summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
commit89b7b67a13ebb7965cc7f13ad0595e2194a2d34c (patch)
tree25efd77a90ae87236e6730d8ea3846bbe0fd126f /doc
add sqmail-4.2.29asqmail-4.2
Diffstat (limited to 'doc')
-rw-r--r--doc/BLURB251
-rw-r--r--doc/CHANGELOG196
-rw-r--r--doc/CHANGELOG_V3108
-rw-r--r--doc/CONTRIBUTERS31
-rw-r--r--doc/EXTTODO228
-rw-r--r--doc/LICENSE63
-rw-r--r--doc/LOGGING94
-rw-r--r--doc/Old/PROPOSAL.mav124
-rw-r--r--doc/Old/README.djbdns63
-rw-r--r--doc/Old/README.mav96
-rw-r--r--doc/Old/README.qmq73
-rw-r--r--doc/Old/README.recipients256
-rw-r--r--doc/Old/README.wildmat100
-rw-r--r--doc/Postgrey.txt233
-rw-r--r--doc/Qmail/BLURB222
-rw-r--r--doc/Qmail/FAQ706
-rw-r--r--doc/Qmail/INSTALL.alias40
-rw-r--r--doc/Qmail/INSTALL.ctl38
-rw-r--r--doc/Qmail/INSTALL.ids72
-rw-r--r--doc/Qmail/INSTALL.maildir59
-rw-r--r--doc/Qmail/INSTALL.mbox53
-rw-r--r--doc/Qmail/INSTALL.qmail84
-rw-r--r--doc/Qmail/INTERNALS186
-rw-r--r--doc/Qmail/PIC.local2alias37
-rw-r--r--doc/Qmail/PIC.local2ext41
-rw-r--r--doc/Qmail/PIC.local2local40
-rw-r--r--doc/Qmail/PIC.local2rem38
-rw-r--r--doc/Qmail/PIC.local2virt44
-rw-r--r--doc/Qmail/PIC.nullclient38
-rw-r--r--doc/Qmail/PIC.relaybad8
-rw-r--r--doc/Qmail/PIC.relaygood33
-rw-r--r--doc/Qmail/PIC.rem2local36
-rw-r--r--doc/Qmail/README269
-rw-r--r--doc/Qmail/REMOVE.binmail16
-rw-r--r--doc/Qmail/REMOVE.sendmail28
-rw-r--r--doc/Qmail/SYSDEPS17
-rw-r--r--doc/Qmail/TEST.deliver82
-rw-r--r--doc/Qmail/TEST.receive41
-rw-r--r--doc/Qmail/THANKS337
-rw-r--r--doc/Qmail/THOUGHTS418
-rw-r--r--doc/Qmail/TODO.djb23
-rw-r--r--doc/Qmail/TODO.done23
-rw-r--r--doc/README.clamav27
-rw-r--r--doc/README.smtpreply72
-rw-r--r--doc/TODO14
-rw-r--r--doc/smtpreplies13
46 files changed, 5071 insertions, 0 deletions
diff --git a/doc/BLURB b/doc/BLURB
new file mode 100644
index 0000000..ba7ad5a
--- /dev/null
+++ b/doc/BLURB
@@ -0,0 +1,251 @@
+s/qmail BLURB
+=============
+
+s/sqmail inherits all features of qmail, since it includes its
+concept and its code.
+
+Confidentially: s/qmail adds transmission confidentially by means
+of TLS encryption. TLS encryption is provdided by for all protocols
+except for QMTP while requiring UCSPI-SSL.
+
+Privacy: s/qmail does currently not provide email privacy.
+The persistance storage (Queue) is unencrypted and shared.
+This might be changed in forthcoming releases.
+
+Authentication: s/sqmail supports user authentication for sending
+and receiving mails by means of SMTP(S). QMTP and QMQP however, are
+solely host-to-host mail transfer protocols.
+
+Distribution: s/qmail uses the concept of distributed queues to be
+fed either by SMTP or QMTP/QMQP.
+
+Multi-domain capability: s/qmails allows to set up differently
+parametrized transport/distribution pathes based on the domains
+under control of the MTA. This concept is close to a multi-tenant
+behavior; regarding the domain, not the individual recipient/sender.
+
+
+Authenticated Email Senders
+===========================
+
+Within s/qmail both
+
+* qmail-smtpd for receiving emails and
+* qmail-remote for sending emails
+
+support authentication regarding the methods
+
+- PLAIN,
+- LOGIN, and
+- CRAM-MD5.
+
+Additionally,
+
+* qmail-smtpd accepts authentication based on
+
+- X.509 client certs.
+
+* qmail-popup together with
+* qmail-pop3d
+
+provide authentication by means of the methods
+
+- USER and
+- APOP.
+
+The authentication module
+
+* qmail-authuser
+
+replaces the old
+
+* checkpassword and perhaps
+* cmd5checkpw
+
+programs with much more flexibility.
+Given a LDAP infrastucture,
+
+* qmail-ldapam
+
+can be used to call the user data from here.
+
+
+Validation receiving Mails
+==========================
+
+Within s/sqmail
+
+* qmail-smtpd,
+* qmail-qmtpd, and
+* qmail-qmqpd
+
+are able to receive email from the Internet.
+
+While
+
+* qmail-qmtpd and
+* qmail-qmqpd
+
+use QMTP/QMQP transmitting emails and are currently
+only supported by Postfix, Qmail, and s/qmail in a
+dedicated environment,
+
+* qmail-smtpd
+
+supports both SMTP and ESMTP and is a potential
+target for spam, virii, and other unsolicited email.
+
+Thus
+
+* qmail-smtpd
+
+supports greylisting and provides filters for the
+
+- SMTP envelope information,
+- the email content (with different mechanisms) and in
+ particular to check/validate the existance of a potenial
+- email recipient.
+
+For this purpose, the modules
+
+* qmail-smtpam,
+* qmail-vmailuser,
+* ldapam, and
+* qmail-authuser together with
+* qmail-ldapam
+
+are available. The RECIPIENTS mechanism supports a
+domain dependent validation based on a PAM mechanism
+or perhaps a cdb.
+
+Domain based SPF lookups are provided for
+
+* qmail-smtpd.
+
+
+Anti-Spam Mechanisms
+====================
+
+* rblsmtpd (out of the package ucspi-tcp6)
+
+supports
+
+- Relay Black Lists (RBL) and
+- Greetdelay
+
+prior of receiving mail by
+
+* qmail-smtpd.
+
+In adddition,
+
+* qmail-smtpd
+
+provides by means of the
+
+- QMAILQUEUE hook
+
+an interface to SpamAssassin and other tools.
+A wrapper script is included.
+
+Further, the well known
+
+- postgrey
+
+server can be used by
+
+* qmail-postgrey
+
+as an add-on to be called by
+
+* qmail-smtpd.
+
+
+Anti-Virus Mechanism
+====================
+
+* qmail-smtpd
+
+uses
+
+- MIME and
+- LOADER type
+
+filters to allow an on-the-fly recognition of executable.
+
+Anti-Virus tools are supported either by
+
+- QHPSI or by the
+- QMAILQUEUE hook.
+
+A (combined) wrapper script for
+
+* qmail-queue
+
+is provided.
+
+
+Bounce Control
+==============
+
+Within s/qmail
+
+* qmail-send
+
+is responsible to generated bounces, ie. None Deliverable Reports (NDR).
+s/qmail uses qmail's concept to generate the NDRs in the QSMBF (qmail-send
+Message Bounce Format) unaltered (http://cr.yp.to/proto/qsbmf.txt).
+
+To control NDR, s/qmail provides two means:
+
+* qmail-send
+
+can be adviced -- while generating a NDR -- to limit it to N bytes.
+Effectively this means the orgininal message is truncated and not
+completely bounced.
+
+Upon transmitting bounce messages to third-party MTAs
+
+* qmail-remote
+
+can be set-up to use a particular
+
+- bounce queue (s/qmail instance)
+
+to take care of this delivery. Thus generic message transmission
+is decoupled from bounce processing and does not inflict with it.
+
+
+Logging, Monitoring, and Housekeeping
+=====================================
+
+s/qmail writes log information for
+
+- qmail-send (qmail-local & qmail-remote/qmail-smtpam) on FD 2
+- qmail-popup (authentication information only) on FD 5
+- qmail-smtpd (see 'LOGGING') on FD 2
+
+Either the log information is fed by means of 'splogger'
+into the Syslog, or treated by daemontool's 'multilog'
+which automatically does the housekeeping and provides
+a TAI64N timestamp for each line (event).
+
+Using 'multilog', the log information can be
+picked up by 'qmail-mrtg' and graphically
+displayed using 'MRTG' or 'RRDtool'.
+
+The log information can be analysed using
+the 'qmailanalog' facility and for convenience
+the program 'tai64nfrac' is included.
+
+The separate package 'newanalyse' provides
+an easy customizable umbrella script for analysis
+and long-haule housekeeping together with the
+capability to track each incoming and outgoing
+mail.
+
+
+E. Hoffmann -- 2021/01/01.
+
+
+
diff --git a/doc/CHANGELOG b/doc/CHANGELOG
new file mode 100644
index 0000000..e48d1ed
--- /dev/null
+++ b/doc/CHANGELOG
@@ -0,0 +1,196 @@
+s/qmail 4.0 CHANGE log
+======================
+
+Older changes can be found in CHANGELOG_V3.
+
+Version Descripition
+--------------------
+
+4.0.00 Initial version, removed SRS, fixed SPF.
+4.0.01 Recovered SRS and added srsforward + srsreverse
+ as compile option; still depending on librsrs2.
+ Added man pages for srsforward + srsreverse.
+ Fixed columnt (buf incorrectly used).
+B(2) Changed 'puts' to 'out'; where applicable.
+ Fixed dnsq call in qmail-smtpd concerning
+ lookup type "M" -> 'M', "A" -> 'A' (char ).
+B(3) Fixed missing timestamp for mails in maildir.c
+ making qmail-pop3d behaving erratic.
+ Substituted put -> out almost everywhere.
+ Fixed wrong 'identity' in Received header ('unknown')
+ due to misplaced 'if' nesting.
+ Streamlined qmail-authuser to support APOP auth
+ even for Unix system accounts (tx Drew).
+ Fixed wrong CAPA announcement in qmail-popup
+ (APOP instead of UIDL).
+4.0.02 Removed dependency on libsrs2 providing srs2.[c|h]
+ natively together with sha1[_hmac].[c|h].
+ Complete refactoring of sha1 and sha1_hmac.
+ Included Drew W's enhancements for Dovecot auth
+ in qmail-authuser.
+ Fixed bug in IPv4/IPv6 matching for spf_mx.
+4.0.03 Enhanced qmail-authuser.
