Title: Qmail Paper Subject: An overview of Qmail and vpopmail Qmail was writen by Dan Bernstein to make a mailserer that was secure, modular, reliable, easy to configure, and efficent. Qmail differs from sendmail in that it uses several non-root users, who run small simple programs, that create small files, representing a message's stage of delivery. Below I have noted: the qmail user accounts and function, file structure, progrmas, and configuration files, what they do. the delivery process, and the instalation process + vpopmail (non /etc/passwd accounts, and virtual domains) Inspecting the home directories, and you will see that it is shared. How ever, if one system account is compromised, the entire mail system is not. #------------------------ Main accounts for qmail: #--------------------------------------------------------------------------------------------------------- Account UID GID Description HomeDir Shell #--------------------------------------------------------------------------------------------------------- alias nofiles nofiles non-real users /var/qmail/alias /bin/bash qmaild qmail nofiles daemon account /var/qmail /bin/bash qmaill 510 nofiles logging account - runs splogger /var/qmail /bin/bash qmailp 511 nofiles password account - runs qmail-clean /var/qmail /bin/bash qmailq 512 qmail queue user account - runs uqmail-clean /var/qmail /bin/bash qmailr 513 qmail remote user account - runs qmail-rspawn /var/qmail /bin/bash qmails 514 qmail send user account - runs qmail-send /var/qmail /bin/bash #--------------------------------------------------------------------------------------------------------- Qmail reads ".qmail-*" text files for aliasing mail to non real users. Note: any user can create thier own .qmail-* files in their own directory. The user alias has this default layout: alias - mail for accounts that are not handled by a real user are handled by rules in .qmail-* files in ~alias home directory .qmail-postmaster <- people often mail errors or problems to these addresses. .qmail-help <- ... .qmail-MAILER-DAEMON <- ... .qmail-root <- root is not considered a real user account, it is .qmail-default .qmail-what-ever-else <- The format in these files is quite simple: Each delivery rule in the file is on one line. #============================ #.qmail files #============================ .qmail files exist in $HOME/ for users. The file contains one command per line, contains a program that will act on the message. Options: # = comment | = pipe message into a program. / or . = deliver to user's mailbox (/Mailbox or /Maildir/) & = forward to address = forward to address #=========================================================================================================== The file structure of qmail is something to get used to, to understand where all your config files, what the programs do, and files to check. Since the home directoy is shared the file permissions must be correct or unpredictable errors will be encoutnerd. The home directory and it's permissions are below. | |-- .bash_logout qmails qmail | |-- alias/ <- mail for accounts that are not handled by a real user are handled by rules in .qmail-* files | |-- .qmail-postmaster <- people often mail errors or problems to these addresses. | |-- .qmail-help <- ... | |-- .qmail-MAILER-DAEMON <- ... | |-- .qmail-root <- root is not considered a real user account, it is | |-- .qmail-default | |-- .qmail-what-ever-else <- what ever else you want to alias. | |-- bin/ | |-- bouncesaying* <-Help- Appends an error to errored message and returns to sender (used in .qmail files). | | i.e. |bouncesaying [args] ] | | Bouncesaying feeds email, | | - Exit status 0, error is prepended, and the message is bounced. | |-- condredirect* <-Help- Redirects mail for one address to another (used in .qmail files). | | i.e. |condredirect [ args ] | | Condredirect feeds email, | | - Exit status 0, mail is forwarded to | | - Exit status 111, mail is tried again later. | |-- datemail* <-????- works with semdmail alias to date new messages with bin/predate | |-- elq* | |-- except* <-Help- Changes the effective exit status of a program (used in .qmail files). | | i.e. except [ args ] | | - Exit status 0, changed to exit status 100 | | - Exit status 111, unchanged. | | - Exit status anything else, changed to exit status 0 | |-- forward* <-Help- Redirects mail for one address to another (used in .qmail files). | | i.e. |forward
