logo
The qmail home page

View a Japanese-language site
View a Russian-language site
View a Korean-language site
View a Chinese-language site
Proyecto DoQmail - Documentación y soporte a qmail en castellano
qmail francophone

Please note that this site is a reference for qmail users. It's not designed to be easy to use -- it's designed to be comprehensive. There are things in here which have sharp edges! If you're looking for a tutorial site, visit Dave Sill's excellent Life With Qmail site.

qmail is a modern SMTP server which makes sendmail obsolete, written by Dan Bernstein, who also has a web page for qmail. qmail is a secure package. You can download netqmail 1.05 (Redhat RPMs, and Debian .debs, HP-UX, Gentoo, and OpenBSD ports) and redistribute qmail for free. You can get the "big picture" of how qmail is organized. You should read Life with qmail.

There is a discussion list and an announcements list for qmail users, maintained by Dan Bernstein using qmail, of course. There's also an archive. You can search it. It's also archived at eGroups, at The Aims Group, at Gossamer Threads, and in Mailbox-format archives. Charles Cazabon has written some guidelines for posting to the list. There is also an FAQ, providing answers to frequently-asked questions. qmail is not open source.

Dan's updated FAQ is also available in other file formats, and in Spanish.

A number of large Internet sites are using qmail: USA.net's outgoing email, Address.com, Rediffmail.com, Colonize.com, Yahoo! mail, Network Solutions, Verio, MessageLabs (searching 100M emails/week for malware), listserv.acsu.buffalo.edu (a big listserv hub, using qmail since 1996), Ohio State (biggest US University), Yahoo! Groups, Listbot, USWest.net (Western US ISP), Telenordia, gmx.de (German ISP), NetZero (free ISP), Critical Path (email outsourcing service w/ 15M mailboxes), PayPal/Confinity, Hypermart.net, Casema, Pair Networks, Topica, MyNet.com.tr, FSmail.net, Mycom.com, and vuurwerk.nl.

updated Charles Cazabon, Dave Sill, Henning Brauer, Peter Samuel, and Russell Nelson have put together a netqmail-1.05 distribution of qmail. It is comprised of qmail-1.03 plus the recommended patches, some documentation, and a shell script which prepares the files for compilation.

Table of Contents:

 
   Commercial Support  
  

Commercial support is available for qmail.

  • Crynwr Software. Support is available on-site, by 800 number, or over the Internet. 1-800-233-7351 or FWD# 404529.
  • James Craig Burley, Software Craftsperson, offers assessment, installation, support, training, and documentation for qmail and related software, specializing in low-maintenance, rock-solid anti-spam, anti-virus solutions for small- and medium-size organizations.
  • Internet Infrastructure Group, LLCprovides installations and support of Qmail, WebMail, Anti-Virus, Anti-SPAM, DNS, Apache, IIS, Routers, Firewalls. Support is available via email, remotely, phone and on-site in New York metro, U.S. & world wide at very competitive rates. Call Toll Free: 888-794-3832
  • Saffron Solutions is a customer-focused IT services company offering computer system, network, and security consulting and systems integration. Based in Boston, MA, Saffron Solutions provides qmail and other open source software support to customers in the US and Canada.
  • bettercom (located in Hamburg, Germany) provides support, installation and administration services for qmail and open-source software in Germany and elsewhere in Europe.
  • Network Design & Build installs and supports qmail systems of all sizes in the UK and elsewhere in Europe (or beyond).
  • G-Tech Consulting offers high-quality services and support contracts at the lowest prices. We offer support for Qmail, Webmail, Courier-Imap, djbdns, etc and a wide variety of open-source software such as Apache, ProFTPD, Linux, FreeBSD, OpenBSD.
  • David Harris, author of open source qmail addons, provides expert qmail support and installation through his firm DRH Internet. Call toll free at 866-374-4678; internationally 410-461-5316.
  • Inter7 provides qmail support world-wide: remote access or at your location. Call toll free in the U.S. at 866.528.3530, Internationally at 815.776.9465 or via Voip at sip:support@inter7.com
  • Quist Consulting provides support for qmail in Canada, the USA and elsewhere over the Internet.
  • AiDA Systems offers Qmail, Webmail AntiVirus, AntiSpam, and djbdns support. We also offer high-availability, clustering, redundancy, load balancing (layer 4 switching, round-robin dns) and failover services for medium/large ISP's. We also support migration from Windows/Unix platforms to any Unix platform (FreeBSD, OpenBSD, Linux, Solaris, others) Call 209.639.2989
  • BlackMesh provides a full range of qmail services, from consulting to shared qmail servers and dedicated qmail servers. In addition to qmail support, BlackMesh provides a full range of consulting and hosting--from shared to dedicated--services. 888.473.0854
  • iBase Technologies from Hong Kong offers qmail based corporate email solutions for the Asian region. Solutions include corporate email solutions, anti-spam/anti-virus, high-volume servers, consultancy and system administration services.
  • Cyber Sentry provide consultancy services and support for European ISP's and corporations. Contact us at www.cyber-sentry.com.