+ Redone srsforward and srsreverse + man pages.
+ Fixed qmail-smtpd to cope with new DNS resolver
+ behaviour (in particular for SPF segfaulting for bounces).
+ Finally streamlined man pages.
+4.0.04 SMTPUT8 is now triggered via environment variable UTF8 for
+ qmail-smtpd.
+ Fixed segfaulting qmail-smtpd in case of multiple recipients
+ in the RCPT TO dialog.
+ qmail-smtpd exits now if Auth and Auth not announced or PAM missing.
+4.0.05 Fixed bug in qmail-remote with wrong CNAME address mangling (tx. Leah).
+ Removed SMTPUTF8 compiler flags in qmail-remote and qmail-smtpam
+ which now auto-detect UTF8 encoded addresses.
+4.0.06 Fixed qmail-smtpd segfaulting while wrongly evalute 'fakehelo' for SPF.
+ Added compatibility for other tcpserver/sslserver programs
+ calling qmail-smtpd and different IPv6 environment variables (4Leah).
+4.0.07 Straightend some code in SPF evalution which might prevent it (tx Leah).
+ Fixed bug returning wrong SPF results in case a TXT but no SPF record is given.
+ Fixed qmail-remote potentially not binding to IPv4 addresses (tx. MB).
+ Fixed qmail-authuser insuffient handle of passwords using crypt (tx. MB).
+4.0.08 Fix for qmail-vmailuser not respecting vpopmail's home dir (tx. Ueli H.).
+ Changed qmail-remote to cope better with fehQlibs-15 and IPv4 qualification.
+ Fixed CVE-2011-0411: Pipelining command injection for qmail-smtpd.
+ Fixed the Guninski CVE-2005-1513 (in fehQlibs-15): Buffer overflow
+ if size of mail > 4 GByte.
+4.0.09 Reworked fix for CVE-2011-0411 to provide a general solution. (tx. Fabian)
+ Applied fix to qmail-popup as well.
+4.0.10 GCC 10 refactoring (together with fehQlibs-15b).
+ qmail-remote now recognizes a MX retrieved IP to be itself and skips it.
+EOL for 4.0
+
+4.1.00 Added TLSA DNS lookup for qmail-remote.
+4.1.01 Added qmail-ldapam; needs tweaking and verification still.
+4.1.02 Added qmail-postgrey client together with the qmail-smtpd IF (permisssion by jan.mojzis).
+4.1.03 Fixed TLSA off-by-one error for qmail-remote.
+ Removed idedit.c (could be used in later version).
+ Disabled compilation of qmail-ldapam. (cleanups, beta version).
+ Added postgrey run script together with adjustments for doc and man.
+4.1.04 Included Reiser FS patch; see unlinking problems also with vdeliver (qmail-queue, qmail-local).
+ Fixed 'incorrect' xtext generation in qmail-remote.
+ Added qmail-qmaint providing sanity checks on the queue and
+ allowing removal of messages (based on E. Huss code).
+ Integrated DANE lookup (exceptions) into tlsdestinations + doc.
+4.1.04+ Fixed bug not freeing X509 cert, thus TLSA fails. The X509_digest API is stupid.
+4.1.05 Added selector evalution in tlsa_check and re-formulated logic.
+ Moved header files to ./include directory (and changed conf-cc accordingly).
+4.1.06 Compliance with fehQlibs-17 (could solve [20201123#1/4.0.10]).
+ Fixed bug in smtproutes not authenticating [20210213#1/4.0.10].
+ Reformulated qmail-smtpd smtproutes to support setting localip [RfC:20201112#1/4.0.10].
+4.1.07 Fixed bug in qmail-smtpd confusing badmailfrom with badrcptto [20120312#1/4.0.10].
+ Adjusted header files to compile on ARM64 (Clang) and with GCC-10 (AMD64).
+4.1.08 Removed references to qmail-ldapam in package.
+ Changed SPF DEFEXP macro using expand for domaiGn rather than 'spf.pobox.com' [20210212#1/4.0.10].
+4.1.09 Fixes for qmail-remote and rewriting the SIZE extension interface (tx. Drew):
+ a) (Occasional) wrong parsing of multiple X.509 fingerprints in dnstlsa and tls_remote.c
+ which might qmail-remote advice to reject valid TLSA indicated connections.
+ b) Wrong SIZE indication (mailfrom, mailfrom_xtext) in SMTP dialogue [20210622#1/4.1.08] (tx. Drew).
+ c) Wrong SMTPUTF8 indication (mailfrom, mailfrom_xtext) [20210622#2/4.1.08].
+ Note: qmail-rspawn API left unchanged wrt vanilla qmail.
+4.1.10 Fixed flaw in qmail-remote not producing immediate bounce for server's 5xx reply code.
+ Fixed bug in qmail-remote introduded in sqmail-4.1.09 evaluating size information for qmtp delivery.
+4.1.11 Fixed bug in qmail-vmailuser not evaluating vpopmail's user directories correctly.
+ Fixed bug in qmail-smtpam segfaulting. Sitting there since 3.0; nobody is using it.
+ Added 'implicit TLS' support for qmail-remote in control/smtproutes, ./authusers, ./tlsdestinations.
+ Added 'implicit TLS' support for qmail-smtpam on the command line.
+4.1.12 Improved and streamlined qmail-remote TLS errors.
+ Multiple DNS queries vor TLSA check; first early; second after cert received.
+ TLSA check working again; stupid OpenSSL doc ;-)
+4.1.13 Better RFC 6698 (TLSA) conformance for PKIX-EE (with full X.509 chain given).
+4.1.14 TLSA record lookup follows now a CNAME query. Pretty unusual for MX environments.
+ Removed recognition of 451 SMTP return code as greylisting in qmail-remote logs.
+4.1.14a Fixed two integration bugs in 4.1.14 and straightend TLSA lookup and evalution.
+4.1.15 Off-by-one error in dnstlsa (cert finterprint too short) and
+ corrections (and simplifications) to evaluate the TLSA finterprints (tls_remote.c).
+4.1.16 Additional corrections for TLSA evaluation with several fingerprints.
+ TLSA lookup not bound to PTR lookup anymore but just hostname of MX.
+ qmail-local does not disclose virtual user name extension in 'Delivered-To' field.
+ Installation routine removes now potential remnants in ./src diretory.
+ Removed irritating 'greylisting' log info from qmail-remote for certain SMTP reply codes.
+ qmail-queue fast injection race condition fix from Manvendra included.
+ qmail-remote evaluates MX distance according to IPv4/IPv6 local bindings.
+4.1.17 Fixed OpenSSL's X509_pubkey_digest() function for TLSA.
+EOL for 4.1
+
+
+4.2.00 Taken over qmail-ldapam development from 4.1.
+4.2.03 Synced with current s/qmail (4.1.16); enhanced RECIPIENTS mechanmism to read
+ users/assign.cdb. Note: This breaks old qmail, since the name was just 'cdb' here.
+ Adjusted qmail-newu to confirm with this decision.
+4.2.04 First step integrating libdkim (from Kai Peter's implementation and adjustments
+ for current OpenSSL and LibreSSL).
+4.2.05 libdkim implemented (native C++) als qmail-dkim; added stub qmail-dksign.
+ Synced with sqmail-4.1.17. New requirement: fehQlibs-20 due to dns_txt.c changes.
+4.2.06 Integration tests and documentation for qmail-dksign.
+4.2.07 Integration tests successful; except for DKIM over QMTP. Needs changes for qmail-qmtpd.
+ Included man pages for qmail-dkim.8 and qmail-dksign.8.
+4.2.08 Replace 'execve' with 'pathexec' in qmail-rspawn and qmail-dksign.
+ Fixed permissions on DKIM 'default' files. Preliminary qmail-dkverify.c.
+ Removed creation of qmail-ldapam; still a useful solution is required (separate package?).
+ Changed defaults for qmail-dksign to the anticipated ones; verified CRLF prior of signing.
+ qmail-dkim options work now as expected. Fixed wrong hash functions in dkimsign (tx. Pascal).
+ DKIM signing working now.
+4.2.09 Removed 'Allman' code from DKIM. Adjusted qmail-dksign man page.
+ First attempt for qmail-dkverify.c. Removed the qmail-ldap dependencies.
+4.2.10 Included 'Ed25519' signatures in dkimsign.cpp. Works fine - but untested.
+ Removed chdir(auto_qmail) dependency from qmail-dkim; universal usage again.
+ Moved back to include tabs for the DKIM header; double WSP seems not to work well here.
+ Removed ADSP (Author Domain Signing Practice) from dkverify.cpp (RFC 6541; experimental).
+4.2.11 qmail-remote recognizes now Greylisting after HELO with SMTP Reply > 400 (and tries again).
+ Big reminder: Always use byte arrays in constmap hash tables => tls_destination()++.
+ Added 'l' (length) flag in dkimdomains for specific customization.
+ Changed dkimsign's BodyLength calculation; was strange before.
+4.2.12 Progress on dkimverify.cpp.
+4.2.13 dkimverify.cpp stripped down and working now with socket interface.
+4.2.14 Fixed bug in spf_exists return wrong results for DNS lookup (tx. Laurentiu).
+ First version with working qmail-dkverify. Tests pending.
+4.2.15 qmail-dkverify working now; except for Ed25519 signatures.
+ Replaced socket interface by file interface for reporting results to qmail-dkverify.
+ Stripped CR from outgoing mails. qmail-dksign ignores input domains for which no privkey exists.
+4.2.16 qmail-dkverify considers now d=domain in X-Authentication results.
+ Removed obsolete 'selector' file in ssl/domainkeys/<domain> and rather
+ permit now tailored selector names in ssl/domainkeys/<domain>/<selector> to pick up private key.
+ Ed25519 signing and verification working now. Fixed wrong variable for 'sender' upon call.
+4.2.17 Fixed premature close of cdb in fastforward; removed slurpclose.c.
+ Final trimming and documentation.
+ qmail-remotes's cafile and cipher handling reworked.
+4.2.18 Removed 'selector' as file name for qmail-dksign and used 'default' instead, making it more robust.
+ Changed erroneous 'domain' to 'sdid' in qmail-dksign (tx. Pascal). Udated man page for qmail-dksign.
+4.2.19 Changed back to 4.2.16 behavior of reading the DKIM private key based on selector.
+ Added new default signing capability for qmail-dksign to consider only 'own' domains,
+ which are given in rcpthosts. The token '=:' can be used in control/dkimdomains.
+ Compatibility with LibreSSL 3.7.x and Ed25519 signature operations (tx. Nicolai).
+ Improved robustness and error message handling for qmail-dksign.
+4.2.20 Updated mkdkimkey.sh; no TLSA lookup for bounces.
