Default MTA
There have been long debates on what (if any) should be the default MTA for Debian. The options still considered are:
?Keep Exim as default
?Switch to Postfix as default
Switch to DragonFly Mail Agent (DMA) as default (AndreiPopescu)
?remove the MTA from Standard
What follows is an old summary of the situation. Still relevant content should be moved to one of the subpages above and the rest deleted.
Contents
- Postfix and Exim4 both are good MTAs for the distribution default.
- Sendmail is as good if you know it well already.
- There are other choices ...
- There should be no MTA in Standard (i.e. default install)
"All things being nearly the same, do use what you know best how to operate and configure" is what really should drive one to choose between exim and postfix (and apparently, sendmail). (the old sysadmin axiom per Henrique de Moraes Holschuh)
ML discussion
Time |
site |
Reference |
2003-07-15 |
d-d |
default MTA for sarge: exim -> exim4 ? |
2006-03-12 |
d-u |
default MTA:default MTA in etch? exim, postfix? |
2007-09-14 |
u-d |
|
2007-10-24 |
d-d |
|
2007-11-12 |
d-d |
MTA comparison (postfix, exim4, ...) = This page. |
2013-05-28 |
d-d |
Since <insert date> exim4 has been the default for Debian, although many Debian services use postfix now (See the "Debian servers" section below).
Comparison
2007-03 |
|
2003-11 |
Please note that some of the old negative comments have already been resolved.
Exim4
All 5 options supported:
- internet site; mail is sent and received directly using SMTP,
- mail sent by smarthost; received via SMTP or fetchmail,
- mail sent by smarthost; no local mail,
- local delivery only; not on a network,
- no configuration at this time
Default: local delivery only; not on a network
Positive points:
- Flexible.
- Small footprint (VSZ=41,324 RSS=1,008)
- the "don't fix it if it ain't broken" principle suggests keeping Exim4.
- single binary allows secure mail handling (no need to pass things from one part to the other via command line and having all information of the mail available for policy decisions) (note: see negative points for a counter-argument for this).
- well-structured configuration language, making changes to it straight forward (note: see negative points for a counter argument for this).
Negative points:
- Support community limited outside of Debian
- Although powerful and relatively readable than sendmail.cf, its configuration is too extensive and too flexible to understand at a glance.
$ grep -v -e '^ *#' -e '^ *$' exim4.conf.template |wc -l 657
(does this include also general defaults that are normally not touched?)
- Single binary doesn't allow for security isolation
- From exim manual: Though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, 8BITMIME option is turned off by default.
Exim4 uses gnutls for providing TLS. The maintainer finds gnutls no ready for such usage. The GNUTLS upstream disagrees and has provided active help. Upstream uses OpenSSL, which is not gpl (but exim allows linking it). Nevertheless the openssl/exim combination might prove problematic when linking other gpl stuff in.
- Has not been certified by any 3rd party for security (has had 7 CVEs issued in the last 8 years (date needed), and 4 DSAs)
- Doesn't have a scheduler, limiting load robustness
Postfix
All 5 options supported:
- No configuration:
- Should be chosen to leave the current configuration unchanged.
- Internet site:
- Mail is sent and received directly using SMTP.
- Internet with smarthost:
- Mail is received directly using SMTP or by running a utility such as fetchmail. Outgoing mail is sent using a smarthost.
- Satellite system:
- All mail is sent to another machine, called a 'smarthost', for delivery.
- Local only:
- The only delivered mail is the mail for local users. There is no network.
Notable points:
Core development principle: security (Recently certified alongside 11 other projects in the most secure rung by Coverity, has had 3 CVE's issued in the last 8 years (need time period), only requiring 2 DSAs)
- Core development principle: speed and efficiency (Given SSD disk, 1Gbps network, 4x Opteron Server postfix can do over 2,000 messages per second, and over 7 million messages per hour)
- Core development principle: modular (if 7 million messages/hr is too slow, the queue manager can be split into multiple processes that read messages from the incoming queue and a simpler scheduler can be isolated that doesn't spend time reading queue files)
- Has an in-memory scheduler queue, enabling it to be more robust under load than exim and sendmail. Sendmail 8 does have a scheduler if you use the right "Delivery" mode, however it is very simple and not 'instantaneous', Postfix's queue manager handles parallel processing of distinct remote and local destinations in a single multi-recipient email.
