IBM's Secure Mailer

Kyle Dent

Wietse Venema, probably best known as the developer of SATAN and the TCP Wrapper security tools, has now created Secure Mailer. In December of 1998, IBM released Secure Mailer as open source software providing a new, freely available alternative to the nearly universal Sendmail program. The program, more commonly known in open-source circles as Postfix, attempts to be fast, easy to administer, and secure. One of the primary goals of Postfix is to be widely implemented in order to make the most significant impact on the performance and security of Internet email overall.

Sendmail by some estimates handles nearly three-quarters of all email on the Internet, but it has had a bit of a checkered past with a history of security problems. A scan through the CERT Advisories quickly turned up more than a dozen Sendmail incidents. Although Sendmail developers have made a lot of progress in bringing it up to date for an environment that was unimaginable when it was originally created, Postfix offers a solid alternative that is inherently more secure.

Good Breeding and Impeccable Manners

In addition to tighter security, Postfix offers several advantages over Sendmail while maintaining a high level of compatibility with it. The Postfix Web site claims that it is up to three times faster than its nearest competitor. (There are several other Sendmail alternatives, such as qmail and various commercial packages.) It is designed to be robust and behave well under stress. For example, runaway conditions that might occur during error handling are diminished because the software pauses before sending error messages or terminating with a fatal error.