+ dkimverify update for message with both RSA and Ed25519 signatures and selection.
+ Added more verbose logging to qmail-remote in case of unsuccessful delivery.
+ qmail-rspawn does not read control/dkimdomains but rather stats it -> less FDs.
+4.2.21 Fixed wrong DKIM ed25519 indication in DKIM header. DKIM ed25519 key stripped from ASN.1 header
+ in order to conform with RFC 8463 while prepending that for DKIM verification.
+ SPF evaluation considers now fehQlibs-22 new CIDR API.
+4.2.22 Internal version with first attempt for hybrid DKIM signatures.
+ Fixed qmail-remote abends in case of contacting RFC (2)821 none-compliant SMTP MTAs.
+4.2.23 Fix for qmail-remote handling of none StartTLS MTAs to fallback for unencrypted service.
+4.2.23 Hybrid DKIM signatures working now; required changes of qmail-dkim API and qmail-dksign.
+4.2.23a Some typos in documentation and spelling mistakes fixed.
+4.2.24 Fixed SPF PTR lookup (cleared up weired logic) [202310503#1/4.2.24] and straightened error output line.
+ Tweaks for DNS behavior in case of missing DNS records and bouncing for qmail-remote.
+ Added Return Code values in man pages for DNS client programs.
+4.2.25 Fixed bug in DKIM validation not considering Pubkey if k= is missing in DNS TXT record => DKIM fail.
+4.2.26 Backported fixes for [20230922#1/4.3.01], [20230920#1/4.3.01], and [20230823#1/4.3.00] included.
+4.2.27 Fixed qmail-smtpd Auth bug segfaulting if no/wrong arguments [20230931#1/4.2.27]
+4.2.27a Misspelled prototype in smtpd.log may lead to confusing auth eror messages [20231003#1/4.2.27a].
+4.2.27b control/domainips adds erroneously a \0 to helohost which violates RFC 2821 [20231004#1/4.2.27b].
+4.2.28 Backported TLSA handling for qmail-remote from s/qmail 4.3.
+4.2.29 DKIM sender evaluated in lowercase for signing [20231109#1/4.2.29];
+ DKIM header for verification does not depend on position of 'Content' header (missing verification).
+ Fixed irritating log output in case no DKIM key is found.
+ DKIM signing now robust against wrong keys and remnant files left in DKIM staging area.
+ Fixed crash in qmail-smtpd while logging SPF evaluation with un-terminated spfbounce [20231203#1/4.2.29].
+ Fixed 'missing' mails for bounces problem in case DKIM signing failed due to missing key [20231119#1/4.2.29].
+EOL for 4.2
+4.2.29a Fix for EHLO X-fields and StartTLS in qmail-remote.
+ Fix for recipients() and assign.cdb reading.
+ Fix for qmail-dkverify with incomplete information in email header.
+ Fix for qmail-dksign reading from inital stage file in case of signing errors.
diff --git a/doc/CHANGELOG_V3 b/doc/CHANGELOG_V3
new file mode 100644
index 0000000..4e8b2f9
--- /dev/null
+++ b/doc/CHANGELOG_V3
@@ -0,0 +1,108 @@
+Changelog of s/qmail
+--------------------
+
+
+3.0.0 First public release (2015-12-24).
+3.0.1 Second public release (2016-01-12).
+ Fixed [20160108#1/3.0.0] and additional cleanups.
+3.0.2 Third public release (2016-02-01).
+ Fixed [20160131#1/3.0.1] and additional cleanups.
+
+3.1.4 Minor installation issues.
+ Enhanced qmail-authuser for virtual users.
+ 'Pi' release (2016-04-23).
+3.1.5 Fixed [20160428#1/3.1.4] strict Auth error.
+ 'Pi+' release (2016-04-01).
+3.1.6 Fixed [20160414#1/3.0.2] hook for more FDs.
+ 'Pi++' release (2016-05-05).
+3.1.7 Fixed [20160522#1/3.1.6] qmail-smtpd abends
+ with Mail From: <..@[ ..]> addresses including '[]',
+ in particular double bounces.
+ Fixed [20160522#2/3.1.6] badmailfrom wrong RC 110.
+ [20160527#1/3.1.6] OpenBSD installation adjustment.
+ 'Pi3+' release (2016-06-04).
+3.1.8 Fixed [20160615#1/3.1.7] qmail-smtpd does not
+ return for err_size(). (bug present since Spamcontrol)
+3.1.9 Fixed [20160712#1/3.1.8] Bounces are not deleted from queue
+ if Bouncemaxbytes not set.
+ Wrong if/else nesting in qmail-send.c (tx. Pascal Nobus).
+
+3.2.13 Initial release with SPF capabilities.
+ Fixed OpenBSD fastforward bug [20161001#1] (prototyping).
+3.2.14 Added SPF information in qmail-smtpd log.
+ qmail-mrtg changed to display SPF authorized/failed sessions.
+ Fixed IP bitstring evalation; SPF redirect is working now.
+ Fixed userid evaluation in qmail-authuser.
+ Fixes for OpenBSD installation.
+ SPF Header is written befor SMTP received header.
+3.2.15 Included LibreSSL hook (ucspi-ssl-0.98++ required).
+ Added Maildir extensions in qmail-local from Tobi.
+ Fixed SPF qmail-mrtg evaluation.
+ Fixed man page installation + installation issues for OpenBSD.
+3.2.16 Added qmail-vpopbox and qmail-vmailbox PAM for Recipients.
+3.2.17 Final release of version 3.2; minor adjustments only.
+ The scripts have been reworked and integrated into the
+ package production chain.
+ This version is expected to work with OpenSSL 1.0/1.1 + LibreSSL
+ together with ucspi-ssl-0.99.
+3.2.18 Fixed bug [20170217#1/3.2.18] wrong order of badmailform evaluation
+ & DNS MF check within qmail-smtpd.
+3.2.19 Fixed bug [20170307#1/3.2.19] wrong nesting in badmailfrom evaluation
+ in qmail-smtpd.
+
+3.3.3 Initial release including Andre Oppermann's EXTTODO for qmail-send
+ (without explicit permission [asked 3x], though BSD licensed).
+ Fixed bug in package/run script not to include 'defaultdelivery'.
+3.3.4 qmail-authuser supports now Dovecot as IdP.
+ Added PAM qmail-vmailuser (for Recipients extension).
+3.3.5 Added SHA1 and SHA256 as hash method for passwords in qmail-authentication.
+ Fixed bug [20170625#1/3.3.5] wrong IP addresss display in qmail-remote log
+ if lowest MX is IPv6 and connection is IPv4.
+3.3.6 Fixed qmail-remote TLS bug [20170626#1/3.3.6] with missing parms -tx Standa.
+3.3.7 Fixed wrong compactification of IPv6 addresses (at least somehow ..).
+ Added SMTPUTF8 support in qmail-smtpd, qmail-remote, and qmail-smtpam.
+ Added IDN2 support for qmail-remote.
+3.3.8 Finished testing, updated docs.
+3.3.9 Added 'socket option' for qmail-authuser (Dovecot).
+ Added symlinking s/qmail sendmail in package/run script.
+ Fixed smtplf missing '\r' for header line.
+3.3.10 Fixed qmail-authuser for Dovecot -- gossiping.
+3.3.11 Fixed flaw in qmail-smtpd (since 3.2.19) for DNSMF lookup (timeout in case of bounces).
+ Changed defaults for SMTPUTF8/IDN2 installation.
+3.3.12 Fixed bug in qmail-remote tlsdestination. One \0 byte too much.
+3.3.13 Fixed two small SMTPUTF8 bugs in qmail-remote (tx. M. Mausz) and
+ a wrong displayed Received header due to a qmail-smtpd bug.
+3.3.13a Spelling mistake in Makefile (spfdinsip.o instead spfdnsip.o).
+3.3.14 Fixed OpenSSL 1.1.0.f-2 SSL state engine query call (tx. Hans-Christian Jehg).
+3.3.15 Fixed wrong character count for tlsdestinations; comparisons don't work.
+3.3.16 Reworked OpenSSL renegotiation call within tls_timemout.c.
+3.3.17 Maintainence release; use option -O0 for gcc 4.7.2; otherwise qmail-smtpd abends with SPF enabled.
+3.3.18 Potential fix for spfdnsip.c as back-port from aQmail (the first one).
+3.3.19 Bug in qmail-remote.c's evaluation of 'control/domaincerts' with missing attributes (crash on read).
+ Strange enough, this bug is not present in qmail-smtpam.c; optimized too much. (tx. J.C. Burley)
+3.3.20 Bug in qmail-remote.c & qmail-smtpam.c evalutating tls remote host name
+ for the |domain in tlsdestinations. (tx. Johannes Weberhofer)
+3.3.21 Bug in qmail-smtpam not reading tlsdestinations. (tx. Ueli)
+3.3.22 Crash of qmail-remote if domaincerts are populated with '*' as domain. (tx. Oleg)
+ Error in qmail-smtpd not requiring TLS before Auth.
+ package/ucspissl updated to support different OpenSSL versions (as given in conf-ucspissl).
+
+*) backported fixes from s/qmail 3.4 (see below).
+
+3.4 Major release based on fehQlbis(-13).
+ Bugs fixed: qmail-remote*: Ciphers in tlsdestinations are not evaluated and used.
+ Flaw fixed: qmail-smtpd: Wrong copy of authhost to relayhost.
+ Core changes: Replaced substdio by buffer. New dns stub resolver based on fehQlibs.
+ Added SW: dnscname - return A/AAAA record for CNAME.
+3.4.24 Buffer name conventions straightend.
+3.4.26 Flaw fix: qmail-authuser* now chdirs to sqmail home.
+3.4.27 More specific return codes (110, 111, 112). Fixed buffer in qmail-remote. dns.c finished.
+3.4.28 qmail-authuser now takes full advantage of the POP3 logging scheme; extended for APOP.
+3.4.29 Fixed missing QUIT flush in qmail-remote* ;-). Removed by mistake.
+3.4.30 First beta.
+3.4.31 Second beta: Fixed missing buffer flushes in qmail-smtpd and buffer mangling in qmail-local.
+ 'hostname' is now installed in $QMAILHOME/bin.
+3.4.40 First attempt to include SRS seriously (after 2nd beta).
+3.4.41 Fix for qmail-remote: flagallalias (statement missing).
+ Fix for qmail-smtpd*: Returning SMTP session in case of DNS temp failures (and not pass thru).
