Choosing the right MTA

What are the general expectations from an MTA?

1. Perform its primary task of sending mails. Should allow custom mail routes, sending via a SMTP server, envelope rewrite, virtual hosting.
2. Allow interfacing with spam and anti-virus utilities
3. Support authentication using the already existing authentication systems in my organization
4. Efficient mail storage (mbox is obsolete)
5. Support quotas
6. Easy to configure, help the administrator avoid mistakes
7. Performance and Security - most

Where do the existing MTA software stand?

1. Sendmail does its primary task of sending mails very well - it is mature and has been adopted to almost all possible mailing situations. Supports authentication using SASL, which means that it can authenticate using many of the existing authentication mechanisms. Both spam detection software and anti-virus software are well integrated with sendmail, thanks to its milter interface. While all this makes sendmail a very good MTA, there is one thing that makes many of the above not easily usable - the difficulty in configuration. Its a nightmare to use all the features that sendmail supports and even for comparatively simple requirements, the configuration is vague and is a pain. Its bulky and is considered not very efficient too - the through put of other MTAs is reported better by many people. The difficulty in configuration adds to poor security awareness of many administrators, thus making sendmail a difficult choice in high-security environments.
2. Postfix is considered the best alternative for Sendmail - it is commandline compatible with sendmail, has good number of mailing features and administrators very rarely need any features that are not supported by postfix that are supported by Sendmail. Postfix supports maildir format for more efficient mail storage and is also reported by many to have a comparitively better performance over Sendmail. Security is considered high, mostly because of the simple configuration files and less chance for administrators to commit mistakes. Authentication is supported via SASL.
3. QMail is considered the most-secure and very efficient MTA, but it is low on features and distributions rarely come with qmail that can be run out of the box. Qmail needs administrators who not just can change the configuration files, but can also locate the required patches and compile the software. Even basic features like authentication, SMTP over SSL need patches and are not part of the base QMail. QMail has a very good record of large-scale installations. If you think you have an administrator who is motivated enough to find the patches and compile QMail to your requirements, go ahead with QMail. Also, make sure you read the QMail license which restricts re-distribution of binaries - thats the reason you wouldn’t find QMail in any of the linux distributions.
4. Exim is again a sendmail alternative like Postfix. It has a good feature list and is easy to configure. Easy to extend and does not have a bad security history. Well documented too. Not very mature and not widely used on the Internet!

Sendmail is the MTA that I used and recommended, and after seeing that not many can configure and maintain sendmail (MTAs don’t generally need big configuration changes) I am in search for an alternative… for now its Postfix.

http://www.geocities.com/mailsoftware42/ has a very good evaluation of MTA software. Postfix and Exim have definitely improved a lot since then (Some of the features like IPv6 support in Postfix, mentioned as patches in this document are now into the original software)

http://zgp.org/linux-elitists/20020428173758.D31458@merlins.org.html has a good description of MTA software too.  This post also has some conclusions and the author prefers Exim and recommends Postfix to people who don’t need the extra features that Exim provides.