by Jeremy Rauch
Nearly every Unix based operating system that ships with a mail transport agent, ships with sendmail. Sendmail has been the defacto standard in MTA's for years. Until the last handful of years, there were few options; if you wanted to send and receive email, you used sendmail. Over the years, sendmail gained a reputation as being insecure. It was large and monolithic, and often operated with excessive privileges. This lead to a wide variety of vulnerabilities being found in sendmail. Sendmail security has improved dramatically in recent history, but its still based on the original design.
One of the first, and certainly most viable sendmail replacements that was designed with security in mind was qmail, by Dan Bernstein. Functional components were designed and written to perform specific tasks needed of an MTA. This resulted in a modular design which runs with as little privilege as possible for each of its tasks. Due to the care taken in design, qmail is also easy to set up and administer.
In this article, we'll discuss installing qmail as a mail transport agent. We'll use some of the tools Dan Bernstein has also written, to improve both security and performance.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.