logo
The qmail home page

View a Japanese-language site
View a Russian-language site
View a Korean-language site
View a Chinese-language site
Proyecto DoQmail - Documentación y soporte a qmail en castellano
qmail francophone

Please note that this site is a reference for qmail users. It's not designed to be easy to use -- it's designed to be comprehensive. There are things in here which have sharp edges! If you're looking for a tutorial site, visit Dave Sill's excellent Life With Qmail site.

qmail is a modern SMTP server which makes sendmail obsolete, written by Dan Bernstein, who also has a web page for qmail. qmail is a secure package. You can download netqmail 1.04 (Redhat RPMs, Mandrake RPMs, and Debian .debs, HP-UX, Gentoo, and OpenBSD ports) and redistribute qmail for free. You can get the "big picture" of how qmail is organized. You should read Life with qmail.

There is a discussion list and an announcements list for qmail users, maintained by Dan Bernstein using qmail, of course. There's also an archive. You can search it. It's also archived at eGroups, and at The Aims Group. Charles Cazabon has written some guidelines for posting to the list. There is also an FAQ, providing answers to frequently-asked questions.

Dan's updated FAQ is also available in other file formats, and in Spanish.

A number of large Internet sites are using qmail: USA.net's outgoing email, Address.com, Rediffmail.com, Colonize.com, Yahoo! mail, Network Solutions, Verio, MessageLabs (searching 100M emails/week for malware), listserv.acsu.buffalo.edu (a big listserv hub, using qmail since 1996), Ohio State (biggest US University), Yahoo! Groups, Listbot, USWest.net (Western US ISP), RIPE, Telenordia, gmx.de (German ISP), NetZero (free ISP), Critical Path (email outsourcing service w/ 15M mailboxes), PayPal/Confinity, Hypermart.net, Casema, Pair Networks, Topica, MyNet.com.tr, FSmail.net, and vuurwerk.nl.

Charles Cazabon, Dave Sill, and Russell Nelson have put together a netqmail-1.04 distribution of qmail. It is comprised of qmail-1.03 plus the recommended patches, some documentation, and a shell script which prepares the files for compilation.

Table of Contents:

 
   Commercial Support  
  

Commercial support is available for qmail.

  • Crynwr Software. Support is available on-site, by 800 number, or over the Internet. 1-800-233-7351
  • 2INTERACTIVE.COM, LLC - Enterprise Qmail support w/ virus scan, imap, imap-ssl, vpopmail, qmailmrtg, spam filtering. Over 80 successful installations to date. (866)359-4678 TOLL FREE.
  • Network Design & Build offers qmail consultancy in the UK and elsewhere in Europe (or beyond).
  • LinuxIS Consulting, LLC provides consulting, installation, and support services for qmail, djbdns, and most other DJB-ware and Open Source software. Forms of payment accepted include Visa, M/C, American Express and Paypal.
  • BERGMANN engineering & consulting from Vienna/Austria offers preconfigured or custom build qmail-systems (qmail, pop, imap, ldap, ezmlm, antivirus/antispam) firewalls and VPN-gateways anywhere in Europe.
  • Inter7 provides qmail support world-wide: remote access or at your location. Call toll free in the U.S. at 866.528.3530 and Internationally at 847.492.0470.
  • Saffron Solutions,LLC offers system and network engineering and administration. We install, support, and troubleshoot qmail, djbdns, and many others.
  • G-Tech Consulting offers high-quality services at the lowest prices. We offer support for Qmail, Sqwebmail, Courier-Imap, djbdns, etc and a wide variety of open-source software such as Apache, ProFTPD, Linux, FreeBSD, OpenBSD.
  • Quist Consulting provides support for qmail in Canada, the USA and elsewhere over the Internet.
  • tummy.com, ltd. provides commercial support for qmail. They are available by email, telephone or onsite. They accept Discover/Visa/MC/Amex and purchase orders. 970 223-8215 info@tummy.com
  • Internet Infrastructure Group, LLC provides custom Qmail installations (WebMail, Anti-Virus, Anti-SPAM, DNS, Apache, IIS, Routers, Firewalls) + support via phone, remotely, and on-site in NY metro, U.S. & world wide at very competitive rates.
  • Stand Blue Technology provides commercial support for qmail, TMDA, djbdns, ezmlm, vpopmail, SpamAssassin and many other open source packages. Support is available in the USA and other places around the Internet.
  • bettercom (located in Hamburg, Germany) provides support, installation and administration services for qmail and other open-source software in Germany and elsewhere in Europe.
  • LinuxMagic provides support for a wide variety of open source software, including Linux, qmail, ezmlm and many more. They can perform new installations, help with customization, and support/upgrade existing installations.
  • David Harris, author of open source qmail addons, provides expert qmail support and installation through his firm DRH Internet. Call toll free at 866-374-4678; internationally 410-461-5316.
  • iBase Technologies from Hong Kong offers qmail based corporate email solutions for the Asian region. Solutions include corporate email solutions, anti-spam/anti-virus, high-volume servers, consultancy and system administration services.

