Re: [exim] Exim and Postfix

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] Exim and Postfix
On Wed, Aug 28, 2019 at 05:19:37PM +0800, Eliza via Exim-users wrote:

> If exim supports runtime configuration, it becomes more flexible, for
> content filter etc. But how about the performance to accept/deliver
> messages comparing to postfix?


Postfix should generally outperform Exim under steady load, or input
load spikes. If your systems are lightly loaded, this won't matter,
and as mentioned you can always deploy more hardware. But check
what happens to output performance and processing delays as input
rates and/or queue sizes rise.

-- 
    Viktor.


P.S. A final word on multiprocessing vs. monolithic:

Postfix was designed to be architecturally more secure than Sendmail,
which was the dominant MTA at the time (~1998).

The non-monolithic design of Postfix makes it possible to run most
of the processes at irrevocably low privilege (not just setreuid()
with saved uid still available to resume running as root).

A strong focus on code quality (safety-oriented internal APIs,
internal documentation, ...), and Wietse's outstanding attention
to detail, yield an atypically low bugs/lines-of-code rate.

Thus, in contrast with Sendmail, local delivery (which requires
privilege to run as the mailbox owner) does not happen in the same
process as the one talking to the potentially hostile network client.

I don't know how Exim handles local delivery, and what privileges
are retained by the SMTP server, perhaps it is not as exposed as
Sendmail but overall, Postfix is perhaps better hardened.

The recent addition of taint-checking in Exim's "expansions" (is
it on by default?) should reduce one of my main safety concerns
about Exim. Previously, it was too easy IMHO to configure Exim to
perform unsafe operations on untrusted data.