Qmail file format

The option should be deselected cleared and confirmed with OK. Home page. Supported Files 1 formats Developer Contact Website. Associations of qmail with the file extensions. What can I use this information for? I do not have a qmail yet. Where should I get it? Recently viewed associations. I cannot see the file extensions. What should I do? It's possible that upgraded versions aren't compatible with the following instructions, so be sure to read the release notes in the "Upgrading from previous versions Note: This installation uses the netqmail distribution of qmail , which consists of the official qmail 1.

The first thing you need to do is make sure that you have the necessary tools to compile a program. How you determine this depends on what flavor of UNIX you're using. The easiest way to tell, although it's not guaranteed, is to try it.

Note: If any one of these tests passes, you can stop and go on to the next section. In this section we'll go through the actual steps of compiling qmail. A way to cut-n-paste will come in handy here, but isn't really necessary. If you made it this far, you have a working C compiler and copies of the tarballs. Next, copy or move the tarballs to the directory you want to do the work in.

Since qmail 's installation program creates the subdirectories as they're needed, you only need to create the qmail "home" directory:. The easiest way to create the necessary users and groups is to create a little script file to do it for you. It contains the command lines for many platforms, so copying the file to another name and editing that is quick and easy.

Then, using your favorite editor, remove all of the file except the lines you want. When the script finishes, all of your users and groups will be created and you can go on to the next section.

You'll have to create them manually. You need to add the following two lines to the end of the file:. Note: Make sure that and aren't already used.

If they are used, select two numbers that aren't already in use. Note: Make sure aren't already in use and that and are the same group ids you used above. If any of these UID's are already being used, select numbers that aren't already in use. You don't specifically need to add any of these lines to the end of the file, that's just the easiest way to explain it here. Now you can start building qmail.

In the Verify Build Environment section, you located your C compiler. If it's not called cc or the directory it resides in isn't in your PATH environment variable, you'll need to edit conf-cc and conf-ld. Say your compiler is gcc , and it's in your PATH.

Simply edit conf-cc and conf-ld and replace "cc" with "gcc". After the build is complete, you'll need to do your post installation configuration. A couple of scripts are provided to make this job a lot easier. If, for some reason, config can't find your hostname in DNS, you'll have to run the config-fast script:.

For example, if your domain is example. Note: On a small local LAN you might want to use a pseudo domain such as ". If you do this, be sure to configure qmail to use a valid Internet domain name in return addresses. See section 3, Configuration. The next section will guide you through the steps of starting and testing qmail. Earlier, you unpacked the qmail , ucspi-tcp , and daemontools tarballs.

Now change to the ucspi-tcp directory:. In the Do the build section, if you modified conf-cc and conf-ld , you'll need to make the same changes in this directory. Use " ps -ef grep svscan " or " ps waux grep svscan " to verify that svscan is running.

Depending upon whether you want error messages resutling from starting svscan to be sent to a log file or the system console. For an explanation of why this is necessary, see:. Feel free to examine these, but for our installation, we'll use the following script:. For best results, copy and paste the scripts in this guide instead of retyping them. At this point you need to decide the default delivery mode for messages that aren't delivered by a.

The following table outlines some common choices. Note: defaultdelivery isn't a standard qmail control file. The defaultdelivery argument to qmail-start is the contents of a. Putting these instructions in a separate control file eliminates the need to quote shell metacharacters in the delivery instructions and avoids messy multi-line command arguments. But we want qmail started up automatically every time the system is booted and we want it shut down cleanly when the system is halted.

Note: concurrencyincoming isn't a standard qmail control file. It's a feature of the above script. Note: Under Solaris, the normal id program won't work right in this script. Note: The memory limit specified in the softlimit command may need to be raised depending upon your operating system and hardware platform. If attempts to connect to port 25 fail or remote systems are unable to send you mail, or you see a message like:.

Note: The qmail system will start automatically shortly after these links are created. If you don't want it running yet, do:. Although it's possible to run both qmail and your existing MTA, which is probably Sendmail , simultaneously, I don't recommend it unless you know what you're doing.

And, frankly, if you're reading this, you probably don't know what you're doing. If your existing MTA is Sendmail , you should be able to stop it by running the init. If you can't find an init. You should also consider removing the old MTA completely from the system.