+3.4.42 Integrated SRS with libsrs2.
diff --git a/doc/CONTRIBUTERS b/doc/CONTRIBUTERS
new file mode 100644
index 0000000..af07311
--- /dev/null
+++ b/doc/CONTRIBUTERS
@@ -0,0 +1,31 @@
+Contributers to s/qmail:
+-----------------------
+
+- D.J. Bernstein - the original Qmail 1.03
+- M. Delany - Wildmat patch
+- N. Balazas - MFCHECK patch
+- C. Johnson - Tarpitting for qmail-smtpd
+- S. Gifford - IPME and MOREIPME extension & STARTTLS hook
+- W. Harris - SIZE extension
+- M. Stumpf - Logging for qmail-smtpd
+- C. Cazabon - Null Sender patch
+- K. Dabrowski - qmail-smtpd Auth extension
+- R. Nelson - Inspired Warlord extension (virusscan patch) & doublebouncetrim
+- B. Guenter - Bigtodo + Queue Extra extension
+- M. Andree - sendmail extensions
+- E. Sjölund - qmail-local fix for .qmail delivery
+- F. Denis - Bounce size limitiation
+- B. Kalkbrenner - qmail-remote Auth
+- A.B. Guzmain - Outgoing IP patch
+- W. Harris - parts of TLS implementation for qmail-remote
+- K. Fujikawa, F. von Leitner, T. Spier (blazing) - IPv6 extensions
+- J. Saout - SPF hook (tx; great solution)
+- A. Oppermann - EXTTODO + BIGTODO development (included in his LDAP patch)
+- A. Gulbrandsen - some ideas about EAI support have been taken from his patch
+- Shevek - libsrs2 framework
+- Alt.N - libdkim
+
+
+I would like to thank those authors for their significant
+contribution to s/qmail and respect their initial work though
+the current code may not directly reflect their input.
diff --git a/doc/EXTTODO b/doc/EXTTODO
new file mode 100644
index 0000000..991f108
--- /dev/null
+++ b/doc/EXTTODO
@@ -0,0 +1,228 @@
+EXTTODO by Claudio Jeker <jeker@n-r-g.com> and
+Andre Oppermann <opi@nrg4u.com>
+(c) 1998,1999,2000,2001,2002 Internet Business Solutions Ltd.
+
+The EXTTODO patch is a part of the qmail-ldap patch.
+This patches for qmail come with NO WARRANTY.
+
+These patches are under the BSD license.
+
+RELEASE: 5. Jan. 2003
+
+EXTTODO:
+======================
+
+TOC:
+ WHAT DOES IT DO
+ INSTALL
+ CONFIG FILES
+ SETUP
+ BIG PICTURE
+
+NEWS:
+
+ This is the first release of the EXTTODO patch.
+
+================================================================================
+
+WHAT DOES IT DO
+
+ The exttodo patch addresses a problem known as the silly qmail (queue)
+ problem. This problem is found only on system with high injection rates.
+
+ qmail with a big local and remote concurrency could deliver a tremendous
+ amount of messages but normally this can not be achieved because qmail-send
+ becomes a bottleneck on those high volumes servers.
+ qmail-send preprocesses all new messages before distributing them for local
+ or remote delivering. In one run qmail-send does one todo run but has the
+ ability to close multiple jobs. Because of this layout qmail-send can not
+ feed all the new available (local/remote) delivery slots and therefor it is
+ not possible to achieve the maximum throughput.
+ This would be a minor problem if one qmail-send run could be done in extreme
+ short time but because of many file system calls (fsync and (un)link) a todo
+ run is expensive and throttles the throughput.
+
+ The exttodo patch tries to solve the problem by moving the todo routine into
+ an external program. This reduces the run time in qmail-send.
+
+ exttodo adds a new program to qmail called qmail-todo. qmail-todo prepares
+ incoming messages for local and remote delivering (by creating info/<messid>
+ local/<messid> and remote/<messid> and removing todo/<messid>). See also
+ INTERNALS. As next qmail-todo transmits the <messid> to qmail-send which will
+ add this message into the priority queue which schedules the message for
+ delivery.
+
+INSTALL
+
+ To enable the exttodo patch you need to define EXTERNAL_TODO while compiling
+ qmail(-ldap) this can be done with the -D flag of cc (e.g. cc -DEXTERNAL_TODO).
+
+ NOTE: the exttodo patch can also be used on qmail systems without the
+ qmail-ldap patch.
+
+================================================================================
+
+CONFIG FILES
+
+ No additional control files are used or needed.
+
+================================================================================
+
+SETUP
+
+ qmail-todo will be started by qmail-start and therefor no additional setup
+ is needed.
+
+ To verify that exttodo is running just check if qmail-todo is running.
+
+================================================================================
+
+BIG PICTURE
+
+ +-------+ +-------+
+ | clean | | clean |
+ +--0-1--+ +--0-1--+ +-----------+
+ trigger ^ | ^ | +->0,1 lspawn |
+ | | v | v / +-----------+
+ +-------+ v +--2-3--+ +--5-6--+ /
+ | | | | 0<--7 1,2<-+
+ | queue |--+--| todo | | send |
+ | | | | 1-->8 3,4<-+
+ +-------+ +-------+ +---0---+ \
+ | \ +-----------+
+ v +->0,1 rspwan |
+ +---0---+ +-----------+
+ | logger|
+ +-------+
+
+Communication between qmail-send and qmail-todo
+
+todo -> send:
+ D[LRB]<mesgid>\0
+ Start delivery for new message with id <messid>.
+ the character L, R or B defines the type
+ of delivery, local, remote or both respectively.
+ L<string>\0
+ Dump string to the logger without adding additional \n or similar.
+send -> todo:
+ H Got a SIGHUP reread ~/control/locals and ~/control/virtualdomains
+ X Quit ASAP.
+
+qmail-todo sends "\0" terminated messages whereas qmail-send just send one
+character to qmail-todo.
+
+
+EXTTODO by Claudio Jeker <jeker@n-r-g.com> and
+Andre Oppermann <opi@nrg4u.com>
+(c) 1998,1999,2000,2001,2002 Internet Business Solutions Ltd.
+
+The EXTTODO patch is a part of the qmail-ldap patch.
+This patches for qmail come with NO WARRANTY.
+
+These patches are under the BSD license.
+
+RELEASE: 5. Jan. 2003
+
+EXTTODO:
+======================
+
+TOC:
+ WHAT DOES IT DO
+ INSTALL
+ CONFIG FILES
+ SETUP
+ BIG PICTURE
+
+NEWS:
+
+ This is the first release of the EXTTODO patch.
+
+================================================================================
+
+WHAT DOES IT DO
+
+ The exttodo patch addresses a problem known as the silly qmail (queue)
+ problem. This problem is found only on system with high injection rates.
+
+ qmail with a big local and remote concurrency could deliver a tremendous
+ amount of messages but normally this can not be achieved because qmail-send
+ becomes a bottleneck on those high volumes servers.
+ qmail-send preprocesses all new messages before distributing them for local
+ or remote delivering. In one run qmail-send does one todo run but has the
+ ability to close multiple jobs. Because of this layout qmail-send can not
+ feed all the new available (local/remote) delivery slots and therefor it is
+ not possible to achieve the maximum throughput.
+ This would be a minor problem if one qmail-send run could be done in extreme
+ short time but because of many file system calls (fsync and (un)link) a todo
+ run is expensive and throttles the throughput.
+
+ The exttodo patch tries to solve the problem by moving the todo routine into
+ an external program. This reduces the run time in qmail-send.
+
+ exttodo adds a new program to qmail called qmail-todo. qmail-todo prepares
+ incoming messages for local and remote delivering (by creating info/<messid>
+ local/<messid> and remote/<messid> and removing todo/<messid>). See also
+ INTERNALS. As next qmail-todo transmits the <messid> to qmail-send which will
+ add this message into the priority queue which schedules the message for
+ delivery.
+
+INSTALL
+
+ To enable the exttodo patch you need to define EXTERNAL_TODO while compiling
+ qmail(-ldap) this can be done with the -D flag of cc (e.g. cc -DEXTERNAL_TODO).
+
+ NOTE: the exttodo patch can also be used on qmail systems without the
+ qmail-ldap patch.
+
+================================================================================
+
+CONFIG FILES
+
+ No additional control files are used or needed.
+
+================================================================================
+
+SETUP
+
+ qmail-todo will be started by qmail-start and therefor no additional setup
+ is needed.
+
+ To verify that exttodo is running just check if qmail-todo is running.
+
+================================================================================
+
+BIG PICTURE
+
+ +-------+ +-------+
+ | clean | | clean |
+ +--0-1--+ +--0-1--+ +-----------+
+ trigger ^ | ^ | +->0,1 lspawn |
+ | | v | v / +-----------+
+ +-------+ v +--2-3--+ +--5-6--+ /
+ | | | | 0<--7 1,2<-+
+ | queue |--+--| todo | | send |
+ | | | | 1-->8 3,4<-+
+ +-------+ +-------+ +---0---+ \
+ | \ +-----------+
+ v +->0,1 rspwan |
+ +---0---+ +-----------+
+ | logger|
+ +-------+
+
+Communication between qmail-send and qmail-todo
+
+todo -> send:
+ D[LRB]<mesgid>\0
+ Start delivery for new message with id <messid>.
+ the character L, R or B defines the type
+ of delivery, local, remote or both respectively.
+ L<string>\0
+ Dump string to the logger without adding additional \n or similar.
+send -> todo:
+ H Got a SIGHUP reread ~/control/locals and ~/control/virtualdomains
+ X Quit ASAP.
+
+qmail-todo sends "\0" terminated messages whereas qmail-send just send one
+character to qmail-todo.
+
+
diff --git a/doc/LICENSE b/doc/LICENSE
new file mode 100644
index 0000000..12d3dcb
--- /dev/null
+++ b/doc/LICENSE
@@ -0,0 +1,63 @@
+AUTHOR
+======
+
+Author:
+ Dr. Erwin Hoffmann - FEHCom Germany
+Web-Site:
+ https://www.fehcom.de/sqmail.html
+E-Mail:
+ feh@fehcom.de
+
+
+LICENSE
+=======
+
+s/qmail is free software placed into the Public Domain.
+s/qmail is based on D.J. Bernstein's 'qmail' also put in the Public Domain.
+
+This includes:
+ You can download and use s/qmail (and parts of it) as you like.
+ You can modify the source code without notification to or permission by the author.
+Please check:
+ http://www.cr.yp.to/softwarelaw.html
+Note:
+ s/qmail may use/may depend on third party software with different
+ license and/or distribution conditions.
+
+
+DEPENDENCIES
+============
+
+s/qmail depends on the following package:
+ fehQlibs found on https://www/ipnet/qlibs.html,
+ ucspi-ssl found on https://www.fehcom.de/ipnet/ucspi-ssl.html.
+ ucspi-tcp6 (for rblsmtpd and other add-ons) found at https://www.fehcom.de/ipnet/ucspi-tcp6.html.
