Qmail-tips

From Qmailwiki
(Difference between revisions)
Jump to: navigation, search
 
Line 1: Line 1:
<p>
 
 
 
Some good advice for new qmail users, contributed by qmail users.
 
Some good advice for new qmail users, contributed by qmail users.
<UL>
+
* Did you restart qmail?  I find that to be a help for a lot of qmail problems. :-) John Mitchell
<LI> Did you restart qmail?  I find that to be a help for a lot of
+
qmail problems. :-) [<A HREF="http://www.qmail.org/cgi-bin/m/johnma@amitchell.org">John Mitchell</A>]
+
 
+
<LI> You should also check the permissions very carefully on all of
+
the necessary directories and files.  [<A HREF="http://www.qmail.org/cgi-bin/m/johnma@amitchell.org">John Mitchell</A>]
+
 
+
<LI> You must also put the virtual domain into
+
<samp>control/rcpthosts</samp> or the mailer will bounce the message
+
with a notice saying that the host wasn't in rcpthosts.  [<A
+
HREF="http://www.qmail.org/cgi-bin/m/johnma@amitchell.org">John Mitchell</A>]
+
 
+
  
<LI> Of course, you must also be the MX for the virtual hosts. I had
+
* You should also check the permissions very carefully on all of the necessary directories and files. John Mitchell
a problem in my setup that was driving me nuts until I realized that
+
my DNS provider had missed an MX update request.  [<A HREF="http://www.qmail.org/cgi-bin/m/johnma@amitchell.org">John Mitchell</A>]
+
  
<LI>Check all lines in sendmail.cf beginning with <samp>M</samp>.  Any that
+
* You must also put the virtual domain into /vra/qmail/control/rcpthosts or the mailer will bounce the message with a notice saying that the host wasn't in rcpthosts. John Mitchell
contain <samp>P=[IPC]</samp> or <samp>P=[TCP]</samp> should also have
+
<samp>E=\r\n</samp>. [<A HREF="http://www.qmail.org/cgi-bin/m/tgoodwina@acygnus.co.uk">Tim
+
Goodwin</A>]
+
  
 +
* Of course, you must also be the MX for the virtual hosts.  I had a problem in my setup that was driving me nuts until I realized that my DNS provider had missed an MX update request. John Mitchell
  
<LI>You might want to <a href="moderating.txt">limit posting to mailing lists</a>.
+
* Check all lines in sendmail.cf beginning with M. Any that contain P=[IPC] or P=[TCP] should also have
 +
E=\r\n. Tim Goodwin
  
<LI>The right-hand-side of entries in
+
* You might want to [http://www.qmail.org/moderating.txt limit posting to mailing lists].
<samp>control/virtualdomains</samp> should begin with a username.  If
+
you don't use a username, the mail will be handled by ~alias.  But if
+
you forget, and create a user by that name, then the mail will
+
suddenly be handled by the user, which is probably not what you
+
intended to happen.  Best to use, in this case, <samp>alias</samp> as
+
the username and avoid trouble. [<A
+
HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]
+
  
<li>remember to add '<a
+
* The right-hand-side of entries in /var/qmail/control/virtualdomains should begin with a username. If you don't use a username, the mail will be handled by ~alias. But if you forget, and create a user by that name, then the mail will suddenly be handled by the user, which is probably not what you intended to happen. Best to use, in this case, <samp>alias</samp> as the username and avoid trouble. Russ Nelson
href="qmail-manual-html/man1/preline.html">preline</a>' before
+
procmail or other filters when moving .forward to .qmail. [<a
+
href="http://www.qmail.org/cgi-bin/m/ira-nospam-qmail-homepagea@ascso.com">Ira Abramov</a>]
+
  
 +
* Remember to add preline before procmail or other filters when moving .forward to .qmail. Ira Abramov
  
<li>If you use qmail's
+
* If you use qmail's
 
<a href="qmail-manual-html/man1/preline.html">preline</a>
 
<a href="qmail-manual-html/man1/preline.html">preline</a>
 
utility, remember that preline expects to pipe the <b>entire</b>
 
utility, remember that preline expects to pipe the <b>entire</b>
Line 59: Line 34:
  
  
<li>Run qmail from an <a href="init.d-script">init.d script</a> [<a
+
* Run qmail from an <a href="init.d-script">init.d script</a> [<a
 
href="http://www.qmail.org/cgi-bin/m/ldoolitta@ajlab.org">Larry Doolittle</a>]
 
href="http://www.qmail.org/cgi-bin/m/ldoolitta@ajlab.org">Larry Doolittle</a>]
  
<li>You can usually create <samp>control/rcpthosts</samp> from<br>
+
* You can usually create <samp>control/rcpthosts</samp> from<br>
 
<samp>sed 's/:.*//' &lt;virtualdomains | cat - locals | sort
 
<samp>sed 's/:.*//' &lt;virtualdomains | cat - locals | sort
 
&gt;rcpthosts</samp> <br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ
 
&gt;rcpthosts</samp> <br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ
 
Nelson</A>]
 
