The qmail home page

Mirrors: [US, California] [US, Iowa] [US, Pennsylvania] [US, Texas] [US, Virginia] [Australia] [Britain] [Britain] [Canada] [Denmark] [France] [Germany] [Germany] [Indonesia] [Israel] [Japan] [Netherlands] [Poland] [Portugal] [South Africa] [Spain] [Taiwan] [add a mirror]
[mirroring software]

View the Japanese site

qmail is a modern replacement for sendmail, written by Dan Bernstein, who also has a web page for qmail. qmail is a secure package and offers a $1,000.00 prize for anyone who can show otherwise. You can download qmail 1.01 for free.

There is a discussion list and announcements list for qmail users, maintained by Dan Bernstein using qmail, of course. There's also an archive. You can search it, just be sure to mention qmail in your query. There is also an FAQ, providing answers to frequently-asked questions.

Table of Contents:

 
   Commercial Support  
  

Commercial support is available for qmail.

  • Crynwr Software. Support is available on-site, by 800 number, or over the Internet. Crynwr accepts Visa/MC/Amex/purchase orders.
  • Mira Networking. Support is available over the Internet and Mira accepts Visa/MC/Amex/Diners.
  • Intersolve Solutions Group. Support is available on-site, by 800 number or over the internet. Intersolve accepts purchase orders.

 
   User-Contributed Documentation  
  

Documentation contributed by users and supporters of the qmail ideal.

[index]

 
   Author's Enhancement Software for qmail  
  

Enhancements and additions to qmail by its author, Dan Bernstein.

  • ezmlm has its own section.
  • Dan Bernstein's serialmail package delivers mail from a Maildir to an SMTP server.
  • Dan Bernstein's Unix Client-Server TCP package makes ordinary Unix programs into TCP/IP servers and/or clients. In particular its tcpserver program may be used with qmail instead of inetd. New! The latest version subsumes the functionality of TCPcontrol.
  • Dan Bernstein's TCPcontrol package works with his Unix Client-Server TCP package to control what IP addresses may connect, and it also logs connections. New!No longer necessary since its functionality has been brought into tcpserver. Ivan Kohler has a tcprange program which allows you to specify a range of addresses in conjunction with tcpcontrol.
  • Dan Bernstein's qmailanalog package analyzes qmail log files in various ways.

[index]

 
   User-Contributed Software for Qmail  
  

General software contributed by users and supporters of the qmail ideal.

  • Russell Nelson has a patch to qmail and ucspi-tcp to use the MAPS RBL to keep spam out of your system by refusing network connections from known spammers.
  • Harald Hanche-Olsen has written a wrapper for qmail, which lets you easily start, stop and restart it. He's also written some code to do dot-locking. Dot-locking slightly unreliable, so Dan doesn't support it in qmail. It's at the page above.
  • David Summers has a qmail-imap Linux RPMS plus just the patches if you want to patch the University of Washington IMAP server with just the one-line patch to get it to work with $HOME/Mailbox.
  • Ali Lomonaco has a patch for finger so it knows to look in $HOME for a Mailbox. It was written for the finger from FreeBSD 2.2.2, which is probably the standard BSD finger.
  • Chael Hall has some utility programs for qmail. One, logger2, responds to a kill-HUP by reopening the file named on its command line for output. The second, restart.pl, is a perl script which will restart qmail after you have changed a control file.
  • Chael Hall's majordomo+qmail patches. Making qmail and Majordomo 1.94 (or later) coexist peacefully.
  • Giles Lean didn't like the idea of patching majordomo, so following a suggestion from J.T. Conklin that he found in the list archives he wrote a majordomo-inject script and some documentation on how to use it. Needs Perl 5.004. New! Nathan J. Mehl has thrown together a bourne shell script to automagically create all of the necessary aliases for a majordomo list with digests in a Qmail environment that uses Giles majordomo-inject.
  • Julie Baumler is using UIUC's ph to redirect mail on her mail hub. She wrote a note on how to configure qmail to use ph.
  • Vince Vielhaber wrote up some instructions on how to make qpopper work with home directory mailboxes.
  • Ximenes Zalteca has a qpopper-2.4 SRPM available which contains a PAMified qpopper with the ~/Mailbox patch applied.
  • Ximenes Zalteca has SysVinit scripts, which are for use with RedHat Linux (and undoubtedly any other SysVinit-using OS). They control qmail, qmail-smtpd, and Qualcomm's qpopper via the following tools: tcpserver, tcpcontrol, cyclog, setuser, supervise, svc, svcstat, accustamp, errosto.
  • Olaf Titz's BSMTP package for qmail, for those who want to run BSMTP over UUCP with qmail. The 10k shar contains an rsmtp program for incoming messages and a maildir2bsmtp program for outgoing messages. Both are written in perl.
  • Russell Nelson's checkhomeownership script will report on users who don't own their home directories or Maildirs. This is important to run before starting up qmail, because sendmail doesn't care a whit whether the user owns their home directory, but home directory ownership is how qmail decides if the user exists or not. If you have a mail hub, and you've botched the home directory ownership, the users will never be logging into it, so they won't notice. And you won't notice either, until they run screaming to you that they haven't gotten the important mail they wanted, and their correspondent noted that the mail bounced.
  • David Summers has some perl scripts that work with maildir2smtp. Now uses APOP-style authentication.
  • Russell Nelson's newbox script to create new maildrops for users who don't have login accounts on their mail server.
  • John Palkovic's qlistbuild.pl program, which creates a mailing list out of a list of email addresses.
  • Russell Nelson has a bounce manager which totally eliminates any need to deal with bounces. This is the final version of bounceman. Ezmlm uses a better algorithm, so I've switched to it.
  • Chris Garrigues wrote a program to pretty-print Received: lines.
  • Brian T. Wightman has written a delayed-mail notifier.
  • Mark Delany has a rmail for people receiving ! addresses via UUCP. It parses ! addresses, applies a number of simple pattern matching rules to convert them to FQDN addresses and injects them into qmail.
  • Russell Nelson has a pair of programs to help keep spam out of your mailbox.
  • Jos Backus has a program to be run from a .qmail file, toolarge, which checks for mail messages that are too large.
  • Russell Nelson has a program to eliminate duplicate messages. It has two modes of operation -- strict and loose. Strict only eliminates perfect duplicates, whose only difference is in the Received: lines. Loose eliminates duplicates that have identical From: Date:, Message-Id: and body parts.
  • Russ Allbery uses Majordomo with qmail. He has some documentation on the subject, as well as mjinject
  • New!Paul Fox has code to trace an smtp connection. It contains a small script, plus some patches to dan's multitee program, which give full tracing of incoming smtp sessions.

