Main | Discussion Of MT As And Mail Delivery   

 MENU     OPEN     SAVE     HELP     SEARCH     PRINT     QUIT     LOGIN   

MTA Popularity

This survey indicates that Exim has been the most popular MTA since 2008 and that it has approximately a 50% market share (by number of servers) as of 2013.

http://www.securityspace.com/s_survey/data/man.201310/mxsurvey.html

Config files for Exim

Exim default config file from the exim4-config package

Bits of the default exim4-config configuration file
Discussion of the config file at exim.org
My own personal tweaks to Exim4 configuration

Exim vs Postfix logs

Exim:

example acceptance:

2014-08-11 06:57:24 1XGnI4-0001Cg-0m msg Subject: Bug#757789: ITP: python-xstatic-angular-mock -- Angular JS Mock XStatic support
2014-08-11 06:57:24 1XGnI4-0001Cg-0m msg To: chris.redacted@example.net
2014-08-11 06:57:24 1XGnI4-0001Cg-0m return path: bounce-debian-devel=chris.redacted=example.net@lists.debian.org
2014-08-11 06:57:24 1XGnI4-0001Cg-0m reply addr: Thomas Goirand <zigo@debian.org>, 757789@bugs.debian.org
2014-08-11 06:57:30 1XGnI4-0001Cg-0m <= bounce-debian-devel=chris.redacted=example.net@lists.debian.org H=bendel.debian.org [82.195.75.100] P=esmtps X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 S=6762 id=handler.757789.B.140775446823161@bugs.debian.org
2014-08-11 06:57:31 1XGnI4-0001Cg-0m => bogususer <chris.redacted@example.net> R=local_user T=dovecot_delivery
2014-08-11 06:57:31 1XGnI4-0001Cg-0m Completed

example rejection due to greylisting:

2014-08-11 06:59:42 no IP address found for host 84-241-32-176.shatel.ir (during SMTP connection from [84.241.32.176])
2014-08-11 06:59:43 H=(84-241-32-176.shatel.ir) [84.241.32.176] F=<yyuqcmxfnu@hkxml.net> temporarily rejected RCPT <redacted@example.net>: greylisted. (1 attempts)

example rejection as spam:

2014-08-11 08:23:13 no host name found for IP address 76.73.2.18
2014-08-11 08:23:15 1XGod8-0001rV-2Z msg Subject: Funds Now - Up to 10000 dollars!
2014-08-11 08:23:15 1XGod8-0001rV-2Z msg To: redacted@example.net
2014-08-11 08:23:15 1XGod8-0001rV-2Z return path: ClickNLoan@cepected.com
2014-08-11 08:23:15 1XGod8-0001rV-2Z reply addr: "Loan Manager" <ClickNLoan@cepected.com>
2014-08-11 08:23:37 1XGod8-0001rV-2Z H=(snti18.cepected.com) [76.73.2.18] F=<ClickNLoan@cepected.com> rejected after DATA: msg rejected due to spam score of 18.6

OF NOTE: the MTA Message ID is in every line of the Exim logs, making them

easy to grep. The "msg Subject:", "msg To:" "return path:", and
"reply addr:" log entries were added via optional configuration
in Exim. [i.e. normally the logs are even shorter!]

Postfix:

example acceptance:

