D. J. Bernstein
Internet mail
qmail
Installing mini-qmail
A mini-qmail installation doesn't have a mail queue.
Instead it gives each new message to a central server through
QMQP.
There are three standard applications of mini-qmail:
- At a large site, mail service is centralized on a few hosts.
All other hosts are null clients running mini-qmail.
Setting up the null clients is easy; see below.
- A firewall sends all incoming messages to an internal gateway.
The firewalls run mini-qmail plus qmail-smtpd.
There's very little code to audit, and none of it runs as root.
- A computer sends mail to a huge mailing list through a
better-connected smarthost.
The computer runs qmail for its own local deliveries,
but it also has
ezmlm
configured to use a separate mini-qmail installation for the mailing list.
QMQP is typically 100 times faster than SMTP here;
for example, you can send a 1000-recipient message through a 28.8 modem
in about 10 seconds.
How do I set up a QMQP server?
Here's how to set up a central server
to offer QMQP service to authorized client hosts.
qmail 1.03 includes a QMQP server, qmail-qmqpd.
You also need to have
tcpserver installed.
First create /etc/qmqp.tcp in tcprules format
to allow queueing from the authorized hosts.
Make sure to deny connections from unauthorized hosts.
For example, if queueing is allowed from 1.2.3.*:
1.2.3.:allow
:deny
Then create /etc/qmqp.cdb:
tcprules /etc/qmqp.cdb /etc/qmqp.tmp < /etc/qmqp.tcp
You can change /etc/qmqp.tcp and run tcprules again at any time.
Finally run qmail-qmqpd from your boot scripts:
tcpserver -x /etc/qmqp.cdb -u 7770 -g 2108 0 628 qmail-qmqpd &
Replace 7770 and 2108
with the qmaild uid and the nofiles gid,
and make sure that $PATH is set appropriately.
628 is the TCP port for QMQP.
How do I install mini-qmail?
A mini-qmail installation is just like a qmail installation,
except that it's much easier to set up:
- You don't need /var/qmail/alias.
A mini-qmail installation doesn't do any local delivery.
- You don't need qmail entries in /etc/group or /etc/passwd.
mini-qmail runs with the same privileges as the user sending mail;
it doesn't have any of its own files.
- You don't need to start anything from your boot scripts.
mini-qmail doesn't have a queue,
so it doesn't need a long-running queue manager.
- You don't need to add anything to inetd.conf.
A null client doesn't receive incoming mail.
Here's what you do need:
- qmail-qmqpc, forward, qmail-inject, sendmail, predate, datemail, mailsubj,
qmail-showctl, maildirmake, maildir2mbox, maildirwatch, qail, elq, and pinq
in /var/qmail/bin;
- a symbolic link to qmail-qmqpc from /var/qmail/bin/qmail-queue;
- symbolic links to /var/qmail/bin/sendmail from
/usr/sbin/sendmail and /usr/lib/sendmail;
- all the manual pages in /var/qmail/man;
- a list of IP addresses of QMQP servers, one per line, in
/var/qmail/control/qmqpservers;
- a copy of
/var/qmail/control/me, /var/qmail/control/defaultdomain, and
/var/qmail/control/plusdomain from your central server,
so that qmail-inject uses appropriate host names in outgoing mail; and
- this host's name in /var/qmail/control/idhost,
so that qmail-inject generates Message-ID without any risk of collision.
Everything can be shared across hosts
except for /var/qmail/control/idhost.
Remember that users won't be able to send mail if all the QMQP servers are down.
Most sites have two or three independent QMQP servers.
Note that users can still use all the qmail-inject environment variables
to control the appearance of their outgoing messages.
What about firewalls?
You won't need most of the mini-qmail programs on a firewall,
but you will need qmail-smtpd to accept messages through SMTP.
You can survive with a tiny configuration:
- /var/qmail/bin/qmail-qmqpc;
- /var/qmail/bin/qmail-smtpd;
- a symbolic link to qmail-qmqpc from /var/qmail/bin/qmail-queue;
- the internal gateway's IP address in /var/qmail/control/qmqpservers;
- the firewall host's name in /var/qmail/control/me; and
- the list of acceptable domains in /var/qmail/control/rcpthosts.
You don't need to worry about setting up redundant QMQP servers here.
If the internal gateway is down,
qmail-smtpd will temporarily reject the message,
and the remote client will automatically try again later.
What about mailing lists?
Here's how to set up ezmlm to send messages to a smarthost through QMQP:
- Create a /var/mini-qmail directory.
- Create a /var/mini-qmail/bin directory.
- Make a symbolic link to /var/qmail/bin/qmail-qmqpc
from /var/mini-qmail/bin/qmail-queue.
- Put the smarthost's IP address into
/var/qmail/control/qmqpservers.
- Compile and install ezmlm with /var/mini-qmail in conf-qmail.
You don't need to worry about setting up redundant QMQP servers here.
If the smarthost is down,
the message will stay in the local qmail queue and will be retried later.