Nelson</A>]
  
 
+
* Sometimes you need to use a database to
<li><a name="databaselookup">Sometimes you need to use a database to
+
 
forward mail.  Create <samp>~alias/.qmail-default</samp> like this:
 
forward mail.  Create <samp>~alias/.qmail-default</samp> like this:
 
<pre>
 
 
     |if T=`<i>X</i>`; then forward $T; else
 
     |if T=`<i>X</i>`; then forward $T; else
 
       echo "Sorry, no mailbox here by that name (#5.1.1)";
 
       echo "Sorry, no mailbox here by that name (#5.1.1)";
 
       exit 100; fi
 
       exit 100; fi
</pre>
 
  
 
That all goes on one line.  Fill in the <i>X</i> part with a program
 
That all goes on one line.  Fill in the <i>X</i> part with a program
Line 85: Line 56:
 
<br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]
 
<br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]
  
<li>Similarly, you could also use a simple linear search text file
+
* Similarly, you could also use a simple linear search text file
 
named <samp>mapping</samp> containing lines in the form
 
named <samp>mapping</samp> containing lines in the form
 
<samp>incoming:outgoing</samp> like this:
 
<samp>incoming:outgoing</samp> like this:
  
<pre>
 
 
     |if MAP=`grep -i "$LOCAL:" mapping` && T=`echo $MAP |  awk -F: '{print $2}'` ;
 
     |if MAP=`grep -i "$LOCAL:" mapping` && T=`echo $MAP |  awk -F: '{print $2}'` ;
 
       then forward $T;
 
       then forward $T;
Line 95: Line 65:
 
       exit 100; fi
 
       exit 100; fi
  
</pre>
 
  
 
<br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]
 
<br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]
  
<li>Anything you print from a program run by a .qmail file ends up in
+
* Anything you print from a program run by a .qmail file ends up in
 
the log file.  <br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ
 
the log file.  <br>[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ
 
Nelson</A>]
 
Nelson</A>]
  
<li>You can do a reasonable imitation of sendmail delivery, including
+
* You can do a reasonable imitation of sendmail delivery, including
 
.forward and /var/spool/mail, with
 
.forward and /var/spool/mail, with
 
+
#!/bin/sh
<pre>
+
exec qmail-start '|dot-forward .forward
#!/bin/sh
+
|preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail
exec qmail-start '|dot-forward .forward
+
|preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail
+
</pre>
+
  
 
depending on your system's binmail interface. Of course, I recommend
 
depending on your system's binmail interface. Of course, I recommend
Line 118: Line 84:
 
J. Bernstein</a>]
 
J. Bernstein</a>]
  
 
+
* If you want to have private .qmail files which only work on local
<li>If you want to have private .qmail files which only work on local
+
 
mail (e.g. a fax gateway), you can put the following test at the
 
mail (e.g. a fax gateway), you can put the following test at the
 
beginning of it (all on one line):
 
beginning of it (all on one line):
 
+
| if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi
<samp>| if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi</samp>
+
  
 
That is, peek at the headers, if the message came from the network, bounce
 
That is, peek at the headers, if the message came from the network, bounce
Line 129: Line 93:
 
[<a href="http://www.qmail.org/cgi-bin/m/johnla@aiecc.com">John R. Levine</a>]
 
[<a href="http://www.qmail.org/cgi-bin/m/johnla@aiecc.com">John R. Levine</a>]
  
<li>[<a href="http://www.qmail.org/cgi-bin/m/djba@apobox.com">Daniel
+
* Daniel J. Bernstein has three suggestions for allowing your users to
J. Bernstein</a>] has three suggestions for allowing your users to
+
relay when they're not at a known IP address (which is the [http://www.qmail.org/qmail-manual-html/misc/FAQ.html#5.4. FAQ 5.4] solution):
relay when they're not at a known IP address (which is the <a
+
href="qmail-manual-html/misc/FAQ.html#5.4.">FAQ 5.4</a> solution):
+
  
<ul>
+
** Use a secret IP address and port number, and you'll have much
<li>Use a secret IP address and port number, and you'll have much
+
 
better security than user-chosen passwords.
 
better security than user-chosen passwords.
  