 
   User-Contributed Documentation  
  

Documentation contributed by users

[index]

 
   Author's Enhancement Software for qmail  
  

Enhancements and additions to qmail by its author, Dan Bernstein.

[index]

 
   User-Contributed Software for Qmail  
  

General software contributed by users and supporters of qmail.

[index]

 
   User-Contributed Maildir Support  
  

Maildir-specific software contributed by qmail users. Maildir is a lock-free mailbox standard which is reliable over NFS.

[index]

 
   EZ Mailing List Manager  
  

EZ Mailing List Manager (EZMLM) is a mailing list manager which allows users to create their own mailing lists with a single command.

  • Dan Bernstein's ezmlm page.
  • Fred Lindberg and Fred B. Ringel have written an ezmlm FAQ. In addition, Fred L. has also written (in his copious free time) the Ezman, an ezmlm manual for both list owners and users.
  • Fred Lindberg has an add-on to ezmlm-0.53 called ezmlm-idx. It gives you headers, trailers, threaded digests, multi-message get, thread retrieval in MIME multipart/digest with headers filtered to make the digest rfc1153-like (default). It also has all aspects of message moderation, subscription moderation, and remote administration of subscriber addresses.
  • Fred Lindberg is the latest author of code to ensure that an ezmlm subscriber is on the list
  • Fred Lindberg has an EZMLM list splitter. It forwards subscribe/unsubscribe requests from a main list to one of a set of sublists based on the target address (hash or domain name). This way, the list can be split into a number of hosts for load splitting or geographic splitting without inconveniencing the user (who always deals with the main list).
  • Özgür Kesim has a ezmlm HOWTO for advanced mailing lists.
  • Steve Peterson implemented a simple web subscribe/unsubscribe interface to ezmlm.
  • Michael Hirohama wrote Ezmlm-Thresh, which allows EZMLM mailing list messages to be limited to a threshold per subscriber.
  • Guy Antony Halse has a web interface to ezmlm called ezmlm-web, currently at 2.1. It has improvements over Glen Stewart's version.
  • Glen Stewart has improved on Guy Antony Halse's EZmlm-Web 1.02. He's calling his version EZmlm-Web v1.0.2gs1.2. The gs1.2 version suffix modifications are fairly extensive and done by Glen Stewart. Some of the most notable changes in this release include:
    • list owner logon screen & password
    • ListMaster access/control from filtered, configurable IP addresses
    • Only the ListMaster can create and delete lists
    • skeleton support for WebGlimpse indexing of selected list archives
    • spam filter option for list owner addresses
    • tooltip help for all list configuration settings
    • case-insensitive list and subscriber address sorting
    • list owner can change their owner address
    • configuration tour (help) for list owners
    • many other fixes and enhancements
  • Sergiusz Pawlowicz wrote ezmlm-cgi-py, a more approachable (i.e. Python, not djb-C) version of "the Freds" ezmlm-cgi archive formatter.

[index]

 
   Living with Qmail - Tips & Advice  
  

Some good advice for new qmail users, contributed by qmail users.

