E-Mail
Software
MTA
Sendmail MTA
(Eric Allman) - the original MTA, and still the most popular. It has a lot of features and a very powerful address re-writing language (which can be quite cryptic to the neophyte). It's monolithic (single process, no security barriers) design shows it's age, and, over time, has gained a bad reputation for security, although current versions of code contain no
known
vulnerabilities.
Postfix MTA (formerly vmailer)
(Wietse Venema) - a new mail transport agent, designed with security and performance as primary goals. Wherever possible, the author has maintained compatiblity with sendmail, which makes migration quite a bit easier. This is the only MTA I would recommend at this time.
Exim MTA
- a high performance MTA with plenty of anti-spam configuration options, but lacks sendmail's extensive support for address re-writing. Appears to be a monolithic design like sendmail, although I don't know of any vulnerabilities.
ZMailer MTA
- don't know much about this one.
Qmail MTA
- (Dan Bernstein) another new MTA written with security as it's primary goal. The author has very strong ideas about how things should be done, however, which means it can be a complete pig to migrate from any other MTA to Qmail.
The Porcupine Project
- a research project to build a fault-tolerant clustered mail server that automatically discovers new nodes and distributes resources.
Client
Server
popa3d
- a tiny POP3 daemon, designed with security as the primary goal.
Solid POP
- a POP3 daemon that supports APOP, virtual hosting, maildir or mailbox, bulletins and expiration of messages. Security design is similar to popa3d (above), and some code auditing has been performed.
CUCIPOP
- a popular POP daemon - flexible and fast, and probably secure, although it hasn't been audited to my knowledge.
Courier IMAP
- an IMAPD that supports maildir and abstracted authentication out of the box.
Project Cyrus
- Carnegie Mellon Enterprise Electronic Mail Project
ACAP
- Application Configuration Access Protocol (CMU)
Qpopper
- Qualcomm's free POP server
IMP
- PHP scripts that implement an IMAP based webmail system.
TWIG - The Web Information Gateway
- a PHP based webmail system, more fully featured than IMP - as well as mail, it does scheduling, newsgroups, bookmarks, etc.
DRAC
- Dynamic Relay Access Control - an implementation of pop-before-smtp.
Perdition
- POP3 and IMAP4 redirection proxy. Supports regular expression, LDAP, NIS, GDBM, MySQL and PostgreSQL lookups.
LDA
procmail
- the classic filtering local delivery agent. It has extensive support for filing into separate user mail folders. Unfortunately the code structure does not make a security audit easy, and anything that runs neophyte user code with input from the big bad internet has a fair bit of potential for harm (this is probably true of all filtering local delivery agents that allow user code to be executed).
maildrop LDA
- mail delivery agent with filtering abilities
Virus
AMaViS
- A Mail Virus Scanner: a perl script that can work with many common unix MTA's to extract mime attachments and run them through a third party virus file scanner (not supplied).
List
Manager
Majordomo
- the original mailing list manager
Jason L Tibbitts III's Majordomo Page
- includes information about his re-write of the majordomo list manager called Majordomo II.
Mailman
- Neat GNU mailing list manager, written in
Python
. Includes comprehensive web interface.
Listar
- "Modular Mailing List Management" - plugable modules, written in C.
EZMLM
- a mailing list manager for qmail
Minordomo
- minimalistic majordomo replacement, written in perl
Minimalist
- minimalistic majordomo replacement, written in perl
E-mail List Management Software
- Vivian Neou
MUA
MUTT
-
"All mail clients suck. This one just sucks less."
"Solutions"
Software.com
- Carrier-scale Internet Messaging
Sendmail, INC
Critical Path
- supplier of e-mail service to ISP's etc.
Messaging Direct
- digital signed documents/statements/bills with round trip transaction processing. They also have an IMAP/POP solution that is apparently based on Cyrus.