 
   User-Contributed Documentation  
  

Documentation contributed by users

[index]

 
   Author's Enhancement Software for qmail  
  

Enhancements and additions to qmail by its author, Dan Bernstein.

[index]

 
   User-Contributed Software for Qmail  
  

General software contributed by users and supporters of qmail.

[index]

 
   User-Contributed Maildir Support  
  

Maildir-specific software contributed by qmail users. Maildir is a lock-free mailbox standard which is reliable over NFS.

[index]

 
   EZ Mailing List Manager  
  

EZ Mailing List Manager (EZMLM) is a mailing list manager which allows users to create their own mailing lists with a single command.

  • Dan Bernstein's ezmlm page.
  • Fred Lindberg and Fred B. Ringel have written an ezmlm FAQ. In addition, Fred L. has also written (in his copious free time) the Ezman, an ezmlm manual for both list owners and users.
  • Fred Lindberg has an add-on to ezmlm-0.53 called ezmlm-idx. It gives you headers, trailers, threaded digests, multi-message get, thread retrieval in MIME multipart/digest with headers filtered to make the digest rfc1153-like (default). It also has all aspects of message moderation, subscription moderation, and remote administration of subscriber addresses.
  • Fred Lindberg is the latest author of code to ensure that an ezmlm subscriber is on the list
  • Fred Lindberg has an EZMLM list splitter. It forwards subscribe/unsubscribe requests from a main list to one of a set of sublists based on the target address (hash or domain name). This way, the list can be split into a number of hosts for load splitting or geographic splitting without inconveniencing the user (who always deals with the main list).
  • Özgür Kesim has a ezmlm HOWTO for advanced mailing lists.
  • Steve Peterson implemented a simple web subscribe/unsubscribe interface to ezmlm.
  • Michael Hirohama wrote Ezmlm-Thresh, which allows EZMLM mailing list messages to be limited to a threshold per subscriber.
  • Guy Antony Halse has a web interface to ezmlm called ezmlm-web, currently at 2.1. It has improvements over Glen Stewart's version.
  • Glen Stewart has improved on Guy Antony Halse's EZmlm-Web 1.02. He's calling his version EZmlm-Web v1.0.2gs1.2. The gs1.2 version suffix modifications are fairly extensive and done by Glen Stewart. Some of the most notable changes in this release include:
    • list owner logon screen & password
    • ListMaster access/control from filtered, configurable IP addresses
    • Only the ListMaster can create and delete lists
    • skeleton support for WebGlimpse indexing of selected list archives
    • spam filter option for list owner addresses
    • tooltip help for all list configuration settings
    • case-insensitive list and subscriber address sorting
    • list owner can change their owner address
    • configuration tour (help) for list owners
    • many other fixes and enhancements
  • Sergiusz Pawlowicz wrote ezmlm-cgi-py, a more approachable (i.e. Python, not djb-C) version of "the Freds" ezmlm-cgi archive formatter.

[index]

 
   Living with Qmail - Tips & Advice  
  

Some good advice for new qmail users, contributed by qmail users.