At least disable the init. Utilities that update the system might try to reinstall Sendmail, or MUA packages might not install because they can't tell an MTA is installed. Verify that nothing is listening to the SMTP port Culprits could be the old MTA, inetd , or xinetd. The following command should produce no output unless the qmail-smtpd service is running :. If you still get output from that command you'll have to locate the culprit and fix it before qmail 's SMTP service will run.

Note: It's important to create the sendmail links, regardless of the previous MTA, if any. The sendmail command is invoked by many applications for sending mail. To create these aliases, decide where you want each of them to go a local user or a remote address and create and populate the appropriate. For example, say local user dave is both the system and mail administrator:.

First run qmailctl stat to verify that the services are up and running:. All four services should be "up" for more than a second. If they're not, you've probably got a typo in the associated run script or you skipped one or more steps in creating the necessary files, directories, or links. Go back through the installation step-by-step and double check your work. For example:. The readproctitle program keeps a log of error messages generated by services managed by svscan.

To see these messages, use ps or some other process listing command. For example, you might see something like:. It sometimes helps to run a service manually in order to find configuration problems. At this point, you should be able to identify the problem and fix it. Once that's done, return to the service's directory, if necessary, and do:.

Note: If you chose maildir mailbox format as the default delivery method, you will need to create a Maildir directory in your home directory and alias 's home directory before trying these instructions. See the maildir section to see how to properly create this directory.

You've got qmail installed, from the recommended source tarball method, one of the self-compiling packages, or a var-qmail package. This section contains information you will need to configure qmail to make it work the way you want it to. All of qmail 's system configuration files, with the exception of the. The qmail-control man page contains a table like the following:. For more information about a particular control file, see the man page for the module listed under "Used by". What is relaying?

In the pre-spam days, it was common for MTA's to be configured as open relays: promiscuous servers that would accept mail from anyone, for anyone. Most MTA's now are configured to either completely disable relaying, or to only a allow certain trusted users or systems to use them as a relay.

Chris Johnson has written a very nice document on the topic for qmail users. If you follow the official directions for installing qmail , relaying will be turned off by default.

Most single-user and small workgroup servers can disable relaying completely, but if you have to support a distributed user community, you'll need a way to allow your users, and only your users, to use your system as a relay. If you follow the installation instructions in this document, selective relaying will be enabled by default. If you followed the official installation instructions, Chris Johnson has written another very nice document on how to configure qmail to allow selected hosts to relay.

For example, the Road Runner service in Cincinnati, Ohio, has smtp-server. You can tell qmail to route all outgoing SMTP traffic through that server by doing:. The smtproutes file can perform more routing functions than this; see the qmail-remote man page for more details. If your system is known by more than one name, e. Send qmail-send a HUP hangup signal to tell it to reread locals.

If you have qmailctl , you can do:. Virtual domains are similar to the multiple host names discussed in the previous section, but there are some important differences. First, if example. The namespace for each virtual domain is distinct. With qmail , virtual domains are configured in the virtualdomains file, which consists of one or more entries of the form:. The user part is optional.

If it's omitted, the entry matches all domain addresses. Returning to the example scenario above, if the example. An incoming message to joe virtual. See the. As with multiple host names, all virtual domains must be listed in rcpthosts so qmail-smtpd will know to accept messages addressed to them. However, unlike multiple host names, virtual domains must not be added to locals.

After modifying virtualdomains , send qmail-send a HUP hangup signal to tell it to reread the file. Note: Domain name server DNS mail exchanger MX records must be set up to direct messages for virtual domains to the appropriate mail server. This is a job for the name server administrator and is beyond the scope of this guide. For example, say you want to create an info example. On example. The Gotchas appendix covers a couple of tricky cases regarding the usage of alias--aliases containing uppercase characters and dots '.

Note that because of the way aliases are implemented in qmail , an alias can never override a valid user's deliveries. The fastforward package provides an alternative aliasing mechanism that puts multiple aliases in a single file compatible with Sendmail 's alias database. The next section, qmail-users, describes another mechanism that can be used to implement aliases. The assign file is a table of assignments. There are two kinds of assignments: simple and wildcard.

