The Anti-qmail Page
Note
Some of the issues raised by this page have become irrelevant now that it was announced that the original qmail package has been released into the public domain.
Last Updated: 21-June-2020
You should avoid deploying the qmail mail server on new installations and try to convert existing installations to a different MTA. That’s because:
- It’s not open-source, and has a very problematic licence, that does not allow binary packages, distributing modified sources (only patches), etc. As such it is not distributed as part of distributions of operating systems, and is not regularly kept up-to-date. There are other open-source alternatives that work just as well.
- It is no longer actively maintained. The last version was released on 1998. So qmail has been abandonware for over 7 years at the time of this writing (November 2005). Many patches are available for it, but they may not apply cleanly one after the other, and are not supported by the author. It even no longer compiles cleanly on Linux.
- Because the licence effectively permits only the author (Daniel J. Bernstein) to maintain the software, his consistent, mulishly unpleasant and hostile attitude tends to become an obstacle, as it would not be if the software were licensed differently.
- It has a completely user-unfriendly build system, a long build process, and incredibly unreadable code. Bernstein uses a lot of one- or two-letter variable names, and cryptic function names.
- The ezmlm-idx mailing list manager, whose use with qmail is popular has a lot of duplication in its configuration. It hard-codes the various paths in many different places. It is also exclusive to qmail. (Note that one can use one or more different mailing list managers using qmail).
- ezmlm-idx does not easily allow people to be subscribed to mailing lists without receiving E-mail, which often prevents them from posting.
- Many bugs were discovered in qmail since its last release (including some security bugs) and were left unfixed in the vanilla version.
- qmail lags behind other MTAs in its feature-set.
Alternatives
Instead you should use one of the following MTAs:
- Postfix
- Courier
- Exim
- Other SMTP Servers. (Also see Rick Moen’s comparison of common Mail Transport Agents.)
Links
- Discussion in the Israeli Perl mailing list
- Discussion in the Joel on Software forum
- Discussion in LWN.Net
- Rick Moen’s MTA comparison page
- Rick Moen’s FAQ about Daniel J. Bernstein’s Software
- Hebrew blog entry in Aviram Jenik’s blog about Dan J. Bernstein not giving the money he promised for a remote root exploit that was found in qmail
- Coverage of “Ten Years of qmail Security” on LWN.net - contains many instructive comments.
- Slashdot discussion of “Qmail at 10 Years”
- Post to Linux-IL about qmail and mx records - “we flush qmail’s DNS cache daily because we found it wasn’t respecting TTL”.
- "A remote code execution vulnerability in qmail [LWN.net]" ( 19-May-2020 ) - a vulnerability that was originally published in 2005 and was not fixed is exploitable now on 64-bit systems.