<li>Put a secret string into the HELO string sent by the client. This
+
** Put a secret string into the HELO string sent by the client. This
 
will be visible to the fixup script, so you can reject messages with bad
 
will be visible to the fixup script, so you can reject messages with bad
 
passwords without changing qmail-smtpd---and it's still more widely
 
passwords without changing qmail-smtpd---and it's still more widely
 
supported than XTND XMIT.
 
supported than XTND XMIT.
<li>Oh, you want <em>real</em> security? Check that all messages are <a
+
** Oh, you want <em>real</em> security? Check that all messages are <a
 
href="http://www.pgp.com">PGP</a>-signed by local users. I wouldn't be
 
href="http://www.pgp.com">PGP</a>-signed by local users. I wouldn't be
 
surprised if PGP plugins are available for more clients than XTND XMIT
 
surprised if PGP plugins are available for more clients than XTND XMIT
 
patches are.
 
patches are.
</ul>
 
  
<li date="20000109"><a name="20000109">[<a
+
* Anand Buddhdev wrote <a href="turnmail">turnmail</a></a>, modified by
href="http://www.qmail.org/cgi-bin/m/arba@aanand.org">Anand
+
Buddhdev</a>] wrote <a href="turnmail">turnmail</a></a>, modified by
+
 
Russell Nelson for publication here, which wraps around qmail-pop3d
 
Russell Nelson for publication here, which wraps around qmail-pop3d
 
and triggers a serialmail delivery to the connecting host whose user
 
and triggers a serialmail delivery to the connecting host whose user
Line 160: Line 118:
 
or an NT system <a href="http://www.swsoft.co.uk">pullmail</a>.
 
or an NT system <a href="http://www.swsoft.co.uk">pullmail</a>.
  
<li>Dan Bernstein suggested that one might give ordinary users access
+
* Dan Bernstein suggested that one might give ordinary users access
 
to qmail-qread through ucspi.  <a
 
to qmail-qread through ucspi.  <a
 
href="http://www.qmail.org/cgi-bin/m/sthauga@anethelp.no">Steinar
 
href="http://www.qmail.org/cgi-bin/m/sthauga@anethelp.no">Steinar
 
Haug</a> implemented that suggestion thusly with a client that looks
 
Haug</a> implemented that suggestion thusly with a client that looks
 
like this:
 
like this:
<pre>
+
#!/bin/sh
#!/bin/sh
+
exec /local/etc/tcpclient -RHl0 -- 127.0.0.1 20025 sh -c 'exec cat <&6'
exec /local/etc/tcpclient -RHl0 -- 127.0.0.1 20025 sh -c 'exec cat <&6'
+
</pre>
+
 
+
 
and he starts the server like this:
 
and he starts the server like this:
 +
tcpserver -u126 -g120 -R 127.0.0.1 20025 /var/qmail/bin/qmail-qread &
  
<pre>tcpserver -u126 -g120 -R 127.0.0.1 20025 /var/qmail/bin/qmail-qread &</pre>
+
* The default delivery instructions, which are invoked when a .qmail
 
+
<li>The default delivery instructions, which are invoked when a .qmail
+
 
file is nonexistent or empty, are found in the first parameter of
 
file is nonexistent or empty, are found in the first parameter of
 
qmail-start.  That's why the install instructions tell you to touch
 
qmail-start.  That's why the install instructions tell you to touch
 
.qmail-root .qmail-mailer-daemon and .qmail-postmaster.
 
.qmail-root .qmail-mailer-daemon and .qmail-postmaster.
  
<li>[<a
+
* [<a
 
href="http://www.qmail.org/cgi-bin/m/arba@aanand.org">Anand
 
href="http://www.qmail.org/cgi-bin/m/arba@aanand.org">Anand
 
Buddhdev</a>] recommends <a
 
Buddhdev</a>] recommends <a
Line 186: Line 140:
 
into NT's SMTP server.
 
into NT's SMTP server.
  
<li>[<a href="http://www.qmail.org/cgi-bin/m/markda@amira.net">Mark
+
* Mark
 
Delany</a>] modifies FAQ 2.3 so he can use the same .qmail file for multiple UUCP sites:
 
Delany</a>] modifies FAQ 2.3 so he can use the same .qmail file for multiple UUCP sites:
 
<samp>
 
<samp>
 
Here is our .qmail-uucpfqdn-default file (all on one line)
 
Here is our .qmail-uucpfqdn-default file (all on one line)
 
+
|preline -df /usr/bin/uux - -r -gC -a"$SENDER"
|preline -df /usr/bin/uux - -r -gC -a"$SENDER"
+
 
     `echo $EXT | cut -f2 -d-`!rmail "(${EXT3}@$HOST)"
 
     `echo $EXT | cut -f2 -d-`!rmail "(${EXT3}@$HOST)"
 
 
And here is a sample virtualdomains entry:
 
And here is a sample virtualdomains entry:
 +
some.domain:uucpfqdn-uuhostname
  
some.domain:uucpfqdn-uuhostname
+
* Dan Bernstein noted that qmail will skip dns queries for incoming
</samp>
+
 
+
<li>Dan Bernstein noted that qmail will skip dns queries for incoming
+
 
mail with <samp>tcpserver -Hl your.host.name</samp>; and you can skip
 
mail with <samp>tcpserver -Hl your.host.name</samp>; and you can skip
 
them for outgoing mail with control/smtproutes.
 
them for outgoing mail with control/smtproutes.
  