Note: assign contains a series of assignments, one per line, followed by a line containing a single dot. If you create assign manually, don't forget the dot line. CDB is a binary format that can be accessed quickly by qmail-lspawn , even when there are thousands of assignments. Note: If you use qmail-pw2u , don't forget to re-run qmail-pw2u and qmail-newu whenever you add users, remove users, or change UID's or GID's.

A typical sequence would be:. Jason Haar has written Qmail-Scanner, a content scanning harness for qmail. Qmail-Scanner includes a simple "policy-blocking" component e. This section covers the usage of qmail by normal users. If you read or send mail on a qmail system, this is where you'll find information about how to do that with qmail. Delivery of a user's mail is usually controlled by one or more ". The dot-qmail man page describes. The first character of the line determines what kind of delivery is involved:.

The qmail-command man page documents the details of this process. Program delivery is very powerful, and can be used to implement a wide range of functionality such as message filtering, automatically responding to messages, and delivery via third-party delivery agents such as procmail. Mbox is the standard UNIX mailbox format in which multiple messages are stored in a single file and messages are headed with a " From " line.

This line looks like a header field, but it isn't one: it's just something the delivery agent adds so mail readers can tell where each message begins. A simple mbox mailbox with a single message looks like:. Maildir is a mailbox format created by Dan Bernstein to address the shortcomings of the mbox format. A maildir mailbox is a directory containing three subdirectories, new , cur , and tmp.

Each message in a maildir mailbox is in a separate file in one of the subdirectories, depending upon its status: new is for unread messages, cur is for messages that have been seen, and tmp is for messages in the process of being delivered.

The maildir man page describes the format of a maildir in detail. One of the benefits of the maildir format is that, even though it doesn't use locking to prevent simultaneous updates from different delivery agents, it's reliable. This means maildir mailboxes can safely reside on NFS-mounted filesystems. Note: qmail-local can deliver mail to maildir mailboxes, but it can't create them.

Maildir mailboxes should be created with the maildirmake program that comes with qmail. Be sure to run maildirmake as the owner of the maildir, not as root. Your useradd or adduser command might support a "skeleton" directory, e. Forward deliveries causes the message to be resent to the specified address.

Addresses specified in. The first two cause user example. The last sends a copy to the local user user. In addition to the base address, username hostname. For the remainder of this section, I'll leave off the " hostname. For example, dave-lwq sparge. Extensions can have multiple fields, e.

This would allow one catch-all. If no matching. Mail users usually don't use the MTA directly to send messages. The process of handing a message to the MTA is called injection. SMTP has no mechanism for authentication, so no username or password is required to send a message. However, many MTA's refuse to accept messages that don't appear to be either from or for a local user.

If a properly formatted message is rejected, relaying restrictions are the most likely cause. See the Relaying section for more information about relay configuration. It was so ubiquitous, that many programmers just assumed that it was the MTA. As a result, Sendmail 's local injection mechanism became the standard Application Programmer's Interface API for local mail injection. Typical locations of the sendmail program include:. In addition to emulating the sendmail API, qmail has its own injection program: qmail-inject.

In fact, sendmail is just a wrapper around qmail-inject. As an API, sendmail is probably better because it's much more widely available. The qmail API provided by qmail-inject will only work on systems with qmail , but the sendmail interface is nearly universal. Some qmail programs set or use environment variables. The following table lists these variables and describes their use. The function of an MDA is to accept a message from the MTA for a specific user or mailbox, and deliver the message according to the user's desires.

For example, messages from a particular person can be directed to a mailbox for just that person. There are a couple tricks to running procmail with qmail. Another problem is that qmail-command and procmail don't have a common understanding of which exit codes mean what.

A small shell script wrapper can be used to translate the exit codes for qmail-command. Also, older versions of procmail prior to 3. Your best bet is to upgrade to the current version of procmail.

Another approach is safecat , a program that writes a message on standard input to a specified maildir. Users can write procmail recipes delivery instructions that use safecat to file the message. You can also skip procmail altogether, and use maildrop. Finally, procmail expects the messages it receives to be in mbox format.