+s/qmail uses:
+ OpenSSL or LibreSSL routines and requires those for encryption services.
+ MD5, SHA1, SHA2 routines from the Public Domain or given the included License.
+ Other parties contributions (Wildmat, SPF, EXTTODO) also available in the Public Domain
+ or used by permission.
+
+
+Note:
+-----
+
+The author of the program may unsolicitedly change the dependencies.
+Thus, it is you obligation to follow and consider any changes!
+
+
+FITNESS
+=======
+
+The Author does not guarantee a specific fitness of s/qmail.
+If you use s/qmail, it's on your own risk.
+
+
+DISTRIBUTION
+============
+
+s/qmail may be included in ports and packages under the following conditions:
+
+ - The files VERSION and BUILD has to be part of the distribution.
+ - This LICENSE file has to be included in the distribution.
+
diff --git a/doc/LOGGING b/doc/LOGGING
new file mode 100644
index 0000000..6f07dc5
--- /dev/null
+++ b/doc/LOGGING
@@ -0,0 +1,94 @@
+Logging of SMTP Sessions
+========================
+
+Normally, qmail-smtpd doesn't log anything.
+
+Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts.
+
+Format: "qmail-smtpd: pid PID Action::Type::Condition: Information"
+
+In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd)
+the log line includes now the PID.
+
+Here's the glue:
+
+
+ Action Type Condition Explanation
+ -----------------------------------------
+
+ Reject AUTH missing AUTHentication missing
+ Reject AUTH setup AUTHentication impossible due to missing PAM
+ Reject AUTH type AUTHentication of 'type' rejected
+ Reject Auth Method AUTHentication Method rejected
+ Accept AUTH type AUTHentication of 'type' accepted
+
+ Reject DATA Invalid_Size DATA exceeds sizelimit
+ Reject DATA Bad_MIME DATA includes BASE 64 MIME type listed in badmimetypes
+ Reject DATA Bad_Loader DATA includes BASE64 loader type listed in badmimetypes
+ Reject DATA Virus_Infected DATA includes virus infected message (<scanner> | 'AV scanner')
+ Reject DATA Spam_Message DATA includes an identified Spam message.
+
+ Reject ORIG Bad_Mailfrom ORIG is in badmailfrom
+ Reject ORIG DNS_MF Domain part of ORIG has no DNS MX RR
+ Reject ORIG Failed_Auth ORIG tried SMTP Authentication; but failed
+ Reject ORIG Require_Auth SMTP Authentication required; but not granted
+ Reject ORIG Invalid_Sender ORIG not allowed to send
+ Reject ORIG Missing_Auth SMTP Authentication required, but not granted
+ Reject ORIG SPF ORIG was rejected due to failed SPF permissions
+ Accept ORIG Local_Sender ORIG was identified as local sender address
+ Accept ORIG Relay_Mailfrom ORIG was accepted als Relaymailfrom
+
+ Reject RCPT Bad_Rcptto RCPT is in badrcptto
+ Reject RCPT Toomany_Rcptto Too many RCPTs
+ Reject RCPT Failed_Rcptto RCPT could not acceptd as per recipients/cdb.
+ Accept RCPT Recipients_Cdb RCPT was accepted as per recipients/cdb.
+ Accept RCPT Recipients_Pam RCPT was accepted as per recipients/pam plug-in.
+ Accept RCPT Recipients_Wild RCPT was accepted as per recipients/wildlisting.
+ Accept RCPT Rcpthosts_Rcptto RCPT was accepted as per rcpthosts/morercpthosts
+
+ Reject SNDR Bad_Helo SNDR's HELO is in the badhelo
+ Reject SNDR DNS_HELO SNDR's HELO has no DNS A RR
+ Reject SNDR Invalid_Relay SNDR's tries relaying; but not allowd
+ Accept SNDR Relay_Client SNDR was identified as relay client
+
+ Reject TLS missing TLS connection could not be established
+ Reject TLS required TLS connection could not be established
+
+ Accept SPF Recipients_Cdb ORIG was authorized and RCPT accepted as per recipients/cdb.
+ Accept SPF Recipients_Pam ORIG was authorized and RCPT accepted as per recipients/pam plug-in.
+ Accept SPF Recipients_Wild ORIG was authorized and RCPT was accepted as per recipients/wildlisting.
+ Accept SPF Rcpthosts_Rcptto ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts
+
+ Reject SPF Fail ORIG authorization failed per SPF
+
+ Deferred GREY Grey_Listed SNDR was temporarily greylisted
+
+ Reject DKIM Signature DATA failed DKIM verification
+
+
+SNDR (S) corresponds to the sending MTA.
+ORIG (F) is the "MAIL From: <Return-Path>".
+RCPT (T) is the "RCPT To: <Forwarding-Path>".
+DATA is the Message.
+GREY is triple of envelope data: SNDR+ORIG+RCPT.
+
+Protocol
+--------
+ SMTP plain SMTP
+ ESMTP 'enhanced' SMTP
+ ESMTPA ESMTP + authentication
+ ESMPTS TLS secured EMSTP
+ ESMTPSA TLS secured ESMTP + auth
+ ESMTP[SA]UTF8 ESMTP[SA] with UTF-8
+
+
+
+The Information is typically constructed from the SMTP envelope like:
+
+ S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto
+
+
+This scheme is easy extendable to other successful/deferred SMTP sessions.
+
+In addition for POP3 services this scheme is used; but now logging takes place on FD 5.
+
diff --git a/doc/Old/PROPOSAL.mav b/doc/Old/PROPOSAL.mav
new file mode 100644
index 0000000..4e10d8a
--- /dev/null
+++ b/doc/Old/PROPOSAL.mav
@@ -0,0 +1,124 @@
+Mail From: Address Verification, MAV-2005
+Copyright 2005
+
+Erwin Hoffmann, feh@fehcom.de
+
+
+1. Scope
+
+SMTP is a protocol with very few commands. Only 'Helo'/'Ehlo',
+'Mail From:', 'Rcpt To:', 'Data' and 'Quit' are necessary
+to initiate, perform, and terminate a SMTP session. Here,
+the 'Helo'/'Ehlo' provides information about the sending MTA,
+which in current MTA implementations is not always required,
+while the 'Mail From:' and 'Rcpt To:' is used to build the
+SMTP envelope.
+
+Apart from the 'Rcpt To:' information, the recipient MTA can
+not verify any other information. Both the 'Helo'/'Ehlo' and the
+'Mail From:' is often forged or faked, thus not reliable in
+particular in case of Spam emails.
+
+The proposed 'Mail From:' Address Verification (MAV) implements
+a scheme, how the associated information can be verified at the
+responsible sending email gateway and perhaps can be promoted to the
+recipient MTA. In this scheme, the provided 'Mail From:' information
+is authoritive.
+
+
+2. Responsible Email Gateway
+
+MAV takes place at the responsible email gateway. The responsible
+email gateway acts as relaying gateway for those networks and users
+solely transmitting (and receiving) SMTP emails through this gateway.
+
+Though SMTP is a Host-to-Host protocol, SMTP Authentication yields
+a User-to-Host mechanism. Thus, the responsible gateway has to take
+care about the following senders:
+
+(1) networks/hosts, identified by there IP or FQDN (available by
+ DNS lookup),
+(2) users/senders, identified by means of SMTP Authentication or other
+ mechanisms like POP-before-SMTP.
+
+With MAV, it is possible to check and verify the integrity of the
+provided 'Mail From:' envelope address
+
+(a) domain-based, by means of the provided IP-address/FQDN of the
+ sending MTA,
+(b) user-based, in case SMTP Authentication (or another user-based
+ method) is in place.
+
+Typically in the first case, only the domain-part of the 'Mail From:'
+SMTP envelope address can be verified (the part right from the '@',
+i.e. user@domain), while in the second case the full qualified
+address may be subject of the MAV, providing a mapping between the
+userid for SMTP Authentication and the chosen 'Mail From:' address.
+
+
+3. Comparision with other verification schemes
+
+Today, it is common to reject emails in case it fails certain
+authorization/verification criteria:
+
+(1) Testing the IP address of the sending MTA against Realtime Blacklists
+ (RBL) available on the Internet,
+(2) verification of the domain-part of the provided 'Mail From:' address
+ doing a DNS lookup (reverse Return-Path must exist) or SMTP lookups,
+(3) employing the Sender Policy Framework (SPF), thus checking whether
+ the domain-part of the 'Mail From:' address is authoritive with
+ respect to the sending MTA,
+(4) verifying (locally) the existance of the forseen recipient ('Rcpt To:'),
+(5) checking the contents of the email by means of baysean approaches
+ or by checksums.
+
+In any case, the receiving MTA is responsible to realize more or less
+complex checks to accept or reject emails applying those means.
+
+Opposite to this, MAV adds a qualification to the responsible email
+gateway; comparable with SMTP Authentication.
+
+
+4. MAV enabled responsibe email gateway
+
+The tasks of a MAV enabled responsibe gateway are the following:
+
+(1) The gateway is knowledgeable about those emails to be allowed
+ for unrestricted relaying. Typically this is facilitated due
+ to the knowledge to the sender's IP/FQDN or by means of SMTP
+ Authentication, Pop-before-SMTP, or any other.
+(2) The gateway has access to a list which maps the sender
+ qualification information with a list of allowed domains as
+ part of the 'Mail From:' address or particular 'Mail From:'
+ addresses.
+(3) Emails failing this test will be rejected initially during
+ the SMTP session.
+(4) Emails passing the test are allowed to relay.
+(5) The gateway adds the keyword 'ESMTPM' into the receiving
+ email header. Thus, the next hop email system is able to
+ verify the authoritive usage of the 'Mail From:' address.
+
+
+5. Dependencies on other email RFCs
+
+- RFC 2821: Service extensions: None.
+- RFC 1893: Enhanced Mail System Status Codes: None.
+- RFC 3848: ESMTP and LMTP Transmission Types Registration: Yes.
+ MAV adds a new keyword 'ESMTPM' which complements the keywords
+ 'ESMTPA' and 'ESMTPS'; thus in addition the combinations
+ 'ESMTPAM', 'ESMTPSM', and 'ESMTPSAM' are valid.
+
+
+6. Security considerations
+
+Information in the email header is easy to forge or manipulate.
+
+
+7. History
+
+Parts of the MAV approach was first introduced in the SPAMCONTROL
+patch for Qmail 1.03, based on ideas initiated by the LDI, Mainz, Germany.
+
+
+
+
diff --git a/doc/Old/README.djbdns b/doc/Old/README.djbdns
new file mode 100644
index 0000000..c87897b
--- /dev/null
+++ b/doc/Old/README.djbdns
@@ -0,0 +1,63 @@
+QMAIL + DJBDNS
+==============
+
+You may want to link qmail's DNS lookups
+against DJBDNS and not against libresolv
+as provided by Nikola Vladov.
