Mailservers are notoriously complex beasts that can be hard to set up and configure. OpenMTA does not use a configuration file, and doesn't require any command line options. It is the easiest MTA you will ever use.
maild can receive mail, but not send it. Mail flows into the system from external hosts and is stored in one or more mailboxes. It is never forwarded, redirected, or bounced. This makes the design of the server much simpler, and less error-prone.
In the maild system, mail is delivered directly to the destination mailbox and is not stored in a "queue". Most other programs store messages in a temporary directory, which increases the overall complexity of the system and decreases reliability.
When a sender specifys multiple mailboxes to receive a single message, maild stores a single copy of the message on the filesystem and creates multiple hard links. This is more efficient than creating a unique copy of the message for every recipient.
OpenMTA uses streaming I/O instead of buffering the entire message. This means that after each line of input is received from the sender, it is written to disk. This approach minimizes the amount of memory required to process each message, and makes good use the operating systems buffer cache.
OpenMTA has been designed to operate either as a traditional forking server or as a multithreaded server using the POSIX threads library.
By default, maild operates in "stealth mode" and does not disclose information about the operating system, software version, domain(s), or the availability of mailboxes on the system. Mail for non-local domains or for non-existant mailboxes is silently discarded.
If there are errors, they are reported to the sender during the SMTP conversation. Traditionally, the sender would hang up, and errors would be returned using a "bounce message". For various reasons, maild does not exhibit this behaviour.
As soon as possible, maild permanently drops root privileges, and the entire process is restricted to a chroot(2) jail in /var/mail. Most other software is designed to have one privileged component that interfaces with other non-privileged components. Since maild uses virtual accounts, there is no need for it to have access to the system accounts.
By default, maild runs under the systrace mechanism, which limits the type of system calls available to the program. In particular, the maild daemon is not allowed to connect to other systems, open files for reading, delete files, or execute programs. Click here to view the systrace policy.
Most mailservers issue a reverse DNS query every time a new client connects; maild does not. With the large volume of mail traffic, most of which coming from compromised "zombie" machines operated by spammers, this DNS lookup is a pointless waste of resources.
Most other mailservers are huge programs that would take a long time to review the source code. Because of it's small size and simple design, maild was designed to be reviewed.
Software is only "secure" after it has been throughly tested and peer reviewed. Since maild is brand new, it has not undergone this process. If you are a security researcher, or someone with experience spotting security flaws in C programs, and would like to participate in the review, please visit the security audit page.
That being said, maild was designed to be as secure as possible; see the security page for more details.
Instead of providing many options and features, maild tries to choose the best way to do things and then does it. For example, it uses Maildirs
instead of mbox; it uses virtual accounts instead of system accounts.
Instead of delivering to mailboxes for system accounts, maild is a purely virtual server. There is no association between system accounts and mailboxes.
maild was designed from the very beginning to support clustering, which allows multiple "front end" servers to deliver mail to a single back end.
maild is distributed under the BSD license.