Normal qmail program deliveries include only the actual mail message, not including a " From " line. The preline command can be used to format the message as procmail expects. The wrapper linked above includes preline. For example, let's say user "dave" wants his mail to be processed by procmail. You can also use one of the other POP or IMAP servers available, although most of them were written for Sendmail and will require some work to use with qmail.

It's a fine POP server, and many qmail sites use it. It's modular, and supports multiple authentication schemes via alternative authentication modules. Note: qmail-pop3d supports only maildir-format mailboxes, so if you have users logging into the POP server and running MUA's locally, they all have to support maildir. If all of your users read mail via POP, the mailbox format on the server is not an issue.

Typically, qmail-popup is run via inetd or tcpserver , listening to port , the POP3 port. When a connection is made, it prompts for the username and password. Completely install and test qmail. If you want all users to have POPable mailboxes, make sure defaultdelivery is set to.

Compile and install checkpassword according to the directions. Note: If you install the standard checkpassword , don't forget to apply the errno patch after unpacking the source:. If attempts to connect to port fail or POP3 connections fail mysteriously, or you see a message like:.

Binc IMAP is designed to use the same authentication mechanism checkpassword that qmail-pop3d uses, so it's a good fit for qmail servers. Like qmail-pop3d , it supports only Maildir mailboxes. It was designed to be secure. David R. Harris has cleaned up the patch that adds maildir support to the University of Washington IMAP server and documented the installation process. Rick Updegrove has written a qmail2cyrus wrapper for delivering messages to a Cyrus mail store.

This instructs fetchmail to connect to mail. The forcecr causes fetchmail to end each line with a carriage return when injecting the message on the local system via SMTP. It's actually a Python script, so you may need to install the Python interpreter before you can use getmail.

Say you're an MTA, and one of your users sends a message to three people on hostx. There are several ways you could do this. The first method is clearly inferior to the third. Even if the message is tiny, it'll take at least as long. And if the message is large, it'll take a lot longer and use more network bandwidth.

The third method only opens one connection to hostx, and only sends one copy of the message. That makes for efficient use of bandwidth. The second method uses multiple connections and sends multiple copies of the message. That "wastes" bandwidth, but due to the nature of the SMTP protocol, requires fewer round-trip delays, and is faster than the third method.

It's also simpler than the third method, so the MTA can be coded in a more straightforward manner. There are no patches to implement the third method multiple RCPT --it would require major work.

Most messages have, at most, a couple recipients, and they're usually on separate hosts, so multi-RCPT delivery buys them nothing. When a message is undeliverable, the MTA responsible is supposed to return a bounce message to the envelope return path ERP. The bounce message should include the address of the recipient, the reason the message is undeliverable, and whether the problem is temporary or permanent. Some MTA's don't do the right thing, though. They might send the bounce to the address in the From header field, or the bounce might not identify the recipient.

For most user-to-user messages, these problems aren't too bad. One can usually figure things out based on the timing of the bounce or the contents. For mailing lists, the problem of bad bounces is more serious.

Subscribers move, forwarding mail to their new address. If the new address starts having delivery problems, it can be impossible to tell which subscriber's mail is bouncing if the bounce message only includes the new address. Using VERPs, each message sent to each subscriber to a list has a unique return path. This allows a bounce handler to identify the problem subscriber. For example, a typical non-VERP'ed mailing list has a return address of the form listname -owner domain.

The ezmlm list manager uses VERPs to automatically handle bounces. It even provides subscribers with temporary delivery problems with a list of the messages they missed so they can retrieve them from the archive.

Russell Nelson wrote a bounce manager for Majordomo under qmail , but he no longer maintains it. A properly-running, complete, but minimal qmail installation should always have the following four processes:. Depending upon your flavor of UNIX, one of the following two commands should list these processes, and possibly a few more:.

If you run qmail or qmail-smtpd under supervise , as in the example above, you should see those processes as well. And if run qmail-smtpd under tcpserver , you should see a parent tcpserver process plus an additional tcpserver process for each active incoming SMTP connection. If you use splogger or multilog or cyclog to handle logging, you'll have a splogger or multilog or cyclog process or two running as user qmaill.

Also, if qmail is busy delivering messages locally or remotely, you'll see up to concurrencylocal qmail-local processes and up to concurrencyremote qmail-remote processes. The log directory is specified on the multilog command line, so you can find it by examining your qmail startup scripts.