  
<li>Harald Hanche-Olsen has a solution to the problem of mail that has
+
* Harald Hanche-Olsen has a solution to the problem of mail that has
 
wrongly been queued for a remote host (because, say, you didn't have a
 
wrongly been queued for a remote host (because, say, you didn't have a
 
host in your locals or virtualdomains):
 
host in your locals or virtualdomains):
 
+
echo tcn.net:[127.0.0.1] >> /var/qmail/control/smtproutes
<samp>
+
echo tcn.net:[127.0.0.1] >> /var/qmail/control/smtproutes
+
</samp>
+
 
+
 
Now send qmail-send an ALRM signal.
 
Now send qmail-send an ALRM signal.
  
<li>Hitesh Patel has a <a
+
* Hitesh Patel has a <a
 
href="ftp://ftp.freebird.org/unixware/freebird/mailtools/qmail/qmail-UW.tar.Z">patch
 
href="ftp://ftp.freebird.org/unixware/freebird/mailtools/qmail/qmail-UW.tar.Z">patch
 
for UnixWare 2.1.x and 7.0.x</a>, which is not currently supported by
 
for UnixWare 2.1.x and 7.0.x</a>, which is not currently supported by
 
qmail.
 
qmail.
  
<p>By the way..... the patch above opens up the option of sending mail
+
By the way..... the patch above opens up the option of sending mail
 
to root... if you want this then just copy the right files into your
 
to root... if you want this then just copy the right files into your
 
qmail source directory... if you don't go into conf-unusual.h and
 
qmail source directory... if you don't go into conf-unusual.h and
Line 225: Line 171:
 
<em>Probably a good idea to comment it out -russ </em>.
 
<em>Probably a good idea to comment it out -russ </em>.
  
<li>Daniel J. Bernstein suggests that if you have buggy clients that
+
* Daniel J. Bernstein suggests that if you have buggy clients that
 
send bare LFs, and you want to treat their messages the same way
 
send bare LFs, and you want to treat their messages the same way
 
sendmail does, you can simply run his fixcrio program instead
 
sendmail does, you can simply run his fixcrio program instead
Line 231: Line 177:
 
qmail-smtpd as argument. fixcrio is part of the ucspi-tcp package.
 
qmail-smtpd as argument. fixcrio is part of the ucspi-tcp package.
  
<li>Balazs
+
* Balazs
 
Nagy likes to watch logs in a virtual terminal (/dev/tty8).  He uses
 
Nagy likes to watch logs in a virtual terminal (/dev/tty8).  He uses
<pre>
+
... | tee >(accustamp | tailocal > /dev/tty8) | accustamp | cyclog
... | tee >(accustamp | tailocal > /dev/tty8) | accustamp | cyclog
+
</pre>
+
  
 
The extra accustamp seems to be needed to make it work with bash.
 
The extra accustamp seems to be needed to make it work with bash.
  
<LI>Frederik Vermeulen says: If you don't want a specific
+
* Frederik Vermeulen says: If you don't want a specific
 
undeliverable mail to sit in the queue any longer, you can make it
 
undeliverable mail to sit in the queue any longer, you can make it
 
reach the queuelifetime by running <samp> touch -d '1 week ago'</samp>
 
reach the queuelifetime by running <samp> touch -d '1 week ago'</samp>
Line 245: Line 189:
 
more delivery attempt.
 
more delivery attempt.
  
<li>Russ Nelson has used qmail-local to deliver to a dynamic Mailbox
+
* Russ Nelson has used qmail-local to deliver to a dynamic Mailbox
 
or Maildir name.  He does it like this:
 
or Maildir name.  He does it like this:
 +
|qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST" "$SENDER" "/path/to/users/maildir/here/"
  
<samp>|qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST" "$SENDER" "/path/to/users/maildir/here/"</samp>
+
* Harald Hanche-Olsen warns people to beware when patching Solaris
 
+
<li>Harald Hanche-Olsen warns people to beware when patching Solaris
+
 
machines, because at least one patch restores the
 
machines, because at least one patch restores the
 
/etc/rc?.d/[SK]??sendmail symlink.  You might want to remove files
 
/etc/rc?.d/[SK]??sendmail symlink.  You might want to remove files
 
matching that name in your startup scripts.
 
matching that name in your startup scripts.
  
<li date="20000110"><a name="20000110">Vern Hart doesn't like a pile of .qmail files in his home
+
* Vern Hart doesn't like a pile of .qmail files in his home
 
directory.</a>  So he uses users/assign to put them into a subdirectory:
 
directory.</a>  So he uses users/assign to put them into a subdirectory:
 +
=vern:vern:2244:18:/home/vern:::
 +
+vern-:vern:2244:18:/home/vern:s/::
  
<pre>
 
=vern:vern:2244:18:/home/vern:::
 
+vern-:vern:2244:18:/home/vern:s/::
 
</pre>
 
 
This puts <samp>.qmail</samp> in his home directory but everything
 
This puts <samp>.qmail</samp> in his home directory but everything
 
else is in <samp>.qmails/</samp>.  This changes ~/.qmail-foo to
 
else is in <samp>.qmails/</samp>.  This changes ~/.qmail-foo to
 
~/.qmails/foo and really cleans up his home.
 