Jun 15 07:57:20 navarre postfix/smtpd[17959]: connect from couponmom-ip15.m1e.net[199.83.97.15]
Jun 15 07:57:20 navarre tumgreyspf[17962]: 'sender SPF authorized': QUEUE_ID=""; identity=mailfrom; client-ip=199.83.97.15; helo=couponmom-ip15.m1e.net; envelope-from=bounce-169076595u-1070547@in00.m1e.net; receiver=crisses-redacted@example.net;
Jun 15 07:57:20 navarre tumgreyspf[17962]: Allowed greylisting: REMOTEIP="199.83.97.15" HELO="couponmom-ip15.m1e.net" SENDER="bounce-169076595u-1070547@in00.m1e.net" RECIPIENT="crisses-redacted@example.net" QUEUEID=""
Jun 15 07:57:20 navarre postfix/smtpd[17959]: NOQUEUE: filter: RCPT from couponmom-ip15.m1e.net[199.83.97.15]: <bounce-169076595u-1070547@in00.m1e.net>: Sender address triggers FILTER dkimsign:[127.0.0.1]:10026; from=<bounce-169076595u-1070547@in00.m1e.net> to=<crisses-redacted@example.net > proto=ESMTP helo=<couponmom-ip15.m1e.net>
Jun 15 07:57:20 navarre postfix/smtpd[17959]: D6888A6: client=couponmom-ip15.m1e.net[199.83.97.15]
Jun 15 07:57:20 navarre postfix/cleanup[17894]: D6888A6: message-id=<169076595u.1070547.contact@couponmom.com>
Jun 15 07:57:21 navarre postfix/qmgr[24082]: D6888A6: from=<bounce-169076595u-1070547@in00.m1e.net>, size=67420, nrcpt=1 (queue active)
Jun 15 07:57:21 navarre postfix/smtp[17896]: discarding EHLO keywords: 8BITMIME
Jun 15 07:57:21 navarre amavis[24151]: (24151-15) NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 111) line 170, <GEN37> line 10241.
Jun 15 07:57:21 navarre dkimproxy.in[16739]: DKIM verify - pass; message-id=<169076595u.1070547.contact@couponmom.com>, signer=<@in00.m1e.net>, from=<contact@couponmom.com>
Jun 15 07:57:26 navarre postfix/smtpd[17959]: disconnect from couponmom-ip15.m1e.net[199.83.97.15]
Jun 15 07:57:27 navarre postfix/smtpd[18266]: connect from localhost[127.0.0.1]
Jun 15 07:57:27 navarre postfix/smtpd[18266]: 969B9BF: client=localhost[127.0.0.1]
Jun 15 07:57:27 navarre postfix/cleanup[17894]: 969B9BF: message-id=<169076595u.1070547.contact@couponmom.com>
Jun 15 07:57:28 navarre postfix/smtpd[18266]: disconnect from localhost[127.0.0.1]
Jun 15 07:57:28 navarre postfix/qmgr[24082]: 969B9BF: from=<bounce-169076595u-1070547@in00.m1e.net>, size=67988, nrcpt=1 (queue active)
Jun 15 07:57:28 navarre amavis[24151]: (24151-15) Passed CLEAN {RelayedOpenRelay}, [199.83.97.15]:5013 [199.83.97.15] <bounce-169076595u-1070547@in00.m1e.net> -> <crisses-redacted@example.net>, Queue-ID: D6888A6, Message-ID: <169076595u.1070547.contact@couponmom.com>, mail_id: 6qDDcgJ5Ug72, Hits: -1.058, size: 67551, queued_as: 969B9BF, 7150 ms
Jun 15 07:57:28 navarre postfix/smtp[17896]: D6888A6: to=<crisses-redacted@example.net>, relay=127.0.0.1[127.0.0.1]:10026, delay=7.8, delays=0.68/0/0.04/7.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 969B9BF)
Jun 15 07:57:28 navarre postfix/qmgr[24082]: D6888A6: removed
Jun 15 07:57:28 navarre postfix/pipe[18268]: 969B9BF: to=<crisses-redacted@example.net>, relay=maildrop, delay=0.92, delays=0.52/0.05/0/0.35, dsn=2.0.0, status=sent (delivered via maildrop service)
Jun 15 07:57:28 navarre postfix/qmgr[24082]: 969B9BF: removed

example rejection via greylisting:

Jun 15 08:10:44 navarre postfix/smtpd[19076]: connect from w4.trashnothing.com[167.88.123.107]
Jun 15 08:10:44 navarre tumgreyspf[19081]: 'sender SPF authorized': QUEUE_ID=""; identity=mailfrom; client-ip=167.88.123.107; helo=w4.trashnothing.com; envelope-from=undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com; receiver=crisses-redacted@example.net;
Jun 15 08:10:44 navarre tumgreyspf[19081]: Pending greylisting: REMOTEIP="167.88.123.107" HELO="w4.trashnothing.com" SENDER="undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com" RECIPIENT="crisses-redacted@example.net" QUEUEID=""
Jun 15 08:10:44 navarre postfix/smtpd[19076]: NOQUEUE: filter: RCPT from w4.trashnothing.com[167.88.123.107]: <undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com>: Sender address triggers FILTER dkimsign:[127.0.0.1]:10026; from=<undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com> to=<crisses-redacted@example.net> proto=ESMTP helo=<w4.trashnothing.com>
Jun 15 08:10:44 navarre postfix/smtpd[19076]: NOQUEUE: reject: RCPT from w4.trashnothing.com[167.88.123.107]: 450 4.7.1 <undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com>: Sender address rejected: Service unavailable, greylisted.; from=<undelivered-mail+20140615-digest-1a61dd2e0110da97b4da6f72cefdc8fd453afec80a756d29296ad127a349ff84@trashnothing.com> to=<crisses-redacted@example.net> proto=ESMTP helo=<w4.trashnothing.com>
Jun 15 08:10:44 navarre postfix/smtpd[19076]: disconnect from w4.trashnothing.com[167.88.123.107]

[I could go on with an example of spam, but I think the point is made... Postfix logs are a lot more verbose, and that's because of its design which makes many external calls to other programs.]

So: Imagine you were tasked with grepping logs for what happened to a

particular message. Now imagine that this operation comprised a large
portion of your day. From that standpoint, which system would you choose
if you had the option?

November 20, 2014, at 01:37 PM