| | | |-- maildir2mbox* <-Admn- Convert /Maildir/ mailbox to Mailbox for MUA compatability. | | i.e. | |-- maildirmake* <-Admn- Create a new Maildir mailbox. | | i.e. maildir | |-- maildirwatch* <-????- | |-- mailsubj* <-????- | |-- pinq* <-????- | |-- predate* <-????- No docs. but I think it dates mail. | |-- preline* <-Help- Used for procmail and ELM filters and (used in .qmail files). | | Prepends message with Delivered-To:, From:, Return-Path: | | i.e. | preline [-dfr ] command | | -d <- Don't include Delivered-To: | | -f <- Don't include From: | | -r <- Don't include Return-Path: | |-- qail* <-????- | |-- qbiff* <-Helper- Writes to the consol when a new message is recieved (used in .qmail files). | | | |-- qmail-clean* <-Core- Clears the mail in a dammaged state messages. | |-- qmail-getpw* <-????- | |-- qmail-inject* <-Core- Inserts mail into the queue. | |-- qmail-local* <-Core- Delivers mail to local accounts | |-- qmail-lspawn* <-Core- Scheduler for local mail delivery | |-- qmail-newmrh* <-Admn- | |-- qmail-newu* <-Admn- Read the user/assign file, and create a new cdb database | |-- qmail-pop3d* <-Core- POP3 server program allowing access to Maildir mailboxes | |-- qmail-popup* <-Core- Checks user to password with POP or APOP autentiation. | |-- qmail-pw2u* <-Help- Uses /etc/passwd to creates the user/assign delivery control file | |-- qmail-qmqpc* <-Core- Sends messages diretly to a QMQP server for delvery. | |-- qmail-qmqpd* <-Core- Listens for mail over Quick Mail Queueing Protocol (QMQP). | | and deposits the message directly into the outgoing queue. | |-- qmail-qmtpd* <-Core- accepts QMTP connections (QMTP is Dan's replacement for SMTP) | |-- qmail-qread* <-Admn- Prints a detailed report of messages in the queue. | |-- qmail-qstat* <-Admn- Prints a report of the queue status (#pending delivery and # queued). | |-- qmail-queue* <-Core- Inserts mail into the queue (gets from qmail-inject and qmail-smtp) | |-- qmail-remote* <-Core- Delivers mail to remote accounts | |-- qmail-rspawn* <-Core- Scheduler for remote mail delivery | |-- qmail-send* <-Core- Processe the queued messages | |-- qmail-showctl* <-Admn- Dump of the current config files (runnin state of server). | |-- qmail-smtpd* <-Core- Listens for SMTP (port 25/tcp) connection requests. | |-- qmail-start* <-Core- Starts qmail process. | |-- qmail-tcpok* <-Help- Clears qmail-remote's timeout table. | | Mail is reprocessed as a new message in the queue. | |-- qmail-tcpto* <-Help- Lists all failed SMTP conneciton Timeouts. | |-- qreceipt* <-Help- Returns receipt to peope who send this account mail (used in .qmail files). | | i.e. |qreceipt | | If mail arrives with a header, "Notice-Requested-Upon-Delivery-To, and | | the .qmail file has qreceipt , the sender will get a notice. | |-- qsmhook* | |-- sendmail* <-Core- mails uses sendmail for outgoing mail, so this is a wrapper to qmail-inject | |-- splogger* <-Core- logs the processing of mail | |-- tcp-env* | |-- boot/ root qmail | |-- | |-- control/ root qmail | |-- checkpassword root root | |-- defaultdomain root root | |-- locals root root | |-- me root root | |-- plusdomain root root | |-- rcpthosts.old root root | |-- doc/ <-- Docs on install, and configuration |-- man/ <-- man pages for all of qmail | |-- queue/ <-- this is where mail is processed | |-- bounce/ | |-- info/ | |-- intd/ | |-- local/ qmails qmail | |-- lock/ | |-- mess/ | |-- pid/ | |-- remote/ qmails qmail | |-- todo/ | |-- rc* <- starts qmail | |-- users/ root qmail |-- assign <-- ascii rules for handleing user/domain to files on the server | must run qmail-newu after editing. Backup before editing. |-- cdb <-- the compled version of the assign file. #========================== #/var/qmail/users/assign #========================== # mapping qmail users to system account users # maps qmail addresses to Unix accounts # 2 fromats, one with a +, one with a =. # First, mapping qmail address to user account. # =address:user:uid:gid:directory:dash:extension: # Second, mapping wilde cards to map lots of users to an address. # +address:user:uid:gid:directory:dash:extention: # vpopsytle domain entery +domain.com-:domain.com:30002:30002:/home/vpopmail/domains/domain.com:-:: # vpopstyle user enetery +ken-:ken:30002:30002:/home/vpopmail/users/ken:-:: =ken:ken:500:500:/home/vpopmail/users/ken::: # single period marks end of the file . #============================ #cdb file #============================ # this is the binary db creaed with the qmail-newu command. #============================ #Startup script #============================ #!/bin/sh export PATH=/var/qmail/bin:/bin:/usr/bin:$PATH # if qmail is runing exit [ -f /var/qmail/bin/qmail-start ] || exit 0 case "$1" in start ) echo -n "Starting qmail..." /bin/csh -cf `/var/qmail/rc &` exit 0 ;; stop ) echo -n "Stopping qmail..." /usr/bin/killall qmail-send ;; restart ) $0 stop $0 start ;; * ) echo -n "Usage: $0 {start|stop|restart}" exit 1 ;; esac exit 0 ============================ /var/qmail/rc file ============================ #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/ splogger qmail ============================