~/.qmails/foo and really cleans up his home.
  
<li date="20000614"><a name="20000614">
+
* Jim Simmons points out that you can stop linuxconf from creating a
Jim Simmons points out that you can stop linuxconf from creating a
+
 
potential security hole</a> by removing the /usr/sbin/sendmail line from
 
potential security hole</a> by removing the /usr/sbin/sendmail line from
 
/usr/lib/linuxconf/redhat/perm.  If you don't do this, linuxconf will
 
/usr/lib/linuxconf/redhat/perm.  If you don't do this, linuxconf will
 
change /var/qmail/bin/sendmail to running suid.
 
change /var/qmail/bin/sendmail to running suid.
  
<li date="20000827"><a name="20000827">
+
* Dag Wieers wants  to see all messages that are delivered to his
Dag Wieers wants  to see all messages that are delivered to his
+
 
domain but were bounced</a> because the user or alias does not exist. Since
 
domain but were bounced</a> because the user or alias does not exist. Since
 
you cannot forward and pipe in the same dot-qmail he found the following
 
you cannot forward and pipe in the same dot-qmail he found the following
 
solution to be his most simple option, .qmail-default:
 
solution to be his most simple option, .qmail-default:
  
 
+
|forward dag@mind.be &amp;&gt;/dev/null
<pre>
+
|echo "Sorry, no mailbox here by that name. (#5.1.1)"; exit 100
|forward dag@mind.be &amp;&gt;/dev/null
+
|echo "Sorry, no mailbox here by that name. (#5.1.1)"; exit 100
+
</pre>
+
  
 
This way someone can simply check those mails regularly and forward them
 
This way someone can simply check those mails regularly and forward them
Line 288: Line 224:
 
waiting for feedback)
 
waiting for feedback)
  
<li date="200105290"><a name="200105290">Peter van Dijk suggests that
+
* Peter van Dijk suggests that
 
you have two services running smtpd</a>, one using recordio and the
 
you have two services running smtpd</a>, one using recordio and the
 
other not.  He says that it's a great diagnostic tool.  Create
 
other not.  He says that it's a great diagnostic tool.  Create
Line 296: Line 232:
 
because recordio records complete emails).  Create
 
because recordio records complete emails).  Create
 
/service/qmail-smtpd-recordio/down.  The switchover is then simply:
 
/service/qmail-smtpd-recordio/down.  The switchover is then simply:
<pre>
+
 
# svc -u /service/qmail-smtpd-recordio ; svc -d /var/service/qmail-smtpd
+
# svc -u /service/qmail-smtpd-recordio ; svc -d /var/service/qmail-smtpd
</pre>
+
 
and viceversa.
 
and viceversa.
  
<li date="200210090"><a name="200210090">Han Boetes blocks sites with no
+
* Han Boetes blocks sites with no
reverse dns</a>.  He uses the following tcp.smtp file.  The only thing
+
reverse dns.  He uses the following tcp.smtp file.  The only thing
 
I would do differently is to set RBLSMTPD instead of just denying the
 
I would do differently is to set RBLSMTPD instead of just denying the
 
connection.
 
connection.
 +
127.0.0.1:allow,RELAYCLIENT=""
 +
172.16.11.:allow,RELAYCLIENT=""
 +
=:allow
 +
:deny
  
<pre>
+
* Adrian Knoth suggests that your
127.0.0.1:allow,RELAYCLIENT=""
+
172.16.11.:allow,RELAYCLIENT=""
+
=:allow
+
:deny
+
</pre>
+
 
+
<li date="200211090"><a name="200211090">Adrian Knoth suggests that your
+
 
Unix client machines can use <a
 
Unix client machines can use <a
 
href="http://mail.socha.net/story/2002/8/14/181252/427">stunnel's
 
href="http://mail.socha.net/story/2002/8/14/181252/427">stunnel's
 
public key mechanism</a> to authenticate smtp.</a>
 
public key mechanism</a> to authenticate smtp.</a>
  
<li date="200303090"><a name="200303090">Richard Lyons points out that
+
* Richard Lyons points out that
 
multilog has filtering capabilities</a>, see
 
multilog has filtering capabilities</a>, see
 
http://cr.yp.to/daemontools/multilog.html.  If you leave recordio in
 
http://cr.yp.to/daemontools/multilog.html.  If you leave recordio in
 
place you can select what bits of the output to write.  For example:
 
place you can select what bits of the output to write.  For example:
 
+
multilog t '-* * > *' '-* * < *' /var/log/qmail/smtpd \
<pre>multilog t '-* * > *' '-* * < *' /var/log/qmail/smtpd \
+
 
           '-*' '+* * > 5*' /var/log/qmail/smtpd-err
 
           '-*' '+* * > 5*' /var/log/qmail/smtpd-err
</pre>
 
  
 
will do the normal logging to /var/log/qmail/smtpd, and will
 
will do the normal logging to /var/log/qmail/smtpd, and will
Line 331: Line 261:
 
/var/log/qmail/smtpd-err.
 