  • Did you restart qmail? I find that to be a help for a lot of qmail problems. :-) [John Mitchell]
  • You should also check the permissions very carefully on all of the necessary directories and files. [John Mitchell]
  • You must also put the virtual domain into control/rcpthosts or the mailer will bounce the message with a notice saying that the host wasn't in rcpthosts. [John Mitchell]
  • Of course, you must also be the MX for the virtual hosts. I had a problem in my setup that was driving me nuts until I realized that my DNS provider had missed an MX update request. [John Mitchell]
  • Check all lines in sendmail.cf beginning with M. Any that contain P=[IPC] or P=[TCP] should also have E=\r\n. [Tim Goodwin]
  • You might want to limit posting to mailing lists.
  • The right-hand-side of entries in control/virtualdomains should begin with a username. If you don't use a username, the mail will be handled by ~alias. But if you forget, and create a user by that name, then the mail will suddenly be handled by the user, which is probably not what you intended to happen. Best to use, in this case, alias as the username and avoid trouble. [Russ Nelson]
  • remember to add 'preline' before procmail or other filters when moving .forward to .qmail. [Ira Abramov]
  • If you use qmail's preline utility, remember that preline expects to pipe the entire mail message through the specified program. If the specified program closes standard input before preline has finished, preline will exit with a transient failure and you'll see the following error in your logs: 
        deferral: preline:_fatal:_unable_to_copy_input:_broken_pipe/
    You'll see this problem if you try to use the sendmail version of vacation. Use Peter's vacation program instead. [Peter Samuel]
  • Run qmail from an init.d script [Larry Doolittle]
  • You can usually create control/rcpthosts from
    sed 's/:.*//' <virtualdomains | cat - locals | sort >rcpthosts
    [Russ Nelson]
  • Sometimes you need to use a database to forward mail. Create ~alias/.qmail-default like this: 
        |if T=`X`; then forward $T; else
       echo "Sorry, no mailbox here by that name (#5.1.1)";
       exit 100; fi
    That all goes on one line. Fill in the X part with a program that looks up the user, and exits with zero and prints the destination address, or else exits nonzero if no match is found. By the way, the X program probably should ignore case. For NIS, you would replace the X in the above command with: ypmatch $LOCAL aliases .
    [    Russ Nelson]
  • Similarly, you could also use a simple linear search text file named mapping containing lines in the form incoming:outgoing like this: 
        |if MAP=`grep -i "$LOCAL:" mapping` && T=`echo $MAP |  awk -F: '{print $2}'` ;
       then forward $T;
       else echo "Sorry, no mailbox here by that name (#5.1.1)";
       exit 100; fi

    [Russ Nelson]
  • Anything you print from a program run by a .qmail file ends up in the log file.
    [Russ Nelson]
  • Some syslog library calls use the TZ variable to timestamp the messages. qmail's env invocation strips out the whole environment, which causes the timestamp to be incorrect. When this happens, use env - PATH="/var/qmail/bin:$PATH" TZ=CST6CDT qmail-start ./Mailbox splogger qmail to start qmail.
    [Harald Hanche-Olsen]
  • You can do a reasonable imitation of sendmail delivery, including .forward and /var/spool/mail, with 
    #!/bin/sh
exec qmail-start '|dot-forward .forward
|preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail
    depending on your system's binmail interface. Of course, I recommend throwing binmail away, but people who need to preserve /var/spool/mail should still be able to use qmail.
    [Daniel J. Bernstein]
  • If you want to have private .qmail files which only work on local mail (e.g. a fax gateway), you can put the following test at the beginning of it (all on one line): | if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi That is, peek at the headers, if the message came from the network, bounce it, otherwise forward it along.
    [John R. Levine]
  • [Daniel J. Bernstein] has three suggestions for allowing your users to relay when they're not at a known IP address (which is the FAQ 5.4 solution):
    • Use a secret IP address and port number, and you'll have much better security than user-chosen passwords.
    • Put a secret string into the HELO string sent by the client. This will be visible to the fixup script, so you can reject messages with bad passwords without changing qmail-smtpd---and it's still more widely supported than XTND XMIT.
    • Oh, you want real security? Check that all messages are PGP-signed by local users. I wouldn't be surprised if PGP plugins are available for more clients than XTND XMIT patches are.
  • [Anand Buddhdev] wrote turnmail, modified by Russell Nelson for publication here, which wraps around qmail-pop3d and triggers a serialmail delivery to the connecting host whose user just authenticated themselves. Or, a Unix system can use fetchmail, getmail or an NT system pullmail.
  • Dan Bernstein suggested that one might give ordinary users access to qmail-qread through ucspi. Steinar Haug implemented that suggestion thusly with a client that looks like this: 
    #!/bin/sh
exec /local/etc/tcpclient -RHl0 -- 127.0.0.1 20025 sh -c 'exec cat <&6'
    and he starts the server like this: 
    tcpserver -u126 -g120 -R 127.0.0.1 20025 /var/qmail/bin/qmail-qread &
  • The default delivery instructions, which are invoked when a .qmail file is nonexistent or empty, are found in the first parameter of qmail-start. That's why the install instructions tell you to touch .qmail-root .qmail-mailer-daemon and .qmail-postmaster.
  • [Anand Buddhdev] recommends pullmail, which is a Windows NT program that pulls mail from a POP3 server, and stuffs it into NT's SMTP server.
  • [Mark Delany] modifies FAQ 2.3 so he can use the same .qmail file for multiple UUCP sites: Here is our .qmail-uucpfqdn-default file (all on one line) |preline -df /usr/bin/uux - -r -gC -a"$SENDER" `echo $EXT | cut -f2 -d-`!rmail "(${EXT3}@$HOST)" And here is a sample virtualdomains entry: some.domain:uucpfqdn-uuhostname
  • Dan Bernstein noted that qmail will skip dns queries for incoming mail with tcpserver -Hl your.host.name; and you can skip them for outgoing mail with control/smtproutes.
  • Harald Hanche-Olsen has a solution to the problem of mail that has wrongly been queued for a remote host (because, say, you didn't have a host in your locals or virtualdomains): echo tcn.net:[127.0.0.1] >> /var/qmail/control/smtproutes Now send qmail-send an ALRM signal.
  • Hitesh Patel has a patch for UnixWare 2.1.x and 7.0.x, which is not currently supported by qmail.