- Has advanced connection-rate, load and rate limit throttling, also per destination delivery concurrency knobs
- Has pre-allocated in-memory queue groups instead of expensive on-disk queues
- Has parallel delivery for multiple transports as well as by destination within each transport
- Simple configuration
- Wide community support outside of Debian, very popular with other distributions and is very active upstream
- Modular binary design provides lowest privilege set needed to fulfill its task.
$ postconf |wc -l 532
(this also includes built-in defaults, the output of postconf -n on a "local mail only" system would probably be better to compare)
Negative points:
- Although there are many small binary daemons involved in running postfix, the memory footprint is larger than exim4 (memory data needed to back this claim)
- SMTP-AUTH server and clients require external programs and may require hassle to work with chroot. The Debian package comes chrooted by default, which upstream is unhappy with
- (opinion from exim user) multiple programs causes security problems if you want to pass information along (as that way untrusted payload can end up in the command line)
- (opinion from exim user) inflexible ad-hoc configuration where one has to use features in originally unintended ways, meaning any non-trivial setup is both very hard to write and very hard to understand, a slight change of policy can mean one has to totally change the config.
- (opinion from exim user) due to postfix split in different small programs, configuration is much harder, as one has to understand which program does what and has which information.
- (opinion) I think debconf question is easier for user with exim4.
(opinion) Smart hostname entry dialog (450787)
(opinion) Smarthost set up and myorigin (434262)
Sendmail
Positive points:
- Someone please fill this in
Negative points:
- Difficult configuration
- No parallel processing of distinct remote destinations in a single multi-recipient email.
- No parallel processing of multiple local recipients in a single multi-recipient email.
- Broken "QueueLA" or "RefuseLA", these always compound load issues leading to congestive collapse. And Sendmail's connection rate throttling is either not useful (see below) or overly aggressive.
- Sendmail lacks a queue manager. If you don't use "Queue-Only" scheduling, there is no effective control over delivery concurrency and both the local and remote systems will be overloaded. Queue-Only is unacceptably slow. The load and rate limits work poorly.
- Sendmail uses two queue files for each message, this doubles I/O cost. It also creates various "xf", "tf", and other temporary files during delivery that also increase disk I/O cost.
dma
- local mail
- forwarder with own queue
Positive points:
- very small and simple
- not listening on the network (not even local)
Negative points:
697871 - dma generated headers misses the domain part (violates section-3.4.1 of rfc2822)
671364 - dma package uses outdated (2 y/o) upstream dma version
Ssmtp
No local mail. -> Not good enough.
According to the documentation:
This is sSMTP, a program that replaces sendmail on workstations that should send their mail via the departmental mailhub from which they pick up their mail (via pop, imap, rsmtp, pop_fetch, NFS... or the like). This program accepts mail and sends it to the mailhub, optionally replacing the domain in the From: line with a different one.
TLS support from Tobias Rundstrom <tobi@tobi.nu>
IPv6 support from Jun-ya Kato <kato@goto.info.waseda.ac.jp>
MD5 authentication support from TAKIZAWA Takashi <aki@luna.email.ne.jp>
Nullmailer
* No local mail. -> Not good enough. * 329192 -> Lacks mechanisms for responding to permanent failures, backing off retry frequency and timing out messages in the queue.
According to the documentation:
Nullmailer is a replacement MTA for hosts, which relay to a fixed set of smart relays. It is designed to be simple to configure and especially useful on slave machines and in chroots.
The sendmail interface of this package doesn't provide the -bs switch, hence it's not LSB compatible!
