Qmail -- Secure, high-performance MTA for Linux, UNIX and BSD systems.

By ServerWatch Staff (Send Email)
Posted June 24, 2002

Qmail is an Internet Mail Transfer Agent (MTA) written by Dan Bernstein for Unix, Linux, and BSD operating systems. As a replacement for the sendmail system provided with virtually every UNIX server, qmail functions uses the Simple Mail Transfer Protocol (SMTP) to exchange messages with MTAs on other systems.

Qmail promises four things over sendmail and other MTAs: security, performance, reliability and simplicity.  Being more secure than sendmail is not a major issue.  Sendmail is many years old, and is known to be very insecure. Performance is enhanced through the use of a system that allows 20 messages to be sent simultaneously, while reliability is boosted by the use of small, yet strictly performing modules that guarantee that once a message is received, it will get to its designation. Bernstein also claims that qmail is simpler than any other similarly performing competitor because it is small.

Qmail is in fact much more secure than Sendmail. Qmail is made up of separate modules that each perform a specific task.  Each of the separate modules are paranoid of each other; they each run at different security levels and do not trust one another to ensure that they perform correctly.  This prevents a malicious user from taking over the whole qmail system by taking over just one potion of it.  Because each module runs at a different security level, a malicious user would have to take over each module independently, which would require access to each level (names and passwords).

Thanks to the use of the ucspi-tcp module, qmail can outright refuse connections from known abusers.  To prevent the use of the SMTP server for use in the multinational SPAM network, qmail provides advanced relay controls that help stop unauthorized relaying by outsiders.

Qmail makes use of what it calls a split queue directory.  This ensures that there is no performance slow down when the queue gets very large.  If a message failed to be delivered, qmail uses a quadratic back-off scheme (similar to broadcast networks such as Ethernet) so that older messages (that have been known to fail) do not take up so much time in the queue.

Because each separate module doesnt naturally assume that the data it receives from another module is correct, its error handling is much more robust than most other MTAs on the market.  By doing a small amount of specific work, and then handing messages off to other modules qmail can work like an efficient assembly line churning out email like Ford Model Ts.

Although qmail claims to be simple, that is not entirely correct.  Because qmail has so many different modules (six in the core itself) it can get confusing to anyone that is not a *nix expert.  Although each module itself is simple, their interaction can be like that of a major ballet, neural network, or anything highly coordinated and complex.  Qmail is the perfect replacement for sendmail if an administrator is looking for something more robust and secure, but is willing to spend some time researching its function.

Pros: 7 Fast, 7 Free, 7 Secure

Cons: 7 Slightly complicated


Version Reviewed: 1.03
Reviewed by: M.A. Dockter
Last Updated: 12/10/01

Operating Systems / Latest Versions:

Linux, UNIX, BSD

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.