+
+Here's the provisionell bootstrapping recipe
+
+1. Step:
+
+- Install: qmail as ./qmail-1.03
+
+- make qmail (after you have raised accounts + dirs)
+
+- Install: djbdns as ./djbdns-1.05.
+ *) You may need to fix "error.h" in the above djbdns-dir:
+ Edit conf-cc:
+
+ cc -O2 -include /usr/include/errno.h
+
+ **) You want to increase the UDP buffer from 513 to 4097 byte:
+ Edit dns_transmit.c:
+
+ int dns_transmit_get(struct dns_transmit *d,const iopause_fd *x,const struct taia *when)
+ {
+ char udpbuf[4097]; /* instead original buffer [513] byte */
+ unsigned char ch;
+
+- Now do 'make setup' in djbdns-1.05.
+
+
+2. Step:
+
+- Download: http://riemann.fmi.uni-sofia.bg/vladov/ftp/djbdns+qmail.tar.gz
+ (it is also part of SPAMCONTROL).
+
+- Untar Nikola's patch in djbdns-1.05 (and read his README.qmail).
+
+- Adjust the path to the qmail dir: conf-qmail (if necessary).
+
+- Install Nikola's patch: make -f Makefile.qmail
+
+- Test the patch: make -f Makefile.qmail check
+
+
+3. Step:
+
+- Untar SPAMCONTROL in the qmail-1.03 source directory.
+
+- Edit conf-djbdns and include the path to djbdns-1.05 (if necessary).
+
+- Run install_spamcontrol.sh and see in the spamcontrol.log if changes applied.
+
+- (Re)Make qmail: make setup check.
+
+
+4. Step:
+
+- Enjoy and relax. Now qmail-remote + qmail-smtpd use djbdns libs instead of libresolv.
+
+
+--eh. 2010-04-26
diff --git a/doc/Old/README.mav b/doc/Old/README.mav
new file mode 100644
index 0000000..761155f
--- /dev/null
+++ b/doc/Old/README.mav
@@ -0,0 +1,96 @@
+Mail Address Verification (MAV)
+===============================
+
+Introduction
+------------
+
+Mail Address Verification (MAV) makes the
+'Mail From:' envelope sender address authoritive.
+This is facilitated by comparing the received
+'Mail From:' address in the SMTP dialoge, with a list
+of addresses/domains included in a list matching
+
+(1) the userid (=> $TCPREMOTEINFO).
+(2) the IP (=> $TCPREMOTEIP),
+(3) the FQDN (=> $TCPREMOTHOST),
+
+of the connecting SMTP client to qmail-smtpd.
+
+
+MAV invocation
+--------------
+
+Use the evironment variable 'LOCALMFCHECK' by
+means of the qmail-smtpd start script or by means
+of tcpserver's cdb file with the following definitions:
+
+(1) LOCALMFCHECK="" - unqualified checking against
+ control/rcpthosts
+(2) LOCALMFSCHECK="!" - qualified checking against
+ control/mailfromrules.cdb
+(3) LOCALMFCHECK="example.com" - qualified checking
+ with fixed name
+
+
+MAV database
+------------
+
+Include into the file contol/mailfromrules
+a list of assigned senders and designated 'Mail From:'
+addresses in the following format:
+
+12.34.56.:@example.com
+12.34.56.78:jffy@example.com,fred@noexample.com
+=example.com:@example.com
+joe@example.com:joe.stein@example.com
+
+
+Note 1: The addresses are included in a tcpserver
+compatible format.
+
+Note 2: The length of the assigned email 'Mail From:'
+addresses is only limited by memory.
+
+Note 3: All assigned 'Mail From:' addresses have to
+include a '@'. Checks are done for spaces. Comments
+are allowed.
+
+Note 4: All addresses are evaluated in lower case.
+
+
+Run bin/qmail-mfrules to construct control/mailfromrules.cdb
+out of control/mailfromrules.
+
+
+Return codes
+------------
+
+In case, the match was not successful, the sending MTA
+client receives the following message:
+
+"553 sorry, invalid sender address specified (#5.7.1)"
+
+The message can be customized by means of the environment
+variable REPLYMAV="texstring" including 'textstring' between
+'specified' and the EMSSC code.
+
+
+Others information
+------------------
+
+Read PROPOSAL.mav.
+
+Read man qmail-mfrules.
+Read man qmail-smtpd.
+Read man qmail-control.
+Perform qmail-showctl.
+
+
+Erwin Hoffmann, Cologne 2005-04-26.
+
+
+
+
+
+
+
diff --git a/doc/Old/README.qmq b/doc/Old/README.qmq
new file mode 100644
index 0000000..1940cd1
--- /dev/null
+++ b/doc/Old/README.qmq
@@ -0,0 +1,73 @@
+Qmail Multiple Queue (Option) -- QMQ(0)
+---------------------------------------
+
+1. What is QMQ ?
+
+Qmail Multiple Queue -- is an option (of SPAMCONTROL).
+SPAMCONTROL is useful on Qmail hosts attached to the
+Internet and receiving e-mails, shortly named MTA
+(Mail Transfer Agents).
+While SPAMCONTROL tries to take control of the
+incoming SMTP traffic, QMQ allows you to control
+the e-mail communication to -- and from -- the
+(downstream) e-mail domains you are responsible for.
+
+2. How does QMQ work ?
+
+In addition to standard Qmail (patched with SPAMCONTROL)
+to receive e-mails from the Internet, you set up > N <
+secondary instances of Qmail to deliver e-mails to your
+downstream domains.
+The different Qmail instances are typically set up on
+one host; the communication from the primary instance to
+the secondary is faciliated by QMTP, though SMTP can be
+used as well.
+While the primary instance is patched with SPAMCONTROL,
+all seconderis can be plain (Vanilla) Qmail.
+Once the primary Qmail instance receives an e-mail for
+a QMQ domain, it will forward the e-mail via QMTP to
+one of the secondary instances, which is responsible
+for furthter delivery.
+This not only will avoid the so-called "Silly Qmail
+Syndrom" but will allow you to fine-tune the delivery
+conditions and set-up (e.g. Virus/Spam scanners)
+for any recipient domain.
+
+3. How to set up multiple Qmail instances ?
+
+You are free to set them up.
+However, you can use the scheme, I have developed:
+a) Modify "conf-qmq" to your needs.
+ Here, you define the (local) instances by name
+ and their (QMTP) port numbers.
+b) Execute ./qmtpt ..../ . This will raise
+ - ./qmail/skeleton --
+ - ./qmail/source
+
+4. What is the benefit of QMQ ?
+
+a) Decoupling: Delivery to domain >i< is independent
+ of domain >k<.
+b) Independent delivery parms and perhaps filters for
+ any secondary domain.
+c) Primary instance does not suffer from "Silly Qmail
+ Syndrom".
+d) Set up of a dedicated Bounce Queue.
+e) Thruput is increase by a factor of 10 - 100.
+
+
+5. Consideratons:
+
+a) Using 'qmail-qstat' practically, very littly
+ e-mails stay in step 'preprocessed' (on the
+ primary instance) will be realised.
+b) Adjust your delivery channels to your needs.
+ With QMQ, Qmail will easly flood them up.
+
+
+Erwin Hoffmann
+Cologne, 17-08-2007
+
+
+
+
diff --git a/doc/Old/README.recipients b/doc/Old/README.recipients
new file mode 100644
index 0000000..90a4003
--- /dev/null
+++ b/doc/Old/README.recipients
@@ -0,0 +1,256 @@
+README - qmail-smtpd RECIPIENTS extension
+=========================================
+
+1. Scope:
+
+qmail-smtpd accepts messages if the SMTP domain part of
+recipient address ("RCPT to: <recip@domain>") matches an
+entry in control/rcpthosts or control/morercpthosts.cdb.
+
+The existence of a mailbox/maildir for the corresponding
+SMTP recipient is checked later in the delivery chain.
+
+In case no Mailbox/Maildir exists, the message is bounced
+back to the SMTP sender ("MAIL From: <send@example.com>").
+
+For normal SMTP mail traffic thats fine as long as the rate
+of undeliverable messages dont exceed 10% and the sender is
+'legitmate'; ie. exists.
+
+Todays situation is different: Spam and Virus attacks with
+forged/faked sender addresses to a bunch of random
+recipient addresses yield a undeliverable rate up to 90%.
+
+Worse, the generated bounces will never reach the sender and
+a double-bounce is eventually send to the postmaster.
+
+
+2. qmail-smtpd RECIPIENTS:
+
+The RECIPIENTS extension makes qmail-smtpd aware of acceptable
+recipients, which are fetched from an external source.
+Which source to query depends on the domain-part of the
+recipient address.
+
+- The recipients are kept either in 'fastforward' compatible
+ cdbs for quick lookup during the SMTP session, or
+- are available by means of a 'checkpassword' compatible
+ Plugable Authentication Module (PAM).
+
+The RECIPIENTS mechanism supports natively Qmail's address
+extensions (VERP). If a recipient address like 'foo@mydomain.com'
+defined, all VERP addresses like 'foo-bar@mydomain.com' are
+accepted for SMTP reception.
+
+The RECIPIENTS lookup is triggered by the recipient domain, thus
+is domain-specific. The domain-part of the envelope address
+is evaluated in lower case. You can specify which lookup is performed
+per domain within control/recipients. Consider the following:
+
+a) An entry 'example.com' is used to match 'example.com' and
+ in addition all subdomain addresses '*.example.com';
+ depending in addition on 'control/rcpthosts'.
+b) An entry '@example.com' serves as exact match for the
+ domain address.
+c) The entry '*' will match all domains for the respective lookup.
+d) Reversely, domains flagged as '!domain.com' are not queried
+ and all recipients for this domain are accepted.
+e) A 'fail-open' behaviour can be achieved adding '!*' as last
+ statement in control/recipients. Thus, emails for domains not
+ listed in control/recipients will finally be accepted.
+
+Thus, the RECIPIENTS extension can be used in a 'fail-closed' or
+'fail-open' mode for the domains included in control/recipients.
+Without including '!*' on the last line, the recipient check is done
+'fail-closed', thus if all queries are negative, the incoming email
+with this recipient address will be rejected.
+
+The RECIPIENTS check is done only in a none-RELAYCLIENT case
+and after control/rcpthosts, control/morercpthosts.cdb has been
+successfully consulted.
+
+NOTE: The new wilddomain mechanism superseeds the old cdb-only
+ wilddomain syntax (which is not working anymore).
+ The PAM should be in your $PATH or referenced with full path.