- AUTH supported
- No TLS/SSL?
no MTA at all
Positive points:
- 0 install size :p
- reduced complexity (no listening daemon, etc.)
- nobody is reading local mail anyway
Negative points:
- many programs still insist on sending local mail (cron, smartd, etc.). These would need to be dealt with (patched, default configuration changed, etc.)
- there currently is no other way for the system (i.e. programs above) to inform the admin about problems
Benchmark run
Since I do not care about delivery speed, I compare memory foot print etc. Basically, both of them are small in comparison to one xterm or fetchmail.
Running postfix
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 109 3186 0.0 0.2 116756 2480 ? S<s 09:29 0:02 /usr/bin/fetchmail -f /etc/fetchmailrc --pidfile /var/run/fetchmail/fetchmail.pid -d 300 --syslog root 3527 0.0 0.2 36692 2280 ? Ss 09:29 0:00 /usr/lib/postfix/master postfix 3535 0.0 0.2 38788 2316 ? S 09:29 0:00 qmgr -l -t fifo -u postfix 3710 0.0 0.3 41244 3096 ? S 09:29 0:00 tlsmgr -l -t unix -u -c postfix 23008 0.0 0.2 38748 2180 ? S 21:08 0:00 pickup -l -t fifo -u -c
- RSS: resident set size, the non-swapped physical memory that a task has used (in kiloBytes).
- VSZ: virtual memory size of the process in KiB
Switch: postfix -> exim4
--\ Packages being automatically installed to satisfy dependencies ciA exim4-base +1675kB <none> 4.68-2 ciA exim4-config +1004kB <none> 4.68-2 ciA exim4-daemon-light +922kB <none> 4.68-2 --\ Packages being deleted due to unsatisfied dependencies id postfix -2830kB 2.4.6-1 2.4.6-1 --\ Packages to be installed ci exim4 +57.3kB <none> 4.68-2 --\ Packages to be removed id postfix-doc -2933kB 2.4.6-1 2.4.6-1
Running exim4
exim4-base contains many documentation in text. So it is really, exim4-config + exim4-daemon-light.
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 100 25758 0.0 0.1 41324 1008 ? Ss 22:14 0:00 /usr/sbin/exim4 -bd -q30m 109 25805 0.0 0.2 116760 2452 ? Ss 22:15 0:00 /usr/bin/fetchmail -f /etc/fetchmailrc --pidfile /var/run/fetchmail/fetchmail.pid -d 300 --syslog
Wow, exim4 is smaller.
Switch: exim4 -> postfix
--\ Packages being automatically installed to satisfy dependencies ciA postfix +2830kB <none> 2.4.6-1 --\ Packages being deleted due to unsatisfied dependencies idA exim4-config -1004kB 4.68-2 4.68-2 idA exim4-daemon-light -922kB 4.68-2 4.68-2 --\ Packages to be installed pi postfix-doc +2933kB <none> 2.4.6-1 --\ Packages to be removed ip exim4 -57.3kB 4.68-2 4.68-2 ipA exim4-base -1675kB 4.68-2 4.68-2 ip exim4-doc-html -3465kB 4.67-1 4.67-1 id exim4-doc-info -598kB 4.67-1 4.67-1
Popularity
(Is this section even relevant? It should probably be removed -- AndreiPopescu 2012-06-08)
Maybe ... anyway numbers are outdated. So table is replaced by a pointer.
Popcon report and install size
List of MTA (V for vote, I for installing per cent of popcon reports):
Updated list is available at:
(This is updated for every upload og debian-reference.)
Due to default nature of exim4 over postfix, exim4 runs mostly on many Debian popcon participants. The exim4-daemon-light beats postfix, almost 5:1 .
exim4-daemon-heavy is only 12% bigger than exim4-daemon-light but less than 50% of postfix size. exim4-conf is needed and this doubles these exim4 install sizes. Thus all these 3 are about the same size.
Only ssmtp has significant size advantage. Both exim4 nor postfix are not so big and they come with fat documentation.
