User Tools

Site Tools


handbook:handbook:qmail

Qmail

This E-mail server is written by Dan J. Bernstein (http://cr.yp.to). He made Qmail because he thought that Sendmail (That comes with many Unix/Linuxbased OS) was not so secure and stable. When he wrote this serverapplication, Sendmail was having a lot of problems with security-related issues. You can find additional information at D.J Bernstein`s website, http://cr.yp.to/qmail.html.

Why is Qmail more secure than many other mailservers ?

A e-mailserver can be implemented as a huge program that take care of all the mails and requests. Then it will receive all messages generated local, and from all the world via SMTP. It delivers mails local and to other mailservers. It also take care of the message cue and the alias-function. This I just wrote is an example of how Sendmail is build. And this “huge” program requires root-privilegies.

It is here Qmail makes its main difference. Qmail is sliced into many small programs that individually take care of its own task. One of the programs receive messages that arrive from SMTP. Another one of them take care of sending the messages to other machines. Delivering local is managed by another of theese small programs.

How to install Qmail

Installation can be done in various ways. For some distroes there are made packages with Qmail. Theese can be installed by the OS package system. I will not go into installation by packages because these packages may put the different parts of Qmail in other places than the Qmail documentation says. I will explain and go through installation by source.

First we need the sourcecode. A list of mirrors containing the Qmail-source can be found at http://cr.yp.to/qmail.html. We then download qmail-1.03.tar.gz and place it in a suitable place.

# mv qmail-1.03.tar.gz /usr/local/src/\\
//moving the qmail-1.03.tar.gz into /usr/local/src/\\
# cd /usr/local/src\\
//goes to /usr/local/src/\\
# tar zxof qmail-1.03.tar.gz\\
//decompresses and unzippes the qmail-1.03.tar.gz\\
# cd qmail-1.03\\
// moves into the new unzipped qmail-1.03-folder\\

If we look closer into the installscript, we can see that it will install into the folder /var/qmail. We have to make that folder first.

# mkdir /var/qmail\\
//makes the directory /var/qmail.\\

A important thing in Qmail is that the different parts of Qmail doesnt trust each other. Almost every part of Qmail runs under their own unprivileged users, and have no system-rights. Just some few of the programs have these rights so that the e-mail server can do its job. If someone finds a backdoor in one of these small programs, the process will only bring limited damage. We are now going to make the useraccounts that we need before we install Qmail. First we need to make two groups, “qmail” and “nofiles”: We make them using the “groupadd” or “vigr” command.

qmail:*:2107:
nofiles:*:2108:

Then we make the usersaccounts, “alias”, “qmaild”, “qmaill”, “qmailp”, “qmailq”, “qmailr”, “qmails”. We make the accounts with the “useradd” or the “vipw” command. If we take a look in the etc/passwd it looks like this:

alias:*:7790:2108::/var/qmail/alias:/bin/true\\
qmaild:*:7791:2108::/var/qmail/alias:/bin/true\\
qmaill:*:7792:2108::/var/qmail/alias:/bin/true\\
qmailp:*:7793:2108::/var/qmail/alias:/bin/true\\
qmailq:*:7794:2107::/var/qmail/alias:/bin/true\\
qmailr:*:7795:2107::/var/qmail/alias:/bin/true\\
qmails:*:7796:2107::/var/qmail/alias:/bin/true\\

Compiling and installation

Now we have the groups and accounts ready, and we can start compiling the source we downloaded. We compile ut usingthe following command:

# make setup check

Make sure that you are in the directory where the source is. In this installtion I write “make setup check” after I changed directory to “/usr/local/src/qmail-1.03”. This is a program written in C, so I presume you already have C-compiler installed(gcc). If everything runs smooth, the installscript will end with the two following lines:

./install
./instcheck

Configuring Qmail

After you have compiled and installed it, qmail need to be configured. Each part of qmail have its own way to be configured. Every configurable part of qmail have its own file located in /var/qmail/control. These files is called “controlfiles”.

You find the controlfile named “me” there. This file includes everything that qmail needs to work. Now you need to decide what script you need to run. If your machine is registered in DNS you can run the script “config”:

# ./config
Your hostname is wiki.linux.edu.
Your host`s fully qualified name in DNS is wiki.linux.edu.
Putting linux.edu into control/me...
Putting linux.edu into control/defaultdomain...
Putting linux.edu into control/plusdomain...
[...]

If your machine does not have access to DNS, you can tell qmail the name of the computer in the script “config-fast”.

# ./config-fast wiki.linux.edu
Your fully qualified host name is wiki.linux.edu.
Putting wiki.linux.edu into control/me...
Putting linux.edu into control/defaultdomain...
Putting linux.edu into control/plusdomain...
Putting wiki.linux.edu into control/locals...
Putting wiki.linux.edu into control/rcphosts...
[...]

As you can see from the example over, qmail generates the content of the controlfiles from the given hostname.

Before we start qmail, we need to set some aliases for some special e-mail-adresses that is defined on all e-mail-servers. This is the aliases, “postmaster” and “mailerdaemon”. We also need to set where mails to root is going to be delivered. Because of securityreasons, qmail will never deliver mail to root. In the example underneath, I am configuring 3 aliases that will be delivered to the useraccount “me”.

# cd ~alias
# echo me > .qmail-postmaster
# echo me > .qmail-mailer-daemon
# echo me > .qmail-root
# chmod 644 .qmail*
# ls -al
total 20
drwxr-sr-x   2 alias qmail 4096  Aug 23 13:13  .
drwxr-sr-x 10 alias qmail 4096  Jan  14  2004   ..
-rw-r—r--    1 root qmail        4  Jan 27   21.48  .qmail-mailer-daemon
-rw-r—r--    1 root qmail        4  Jan 27   21.48  .qmail-mailer-postmaster
-rw-r—r--    1 root qmail        4  Jan 27   21.48  .qmail-mailer-root

To start qmail, we can install something called daemontools. I will continue writing that subject.

Installation of daemontools

handbook/handbook/qmail.txt · Last modified: 2010/04/15 21:18 (external edit)