sendmail: Complete mail server with both open-source and commercial flavors
At the beginning of the Internet, there was sendmail. Now, there are other mail transport agents, both open source and commercial. Does the granddaddy of e-mail servers still have what it takes to dominate this space?
In the beginning, there was sendmail. Then there was light. And maybe some water after that. Network e-mail in the 1970s was popular but piggybacked over existing protocols designed for other tasks. In addition, protocols between computing systems were incompatible, limiting the scope of e-mail communications to “network islands” that shared the same language.
To help bridge this gap, Eric Allman developed a program called delivermail while at the University of California at Berkeley in 1979. The program enabled mail to be transported between particular but incompatible networks. Shortly thereafter, two changes helped ease the transport of e-mail across networks — the migration to TCP packet communications and the refinement of the SMTP protocol specifically designed to describe electronic mail.
In response, Allman evolved his initial effort into sendmail, which shipped with BSD 4.1c in 1983. Although Allman did not return his attention to sendmail development until 1990, the widespread adoption of Unix-based operating systems in network server environments established sendmail as the de facto mail transport agent (MTA).
(An MTA’s primary responsibility is to deliver mail to local recipients and send outgoing mail. Today’s MTAs are also designed to perform a variety of processing in between, especially in defense against spam and virus-laden messages.)
Although sendmail is the granddaddy of Internet e-mail servers, it continues to exert significant influence. Nobody really knows just how many servers currently rely on sendmail, but the figure probably hovers between 50 percent and 60 percent, depending on what methodology is used to measure. Surveys suggest, however, that sendmail usage is on the decline, as a variety of competing mail servers have entered the market in recent years.
Critics of sendmail, and there are many, will readily point out its weaknesses. For one, sendmail has a long history of security vulnerabilities that have been exploited. Some argue this is a function of design weaknesses; others suggest that the most popular platform is often the highest target of malice. Sendmail is also notoriously difficult to configure. In the right hands, however, it is extremely powerful and highly flexible .
In addition to facing competition from other vendors, and even other open-source products, such as qmail and postfix, a curious thing happened in 1998: sendmail began to compete with itself. Specifically, Eric Allman co-founded Sendmail, Inc., a commercial venture, with the hopes of selling a commercial flavor of sendmail, while the free and open-source version continued to evolve and be widely available. And that remains the shape of sendmail today. A free, open-source version is available for many Unix-like platforms, and the company Sendmail, Inc. builds and sells commercial packages.
The basic open-source flavor of sendmail is generally compiled by the server administrator. Its configuration files are entirely text-based and are built around a configuration language specific to sendmail. Entire books have been written on the subject, and they are imperative reading for admins who wish to deploy the open-source sendmail in a production environment.
Without proper knowledge comes unacceptably high risks in exposing the server to compromise. For example, sendmail versions prior to 8.9 defaulted to allowing “promiscuous” relaying: A spammer from outside the network could use the sendmail server to deliver spam. This was, in fact, a common method of sending spam and is a prime example of why sendmail installations require regular maintenance to stay up-to-date.
You may be asking why use the freeware, open-source sendmail at all? For one thing, it is free. For another, it’s also extremely robust, reliable, and scalable. Do not confuse sendmail’s freeware status with it being some kind of toy — in fact, it’s just the opposite. This complexity is precisely why Sendmail, Inc., the commercial company was born. Sendmail, Inc.’s core product is Sendmail Switch. In addition to its Unix-like platforms, this commercial flavor of the MTA supports Windows NT4 and 2000. Sendmail, Inc. has also added a plethora of enhancements to the basic open-source engine, including configuration wizards, testing tools, monitoring, reporting, and quarantines.
Sendmail, Inc. also packages the MTA within larger suites, such as Mailstream Manager, Mailcenter, and Workforce Mail. In general, these suites provide high-level management controls over anti-spam and anti-virus defenses, as well as large scale mail management coordination, such as policy enforcement and advanced routing. Graphical interfaces and commercial support serve to greatly ease adoption and ongoing maintenance compared to freeware sendmail.
So why choose either version of sendmail now that competitors have come to market? In the open-source arena, sendmail faces increased competition from both qmail and postfix, both of which have suffered fewer compromises and are easier to administer. Indeed, adoption of these is on the rise, although sendmail still enjoys the largest support and development community. The commercial sector is filled with many competing mail servers, a number of which are specifically designed for Windows-based servers. Windows-based mail servers have matured quickly and enjoy many of the same performance benefits of sendmail with high ease of administration. It’s fair to say that the commercial sendmail products compete at the higher end and are most valuable to
organizations operating very large scale e-mail networks.
Pros: The most widely used mail server on the Internet; Ample available support; Freeware version enjoys active development and is extremely powerful and configurable; Commercial version offers support plus management and configuration tools.
Cons: Freeware version is complex to configure and a frequent target of hackers the world over; Commercial version faces stiff competition, especially on the Windows platform.
Reviewed by: Aaron Weiss
Original Review Date: 3/26/2004
Original Review Version: 8.12.11