Debian servers
service |
MTA |
BTS |
rietz.debian.org with local (Exim 4.50) |
LISTS |
murphy.debian.org (Postfix) |
Debian testing watch |
franck.debian.org with local (Exim 4.72) |
,, 2nd step (PTS?) |
puccini.debian.org (Postfix) |
Mailing list posters
Quick random sampling from the d-i, d-d lists etc. to check what softwares are described in the mail header for knowledgeable people. (November 11, 2007.)
list |
person |
MUA |
MTA |
debian-boot |
Gürkan Sengün <gurkan@linuks.mine.nu> |
Thunderbird 2.0.0.6 (X11/20070728) |
wiggis.ethz.ch (Postfix) |
debian-boot |
Holger Levsen <holger@layer-acht.org> |
KMail/1.9.5 |
alpha.holgerlevsen.de (Postfix) |
debian-devel LSB-ize |
Daniel Baumann <daniel@debian.org> |
Mozilla-Thunderbird 2.0.0.6 (X11/20071009) |
mail.unable-to-package.org (Postfix) |
debian-boot |
Josselin Mouette <joss@debian.org> |
Evolution 2.12.0 |
diva.malsain.org with esmtpsa (SSL 3.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) |
debian-boot |
Steven Demetrius <steven.demetrius@fiwwi.com> |
Icedove 1.5.0.12 (X11/20070607) |
host183.canaca.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) |
debian-devel LSB-ize |
Marc Haber <mh+debian-devel@zugschlus.de> |
Forte Agent 1.8/32.548 |
scyw00225.scy001.de with smtp (Exim 4.68) |
debian-boot |
Robert Munyer <5082149469@spambob.net> |
KMail/1.7.1 |
smtp.afn.org (8.14.0/8.14.0) with ESMTP id lA2Cun7l001170; |
debian-boot |
Alexander <alex.golovin@mail.ru> |
Evolution 2.6.3 |
external ISP |
debian-boot |
Andrew Reid <reidac@bellatlantic.net> |
KMail/1.9.5 |
external ISP |
debian-boot |
"BRIAND, Michel M" <michel.m.briand@airbus.com> |
Evolution 2.10.3 |
external ISP |
debian-boot |
Frans Pop <elendil@planet.nl> |
KMail/1.9.7 |
external ISP |
debian-devel mlocate |
Josh Triplett <josh@freedesktop.org> |
Mozilla-Thunderbird 2.0.0.6 (X11/20071009) |
external ISP |
debian-devel |
Luk Claes <luk@debian.org> |
Mozilla-Thunderbird 2.0.0.6 (X11/20071009) |
external ISP |
-- |
-- |
-- |
-- |
debian-boot |
Bastian Blank <waldi@debian.org> |
Mutt/1.5.13 (2006-08-11) |
wavehammer.waldi.eu.org (Postfix, from userid 1000) |
debian-boot |
Charles Plessy <charles-debian-nospam@plessy.org> |
Mutt/1.5.13 (2006-08-11) |
kunpuu.plessy.org (Postfix, from userid 1000) |
debian-boot |
Christian Perrier <bubulle@debian.org> |
Mutt/1.5.16 (2007-06-11) |
mykerinos.kheops.frmug.org (Postfix, from userid 1000) |
debian-boot |
dann frazier <dannf@debian.org> |
Mutt/1.5.16 (2007-06-11) |
krebs (Postfix, from userid 20800) |
debian-boot |
Geert Stappers <stappers@stappers.nl> |
Mutt/1.5.16 (2007-06-11) |
gpm.stappers.nl (Postfix, from userid 1000) |
debian-boot |
Joey Hess <joeyh@debian.org> |
Mutt/1.5.16 (2007-06-11) |
kodama.kitenet.net (Postfix, from userid 1000) |
debian-boot |
Kurt Roeckx <kurt@roeckx.be> |
Mutt/1.5.16 (2007-06-11) |
intrepid.roeckx.be (Postfix, from userid 1000) |
