Mick's Disclaimer

Not to put too fine a point to it, I'm a Postfix fan myself. I run Postfix, not sendmail, as my domain's public SMTP gateway (though I do use sendmail on my private network for local mail delivery). Therefore nothing in this article, including its very existence, should be construed to mean that I think sendmail is the best choice for your MTA needs; that's up to you to decide.

At the risk of seeming equivocal, however, I also must say that I've spent a good deal of time over the past few years using and helping others to use sendmail, and I think it's a lot better than many people give it credit for. In my experience it is not the lumbering, slobbering, fragile beast some of its critics make it out to be.

In fact, I've found sendmail to be stable and powerful, if a bit scary in its complexity. Furthermore, since the last CERT advisory involving a sendmail security vulnerability was in 1997 (number CA-1997-05), I'm simply not convinced that sendmail is inherently unsecurable. (Sendmail certainly hasn't been under less scrutiny in the past five years than it was beforehand.)

Therefore, I think that while other MTAs (among them Postfix, qmail and Exim) have clear advantages over sendmail in performance and security, I also think that sendmail has enough redeeming qualities to warrant Paranoid Penguin coverage. (Besides, it's in the “Royal Family” of MTAs: I may worry about inbreeding, but I still owe it some respect.)