/var/log/qmail/smtpd-err.
  
<li date="200303170"><a name="200303170">Qmail-popup redirects stderr to
+
* Qmail-popup redirects stderr to
 
stdout, thus making it impossible to write a wrapper around
 
stdout, thus making it impossible to write a wrapper around
 
qmail-pop3d which writes to the logfile by writing to stderr.  Being a
 
qmail-pop3d which writes to the logfile by writing to stderr.  Being a
 
little cleverer with the shell, you can also redirect FD 7 onto stdout
 
little cleverer with the shell, you can also redirect FD 7 onto stdout
 
like this:
 
like this:
 +
/var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2&gt;&amp;1 7&gt;&amp;1
  
<pre>
 
/var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2&gt;&amp;1 7&gt;&amp;1
 
 
</pre>
 
  
 
Once you've done that, qmail-pop3d-wrapper.sh can log to FD 7, like this:
 
Once you've done that, qmail-pop3d-wrapper.sh can log to FD 7, like this:
<pre>
+
#!/bin/sh
#!/bin/sh
+
echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" &gt;&amp;7
echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" &gt;&amp;7
+
$@
$@
+
</pre>
+
  
<li date="200310170"><a name="200310170">Alex Greg likes to see the output
+
* Alex Greg likes to see the output
 
of svstat expressed in <a
 
of svstat expressed in <a
 
href="http://agreg.com/scripts/secs2dhms">dhms instead of seconds</a></a>.
 
href="http://agreg.com/scripts/secs2dhms">dhms instead of seconds</a></a>.
  
<li><img src="new.gif" alt="new" width=31 height=12
+
* Erwin Hoffmann suggests a
date="200403160"><a name="200403160">Erwin Hoffmann suggests a
+
 
one-line fix to the errno compilation problem.  It works for most DJB
 
one-line fix to the errno compilation problem.  It works for most DJB
 
software:
 
software:
<pre>
+
cat error.h | sed -e s/^extern\ int\ errno\;/#include\ \&lt;errno.h\&gt;/  &gt; error.h
cat error.h | sed -e s/^extern\ int\ errno\;/#include\ \&lt;errno.h\&gt;/  &gt; error.h
+
 
+
</pre>
+

Revision as of 21:30, 2 February 2005

Some good advice for new qmail users, contributed by qmail users.

  • Did you restart qmail? I find that to be a help for a lot of qmail problems. :-) John Mitchell
  • You should also check the permissions very carefully on all of the necessary directories and files. John Mitchell
  • You must also put the virtual domain into /vra/qmail/control/rcpthosts or the mailer will bounce the message with a notice saying that the host wasn't in rcpthosts. John Mitchell
  • Of course, you must also be the MX for the virtual hosts. I had a problem in my setup that was driving me nuts until I realized that my DNS provider had missed an MX update request. John Mitchell
  • Check all lines in sendmail.cf beginning with M. Any that contain P=[IPC] or P=[TCP] should also have

E=\r\n. Tim Goodwin

  • The right-hand-side of entries in /var/qmail/control/virtualdomains should begin with a username. If you don't use a username, the mail will be handled by ~alias. But if you forget, and create a user by that name, then the mail will suddenly be handled by the user, which is probably not what you intended to happen. Best to use, in this case, alias as the username and avoid trouble. Russ Nelson
  • Remember to add preline before procmail or other filters when moving .forward to .qmail. Ira Abramov
  • If you use qmail's

<a href="qmail-manual-html/man1/preline.html">preline</a> utility, remember that preline expects to pipe the entire mail message through the specified program. If the specified program closes standard input before preline has finished, preline will exit with a transient failure and you'll see the following error in your logs:

    deferral: preline:_fatal:_unable_to_copy_input:_broken_pipe/

You'll see this problem if you try to use the sendmail version of vacation. Use Peter's <a href="#200109040"> vacation program</a> instead. [Peter Samuel]


  • Run qmail from an <a href="init.d-script">init.d script</a> [<a

href="http://www.qmail.org/cgi-bin/m/ldoolitta@ajlab.org">Larry Doolittle</a>]

  • You can usually create control/rcpthosts from

sed 's/:.*//' <virtualdomains | cat - locals | sort >rcpthosts
[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]

  • Sometimes you need to use a database to

forward mail. Create ~alias/.qmail-default like this:

   |if T=`X`; then forward $T; else
      echo "Sorry, no mailbox here by that name (#5.1.1)";
      exit 100; fi

That all goes on one line. Fill in the X part with a program that looks up the user, and exits with zero and prints the destination address, or else exits nonzero if no match is found. By the way, the X program probably should ignore case. For NIS, you would replace the

X in the above command with: ypmatch $LOCAL aliases .
[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]

