn't a mature MTA as sendmail, and all that insecure hype about sendmail is way in the past. (I hope :)
In qmail I don't like that thing about running a lot of shells, C programs or whatever to achieve the same features in other MTA's, I'm afraid that it's too hacky and decrease performance, mostly in the POP server.
The mailbox format of qmail is very nice, but you can use it with sendmail anyway, just need to change the local delivery agent behaviour (mail.local) to use it and set up the qmail POP client. By the way, hacking it a few, you can get it to authenticate by itself and use the virtual e-mail hosting capabilities of sendmail. Very nice.
The bottom line is: Sendmail is very mature and it has been optimized for network bandwidth use. The configuration files are somewhat cryptic until you learn how they work (get a copy of the bat book or go to sendmail.org and look for common configuration issues), you'll see that you can do almost anything from there.
Every MTA mentioned is really meant for a large, permanently connected site. We all use them on our standalone machines with a modem, or on our small networks. But it's both overkill and inadequate at the same time. We're using a big, high volume tool for inherently low volume usage. In addition, the modem user is (usually, most of us don't have our own domains) ALWAYS masquerading, and some of us must masquerade more than the domain, and may need to masquerade in different ways depending on which services we're using. Existing mailers often can adapt to this, but not very gracefully or easily.
Qmail is the best if you want something secure and easy to configure. I was able to set it up in about an 2 hours compared to 2 days with sendmail, and I still didn't have sendmail working how I wanted it.
.forward with the dot-forward package, you can use procmail or what ever one you want. You can use the /var/spool/mail setup all you have to do is change a setting in the /var/qmail/rc file. It contains great documentation.
/v/s/m
It will do many of the things that sendmail does - you just need to download some additional packages. Qmail will do
It has some spam filtering abilities with add-on packages. I am using it on a dial-up connection and masquerading as another user and machine. It will work with pine, just just need to set some env variables and use
I agree, I use Qmail with ~500 users (not an ISP, but a university building), and it works very well as an MTA in combination with the excellent Cyrus Imap server.
In that case, the domains are not valid! Don't forget 'resolution' can mean looking at MX records...
What are the licensing issues associated with either? I thought there were problems with qmail... or am I getting confused with exim?
i love it,
i had the sysadmin create a special qmail account for me
this lets me configure all the users for the domian
w/o restarting anything and w/o becoming root
it's really nice to be able to just create a new account
on the fly. it's also nice to have a default forward
now whenever i signup for a site i go w/
sitename@mydomain.com
that way i keep kinda track of who is selling mailing lists
and if i'm tired of getting it i just set that user
so it bounces.
again, this is for a small domain (5 users)
henri
Posted by chiem:
BS.
"Add-ons" can be found where you find qmail, at www.qmail.org.
The right way is not to patch tcpserver as tcpserver is merely an interface between TCP/IP connections and STDIN/STDOUT of programs. Tcpserver is from the same author as qmail.
And as the original message stated, qmail-smtpd does not need to be patched.
Notice the original message asked about the "old" sendmail, where there wasn't a "FEATURE(RBL)".
Posted by chiem:
Everyone keeps mentioning that Sendmail is more mature and Qmail works great, but for small domains.
I don't buy this. I haven't found a case Sendmail fits better than Qmail. Qmail is smaller, yes. Faster, yes. More secure, yes. More configurable, yes.
I don't see how an MTA which forks a massive copy of itself for every duty can outperform an MTA which has different binaries for handling different tasks.
I've used Qmail for an ISP to handle mail for ~1500 domains, and it worked flawlessly. Sendmail couldn't keep up on our hardware.
You're free to modify and redistribute sources but not binaries.
--
Xenu loves you!
Open source, very easy to configure, quite secure. Big installations would probably prefer Postfix but I like exim and run it at home and so (now) do all my friends - I also hacked up a mailing list manager for it.
http://www.exim.org/
--
Xenu loves you!
I tried both Qmail and Sendmail and in the end found Sendmail easier to work with and configure. Despite what people have said about configuring Sendmail the excellent documentation at www.sendmail.org helped a lot.
I've also written install scripts for both Qmail and Sendmail. The latest script for Sendmail supports release 8.9.2 of that program.
Get them at my homepage above.
That way you can try both programs!
Donncha.
I've never actually used sendmail, but I've looked at the config files, and they look nasty. sendmail also is a big suid root, sgid bin binary which scares me to death.
qmail is easier to configure, a whole lot more secure (from a design standpoint, I neither know nor care how many holes are actually left in sendmail), and allows users to admin their own lists (which is quite useful). It, however, is not a sendmail replacement. It doesn't use .forward (which all of your users probably use), it doesn't use /var/spool/mail (or the incorrect /usr/mail, /var/mail or /var/spool/mail) but instead insists on putting mail in the users home directory. It also lacks some of the more obscure features of sendmail (such as mail to news gateways). I would say that qmail is just fine if you're the only user of your system or if you have all very educated users. qmail's license prohibits redistribution differing from the original package unless said distribution is approved by the DJB (the author)
Postfix (www.postfix.org) is a new mailer by Wietse Venema co-author of SATAN and author of TCP Wrappers and it's very cool. It was designed from the ground up to be secure. It has an extremely easy to use configuration syntax allows for mail to be places either under the users name in a specified directory (/var/spool/mail) or under a specified name in the users directory, and allows for mbox or maildir formatted mailboxes (most people use mbox, but maildir has better integrity). It also is extremely flexible and can (I believe) do everything that sendmail can at this point. It also allows for users to maintain their own lists. Basically the only reason I would suggest you choose something other than postfix is that postfix is currently in Beta and still under development. (Note that I'm not saying it's not stable. I've been running it and it appears quite stable and secure to me, but it is beta software) postfix is licensed by IBM and the license is sort of odd: it tries to guarantee that the source will be available but makes if very clear that all changes are to be available.
In summary:
I use sendmail because linuxconf will generate all your configuration files for you. It even does virtual hosts. So grab sendmail and linuxconf:
http://www.solucorp.qc.ca/linuxconf/
I've been using qmail for a couple years and it works great. It does feature SPAM filtering and prevention techniques, though some of them aren't distributed with the man package. However from being on the qmail mailing list for a while I can tell you SPAM prevention was a big focus.
Additionally when paired with serialmail qmail runs really well over modem links. You can setup a virtualdomain to hold mail in a queue until a user connects and then flush the mail to the users personal linux box for delivery into user's mailboxes. I realize this can be done with other tools, but qmail does this easily and it works great.
Also regarding a POP server, personally I use a patched version of the University of Washington's POP/IMAP server and it runs really well. I know a large ISP who does this as well.
Finally you may be interested to know that there are some very large sites on the net using qmail, or at least they appear to be (you never know for sure). I believe Rocketmail (or maybe it was hotmail), and Internic were both believed to be using qmail.
Overall I highly recommend using qmail, it runs great and is easier to configure than sendmail.