  • Did you restart qmail? I find that to be a help for a lot of qmail problems. :-) [John Mitchell]
  • You should also check the permissions very carefully on all of the necessary directories and files. [John Mitchell]
  • You must also put the virtual domain into control/rcpthosts or the mailer will bounce the message with a notice saying that the host wasn't in rcpthosts. [John Mitchell]
  • Of course, you must also be the MX for the virtual hosts. I had a problem in my setup that was driving me nuts until I realized that my DNS provider had missed an MX update request. [John Mitchell]
  • Check all lines in sendmail.cf beginning with M. Any that contain P=[IPC] or P=[TCP] should also have E=\r\n. [Tim Goodwin]
  • You might want to limit posting to mailing lists.
  • The right-hand-side of entries in control/virtualdomains should begin with a username. If you don't use a username, the mail will be handled by ~alias. But if you forget, and create a user by that name, then the mail will suddenly be handled by the user, which is probably not what you intended to happen. Best to use, in this case, alias as the username and avoid trouble. [Russ Nelson]
  • remember to add 'preline' before procmail or other filters when moving .forward to .qmail. [Ira Abramov]
  • If you use qmail's preline utility, remember that preline expects to pipe the entire mail message through the specified program. If the specified program closes standard input before preline has finished, preline will exit with a transient failure and you'll see the following error in your logs:
        deferral: preline:_fatal:_unable_to_copy_input:_broken_pipe/
    
    You'll see this problem if you try to use the sendmail version of vacation. Use Peter's vacation program instead. [Peter Samuel]
  • Run qmail from an init.d script [Larry Doolittle]
  • You can usually create control/rcpthosts from
    sed 's/:.*//' <virtualdomains | cat - locals | sort >rcpthosts
    [Russ Nelson]
  • Sometimes you need to use a database to forward mail. Create ~alias/.qmail-default like this:
        |if T=`X`; then forward $T; else
           echo "Sorry, no mailbox here by that name (#5.1.1)";
           exit 100; fi
    
    That all goes on one line. Fill in the X part with a program that looks up the user, and exits with zero and prints the destination address, or else exits nonzero if no match is found. By the way, the X program probably should ignore case. For NIS, you would replace the X in the above command with: ypmatch $LOCAL aliases .
    [
    Russ Nelson]
  • Similarly, you could also use a simple linear search text file named mapping containing lines in the form incoming:outgoing like this:
        |if MAP=`grep -i "$LOCAL:" mapping` && T=`echo $MAP |  awk -F: '{print $2}'` ;
           then forward $T;
           else echo "Sorry, no mailbox here by that name (#5.1.1)";
           exit 100; fi
    

    [Russ Nelson]
  • Anything you print from a program run by a .qmail file ends up in the log file.
    [Russ Nelson]
  • You can do a reasonable imitation of sendmail delivery, including .forward and /var/spool/mail, with
    #!/bin/sh
    exec qmail-start '|dot-forward .forward
    |preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail
    
    depending on your system's binmail interface. Of course, I recommend throwing binmail away, but people who need to preserve /var/spool/mail should still be able to use qmail.
    [Daniel J. Bernstein]
  • If you want to have private .qmail files which only work on local mail (e.g. a fax gateway), you can put the following test at the beginning of it (all on one line): | if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi That is, peek at the headers, if the message came from the network, bounce it, otherwise forward it along.
    [John R. Levine]
  • [Daniel J. Bernstein] has three suggestions for allowing your users to relay when they're not at a known IP address (which is the FAQ 5.4 solution):
    • Use a secret IP address and port number, and you'll have much better security than user-chosen passwords.
    • Put a secret string into the HELO string sent by the client. This will be visible to the fixup script, so you can reject messages with bad passwords without changing qmail-smtpd---and it's still more widely supported than XTND XMIT.
    • Oh, you want real security? Check that all messages are PGP-signed by local users. I wouldn't be surprised if PGP plugins are available for more clients than XTND XMIT patches are.
  • [Anand Buddhdev] wrote turnmail, modified by Russell Nelson for publication here, which wraps around qmail-pop3d and triggers a serialmail delivery to the connecting host whose user just authenticated themselves. Or, a Unix system can use fetchmail, getmail or an NT system pullmail.
  • Dan Bernstein suggested that one might give ordinary users access to qmail-qread through ucspi. Steinar Haug implemented that suggestion thusly with a client that looks like this:
    #!/bin/sh
    exec /local/etc/tcpclient -RHl0 -- 127.0.0.1 20025 sh -c 'exec cat <&6'
    