The number of files in the log directory, and the maximum size of each file, are determined by multilog options. The tai64nlocal command, also from daemontools , converts TAI timestamps into local, human-readable timestamps. Messages sent to syslog have a facility and priority.

Line 1 indicates that qmail has received a new message, and its queue ID is The queue ID is guaranteed to be unique as long as the message remains in the queue. Line 3 says qmail-remote is starting to deliver the message to lwq w3.

Line 5 says delivery is complete and successful, and it returns the remote server's response, which often contains information the remote mail administrator would find helpful in tracking a delivery. Line 6 says 0 local deliveries and 0 remote deliveries are pending, i. Line 7 says that the message has been delivered completely and removed from the queue.

At this point, the queue ID, , is reusable for another delivery. Use a fast NFS network file server to store user directories. Set up multiple equal-preference SMTP servers delivering to maildir mailboxes on the file server. Mailing list managers MLM's are systems that help list owners run mailing lists. Their duties fall into two main divisions: managing the lists of subscribers, and controlling the resending of messages to the subscribers.

It was written for use with qmail , and relies on several features of qmail. Most notably, it uses VERPs to reliably process bounce messages. It works fine with qmail provided a few simple changes are made. Various source code patches are available for qmail. To install a patch, download it, cd to the qmail source tree, and apply it using the patch command. Note: See the patch man page for more information. This is just an example. Also, you might need to use a current version of GNU patch to successfully apply some patches.

Stop qmail by killing qmail-send or, if you installed the qmailctl script in the Installation section, do:. They may introduce security, reliability, efficiency, or functionality problems not present in qmail. Most qmail installations only require the some of the Recommended patches.

You should not install any patches that you don't clearly require. These patches address the few known bugs in qmail. Note: all of the Recommended Patches have been included in the netqmail distribution. This patch fixes a problem with missing errno.

Mate Wierdl has errno. This patch fixes a minor bug in the parsing of. This patch causes the IP address 0. Historically, DNS responses have been limited to bytes. Some large sites have started returning MX responses longer than that.

There are two ways to fix this in qmail and one workaround that might be sufficient for some applications. This is an adaptation of a patch by Chuck Foster that should work with any resolver library, no matter how old, and uses a guard byte to avoid the "number of bytes placed in the buffer" library bug. It reallocates only once, to , rather than just to the size needed, so it can be less memory-efficient than Chuck's patch though, like his patch, it only reallocates if the response is larger than PACKETSZ, which defaults to bytes.

After reallocating, it forces a TCP query, rather than requiring the resolver library to do so avoiding an extra round-trip between qmail and the name server, though if they're on the same machine or local network this is not a big worry. Works with recent BIND resolver libraries, which will automatically do a TCP query within the library code if the reply comes back with the truncation bit set.

This is the simplest fix, though it's also potentially the most wasteful of memory, depending on how your system handles paging. It knows how to handle large DNS responses and removes unnecessary information from them, so the response it returns is usually much smaller than the direct response. Because it doesn't require patching qmail , this might be an acceptable workaround. Unfortunately, it's not a complete fix because responses can still be too large for qmail.

See the djbdns section under Related Packages for more information. LDAP is like a network phone book. Using qmail-ldap , it should be possible for a POP server to serve many thousands of users. QMTP usually uses port If the local recipient is invalid--there's no user or alias by that name-- qmail-send generates a bounce message and sends it to the return address specified during the SMTP dialogue.

In a well-behaved world, either strategy would be fine. Unfortunately, there are a lot of poorly-behaved spammers out there. Some will attempt to deliver messages to recipients that "might" exist on your server--using a database of common names, a dictionary, or even a generated list of all possible alphanumeric strings.

On a qmail system, such spam attacks can inflict a substantial load on the system, fill the queue with junk, and delay the delivery of valid messages. This saves the server from a lot of unnecessary work, but has a negative side effect, too. Using this validation, spammers can quickly determine which addresses are valid. There are several ways to implement recipient validation during the SMTP dialogue with qmail. Most of these solutions require maintaining a database of valid or invalid recipients or patterns.