  • Similarly, you could also use a simple linear search text file

named mapping containing lines in the form incoming:outgoing like this:

   |if MAP=`grep -i "$LOCAL:" mapping` && T=`echo $MAP |  awk -F: '{print $2}'` ;
      then forward $T;
      else echo "Sorry, no mailbox here by that name (#5.1.1)";
      exit 100; fi



[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]

  • Anything you print from a program run by a .qmail file ends up in

the log file.
[<A HREF="http://www.qmail.org/cgi-bin/m/nelson-qa@aqmail.org">Russ Nelson</A>]

  • You can do a reasonable imitation of sendmail delivery, including

.forward and /var/spool/mail, with

#!/bin/sh
exec qmail-start '|dot-forward .forward
|preline -f /bin/mail -f "$SENDER" -d "$USER"' splogger qmail

depending on your system's binmail interface. Of course, I recommend throwing binmail away, but people who need to preserve /var/spool/mail should still be able to use qmail.
[<a href="http://www.qmail.org/cgi-bin/m/djba@apobox.com">Daniel J. Bernstein</a>]

  • If you want to have private .qmail files which only work on local

mail (e.g. a fax gateway), you can put the following test at the beginning of it (all on one line):

| if [ -n "`sed -n -e '/invoked from network/p' -e 2q`" ]; then exit 100; else exit 0; fi

That is, peek at the headers, if the message came from the network, bounce it, otherwise forward it along.
[<a href="http://www.qmail.org/cgi-bin/m/johnla@aiecc.com">John R. Levine</a>]

  • Daniel J. Bernstein has three suggestions for allowing your users to

relay when they're not at a known IP address (which is the FAQ 5.4 solution):

    • Use a secret IP address and port number, and you'll have much

better security than user-chosen passwords.

    • Put a secret string into the HELO string sent by the client. This

will be visible to the fixup script, so you can reject messages with bad passwords without changing qmail-smtpd---and it's still more widely supported than XTND XMIT.

    • Oh, you want real security? Check that all messages are <a

href="http://www.pgp.com">PGP</a>-signed by local users. I wouldn't be surprised if PGP plugins are available for more clients than XTND XMIT patches are.

  • Anand Buddhdev wrote <a href="turnmail">turnmail</a></a>, modified by

Russell Nelson for publication here, which wraps around qmail-pop3d and triggers a serialmail delivery to the connecting host whose user just authenticated themselves. Or, a Unix system can use <a href="http://www.tuxedo.org/~esr/fetchmail/index.html">fetchmail</a>, <a href="http://www.qcc.ca/~charlesc/software/getmail-4/">getmail</a>

or an NT system <a href="http://www.swsoft.co.uk">pullmail</a>.

  • Dan Bernstein suggested that one might give ordinary users access

to qmail-qread through ucspi. <a href="http://www.qmail.org/cgi-bin/m/sthauga@anethelp.no">Steinar Haug</a> implemented that suggestion thusly with a client that looks like this:

#!/bin/sh
exec /local/etc/tcpclient -RHl0 -- 127.0.0.1 20025 sh -c 'exec cat <&6'

and he starts the server like this:

tcpserver -u126 -g120 -R 127.0.0.1 20025 /var/qmail/bin/qmail-qread &
  • The default delivery instructions, which are invoked when a .qmail

file is nonexistent or empty, are found in the first parameter of qmail-start. That's why the install instructions tell you to touch .qmail-root .qmail-mailer-daemon and .qmail-postmaster.

  • [<a

href="http://www.qmail.org/cgi-bin/m/arba@aanand.org">Anand Buddhdev</a>] recommends <a href="http://www.swsoft.co.uk/index.asp?page=freesoftware">pullmail</a>, which is a Windows NT program that pulls mail from a POP3 server, and stuffs it into NT's SMTP server.

  • Mark

Delany</a>] modifies FAQ 2.3 so he can use the same .qmail file for multiple UUCP sites: Here is our .qmail-uucpfqdn-default file (all on one line)

|preline -df /usr/bin/uux - -r -gC -a"$SENDER"
   `echo $EXT | cut -f2 -d-`!rmail "(${EXT3}@$HOST)"

And here is a sample virtualdomains entry:

some.domain:uucpfqdn-uuhostname
  • Dan Bernstein noted that qmail will skip dns queries for incoming

mail with <samp>tcpserver -Hl your.host.name; and you can skip them for outgoing mail with control/smtproutes.


  • Harald Hanche-Olsen has a solution to the problem of mail that has

wrongly been queued for a remote host (because, say, you didn't have a host in your locals or virtualdomains):

echo tcn.net:[127.0.0.1] >> /var/qmail/control/smtproutes

Now send qmail-send an ALRM signal.

  • Hitesh Patel has a <a

href="ftp://ftp.freebird.org/unixware/freebird/mailtools/qmail/qmail-UW.tar.Z">patch for UnixWare 2.1.x and 7.0.x</a>, which is not currently supported by qmail.