[index]

 
   User-Contributed Maildir Support  
  

Maildir-specific software contributed by users and supporters of the qmail ideal. Maildir is a lock-free mailbox standard which is reliable over NFS.

[index]

 
   EZ Mailing List Manager  
  

EZ Mailing List Manager (EZMLM) is a mailing list manager which allows users to create their own mailing lists with a single command.

[index]

 
   Living with Qmail - Tips & Advice  
  

Some good advice for new qmail users, contributed by qmail users.

  • Did you restart qmail? I find that to be a help for a lot of qmail problems. :-) [John Mitchell]
  • You should also check the permissions very carefully on all of the necessary directories and files. [John Mitchell]
  • You must also put the virtual domain into control/rcpthosts or the mailer will bounce the message with a notice saying that the host wasn't in rcpthosts. [John Mitchell]
  • Of course, you must also be the MX for the virtual hosts. I had a problem in my setup that was driving me nuts until I realized that my DNS provider had missed an MX update request. [John Mitchell]
  • Check all lines in sendmail.cf beginning with M. Any that contain P=[IPC] or P=[TCP] should also have E=\r\n. [Tim Goodwin]
  • You might want to limit posting to mailing lists.
  • The right-hand-side of entries in control/virtualdomains should begin with a username. If you don't use a username, the mail will be handled by ~alias. But if you forget, and create a user by that name, then the mail will suddenly be handled by the user, which is probably not what you intended to happen. Best to use, in this case, alias as the username and avoid trouble. [Russ Nelson]
  • remember to add 'preline' before procmail or other filters when moving .forward to .qmail. [Ira Abramov]
  • Run qmail from an init.d script [Larry Doolittle]
  • You can usually create control/rcpthosts from
    sed 's/:.*//' <virtualdomains | cat - locals | sort >rcpthosts
    [Russ Nelson]
  • When setting up qmail to allow selective relaying, to make SURE that hosts_options is compiled into tcp_wrappers before starting. Most Linux distributions come with TCP wrappers pre-installed, but with hosts_options not included.[Gus]
  • Sometimes you need to use a database to forward mail. Create ~alias/.qmail-default like this:
        |if T=`X`; then forward $T; else
           echo "Sorry, no mailbox here by that name (#5.1.1)";
           exit 100; fi
    
    That all goes on one line. Fill in the X part with a program that looks up the user, and exits with zero and prints the destination address, or else exits nonzero if no match is found. By the way, the X program probably should ignore case. For NIS, you would replace the X in the above command with: ypmatch $LOCAL aliases .
    [Russ Nelson]
  • Similarly, you could also use a simple linear search text file named mapping containing lines in the form incoming:outgoing like this:
        |if MAP=`grep "$LOCAL:" mapping` && T=`echo $MAP|sed "s/$LOCAL://"`;
           then forward $T;
           else echo "Sorry, no mailbox here by that name (#5.1.1)";
           exit 100; fi
    