    By the way..... the patch above opens up the option of sending mail to root... if you want this then just copy the right files into your qmail source directory... if you don't go into conf-unusual.h and comment out line 25 that says "#define ALLOW_ROOT_MAIL 1". Probably a good idea to comment it out -russ .

  • Daniel J. Bernstein suggests that if you have buggy clients that send bare LFs, and you want to treat their messages the same way sendmail does, you can simply run his fixcrio program instead of qmail-smtpd for your outgoing mail relay. fixcrio then takes qmail-smtpd as argument. fixcrio is part of the ucspi-tcp package.
  • Balazs Nagy likes to watch logs in a virtual terminal (/dev/tty8). He uses 
    ... | tee >(accustamp | tailocal > /dev/tty8) | accustamp | cyclog
    The extra accustamp seems to be needed to make it work with bash.
  • Frederik Vermeulen says: If you don't want a specific undeliverable mail to sit in the queue any longer, you can make it reach the queuelifetime by running touch -d '1 week ago' on its queue/info file. It will then be bounced after one more delivery attempt.
  • Russ Nelson has used qmail-local to deliver to a dynamic Mailbox or Maildir name. He does it like this: |qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST" "$SENDER" "/path/to/users/maildir/here/"
  • Harald Hanche-Olsen warns people to beware when patching Solaris machines, because at least one patch restores the /etc/rc?.d/[SK]??sendmail symlink. You might want to remove files matching that name in your startup scripts.
  • Vern Hart doesn't like a pile of .qmail files in his home directory. So he uses users/assign to put them into a subdirectory: 
    =vern:vern:2244:18:/home/vern:::
+vern-:vern:2244:18:/home/vern:s/::
    This puts .qmail in his home directory but everything else is in .qmails/. This changes ~/.qmail-foo to ~/.qmails/foo and really cleans up his home.
  • Jim Simmons points out that you can stop linuxconf from creating a potential security hole by removing the /usr/sbin/sendmail line from /usr/lib/linuxconf/redhat/perm. If you don't do this, linuxconf will change /var/qmail/bin/sendmail to running suid.
  • Dag Wieers wants to see all messages that are delivered to his domain but were bounced because the user or alias does not exist. Since you cannot forward and pipe in the same dot-qmail he found the following solution to be his most simple option, .qmail-default: 
    |forward dag@mind.be &>/dev/null
|echo "Sorry, no mailbox here by that name. (#5.1.1)"; exit 100
    This way someone can simply check those mails regularly and forward them to the right person manually (which sometimes saves time when people are waiting for feedback)
  • Peter van Dijk suggests that you have two services running smtpd, one using recordio and the other not. He says that it's a great diagnostic tool. Create /service/qmail-smtpd as you would normally. Create /service/qmail-smtpd-recordio as a copy with recordio inserted, and logging to a separate space (be sure to chmod this logdir tight because recordio records complete emails). Create /service/qmail-smtpd-recordio/down. The switchover is then simply: 
    # svc -u /service/qmail-smtpd-recordio ; svc -d /var/service/qmail-smtpd
    and viceversa.
  • Han Boetes blocks sites with no reverse dns. He uses the following tcp.smtp file. The only thing I would do differently is to set RBLSMTPD instead of just denying the connection. 
    127.0.0.1:allow,RELAYCLIENT=""
172.16.11.:allow,RELAYCLIENT=""
=:allow
:deny
  • newAdrian Knoth suggests that your Unix client machines can use stunnel's public key mechanism to authenticate smtp.
  • newRichard Lyons points out that multilog has filtering capabilities, see http://cr.yp.to/daemontools/multilog.html. If you leave recordio in place you can select what bits of the output to write. For example: 
    multilog t '-* * > *' '-* * < *' /var/log/qmail/smtpd \
           '-*' '+* * > 5*' /var/log/qmail/smtpd-err
    will do the normal logging to /var/log/qmail/smtpd, and will record 5xx errors sent by your server to the client in /var/log/qmail/smtpd-err.
  • newQmail-popup redirects stderr to stdout, thus making it impossible to write a wrapper around qmail-pop3d which writes to the logfile by writing to stderr. Being a little cleverer with the shell, you can also redirect FD 7 onto stdout like this: 
    /var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2>&1 7>&1
    Once you've done that, qmail-pop3d-wrapper.sh can log to FD 7, like this: 
    #!/bin/sh
echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" >&7
$@
  • newAlex Greg likes to see the output of svstat expressed in dhms instead of seconds.