    and he starts the server like this:
    tcpserver -u126 -g120 -R 127.0.0.1 20025 /var/qmail/bin/qmail-qread &
  • The default delivery instructions, which are invoked when a .qmail file is nonexistent or empty, are found in the first parameter of qmail-start. That's why the install instructions tell you to touch .qmail-root .qmail-mailer-daemon and .qmail-postmaster.
  • [Anand Buddhdev] recommends pullmail, which is a Windows NT program that pulls mail from a POP3 server, and stuffs it into NT's SMTP server.
  • [Mark Delany] modifies FAQ 2.3 so he can use the same .qmail file for multiple UUCP sites: Here is our .qmail-uucpfqdn-default file (all on one line) |preline -df /usr/bin/uux - -r -gC -a"$SENDER" `echo $EXT | cut -f2 -d-`!rmail "(${EXT3}@$HOST)" And here is a sample virtualdomains entry: some.domain:uucpfqdn-uuhostname
  • Dan Bernstein noted that qmail will skip dns queries for incoming mail with tcpserver -Hl your.host.name; and you can skip them for outgoing mail with control/smtproutes.
  • Harald Hanche-Olsen has a solution to the problem of mail that has wrongly been queued for a remote host (because, say, you didn't have a host in your locals or virtualdomains): echo tcn.net:[127.0.0.1] >> /var/qmail/control/smtproutes Now send qmail-send an ALRM signal.
  • Hitesh Patel has a patch for UnixWare 2.1.x and 7.0.x, which is not currently supported by qmail.

    By the way..... the patch above opens up the option of sending mail to root... if you want this then just copy the right files into your qmail source directory... if you don't go into conf-unusual.h and comment out line 25 that says "#define ALLOW_ROOT_MAIL 1". Probably a good idea to comment it out -russ .

  • Daniel J. Bernstein suggests that if you have buggy clients that send bare LFs, and you want to treat their messages the same way sendmail does, you can simply run his fixcrio program instead of qmail-smtpd for your outgoing mail relay. fixcrio then takes qmail-smtpd as argument. fixcrio is part of the ucspi-tcp package.
  • Balazs Nagy likes to watch logs in a virtual terminal (/dev/tty8). He uses
    ... | tee >(accustamp | tailocal > /dev/tty8) | accustamp | cyclog
    
    The extra accustamp seems to be needed to make it work with bash.
  • Frederik Vermeulen says: If you don't want a specific undeliverable mail to sit in the queue any longer, you can make it reach the queuelifetime by running touch -d '1 week ago' on its queue/info file. It will then be bounced after one more delivery attempt.
  • Russ Nelson has used qmail-local to deliver to a dynamic Mailbox or Maildir name. He does it like this: |qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST" "$SENDER" "/path/to/users/maildir/here/"
  • Harald Hanche-Olsen warns people to beware when patching Solaris machines, because at least one patch restores the /etc/rc?.d/[SK]??sendmail symlink. You might want to remove files matching that name in your startup scripts.
  • Vern Hart doesn't like a pile of .qmail files in his home directory. So he uses users/assign to put them into a subdirectory:
    =vern:vern:2244:18:/home/vern:::
    +vern-:vern:2244:18:/home/vern:s/::
    
    This puts .qmail in his home directory but everything else is in .qmails/. This changes ~/.qmail-foo to ~/.qmails/foo and really cleans up his home.
  • Jim Simmons points out that you can stop linuxconf from creating a potential security hole by removing the /usr/sbin/sendmail line from /usr/lib/linuxconf/redhat/perm. If you don't do this, linuxconf will change /var/qmail/bin/sendmail to running suid.
  • Dag Wieers wants to see all messages that are delivered to his domain but were bounced because the user or alias does not exist. Since you cannot forward and pipe in the same dot-qmail he found the following solution to be his most simple option, .qmail-default:
    |forward dag@mind.be &>/dev/null
    |echo "Sorry, no mailbox here by that name. (#5.1.1)"; exit 100
    
    This way someone can simply check those mails regularly and forward them to the right person manually (which sometimes saves time when people are waiting for feedback)
  • Peter van Dijk suggests that you have two services running smtpd, one using recordio and the other not. He says that it's a great diagnostic tool. Create /service/qmail-smtpd as you would normally. Create /service/qmail-smtpd-recordio as a copy with recordio inserted, and logging to a separate space (be sure to chmod this logdir tight because recordio records complete emails). Create /service/qmail-smtpd-recordio/down. The switchover is then simply:
    # svc -u /service/qmail-smtpd-recordio ; svc -d /var/service/qmail-smtpd
    
    and viceversa.
  • Han Boetes blocks sites with no reverse dns. He uses the following tcp.smtp file. The only thing I would do differently is to set RBLSMTPD instead of just denying the connection.
    127.0.0.1:allow,RELAYCLIENT=""
    172.16.11.:allow,RELAYCLIENT=""
    =:allow
    :deny
    