    [Russ Nelson]
  • Anything you print from a program run by a .qmail file ends up in the log file.
    [Russ Nelson]
  • Some syslog library calls use the TZ variable to timestamp the messages. qmail's env invocation strips out the whole environment, which causes the timestamp to be incorrect. When this happens, use env - PATH="/var/qmail/bin:$PATH" TZ=CST6CDT qmail-start ./Mailbox splogger qmail to start qmail.
    [Harald Hanche-Olsen]
  • You can do a reasonable imitation of sendmail delivery, including .forward and /var/spool/mail, with
    #!/bin/sh
    exec qmail-start '|dot-forward .forward
    |preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail
    
    depending on your system's binmail interface. Of course, I recommend throwing binmail away, but people who need to preserve /var/spool/mail should still be able to use qmail.
    [Daniel J. Bernstein]
  • If you want to have private .qmail files which only work on local mail (e.g. a fax gateway), you can put the following test at the beginning of it: | if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi That is, peek at the headers, if the message came from the network, bounce it, otherwise forward it along.
    [John R. Levine]
  • [Daniel J. Bernstein] has three suggestions for allowing your users to relay when they're not at a known IP address (which is the FAQ 5.4 solution):
    • Use a secret IP address and port number, and you'll have much better security than user-chosen passwords.
    • Put a secret string into the HELO string sent by the client. This will be visible to the fixup script, so you can reject messages with bad passwords without changing qmail-smtpd---and it's still more widely supported than XTND XMIT.
    • Oh, you want real security? Check that all messages are PGP-signed by local users. I wouldn't be surprised if PGP plugins are available for more clients than XTND XMIT patches are.
  • [Anand Buddhdev] wrote a program, modified by Russell Nelson for publication here, which wraps around qmail-pop3d and triggers a serialmail delivery to the connecting host whose user just authenticated themselves.

[index]

 
   Alternative Checkpasswords Implementations  
  

qmail-popup and qmail-pop3d are glued together by a program called checkpassword. It's run by qmail-popup, reads the username and password handed to the POP3 daemon, looks them up in /etc/passwd, verifies them, switches to the username/home directory, and runs pop3d. At least that's what the standard one does. Some alternatives are listed below.

Mark Delaney has a clever way to test your checkpassword with a bit of clever command line re-direction. For example, with username fred, password bloggs,
printf "fred\0bloggs\0Y123456\0" | /bin/checkpassword /bin/id 3<&0
will execute /bin/id if the password is right.

The printf is a bit trickier to manipulate if the username/password starts with a digit. If you haven't a printf then enter the data into a file with your favourite binary editor, such as emacs, and then it's simply:
/bin/checkpassword /bin/id 3<test.file

  • Jedi/Sector One has a checklocalpwd.c that checks a configuration file in addition to the users mentioned in /etc/passwd.
  • Bert Gijsbers has changes to qmail-popup and checkpassword to support the APOP command. It consists of a patch to qmail-1.00's qmail-popup to print a timestamp banner to the POP client. The actual APOP request from the client is passed on to Dan's checkpassword which has been extended to deal correctly with the timestamp argument and perform the actual MD5 digest comparison. In addition the code also supports mailbox-only accounts which don't have an entry in /etc/passwd.
  • Jos Backus has a mkpoppass/chkpoppass pair. It uses an alternate username/password file and is written in perl.
  • Christian Vogel has a checkpassword that talks to a RADIUS-server.
  • Bruce Guenter has a C++ checkpassword which implements IP-based virtual domains. Has corresponding add/deluser and passwd commands.
  • Russell Nelson's pop-subaddr patch allows multiple maildirs per POP3 user, all of them authenticated with the same password.
  • Kelley L has diffs to make checkpassword use PAM (Pluggable Authentication Modules), which are used by Solaris and Redhat Linux.
  • New!Christopher Johnson (EI39-1) has a virtual domains package with the following features:
    • Dynamic delivery - no need to have dozens of .qmail files all over the place. Just a single .qmail-default handles all the deliveries
    • Shadow password support - something that seemed to be lacking in the other programs
    • Only takes up 1 entry in /etc/passwd - everything runs under a single UID/GID
    • Decent documentation - actually, some docs I've come across for this are pretty good, but I had a bugger of a time getting the things working (probably 'cos I'm using shadow'd passwords on my own Linux box).
    • Delivers direct to a Maildir for use with qmail-pop3d
  • Steve Simitzis has XTND XMIT mods for qmail-pop3d that also incorporate some patches found on this site.

[index]

 
   Yet More Qmail Addons  
  

Still need something more from qmail? The chances are good that you can find it here, contributed by users and supporters of the qmail ideal.

[index]

 
   Samples from the forthcoming qmail book  
  

John Levine and Russell Nelson are writing a book, to be published in 1998 by O'Reilly & Associates. Here are some sample programs from the book.

  • qmail-qsanity-0.50 checks your queue data structures for internal consistency. If it finds any problems, it prints a warning to stderr. Plans are to change it to generate shell commands which will correct the problems.


Send kudos/brickbats to Russell Nelson. Some design contributed by Steve Cole
Last modified: Mon Feb 9 22:27:42 EST 1998