qmail is... specific. It does very little and does it in many different processe...

quesera · on March 17, 2016

qmail is not a modern MTA, that is true.

But qmail was a revelation in 1996, and a solid choice for at least ten years, despite never reving past 1.03. Those ten years were pretty ugly in the network services security world. djb's bounty was a significant statement in a crazy era.

No one uses qmail any more. But it was used by everyone who ran serious mail servers for a long time. The guarantee was well-tested.

It is not coincidental that Postfix uses a very similar multiprocess model. That is how you encapsulate security domains. djb didn't invent it, but he shined the light for everyone who followed.

viraptor · on March 17, 2016

I agree it was very novel and useful. But in my mind it seats somewhere between a technology preview and a project. Most weird stuff happens to applications that get new features, get redesigned, get new aspects that weren't accounted for before.

You can cut out a lot of security issues by defining ahead of time what you're going to support, writing only that, and never doing anything else. New, small code rarely has terrible design flaws if there was a good plan ahead of time (and djb had an AWESOME plan) and you write it by yourself. Now if you live with a project for a long time, and actually maintain and extend it - that's would be even greater achievement. Postfix went in the similar direction as you mentioned and started around the time qmail got stable, but still lives.

quesera · on March 18, 2016

Those are all great points. I think it's fair to say that djb built the reference model, and Wietse built the consumer product.

Relatedly, djb is an academic who releases code sometimes, and Wietse is a sponsored open source developer. Their methods are very different, but they've both made huge and complementary contributions.