In the blog post, “What is MTA?”, we explored the basics of mail transfer agents and how they affect the deliverability of emails. There was also a quick look at the most commonly used MTAs and specifications. In this article, we’re going to focus on the hands-on aspect of choosing an MTA for your project. The emphasis will be on the three well-known solutions: Postfix, Sendmail, and Exim.
How to choose an MTA
Running your own mail server is troublesome. That’s why you have to analyze each detail to make the appropriate choice. The first thing to consider is the type of MTA: relay-only or full-fledged.
Relay-only or send-only MTAs can forward your emails to another server, which is typically the SMTP server of your Internet service provider (ISP). The most used relay-only MTAs are nullmailer, msmtp, and sSMTP. This type of mail transfer agent is a good choice if you just want to send emails to your email address, such as Gmail. However, you should consider the factors:
- Can the MTA queue emails for later delivery in case of a failure?
- Can the MTA replace the system mail delivery agent (MDA)? If it can, then it will handle all the mail coming from the system.
- Does the MTA support the requirements for connecting to the ISP SMTP server? These requirements may include a specific authentication or TLS.
Full-fledged MTAs, also known as mail hubs, can handle all the details of the Internet mail delivery. As a rule, this type of mail transfer agent receives emails from relay-only MTAs and then relays them forward. Postfix, Sendmail, and Exim fall into this category. To choose the best option for your needs, you should consider a few selection criteria: security, performance, documentation, and viability. The list might be even longer depending on the goals you’re pursuing. Based on these criteria, you can dive deeper into some technical aspects, such as:
- One or more configuration files
- Whether the syntax is minimal and careful
- Which embedded scripting language is used
- Code stability
- Whether source code contributions are regular
- Minimum set of features
- And more…
Postfix vs. Sendmail vs. Exim – Comparison Table
Postfix is a security-oriented MTA, whereas Sendmail is standard MTA for Unix systems, and Exim is customizable and one of the most flexible mail transfer agents in terms of configuration. More helpful details are as follows:
|Server OS support
|PLAIN / LOGIN / CRAM-MD5 / DIGEST-MD5 / ANONYMOUS / EXTERNAL / G2 / GSSAPI / GSS-SPNEGO / KERBEROS_V4 / NTLM / OTP / PASSDSS / SCRAM / SRP
|PLAIN / LOGIN / CRAM-MD5 / DIGEST-MD5 / ANONYMOUS / EXTERNAL / G2 / GSSAPI / GSS-SPNEGO / KERBEROS_V4 / NTLM / OTP / PASSDSS / SCRAM / SRP / X.509 PKI auth via STARTTLS and EXTERNAL
|PLAIN / LOGIN / CRAM-MD5 / DIGEST-MD5 / ANONYMOUS / EXTERNAL / G2 / GSSAPI / GSS-SPNEGO / KERBEROS_V4 / NTLM / OTP / PASSDSS / SCRAM / SRP / SPA / Dovecot SASL / GNU SAS / Heimdal GSSAPI
|Settings + SpamAssassin
|Settings + SpamAssassin
- Excellent documentation
- High queuing operation speed
- Sendmail compatibility
- Active development
- Easy to configure (configuration according to parameters (rules) that are to be defined in the config file)
- Hard to customize
Postfix provides tons of parameters and options and features a security-oriented architecture. Although many milters (mail filters) can be used with Postfix out-of-the-box, you’ll have to learn how to tweak logic using them.
- Hard to customize
- Weak security mechanisms
Sendmail is not dead, but it’s dying. Since 1996, its market share dropped from 80% to 4% of all online public email servers on the Internet.
- Sendmail compatibility
- Huge supportive community
- cPanel support
- Very flexible in configuration (In addition to declaring variables, Exim has something like a scripting language, so you can write a script for processing emails)
- Monolithic architecture
- Slow queuing operation speed
Exim is like a framework with its own application language to perform complex configurations. It has an advanced multi-step mail processing logic which is suitable for complex cases.
Which MTA is better in terms of security?