ISOCOR
- Internet Messaging and Directory Products
Bluetail
Mirapoint
Lyris
- commercial mailing list manager software and hosting
Tuning
patches
and
performance
How to Get There From Here
- Scaling the Enterprise-Wide Mail Infrastructure (Duke University)
Highly Scalable Electronic Mail Service Using Open Systems
- Nick Christenson, Tim Bosserman, David Beckemeyer (EarthLink Networks)
High Capacity E-Mail
- a paper by Simon Horman of VA Linux Systems.
Manageability, availability and performance in Porcupine: a highly scalable, cluster-based mail service
- by Yasushi Saito, Brian N. Bershad, and Henry M. Levy
Papers by Brad Knowles
- includes Sendmail Performance Tuning for Large Systems, and Design and Implementation of Highly Scalable E-mail Systems.
WING
- a web based IMAP/NNTP gateway. Includes a link to a paper on the
Oxford University mail cluster
- a scalable mail server using open source software on comodity hardware.
What a Public Operator May Need from Servers
- John Klensin (MCI Communications) (slides from a presentation)
Claus Assman's Patches, Additions and Known Problems for Sendmail
IMAP
- general discussion of IMAP performance and some tweaks to the UW imapd.
Dynamic Relay Authorization Control (DRAC)
- or POP before SMTP auth.
"Whoson" protocol
- a proposed protocol to allow internet application determine if a particular dynamic IP has authenticated.
Organisations
The Internet Engineering Task Force
Internet Mail Consortium
RFCs
Mesg
Struct
rfc822 Message format
rfc2076 Common Internet Message Headers
rfc2822 Message Format
- replaces rfc822
SMTP
rfc821 SMTP
rfc1123 Requirements for Internet Hosts
rfc1845 SMTP Service Extension for Checkpoint/Restart
- not commonly implemented.
rfc1869 SMTP Service Extensions
- defines ESMTP (EHLO)
rfc1891 SMTP Service Extension for Delivery Status Notifications
rfc1870 SMTP Service Extension for Message Size Declaration
- defines SIZE
rfc1985 SMTP Service Extension for Remote Message Queue Starting
- defines ETRN
rfc2034 SMTP Service Extension for Returning Enhanced Error Codes
rfc2197 SMTP Service Extension for Command Pipelining
rfc2442 Batch SMTP
rfc2554 SMTP Service Extension for Authentication
- defines AUTH
rfc2821 SMTP
- replacement for rfc821
LMTP
rfc2033 Local Mail Transport Protocol
POP
rfc1725 POP3
rfc1734 POP3 AUTH
rfc1957 Some Observations on Implementations of POP3
rfc2195 IMAP/POP AUTHorize Extension for Simple Challenge/Response
rfc2449 POP3 Extension Mechanism
IMAP
rfc1176 IMAP2
rfc1730 IMAP4
rfc1731 IMAP4 AUTH
rfc1732 IMAP4 compatibility with IMAP2 and IMAP2bis
rfc2060 IMAP4rev1
rfc2342 IMAP4 namespace
SPAM
rfc2505 Anti-Spam Recommendations for SMTP MTAs
rfc2635 SPAM
MISC
rfc1918 Address Allocation for Private Internets
Other
stuff
"Reply-To" Considered Harmful
- adding "Reply-To" headers to mailing list traffic is a Bad Thing. Read this to find why.
"Reply-To" Considered Useful
- a rebuttal to the previous paper - I don't find their reasoning particularly convincing.
Mail-Followup-To and Mail-Reply-To
- DJB's take on Reply-to:
Re: Mail-Followup-To:
- and a counter view from Keith Moore
Content-Length is brain-damaged
Links
to
links
Electronic Mail Resources
- Duke University, Office of Information Technology
Internet Mailing List Providers
- Brian Edmonds
HTTP Mail User Agent inventory
- CRU
[BACK]
Andrew McNamara
(andrewm@connect.com.au)