debian-boot |
Martin Michlmayr <tbm@cyrius.com> |
Mutt/1.5.16 (2007-06-11) |
deprecation.cyrius.com (Postfix, from userid 1000) |
debian-boot |
Otavio Salvador <otavio@debian.org> |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.95 (gnu/linux) |
nullmailer pid 32489 invoked by uid 1000 -> freedom.ind.br (Postfix) |
debian-boot |
Sam Couter <sam@couter.id.au> |
Mutt/1.5.16 (2007-06-11) |
laptop.tekno.house (Postfix, from userid 1000) |
debian-devel CUPS |
Steve Langasek <vorlon@debian.org> |
Mutt/1.5.13 (2006-08-11) |
dario.dodds.net (Postfix, from userid 1000) |
debian-devel CUPS |
Bernd Zeimetz <bernd@bzed.de> |
Mozilla-Thunderbird 2.0.0.6 (X11/20071009) |
mail.recluse.de (Postfix) |
debian-devel CUPS |
Russ Allbery <rra@debian.org> |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
windlord.stanford.edu (Postfix, from userid 1000) |
debian-devel CUPS |
Joey Hess <joeyh@debian.org> |
Mutt/1.5.17 (2007-11-01) |
kodama.kitenet.net (Postfix, from userid 1000) |
debian-devel |
Raphael Hertzog <hertzog@debian.org> |
Mutt/1.5.16 (2007-06-11) |
soleymieux.ouaza.com (Postfix, from userid 1000) |
debian-devel |
Clint Adams <schizo@debian.org> |
Mutt/1.5.16 (2007-06-11) |
acolyte.scowler.net (Postfix, from userid 1000) |
debian-project |
Joerg Jaspert <joerg@debian.org> |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
ganneff.de (Postfix) |
debian-boot |
Davide Viti <zinosat@tiscali.it> |
Mutt/1.5.17 (2007-11-01) |
zino by localhost with local (Exim 4.68) |
debian-boot |
Robert Millan <rmh@aybabtu.com> |
Mutt/1.5.13 (2006-08-11) |
rmh by thorin with local (Exim 4.63) |
debian-devel mlocate |
Adeodato Simó <dato@net.com.org.es> |
Mutt/1.5.17 (2007-11-01) |
from userid 1000 by plumber with local (Exim 4.68) |
debian-devel LSB-ize |
Hamish Moffatt <hamish@debian.org> |
Mutt/1.5.17 (2007-11-01) |
hamish by noddy.cloud.net.au with local (Exim 4.68) |
debian-devel LSB-ize |
Wouter Verhelst <wouter@debian.org> |
Mutt/1.5.16 (2007-06-11) |
wouter by grep.be with local (Exim 4.68) |
debian-devel |
Lionel Elie Mamane <lionel@mamane.lu> |
Mutt/1.5.16 (2007-06-11) |
master by capsaicin.mamane.lu with local (Exim 4.68) |
debian-devel |
"Francesco P. Lovergine" <frankie@debian.org> |
Mutt/1.5.16 (2007-06-11) |
frankie by localhost.localdomain with local (Exim 4.68) |
debian-devel |
Florian Weimer <fw@deneb.enyo.de> |
??? |
fw by deneb.enyo.de with local (Exim 4.68) |
debian-user |
Dirk Eddelbuettel <edd@debian.org> |
VM 7.19 under Emacs 21.4.1 |
ron.nulle.part with local (Exim 4.67) |
debian-user |
John Hasler <jhasler@debian.org> |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) |
john by toncho.dhh.gt.org with local (Exim 3.36 #1 (Debian)) |
debian-user |
Steve Kemp <skx@debian.org> |
mutt-ng/devel-r804 (Debian) |
steve by skx.xen-hosting.net with local (Exim 4.63) |
debian-project |
Ian Jackson <ian@davenant.greenend.org.uk> |
