Focus: Mail Servers
The Mail Server landscape

More than 70 percent of Internet traffic is e-mail which provides an easily available window to spread malicious content and breach security. A study of the available mail servers can help decide the right fit for your enterprise. by Seamus Phan

E-mail has become as habitual as picking up a phone to make a call to someone. To put things in perspective, more than 70 percent of the Internet traffic is still e-mail. According to Forrester Research, an estimated 250 billion e-mail messages will be sent in 2002, an increase of 100 percent from 1998.

Although e-mail seems easy to manage and use, there have been escalated incidents where e-mail plays a critical part in disabling and slowing down corporate Internet connectivity, through the spreading of malicious content such as macros, worms, Trojans, and spam. Therefore, it is obvious that e-mail technology has not evolved to the stage where usage can become transparent and streamlined, without much hassle and frustration to users and administrators alike.

The old school
If you come from the Unix environment, you may already be familiar with the venerable Sendmail (www.sendmail.org), probably one of the oldest and still widely used Mail Transfer Agents (MTA) around today. Since Sendmail is free, the Unix community has almost universally adopted it and it is often the default MTA in many Unix variants and installations. This makes it the de facto standard for MTAs available today.

And since Sendmail is open source, there is a large support community seeking to improve it further. Sendmail, in the incarnation of 8.12.5 as of Aug 2002, has fixed most known bugs as well as known vulnerabilities.

At the same time, however, many existing Linux and Unix installations still contain older forms of Sendmail, including 8.9 and other variants. Some of the older variants have notorious bugs and vulnerabilities that can bring a server to its knees, and yet installing current versions of Sendmail requires expert Unix knowledge that most users simply have no access to, nor want to grapple with.

Sendmail is difficult to learn, but there is sufficient and easily available documentation to decrypt this beast. The feature set is bewildering but extensive, including the availability of multiple virtual domain hosting, as well as limited access control and handshaking.

To confuse the situation further, there is an offshoot of the open source Sendmail application, known as Sendmail Mailstream Manager. Sendmail Mailstream Manager is a derivative product of open source Sendmail version 8.11, and has been improvised by the commercial company Sendmail Inc. (sendmail.com). Sendmail Mailstream Manager includes email-over-SSL (Secure Sockets Layer), and provides server-to-server security, especially for nomadic and remote access users. Sendmail Mailstream Manager also provides gateway virus and malware scanning for both inbound and outbound traffic, bringing a much-needed level of functionality to Sendmail.

Fixing Sendmail
In 1998, Wietse Venema, during his stint at IBM, developed an alternative to Sendmail that was then known as Vmailer. Due to a few potential trademark infringement issues, Vmailer became known as Postfix (www.postfix.org). According to Venema, Postfix can be up to three times faster than the likes of Sendmail, because it has been written from the ground up to be efficient and processor-friendly. As Sendmail was widely adopted, Venema wrote Postfix to be compatible with Sendmail so that administrators can easily port user accounts and directories over to Postfix. Also, Postfix has a far easier way of implementing multiple virtual domains than Sendmail, relying on a single lookup table, rather than multiple levels of aliasing and redirection.

Another equally skilled competitor to Sendmail is Dan Bernstein's qmail (www.qmail.org). According to qmail's site, many known organizations, such as Yahoo!, Verio, MessageLabs, Critical Path, PayPal, and Pair Networks, use qmail. Its proprietary mailbox format, known as Maildirs, cannot be easily corrupted like traditional Unix-styled mailboxes (mbox format), should the system crash during delivery. Bernstein is also very confident about the low system overheads of qmail, claiming that a 16MB 486 PC can easily run qmail.

If you like all things small, exim (www.exim.org), developed by the University of Cambridge, is similar in footprint to the likes of Postfix and qmail. It is rather lightweight as well, but boasts of mail filtering mechanisms such as relay blocking and guarding against mail bombs and unsolicited e-mail.

Dmail (netwinsite.com) is a far more powerful, albeit commercial MTA. Dmail provides extensive mail and content filtering, including message filtering based on rules, as well as a complex method of using regular expressions (regex) with a highly evolved scoring system to rate e-mail (for spam filtering purposes). Dmail also works with most antivirus solutions to extract banned MIME content, and supports Extended Simple Mail Transfer Protocol (ESMTP). This allows more customization by skilled Unix users to create powerful rules and plug-ins through the use of Perl, C, or even Python code.

Far from the crowd
Mail servers come in far more varieties than Web browsers, and there are more than a dozen types of mail servers for almost any platform. There are even hacks available for older and current PDAs to behave as full-fledged mail servers.

If you have a Mac OS (like OS 9) in your corporate environment, there are already two worthy
candidates—Appleshare IP (www.apple.com) and QuickMail Office (www.cesoft.com). Both these mail servers are proprietary, but will play well within the Internet definitions and protocols. The flip side of a mail server like QuickMail Office is its proprietary interface, which may prevent a legitimate administrator from using protocols like Telnet and remote secure Web access to administer the mail server.

It is also rather difficult to reboot the mail server from a remote location, unless you use custom hardware add-ons. The workaround is to have a secondary Mail Exchange (MX) remotely hosted, which will allow mail to always deliver to either the local OS 9 mail server (primary MX) or to a remote secondary MX, should the primary MX fails. My personal experience with QuickMail Office is that it is rather robust, and very resistant to intrusions and external hacks of almost any kind. The only practical way to bring down a QuickMail Office mail server running on OS 9-assuming you have disabled Web sharing on the machine-is to bring down the Internet gateway or
connection.

Courier (www.courier-mta.org), besides offering the usual protocols supported by most mail servers, also offers ESMTP, SSL, HTTP, LDAP, and even Webmail and mailing list support. It also comes with its own plug-in mail filtering engine that can offer powerful mail filtering capabilities for other MTAs. The mail filtering engine is written in compiled C++ code, making it an efficient and processor-friendly application that can handle large amounts of mail without breaking.

The engine can work with standard mbox mailboxes, as well as qmail's maildir format. While other mail server solutions seem to target Unix or Unix-like OSes, a lesser known mail server called Merak, from IceWarp Software (www.icewarp.com), is a Microsoft Windows-specific mail server. Besides the unique protocol and virtual domain support, Merak also offers antivirus protection by interfacing with most known antivirus programs, as well as providing some open relay and spam prevention.

For Windows users a popular mail server is Microsoft Exchange, but there are plenty of options available. Alternative platforms offer more effective spam and malware protection, due to the inability of Windows-specific malware to intrude upon or wreck havoc on these lesser used platforms. After all, mail exchange is a mission-critical activity, and the lesser the problems, the better. There is nothing frustrating than losing an e-mail that might have meant a million-dollar contract.

Seamus Phan is research director at KnowledgeLabs News Center (www.knowledgelabs.net), an independent technology news bureau and writes for Network Computing-The Asian Edition. He can be reached at seamus@knowledgelabs.net