Of all MTAs we’re reviewing, Postfix has the strongest emphasis on security. The likely reason is that it was created by Wietse Zweitze Venema, a prolific freeware security specialist. Sendmail cannot be considered a secure MTA. Moreover, Postfix was originally designed to mitigate the vulnerabilities associated with Sendmail. Exim is quite secure for most cases but loses to Postfix. A proper configuration of your Postfix MTA provides improved defenses against spam, abuse, and leakage of sensitive data.
Though it’s hard to compete against Gmail’s security, you are much less likely to be compromised in a data breach with Postfix.
Which MTA has better performance?
Can Exim or Sendmail surpass Postfix in terms of performance? Sendmail is a poor competitor, while Exim is used for many high-volume web apps and efficiently handles thousands of emails per hour. However, large queues can drop the queue processing performance of Exim servers.
Unlike Exim, Postfix has a central queue manager and handles queuing better and faster. Some admins claim it is more efficient with a very high load than Exim, but not to a noticeable degree.
Which MTA is more reliable and failsafe?
Sendmail is known for being inefficient compared to competitors. System admins complain about random problems often and generally install Postfix or Exim. Both are drop-in replacements for Sendmail and are almost equal in terms of reliability. However, Postfix is one step ahead thanks to its modular architecture. It consists of independent system parts that can be interchanged in case of failure, which provides a higher level of reliability.
Which MTA is easier to administer?
Each of the trinity has a monolithic main configuration file. At the same time, Exim is the most configurable. Postfix, despite its security-orientation, provides a high level of flexibility and ease of administration. For beginner admins, Postfix would be easier to set up than any other MTA. Besides, it implements the Sendmail CLI and is compatible with Sendmail mail filters.
However, Postfix is less versatile than Exim. This means that Exim has excellent integration facilities and can give system administrators what they ask for. Exim supports most of the MTA features in some way or another. Exim also goes with cPanel: one of the most common control panels for domain owners.
Is there any reason to choose Sendmail?
Sendmail loses to Postfix and Exim in all aspects including usability. In practice, there is no good reason for installing this MTA. At the same time, Sendmail is preinstalled on most commercial Unix operating systems. It is also a portable solution, which can be used on non-Unix systems, such as Windows. This can be a reason to opt for the ‘has-been’ Sendmail.
Postfix or Sendmail or Exim – Medal Rankings
We can’t say exactly which MTA you should use because we don’t know your needs, but we can provide an unbiased rating of the reviewed MTAs using different parameters.
* A gold medal counts for 3 points, a silver medal counts for 2 points, and a bronze medal counts for 1 point.
Looking for an SMTP server for testing? Mailtrap is what you need
If you’re building a mail-intensive app, sooner or later you’ll need to test the email sending functionality. Are the reviewed MTAs good for that purpose? On one hand, you can transform Postfix and Exim into a mail trap for internal testing. For this, you need to configure your MTA to listen to a different port for emails that are to be delivered to the single mailbox, then you have to specify a new router and define a corresponding transport. This is not very complex, but good in-house Linux skills are required.
On the other hand, you can simply use Mailtrap, which already has all this implemented in its service. It provides an SMTP server; a fake one that won’t relay the emails sent from your app. Instead, they will end up in the Demo Inbox and you’ll be able to preview them, as well as check for spam. All you need to do is sign up and tweak your SMTP settings with those generated by Mailtrap. For more on what else you can do with Mailtrap, read the Getting Started Guide.
To wrap up – Using multiple MTAs in one go
In some cases, you don’t have to limit yourself to one MTA. It’s possible, and sometimes useful, to go with a split architecture where separate MTAs are used for different tasks. Let’s say, you’re not building the mail server from scratch and already run Sendmail. You’re OK with the routing logic but are willing to pump up the performance using either Postfix, Exim or both. What you can do is use Postfix as the first level of anti-spam/malware for receiving mail from the Internet. Exim can be used for site-specific processing or local mail delivery. This is just an example, and you’re free to invent the MTA architecture to your specifications, but always think twice about whether it’s what you need.