VM 7.03 under Emacs 19.34.1 |
ian by davenant.greenend.org.uk with local (Exim 3.36 #1) |
debian-project |
Josip Rodin <joy@entuzijast.net> |
Mutt/1.5.13 (2006-08-11) |
joy by keid.carnet.hr with local (Exim 4.63) |
debian-project |
Marc 'HE' Brockschmidt <he@ftwca.de> |
Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.20 (linux) |
pindar.localnet with esmtp (Exim 4.68) |
debian-project |
Stephen Gran <sgran@debian.org> |
Mutt/1.5.13 (2006-08-11) |
steve by hadrian.lobefin.net with local (Exim 4.63) |
debian-boot |
Jim Paris <jim@jtan.com> |
Mutt/1.5.13 (2006-08-11) |
neurosis.jim.sh (8.13.8/8.13.8/Debian-2) |
debian-devel LSB-ize |
Andreas Tille <tillea@rki.de> |
PINE? |
m2.fw.bln.ivbb.bund.de (8.13.8/8.13.8) |
debian-devel LSB-ize |
Manoj Srivastava <srivasta@debian.org> |
Gnus/5.110007 (No Gnus v0.7) Emacs/23.0.50 (gnu/linux) (x86_64-unknown-linux-gnu) |
anzu.internal.golden-gryphon.com (8.14.2/8.14.2/Debian-1) |
debian-user |
Daniel Burrows <dburrows@debian.org> |
Mutt/1.5.17 (2007-11-01) |
|
debian-boot |
Felipe Augusto van de Wiel <faw@funlabs.org> |
Mutt/1.5.13 (2006-08-11) |
qmail 12732 invoked by uid 1000 |
-- |
-- |
-- |
-- |
debian-devel mlocate |
Andreas Metzler <ametzler@downhill.at.eu.org> |
tin/1.9.2-20070201 ("Dalaruan") (UNIX) (Linux/2.6.22-3-amd64 (x86_64)) |
local (Gmexim 0.1 (Debian)) |
debian-devel LSB-ize |
Petter Reinholdtsen <pere@hungry.com> |
Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (usg-unix-v) |
saruman.uio.no with local (Gmexim 0.1 (Debian)) |
-- |
-- |
-- |
-- |
debian-boot |
Steve Langasek <vorlon@debian.org> |
devscripts |
minbar.dodds.net (Postfix, from userid 1000) |
debian-boot |
Wolfgang Schnitker <wolfgang.schnitker@gmx.de> |
reportbug 3.31 |
rocket2.schnitti.de (Postfix, from userid 1000) |
debian-devel |
Nico Golde <nico@ngolde.de> |
netcat 1.10 |
ngolde.de (Postfix, from userid 1000) |
debian-project |
MJ Ray <mjr@phonecoop.coop> |
Heirloom mailx 12.2 01/07/07 |
nail.towers.org.uk (Postfix, from userid 1000) |
debian-boot |
"Dr. David Alan Gilbert" <linux@treblig.org> |
reportbug 3.31 |
mx.treblig.org with local (Exim 4.63) |
debian-boot |
Kumar Appaiah <akumar@ee.iitm.ac.in> |
reportbug 3.39 |
kumar by localhost.localdomain with local (Exim 4.67) |
debian-boot |
Nis Martensen <nis.martensen@eev.tu-darmstadt.de> |
reportbug 3.31 |
nmartensen by pc23.eev.e-technik.tu-darmstadt.de with local (Exim 4.63) |
-- |
-- |
-- |
-- |
debian-boot |
Steve Kleene <skdeb@syrano.acb.uc.edu> |
??? |
syrano.acb.uc.edu (8.13.8/8.13.8/Submit) |
For mutt/Gnus users both exim4 and postfix are quite popular to run on local machines (smart host with internet or satellite). They are 1:1 ratio.
For GUI MUA, many do not seem to use local MTA but connect to remote ISP or their own server directly. (possibly they have some dummy MTA on workstation.)
d-i folks seems to like postfix more.