  • Adrian Knoth suggests that your Unix client machines can use stunnel's public key mechanism to authenticate smtp.
  • Richard Lyons points out that multilog has filtering capabilities, see http://cr.yp.to/daemontools/multilog.html. If you leave recordio in place you can select what bits of the output to write. For example:
    multilog t '-* * > *' '-* * < *' /var/log/qmail/smtpd \
               '-*' '+* * > 5*' /var/log/qmail/smtpd-err
    
    will do the normal logging to /var/log/qmail/smtpd, and will record 5xx errors sent by your server to the client in /var/log/qmail/smtpd-err.
  • Qmail-popup redirects stderr to stdout, thus making it impossible to write a wrapper around qmail-pop3d which writes to the logfile by writing to stderr. Being a little cleverer with the shell, you can also redirect FD 7 onto stdout like this:
    /var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2>&1 7>&1
    
    Once you've done that, qmail-pop3d-wrapper.sh can log to FD 7, like this:
    #!/bin/sh
    echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" >&7
    $@
    
  • Alex Greg likes to see the output of svstat expressed in dhms instead of seconds.
  • newErwin Hoffmann suggests a one-line fix to the errno compilation problem. It works for most DJB software:
    cat error.h | sed -e s/^extern\ int\ errno\;/#include\ \<errno.h\>/  > error.h
    

[index]

 
   Alternative Checkpassword Implementations  
  

qmail-popup and qmail-pop3d are glued together by a program called checkpassword. It's run by qmail-popup, reads the username and password handed to the POP3 daemon, looks them up in /etc/passwd, verifies them, switches to the username/home directory, and runs pop3d. At least that's what the standard one does. Some alternatives are listed below.

Mark Delany has a clever way to test your checkpassword with a bit of command line re-direction. For example, with username fred, password bloggs,
printf "%s\0%s\0%s\0" fred bloggs Y123456 | /bin/checkpassword id 3<&0
will execute /bin/id if the password is right.

If you haven't a printf then enter the data into a file with your favourite binary editor, such as emacs, and then it's simply:
/bin/checkpassword id 3<test.file

Or use perl: perl -e 'printf "%s\0%s\0Y123456\0","fred","bloggs"' | ...

Or use qmail-popup and use the 'user' and 'pass' commands: /var/qmail/bin/qmail-popup /bin/checkpassword id

[index]

 
   Yet More Qmail Addons  
  

Still need something more from qmail? The chances are good that you can find it here, contributed by users and supporters of qmail.

[index]

 
   Microsoft virus prevention  
  
Microsoft products are susceptible to a large variety of viruses, worms, and other fauna. The best solution is to not use them. A secondary solution is to use anti-virus software to keep viruses away from Microsoft products.

[index]

 
   Patches for high-volume servers  
  

[index]

 
   Anti-spam techniques and code  
  

[index]

 
   Qmail books  
  

[index]

 
   Recommended patches  
  
  • The definitions of errno in qmail (and tcpserver) do not work with the newest glibc (2.3.1). Debian and redhat are updating to this glibc. Executables compiled with older glibc's (2.3) abort on startup, and recompilation with 2.3.1 is not possible. Mate Wierdl has patches for all of djb's software. Erwin Hoffmann points out that a one-line sed script will fix most of DJB's software. Look in the Tips section.
  • Erik Sjölund pointed out this bug in qmail-local.
  • qmail ought to recognize 0.0.0.0 as a local IP address. This patch from Scott Gifford implements that change.
  • David Phillips noticed that sendmail's -f option sets a default From: header, and so should qmail's emulation.
  • Bruce Guenter has written a patch which causes any program that would run qmail-queue to look for an environment variable QMAILQUEUE. If it is present, it is used in place of the string "bin/qmail-queue" when running qmail-queue. This could be used, for example, to add a program into the qmail-smtpd->qmail-queue pipeline that could do filtering, rewrite broken headers, etc.


Send kudos/brickbats/contributions to Russell Nelson. Some design contributed by Steve Cole and Olivier Mueller. Some lint'ing by Paul Theodoropoulos.
Last modified: Fri Feb 4 00:41:04 EST 2005















































Gratuitious blank lines added so that top.html#link works.