Scott Gifford has written a very thorough and detailed step-by-step guide to using transport layer security TLS with qmail. First, thanks to Dan Bernstein for designing and writing such a powerful and elegant system. After nearly ten years of use, qmail still impresses me. I'd also like to thank the members of the qmail mailing list.

Two members deserve special mention. The first is Russ Nelson, one of the most helpful, patient, knowledgeable, and funny contributors.

His contributions to the qmail community are second only to DJB's. The second is Charles Cazabon, who's close on Russ' heels. Charles is currently the major contributor to the mailing list, answering more questions correctly than anyone else. Charles has also written a couple of very useful utilities, getmail and pymsgauth, and was technical editor for The qmail Handbook where his contributions were critical to the success of the book, and for which he has received too little reward and recognition.

Special thanks to Henning Brauer for donating the lifewithqmail. Special thanks also to Michael M. It made the job much easier. Sendmail uses. The dot-forward package gives qmail the ability to use. Systems running Sendmail or any other MTA that uses. If you're migrating to qmail , and you've got a Sendmail -format aliases file you don't want to convert, fastforward gives qmail the ability to use the aliases file as-is.

A helper program such as inetd , xinetd , or tcpserver runs as a daemon. Inetd is the standard network server "super-server". The daemontools package contains a set of utilities for controlling and monitoring services. It's not mandatory, but it's highly recommended, especially for busy systems.

It includes:. If you need statistics about how many messages are being sent or received, how big they are, and how quickly they're being processed, qmailanalog is what you need. As a bonus, the matchup program combines qmail 's multiple log lines per delivery into one--not unlike the familiar Sendmail logs.

Note: qmailanalog relies on log entry timestamps in the fractional second format used by accustamp. In order to use it with logs generated by multilog , which are in TAI64N format, you'll need to translate them into the old format.

If you've never been spammed, consider yourself very lucky. Most of it is advertisements for sex sites, chain letters, and other scams. Back in the days of old, up until around or so, most MTA's on the Internet were open relays , i.

Spammers use open relays, if they can find any, to deliver their spam. It covers their tracks, redirects the backlash toward the "innocent" relay site, and saves them lots of CPU time and network bandwidth. Such open relays are considered very bad form these days, and several anti-spam vigilante groups have created a mechanism for identifying open relays and other common sources of spam so they can avoid accepting SMTP connections from them.

It sits between tcpserver and qmail-smtpd and rejects connections from systems identified on one of these lists. Charles Cazabon has a patch that removes the default RBL hardcoded into rblsmtpd since it's no longer free. With serialmail on such a system, qmail is configured to deliver all remote mail to a single maildir. The serialmail maildirsmtp command is used to upload the maildir to the ISP's mail hub when the connection is brought up.

The applications include:. For more information about mailing lists under qmail see Mailing List Managers under Advanced Topics. Fred Lindberg and Fred B. Ringel have developed an extension to ezmlm called ezmlm-idx. It adds lots of useful features and is highly recommended.

It is particularly useful for filing messages in procmail recipes. For example, the following recipe files all messages in Maildir :. When a user on one host sends a message to a user on a another host, many things happen behind the scenes that you may not be aware of.

Let's say Alice, alice alpha. Here's what happens:. Alice composes the message with her mail user agent MUA , something like mutt or pine. She specifies the recipient in a To field, the subject of the message in a Subject field, and the text of the message itself. It looks something like:. Next, the MUA injects the message into the mail system. There are two ways to this: it can run a program provided by the mail system for the purpose of injecting messages, or it can open a connection to the Simple Mail Transfer Protocol SMTP port on either the local system or a remote mail server.

With this method, the MUA can put the header and body in a file, separated by a blank line, and pass the file to the sendmail program. If the injection succeeds--the message was syntactically correct and sendmail was invoked properly--the message is now the MTA's responsibility. The SMTP dialogue requires messages to be sent in two parts: the envelope , which specifies the recipient's address bob beta.

If the beta MTA rejects the message, perhaps because there's no user bob on the system, the MTA on alpha sends a bounce message to the return address, alice alpha , to notify her of the problem. If the beta MTA accepts the message, it looks at the recipient's address, determines whether it's local to beta or on a remote system.

