qmail
Dan Bernstein is
qmail's author.
The qmail server is the best MTA available.
It's modular and secure, it uses it's own system library replacements to avoid
buffer overflow exploits.
Think of qmail, and the extensions available for it, as a toolbox of components
to assemble into an efficient mail server that will fit any need.
If you're not that creative, you probably should use
Postfix instead.
Links:
- Life with qmail has
instructions to install qmail.
- See qmail.org for a subset of the
available patches, tools and documentation.
- Read
this before you post a question to the mailing
list, and please don't
top post.
Online man pages:
Searchable mailing list archives, ordered by descending degree of completeness:
Recipient checking
box@host
A qmail server will normally accept email for any box part recipient address for
a host that exists in
control/rcpthosts
.
One can go a step further and validate the box part by patching or replacing
qmail-smtpd
.
Attempts to queue bogus messages during the initial SMTP conversation are
therefore rejected.
Messages to non existent recipients are not accepted.
Also, joe job bounces to forged recipients aren't accepted, stopping them from
becoming double bounces.
This will prevent using yet more CPU, I/O and bandwidth processing bounce
messages later.
Here are several
options,
ordered as to how far a qmail server will be penetrated, until the attempt is
rejected or the message discarded.
Implementing secure qmail-pop3d
Here are
instructions to install
openssl
and
sslserver
for pop3s.
Notes:
The POP server that
comes with qmail is capable, but not secure.
All usernames, passwords and messages are sent in snoopable plain text.
I prefer using
sslserver
, a
tcpserver
replacement, to encrypt communications.
It assumes that you will be using gcc
, here is a simple
patch
that converts it to cc
syntax.
Your POP clients should now SSL connect to port 995.
If you use an editor, remove each ?
and the EOF
, and
remove the \
before each $
.
Mac OS X and qmail
Here are
instructions to install
qmail, daemontools and ucspi-tcp.
It's a modified Life with qmail install.
Notes:
A simple patch is needed for
the install on a single CPU Mac OS X Panther 10.3 or Tiger 10.4 machine.
Please read this
note
if you are using Mac OS X Tiger 10.4.
Xcode Tools must be installed, see
Apple Developer Connection.
A dual CPU machine will crash under high load.
CHUD is a custom install option with Xcode Tools, it gives you a
Hardware.prefPane to disable the second CPU.
You run nireport
to see the assigned gids and uids, choose unique
ones for qmail.
Changing mailq
to qmailctl queue
in
/etc/periodic/daily/500.daily
changes from Postfix to qmail.
Installing daemontools creates /etc/rc.local
, it's not consulted
during startup and can be removed.
Using SetFile
makes ~/Maildir/
invisible to the
Finder, this is optional.
Verify your install with
inst_check, v2003-11-10 will show alias errors due to the
passwd
format.
Fix that by changing the 6 to a 9 in line 241.
The /usr/sbin/sendmail
binary exists,
/usr/lib/sendmail
doesn't.
If you use an editor, remove each ?
and the EOF
, and
remove the \
before each `
and $
.
Other
The
rblsmtpd-nodefaultrbl patch allows setting an RBLSMTPD action and response,
without using external DNSBLs.
If your dynamic IP qmail server is being rejected, the
qmail-remote[-fallback] patches route otherwise undeliverable messages
through your ISP.
The netqmail-tls-remote-fallback.patch is a modified qmail-remote-fallback.patch that applies cleanly into netqmail-1.06 after
Frederik Vermeulen's netqmail-1.05-tls-20070408.patch or Bill Shupp's
netqmail-1.05-tls-smtpauth-20070417.patch has been applied.
Eben Pratt