IBM Wants to Replace Sendmail, Make Email More Secure
Dateline 12/21/98
"Strikes across the frontier and strikes for higher wage
Planet lurches to the right as ideologies engage
Suddenly it's repression, moratorium on rights
What did they think the politics of panic would invite?
Person in the street shrugs -- "Security comes first"
But the trouble with normal is it always gets worse"
Bruce Cockburn
The Trouble With Normal
Open Source Software
IBM is having an extensive as well as intensive flirt with open source software (or OSS for short). This is software whose underlying source code is available.
Using this code, programmers can control just what exactly the program is doing and how it is doing that (unless you know the source you can never be sure the pretty program you're running — for example a word processor or your email client — is not performing nasty things in the background, without your knowledge; it may send your diary entries to your mom or your passwords to "your" hackers).
But making the source to software available has more incentives. Developers can implement new features, and, most probably even more important, they can fix bugs. Four eyes can see more than two. This is one of the reasons (beside making users involved users) why OSS is often more secure than proprietary software (no, Microsoft is not the only example).
Sendmail
One of the most prominent, most used, and most important pieces of OSS besides Linux and the Apache Web Server is Sendmail.
Sendmail is a mail server (mail or SMTP servers deliver mail on the Internet) created about 20 years ago. It has seen many revisions, the latter of which are devoted to fighting spam, and is now maintained by a company that provides support and customized versions for the OSS product (which remains free).
Today sendmail controls about three quarters of the Internet mail server market.
Now IBM wants to replace it.
Secure Mailer
Secure Mailer, available at IBM's alphaWorks site is destined to achieve this ambitious goal.
"Secure Mailer"... the name indicates IBM's motivation: the Internet is to be a secure place, a secure place for business. Sendmail with its buglets and vulnerabilities to hacking attempts (it was, in the end, developed at a time when the Internet was not yet a hostile place (?)) does not serve this requirement well as the major mail transfer agent (MTA).
IBM developer Wietse Venema designed Secure Mailer to "proactively combat" any attacks by hackers. Whenever any irregularities occur (be they malicious attacks or just an erroneous command by the server administrator) Secure Mailer's security guards ensure the system is not affected.
Secure Mailer has also been built to minimize server crashes. Under heavy load, when attacked by a mail bomb or while bulk mail is delivered, the server will not crash but merely degrade in performance.
Postfix
What now appeared on alphaWorks under then name of "Secure Mailer" is "Postfix" is "VMailer".
Wietse Venema originally developed a "better" freeware replacement for sendmail at IBM T. J. Watson Research Center. He called this program VMailer (the `V' standing for "Venema"?). IBM discovered this name may raise trademark issues. Thus, VMailer was renamed to Postfix. Then IBM probably discovered a secure replacement for sendmail could be nice for e-business. Thus, Postfix was released as Secure Mailer.
It is still the same program. It is not the only one of its kind, however (fortunately!).
Competition
Of course IBM are not the first to discover sendmail has its faults and they are not the first who want to replace it. They are not at all the first who want to replace it with another open source product either.
The most prominent and probably best competitor for both sendmail and Secure Mailer is qmail. Qmail is an extremely powerful, secure and safe MTA, but there is one reason why it is not likely to replace sendmail (at least not quickly): it is hardly compatible with it; of course this problem is in fact this mailer's biggest advantage.
Another contender is exim. But while exim is a robust piece of software and relatively compatible to sendmail it effectively has not replaced it, just like smail has not replaced it.