+
+
+3. Setting up the recipients control file:
+
+Release 0.5 the RECIPIENTS extension provides a flexible
+new syntax to interprete control/recipients on a domain
+base, as part of the RCPT TO: envelope address.
+
+a) Read 'man qmail-smtpd' and 'man qmail-recipients.'
+ Some additional scripts can be found in doc.
+
+b) Legacy:
+ Put 'recipients.cdb' into control/recipients.
+ This is a backward compatible mode.
+
+c) Per Domain cdbs:
+ Put 'example.com:example.cdb' in
+ control/recipients and you advise the
+ RECIPIENTS extension to do a per-domain lookup.
+
+d) Global cdbs:
+ Use '*:users/recipients.cdb' in
+ control/recipients.
+ This is equivalent to (1.).
+
+e) Per Domain PAM:
+ Put 'example.com|checkpassword true'
+ into control/recipients and the RECIPIENT
+ extension will use the program defined
+ after the "|" to check the existence of
+ the provided RCPT TO.
+
+f) Global PAM:
+ Put '*|ldapam myldapserver' into
+ control/recipients and you delegate the entire
+ verification of the RCPT TO to the program in charge.
+
+g) Wildcarded domain:
+ Prepend the domain name with a '!' and
+ emails for this domain will be entirely accepted:
+ '!localhost'.
+
+h) Pass-Thru for unlisted domains:
+ Use '!*' as last statement in control/recipients.
+
+Lines in control/recipients starting with a '#'
+are not evaluated, thus are treated as comment lines.
+
+
+4. Generating a cdb with recipient addresses:
+
+a) Build a list of recipients (with full qualified address).
+- Use 'qmail-pwd2recipients' to build this list for
+ local system users.
+- Use 'qmail-alias2recipients' to build this list for
+ qmail alias users (ie. postmaster, root).
+- Use 'qmail-users2recipients' to build this list for
+ qmail users (as per users/assign).
+- You can use 'qmail-vpopmail2recipients' for
+ vpopmail users.
+
+ Verify that list to be found under users/recipients.
+ If you have a different Qmail home directory, modify the
+ above scripts.
+
+ You may need to change "localhost" in the above scripts
+ to the real hostname.
+
+b) Run qmail-recipients to transform that list into a cdb:
+ users/recipients.cdb
+
+c) After the successful generation of the recipients.cdb
+ you can rename it to your taste.
+
+d) Edit control/recipients and
+ include users/recipients.cdb therein.
+
+e) If you have 'fastforward' cdbs (those which are generated
+ by 'setforward') you have to place the output somewhere
+ in a subdirectory under Qmail's home directory and
+ include those into control/recipients.
+
+ At that time, your control/recipients file may look like:
+
+ mydomain.com:control/mydomain.cdb
+ users/recipients.cdb
+ etc/fastforward.cdb
+
+f) You can add an arbitary number of cdbs to control/recipients.
+ Any change regarding control/recipients and/or the content
+ of the cdbs is effective on the fly.
+
+
+5. VERP support
+
+The RECIPIENTS extension allows now per default VERP support.
+The local part of the recipient addresses is truncted AFTER
+the character defined as AUTO_BREAK and only the first part
+of the address (plus domain) is used for the evaluation.
+
+a) If you run EZMLM, you have to set up a list of recipient
+ addresses for all your mailing lists.
+
+b) Simply put the full qualified list name apppended with the VERP
+ charcater into the recipients database (or into the LDAP dir).
+
+c) Sample: If your list is called:
+
+ mylist@example.com
+
+ define
+
+ mylist-@example.com
+
+ This makes VERP addresses distinguishable from normal addresses.
+
+d) In order to support generic and VERP addresses, you have to
+ add both address schemes into the recipient database:
+
+ me@example.com
+ me-@example.com
+
+
+6. Using a checkpassword compatible PAM:
+
+The checkpassword API is defined in:
+
+ http://cr.yp.to/checkpwd/interface.html
+
+and typically consists of the string:
+
+ username\0password\0timestamp\0otherdata\0
+
+written to file descriptor 3 (FD 3) to be read by the
+checkpassword compatible PAM.
+
+For email address (recipient) verification, we replace
+ username\0
+with
+ email-address\0
+ie.
+ recipient@domain.tld\0
+
+The PAM fetches this information and checks for it's
+existance in any external resource, for example a LDAP
+directory or a SQL database.
+
+The PAM returns a '0' in case of successful verification,
+otherwise a '1'; and perhaps a '111' in case of problems.
+
+RECIPIENT's checkpassword API allows to enter up to five
+additional arguments; which are specific to the PAM.
+
+The attached PERL ldap_mail.pl serves as a sample.
+
+
+7. Customization:
+
+The RECIPIENTS extension needs no customization except for
+the following circumstances:
+
+a) You may need to adjust the provided scripts
+ 'qmail-pwd2recipients', 'qmail-users2recipients', and
+ 'qmail-alias2recipient' to your need; these are samples.
+
+b) The script 'qmail-vpopmail2recipients' is contributed
+ by David Du SERRE-TELMON, pls. check whether it
+ suits your vpopmail installation.
+
+c) A phyton script to generate "Recipients" users out of
+ - /var/qmail/users/assign
+ - /var/qmail/alias
+ -/etc/aliases
+ and the vpopmail's virtual users can be found at:
+
+ http://www.epigenomics.org/software/oss/qmail/create_recipients.py
+
+ Contributed by Robert Sander
+
+
+
+Erwin Hoffmann (www.fehcom.de) - Cologne 2009-09-02
diff --git a/doc/Old/README.wildmat b/doc/Old/README.wildmat
new file mode 100644
index 0000000..ccfbe0e
--- /dev/null
+++ b/doc/Old/README.wildmat
@@ -0,0 +1,100 @@
+/* THIS FILE IS INCLUDED FOR HISTORICAL REASONS ONLY */
+
+
+EADME.wildmat.orig Wed Dec 3 11:46:31 1997
+--- README.wildmat Wed Dec 3 11:53:33 1997
+***************
+*** 0 ****
+--- 1,50 ----
++ wilmat patch version 0.2 for qmail 1.01
++ Mark Delany <markd@mira.net.au>
++ 19971203
++
++ Changes:
++ --------
++ 0.1 Initial code
++ 0.2 Fixed buglet relating to systems that had no badmailfrom file
++ but do have a badmailpattern file
++
++ While the 'badmailfrom' provides some ability to block spam it is
++ fairly restricted as the match must be exact on either the full string
++ or the domain. This means that it's very difficult to block the
++ 1234567@aol.com type addresses that some spammers are employing as you
++ potentially require a large number of entries in 'badmailfrom'.
++
++ This patch provides the ability to use simple patterns to reject mail
++ from unwanted envelope sender addresses. Naturally all such methods
++ are of limited use against spam as a determined spammer cannot be
++ stopped on the current Internet, but it does help until the time comes
++ that we can really stop spammers.
++
++ The wildmat patch introduces a new control file called
++ 'badmailpatterns' and is used by qmail-smtpd in conjunction with
++ 'badmailfrom'. You should continue to use 'badmailfrom' when you can
++ as this is much more CPU-efficient than 'badmailpatterns'.
++
++ For those familiar with INN, the wildmat patch uses the wildmat()
++ routine out of INN and evaluates in the same way. Namely that the
++ envelope sender is pushed thru all patterns and the final match or
++ non-match is used to determine whether to reject the mail. It's
++ implemented this way so that 'not' patterns work.
++
++ Here is a sample 'badmailpatterns' file:
++
++ *@earthlink.net
++ !fred@earthlink.net
++ [0-9][0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9][0-9].com
++ answerme@save*
++
++ This file stops all mail from Earthlink except from
++ fred@earthlink.net. It also stops all mail with addresses like:
++ 123456@1234.com and answerme@savetrees.com
++
++ This patch does not update the documentation or qmail-showctl.
++
++ Thanks to Rich Salz for providing wildmat.c by way of the INN
++ distribution. wildmat.c is fast, small and completely self-contained.
++
++ --
+*** wildmat.c.orig Wed Dec 3 11:46:31 1997
+--- wildmat.c Wed Dec 3 11:46:31 1997
+***************
+*** 0 ****
+--- 1,172 ----
++ /* $Revision: 1.1 $
++ **
++ ** Do shell-style pattern matching for ?, \, [], and * characters.
++ ** Might not be robust in face of malformed patterns; e.g., "foo[a-"
++ ** could cause a segmentation violation. It is 8bit clean.
++ **
++ ** Written by Rich $alz, mirror!rs, Wed Nov 26 19:03:17 EST 1986.
++ ** Rich $alz is now <rsalz@osf.org>.
++ ** April, 1991: Replaced mutually-recursive calls with in-line code
++ ** for the star character.
++ **
++ ** Special thanks to Lars Mathiesen <thorinn@diku.dk> for the ABORT code.
++ ** This can greatly speed up failing wildcard patterns. For example:
++ ** pattern: -*-*-*-*-*-*-12-*-*-*-m-*-*-*
++ ** text 1: -adobe-courier-bold-o-normal--12-120-75-75-m-70-iso8859-1
++ ** text 2: -adobe-courier-bold-o-normal--12-120-75-75-X-70-iso8859-1
++ ** Text 1 matches with 51 calls, while text 2 fails with 54 calls. Without
++ ** the ABORT code, it takes 22310 calls to fail. Ugh. The following
++ ** explanation is from Lars:
++ ** The precondition that must be fulfilled is that DoMatch will consume
++ ** at least one character in text. This is true if *p is neither '*' nor
++ ** '\0'.) The last return has ABORT instead of FALSE to avoid quadratic
++ ** behaviour in cases like pattern "*a*b*c*d" with text "abcxxxxx". With
++ ** FALSE, each star-loop has to run to the end of the text; with ABORT
++ ** only the last one does.
++ **
++ ** Once the control of one instance of DoMatch enters the star-loop, that
++ ** instance will return either TRUE or ABORT, and any calling instance
++ ** will therefore return immediately after (without calling recursively
++ ** again). In effect, only one star-loop is ever active. It would be
++ ** possible to modify the code to maintain this context explicitly,
++ ** eliminating all recursive calls at the cost of some complication and
++ ** loss of clarity (and the ABORT stuff seems to be unclear enough by
++ ** itself). I think it would be unwise to try to get this into a
++ ** released version unless you have a good test data base to try it out
++ ** on.
++ */
diff --git a/doc/Postgrey.txt b/doc/Postgrey.txt
new file mode 100644
index 0000000..dca92d3
--- /dev/null
+++ b/doc/Postgrey.txt
@@ -0,0 +1,233 @@
+POSTGREY(1) User Contributed Perl Documentation POSTGREY(1)
+
+
+
+
+NAME
+ postgrey - Postfix Greylisting Policy Server
+
+SYNOPSIS
+ postgrey [options...]