By the way..... the patch above opens up the option of sending mail to root... if you want this then just copy the right files into your qmail source directory... if you don't go into conf-unusual.h and comment out line 25 that says "#define ALLOW_ROOT_MAIL 1". Probably a good idea to comment it out -russ .

  • Daniel J. Bernstein suggests that if you have buggy clients that

send bare LFs, and you want to treat their messages the same way sendmail does, you can simply run his fixcrio program instead of qmail-smtpd for your outgoing mail relay. fixcrio then takes qmail-smtpd as argument. fixcrio is part of the ucspi-tcp package.

  • Balazs

Nagy likes to watch logs in a virtual terminal (/dev/tty8). He uses

... | tee >(accustamp | tailocal > /dev/tty8) | accustamp | cyclog

The extra accustamp seems to be needed to make it work with bash.

  • Frederik Vermeulen says: If you don't want a specific

undeliverable mail to sit in the queue any longer, you can make it reach the queuelifetime by running touch -d '1 week ago' on its queue/info file. It will then be bounced after one more delivery attempt.

  • Russ Nelson has used qmail-local to deliver to a dynamic Mailbox

or Maildir name. He does it like this:

|qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST" "$SENDER" "/path/to/users/maildir/here/"
  • Harald Hanche-Olsen warns people to beware when patching Solaris

machines, because at least one patch restores the /etc/rc?.d/[SK]??sendmail symlink. You might want to remove files matching that name in your startup scripts.

  • Vern Hart doesn't like a pile of .qmail files in his home

directory.</a> So he uses users/assign to put them into a subdirectory:

=vern:vern:2244:18:/home/vern:::
+vern-:vern:2244:18:/home/vern:s/::

This puts .qmail in his home directory but everything else is in .qmails/. This changes ~/.qmail-foo to ~/.qmails/foo and really cleans up his home.

  • Jim Simmons points out that you can stop linuxconf from creating a

potential security hole</a> by removing the /usr/sbin/sendmail line from /usr/lib/linuxconf/redhat/perm. If you don't do this, linuxconf will change /var/qmail/bin/sendmail to running suid.

  • Dag Wieers wants to see all messages that are delivered to his

domain but were bounced</a> because the user or alias does not exist. Since you cannot forward and pipe in the same dot-qmail he found the following solution to be his most simple option, .qmail-default:

|forward dag@mind.be &>/dev/null
|echo "Sorry, no mailbox here by that name. (#5.1.1)"; exit 100

This way someone can simply check those mails regularly and forward them to the right person manually (which sometimes saves time when people are waiting for feedback)

  • Peter van Dijk suggests that

you have two services running smtpd</a>, one using recordio and the other not. He says that it's a great diagnostic tool. Create /service/qmail-smtpd as you would normally. Create /service/qmail-smtpd-recordio as a copy with recordio inserted, and logging to a separate space (be sure to chmod this logdir tight because recordio records complete emails). Create /service/qmail-smtpd-recordio/down. The switchover is then simply:

# svc -u /service/qmail-smtpd-recordio ; svc -d /var/service/qmail-smtpd

and viceversa.

  • Han Boetes blocks sites with no

reverse dns. He uses the following tcp.smtp file. The only thing I would do differently is to set RBLSMTPD instead of just denying the connection.

127.0.0.1:allow,RELAYCLIENT=""
172.16.11.:allow,RELAYCLIENT=""
=:allow
:deny
  • Adrian Knoth suggests that your

Unix client machines can use <a href="http://mail.socha.net/story/2002/8/14/181252/427">stunnel's public key mechanism</a> to authenticate smtp.</a>

  • Richard Lyons points out that

multilog has filtering capabilities</a>, see http://cr.yp.to/daemontools/multilog.html. If you leave recordio in place you can select what bits of the output to write. For example:

multilog t '-* * > *' '-* * < *' /var/log/qmail/smtpd \
          '-*' '+* * > 5*' /var/log/qmail/smtpd-err

will do the normal logging to /var/log/qmail/smtpd, and will record 5xx errors sent by your server to the client in /var/log/qmail/smtpd-err.

  • Qmail-popup redirects stderr to

stdout, thus making it impossible to write a wrapper around qmail-pop3d which writes to the logfile by writing to stderr. Being a little cleverer with the shell, you can also redirect FD 7 onto stdout like this:

/var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2>&1 7>&1


Once you've done that, qmail-pop3d-wrapper.sh can log to FD 7, like this:

#!/bin/sh
echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" >&7
$@
  • Alex Greg likes to see the output

of svstat expressed in <a href="http://agreg.com/scripts/secs2dhms">dhms instead of seconds</a></a>.

  • Erwin Hoffmann suggests a

one-line fix to the errno compilation problem. It works for most DJB software:

cat error.h | sed -e s/^extern\ int\ errno\;/#include\ \<errno.h\>/  > error.h
Personal tools