If the delivery fails, perhaps because Bob has exceeded his mail quota, the beta MTA sends a bounce message to the envelope return address, alice alpha. If the delivery succeeds, the message waits in Bob's mailbox until his MUA reads it and displays it.

Most of these are well beyond the commentary stage, and define Internet protocols such as TCP, FTP, Telnet, and the various mail standards and protocols. Internet MTA's perform a variety of tasks. Earlier designs like Sendmail and smail are monolithic. In other words, they have one large, complex program that "switches hats": it puts on one hat to be an SMTP server, another to be an SMTP client, another to inject messages locally, another to manage the queue, etc.

Each of these functions is performed by a separate program. As a result, the programs are much smaller, simpler, and less likely to contain functional or security bugs.

To further enhance security, qmail 's modules run with different privileges, and they don't "trust" each other: they don't assume the other modules always do only what they're supposed to do. There's also a down side to the modular approach. Unlike a monolithic MTA, the interactions between modules are well-defined, and modules only exchange the minimum necessary information with each other. This is generally A Good Thing, but sometimes it makes it hard to do things.

For example, the sendmail "-v" flag causes Sendmail to print a trace of its actions to standard output for debugging purposes.

Since the one sendmail binary handles injection, queueing, alias processing,. The equivalent capability in qmail doesn't exist, and would require substantial code changes and additional complexity to implement the passing of the "debug" flag from module to module. This can be changed when qmail is being built, but it's a good idea to leave it unchanged so other administrators know where to find things.

If you really want to relocate some or all of the qmail tree, it's better to do that using symbolic links. See the Create directories subsection of the Installation section for details. This is a broader overview of structure of the queue. It defaults to The purpose of splitting these directories is to reduce the number of files in a single directory on very busy servers. Files under the mess subdirectory are named after their i-node number.

Note: It is not safe to modify queue files while qmail is running. If you want to modify the queue, stop qmail first, play with the queue carefully , then restart qmail. These are textual "pictures" of various situations that qmail handles. They show the flow of control through the various modules, and are very helpful for debugging and creating complex configurations.

These are questions that don't qualify as frequently asked, but which are important and not easy to answer. Each message has its own retry schedule. The longer a message remains undeliverable, the less frequently qmail tries to send it. The retry schedule is not configurable. The following table shows the retry schedule for a message that's undeliverable to a remote recipient until it bounces.

Local messages use a similar, but more frequent, schedule. The problem might be that qmail can't handle large name server query responses. The fix is to install a patch or workaround. See Patches under Advanced Topics. There's also a question as to why some people don't have trouble reaching such systems.

Basically, depending on the timing and ordering of queries made to your local nameserver, the size of the response to an ANY query for "aol. Since the. Busier nameservers are more likely to have those records in their cache at any given time, frustrating an unpatched qmail 's attempts to check for CNAMEs.

A better test is to send mail to nosuchuser large-mx. By using a single RRset, with a single TTL, that exceeds bytes, the problem can be seen without depending on the timing and ordering of other queries. This is used primarily for logging.

Shut down qmail if it's running. If you installed the qmailctl script from the Installation section, that can be done by:. To prevent the possibility of qmail-local running commands as a privileged user, qmail ignores all users whose UID is 0.

This is documented in the qmail-getpw man page. That doesn't mean qmail won't deliver to root , it just means that such a delivery will have to be handled by a non-privileged user. Another security feature, and just good general practice. The man page doesn't come out and say that, but the code does. The fact that it ignores users with uppercase characters is documented in the qmail-getpw man page. Another security feature. The purpose is prevent extension addresses from backing up the file tree using "..

By replacing them with colons, qmail ensures that all. Documented in the dot-qmail man page. This is another result of the fact that qmail lowercases the entire local part of addresses.

If you use names in control files, qmail must have access to a name server. It is possible to run qmail on systems without access to a name server, though. Hosts in control files can be specified by IP address by enclosing them in square brackets [] , e.

Actually, the square brackets aren't always necessary--but it's a good idea to use them anyway. For a number of reasons, qmail doesn't log SMTP connections, rejections, invalid commands, or valid commands.

If Sendmail is unable to deliver a message within a few hours, typically four, it sends a deferral notice to the originator.