[index]

 
   Alternative Checkpassword Implementations  
  

qmail-popup and qmail-pop3d are glued together by a program called checkpassword. It's run by qmail-popup, reads the username and password handed to the POP3 daemon, looks them up in /etc/passwd, verifies them, switches to the username/home directory, and runs pop3d. At least that's what the standard one does. Some alternatives are listed below.

Mark Delany has a clever way to test your checkpassword with a bit of command line re-direction. For example, with username fred, password bloggs,
printf "fred\0bloggs\0Y123456\0" | /bin/checkpassword `which id` 3<&0
will execute /bin/id if the password is right.

The printf is a bit trickier to manipulate if the username/password starts with a digit. If you haven't a printf then enter the data into a file with your favourite binary editor, such as emacs, and then it's simply:
/bin/checkpassword /bin/id 3<test.file

Or use perl: perl -e 'printf "%s\0%s\0Y123456\0","fred","bloggs"' | ...

[index]

 
   Yet More Qmail Addons  
  

Still need something more from qmail? The chances are good that you can find it here, contributed by users and supporters of qmail.

[index]

 
   Microsoft virus prevention  
  
Microsoft products are susceptible to a large variety of viruses, worms, and other fauna. The best solution is to not use them. A secondary solution is to use anti-virus software to keep viruses away from Microsoft products.

[index]

 
   Patches for high-volume servers  
  
  • Dave Smith of XOOM.com has updated Russell Nelson's big-todo patch for qmail 1.03. Bruce Guenter added a fix for qmail-qstat. Big-todo is only useful if you need to inject email into the queue when qmail-send is not running. This is not the usual case.
  • Johannes Erdfelt of S.u.S.E wrote a patch to allow qmail to use a concurrency greater than 240.
  • If your queue gets larger than about 23,000 separate messages you'll need to change conf-split and recompile. Different Unix filesystems will affect that 23,000 figure, but not by more than a factor of two. This will ruin your queue, however. The best way to make this change is to run two copies of qmail like this:
    1. stop qmail.
    2. rename /var/qmail to /var/qmail2.
    3. change conf-qmail to /var/qmail2.
    4. make setup.
    5. change conf-split to a prime number which reflects your requirements.
    6. change conf-qmail back to /var/qmail
    7. make setup.
    8. restart qmail
    9. run /var/qmail2/rc. In a week you'll be deleting this copy, so don't worry about setting it up under daemontools.
  • newRuss Nelson discards doublebounces without queuing them with his doublebounce-trim patch.

[index]

 
   Anti-spam techniques and code  
  

[index]

 
   Qmail books  
  

[index]

 
   Recommended patches  
  
  • The definitions of errno in qmail (and tcpserver) do not work with the newest glibc (2.3.1). Debian and redhat are updating to this glibc. Executables compiled with older glibc's (2.3) abort on startup, and recompilation with 2.3.1 is not possible. Mate Wierdl has patches for all of djb's software.
  • Erik Sjölund pointed out this bug in qmail-local.
  • qmail ought to recognize 0.0.0.0 as a local IP address. This patch from Scott Gifford implements that change.
  • David Phillips noticed that sendmail's -f option sets a default From: header, and so should qmail's emulation.
  • Bruce Guenter has written a patch which causes any program that would run qmail-queue to look for an environment variable QMAILQUEUE. If it is present, it is used in place of the string "bin/qmail-queue" when running qmail-queue. This could be used, for example, to add a program into the qmail-smtpd->qmail-queue pipeline that could do filtering, rewrite broken headers, etc.

Send kudos/brickbats/contributions to Russell Nelson. Some design contributed by Steve Cole and Olivier Mueller. Some lint'ing by Paul Theodoropoulos.
Last modified: Tue Dec 16 01:05:38 EST 2003















































Gratuitious blank lines added so that top.html#link works.