+
+ -h, --help display this help and exit
+ --version output version information and exit
+ -v, --verbose increase verbosity level
+ --syslog-facility Syslog facility to use (default mail)
+ -q, --quiet decrease verbosity level
+ -u, --unix=PATH listen on unix socket PATH
+ --socketmode=MODE unix socket permission (default 0666)
+ -i, --inet=[HOST:]PORT listen on PORT, localhost if HOST is not specified
+ -d, --daemonize run in the background
+ --pidfile=PATH put daemon pid into this file
+ --user=USER run as USER (default: postgrey)
+ --group=GROUP run as group GROUP (default: nogroup)
+ --dbdir=PATH put db files in PATH (default: /var/spool/postfix/postgrey)
+ --delay=N greylist for N seconds (default: 300)
+ --max-age=N delete entries older than N days since the last time
+ that they have been seen (default: 35)
+ --retry-window=N allow only N days for the first retrial (default: 2)
+ append 'h' if you want to specify it in hours
+ --greylist-action=A if greylisted, return A to Postfix (default: DEFER_IF_PERMIT)
+ --greylist-text=TXT response when a mail is greylisted
+ (default: Greylisted + help url, see below)
+ --lookup-by-subnet strip the last N bits from IP addresses, determined by ipv4cidr and ipv6cidr (default)
+ --ipv4cidr=N What cidr to use for the subnet on IPv4 addresses when using lookup-by-subnet (default: 24)
+ --ipv6cidr=N What cidr to use for the subnet on IPv6 addresses when using lookup-by-subnet (default: 64)
+ --lookup-by-host do not strip the last 8 bits from IP addresses
+ --privacy store data using one-way hash functions
+ --hostname=NAME set the hostname (default: `hostname`)
+ --exim don't reuse a socket for more than one query (exim compatible)
+ --whitelist-clients=FILE default: /etc/postfix/postgrey_whitelist_clients
+ --whitelist-recipients=FILE default: /etc/postfix/postgrey_whitelist_recipients
+ --auto-whitelist-clients=N whitelist host after first successful delivery
+ N is the minimal count of mails before a client is
+ whitelisted (turned on by default with value 5)
+ specify N=0 to disable.
+ --listen-queue-size=N allow for N waiting connections to our socket
+ --x-greylist-header=TXT header when a mail was delayed by greylisting
+ default: X-Greylist: delayed <seconds> seconds by postgrey-<version> at <server>; <date>
+
+ Note that the --whitelist-x options can be specified multiple times,
+ and that per default /etc/postfix/postgrey_whitelist_clients.local is
+ also read, so that you can put there local entries.
+
+DESCRIPTION
+ Postgrey is a Postfix policy server implementing greylisting.
+
+ When a request for delivery of a mail is received by Postfix via SMTP,
+ the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" is built. If it is the
+ first time that this triplet is seen, or if the triplet was first seen
+ less than delay seconds (300 is the default), then the mail gets
+ rejected with a temporary error. Hopefully spammers or viruses will not
+ try again later, as it is however required per RFC.
+
+ Note that you shouldn't use the --lookup-by-host option unless you know
+ what you are doing: there are a lot of mail servers that use a pool of
+ addresses to send emails, so that they can change IP every time they
+ try again. That's why without this option postgrey will strip the last
+ byte of the IP address when doing lookups in the database.
+
+ Installation
+ o Create a "postgrey" user and the directory where to put the
+ database dbdir (default: "/var/spool/postfix/postgrey")
+
+ o Write an init script to start postgrey at boot and start it. Like
+ this for example:
+
+ postgrey --inet=10023 -d
+
+ contrib/postgrey.init in the postgrey source distribution includes
+ a LSB-compliant init script by Adrian von Bidder for the Debian
+ system.
+
+ o Put something like this in /etc/main.cf:
+
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ ...
+ reject_unauth_destination
+ check_policy_service inet:127.0.0.1:10023
+
+ o Install the provided postgrey_whitelist_clients and
+ postgrey_whitelist_recipients in /etc/postfix.
+
+ o Put in /etc/postfix/postgrey_whitelist_recipients users that do not
+ want greylisting.
+
+ Whitelists
+ Whitelists allow you to specify client addresses or recipient address,
+ for which no greylisting should be done. Per default postgrey will read
+ the following files:
+
+ /etc/postfix/postgrey_whitelist_clients
+ /etc/postfix/postgrey_whitelist_clients.local
+ /etc/postfix/postgrey_whitelist_recipients
+
+ You can specify alternative paths with the --whitelist-x options.
+
+ Postgrey whitelists follow similar syntax rules as Postfix access
+ tables. The following can be specified for recipient addresses:
+
+ domain.addr
+ "domain.addr" domain and subdomains.
+
+ name@ "name@.*" and extended addresses "name+blabla@.*".
+
+ name@domain.addr
+ "name@domain.addr" and extended addresses.
+
+ /regexp/ anything that matches "regexp" (the full address is matched).
+
+ The following can be specified for client addresses:
+
+ domain.addr
+ "domain.addr" domain and subdomains.
+
+ IP1.IP2.IP3.IP4
+ IP address IP1.IP2.IP3.IP4. You can also leave off one
+ number, in which case only the first specified numbers will
+ be checked.
+
+ IP1.IP2.IP3.IP4/MASK
+ CIDR-syle network. Example: 192.168.1.0/24
+
+ /regexp/ anything that matches "regexp" (the full address is matched).
+
+ Auto-whitelisting clients
+ With the option --auto-whitelist-clients a client IP address will be
+ automatically whitelisted if the following conditions are met:
+
+ o At least 5 successfull attempts of delivering a mail (after
+ greylisting was done). That number can be changed by specifying a
+ number after the --auto-whitelist-clients argument. Only one
+ attempt per hour counts.
+
+ o The client was last seen before --max-age days (35 per default).
+
+ Greylist Action
+ To set the action to be returned to postfix when a message fails
+ postgrey's tests and should be deferred, use the
+ --greylist-action=ACTION option.
+
+ By default, postgrey returns DEFER_IF_PERMIT, which causes postfix to
+ check the rest of the restrictions and defer the message only if it
+ would otherwise be accepted. A delay action of 451 causes postfix to
+ always defer the message with an SMTP reply code of 451 (temp fail).
+
+ See the postfix manual page access(5) for a discussion of the actions
+ allowed.
+
+ Greylist Text
+ When a message is greylisted, an error message like this will be sent
+ at the SMTP-level:
+
+ Greylisted, see http://postgrey.schweikert.ch/help/example.com.html
+
+ Usually no user should see that error message and the idea of that URL
+ is to provide some help to system administrators seeing that message or
+ users of broken mail clients which try to send mails directly and get a
+ greylisting error. Note that the default help-URL contains the original
+ recipient domain (example.com), so that domain-specific help can be
+ presented to the user (on the default page it is said to contact
+ postmaster@example.com)
+
+ You can change the text (and URL) with the --greylist-text parameter.
+ The following special variables will be replaced in the text:
+
+ %s How many seconds left until the greylisting is over (300).
+
+ %r Mail-domain of the recipient (example.com).
+
+ Greylist Header
+ When a message is greylisted, an additional header can be prepended to
+ the header section of the mail:
+
+ X-Greylist: delayed %t seconds by postgrey-%v at %h; %d
+
+ You can change the text with the --x-greylist-header parameter. The
+ following special variables will be replaced in the text:
+
+ %t How many seconds the mail has been delayed due to greylisting.
+
+ %v The version of postgrey.
+
+ %d The date.
+
+ %h The host.
+
+
+ Privacy
+ The --privacy option enable the use of a SHA1 hash function to store
+ IPs and emails in the greylisting database. This will defeat straight
+ forward attempts to retrieve mail user behaviours.
+
+ SEE ALSO
+ See <http://www.greylisting.org/> for a description of what greylisting
+ is and <http://www.postfix.org/SMTPD_POLICY_README.html> for a
+ description of how Postfix policy servers work.
+
+COPYRIGHT
+ Copyright (c) 2004-2007 by ETH Zurich. All rights reserved. Copyright
+ (c) 2007 by Open Systems AG. All rights reserved.
+
+LICENSE
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 675 Mass Ave, Cambridge, MA 02139, USA.
+
+AUTHOR
+ David Schweikert <david@schweikert.ch>
+
+
+
+perl v5.32.0 2015-09-01 POSTGREY(1)
diff --git a/doc/Qmail/BLURB b/doc/Qmail/BLURB
new file mode 100644
index 0000000..48ae4c4
--- /dev/null
+++ b/doc/Qmail/BLURB
@@ -0,0 +1,222 @@
+Qmail BLURB
+===========
+
+qmail is a secure, reliable, efficient, simple message transfer agent.
+It is meant as a replacement for the entire sendmail-binmail system on
+typical Internet-connected UNIX hosts.
+
+Secure: Security isn't just a goal, but an absolute requirement. Mail
+delivery is critical for users; it cannot be turned off, so it must be
+completely secure. (This is why I started writing qmail: I was sick of
+the security holes in sendmail and other MTAs.)
+
+Reliable: qmail's straight-paper-path philosophy guarantees that a
+message, once accepted into the system, will never be lost. qmail also
+supports maildir, a new, super-reliable user mailbox format. Maildirs,
+unlike mbox files and mh folders, won't be corrupted if the system
+crashes during delivery. Even better, not only can a user safely read
+his mail over NFS, but any number of NFS clients can deliver mail to him
+at the same time.
+
+Efficient: On a Pentium under BSD/OS, qmail can easily sustain 200000
+local messages per day---that's separate messages injected and delivered
+to mailboxes in a real test! Although remote deliveries are inherently
+limited by the slowness of DNS and SMTP, qmail overlaps 20 simultaneous
+deliveries by default, so it zooms quickly through mailing lists. (This
+is why I finished qmail: I had to get a big mailing list set up.)
+
+Simple: qmail is vastly smaller than any other Internet MTA. Some
+reasons why: (1) Other MTAs have separate forwarding, aliasing, and
+mailing list mechanisms. qmail has one simple forwarding mechanism that
+lets users handle their own mailing lists. (2) Other MTAs offer a
+spectrum of delivery modes, from fast+unsafe to slow+queued. qmail-send
+is instantly triggered by new items in the queue, so the qmail system
+has just one delivery mode: fast+queued. (3) Other MTAs include, in
+effect, a specialized version of inetd that watches the load average.
+qmail's design inherently limits the machine load, so qmail-smtpd can
+safely run from your system's inetd.
+
+Replacement for sendmail: qmail supports host and user masquerading,
+full host hiding, virtual domains, null clients, list-owner rewriting,
+relay control, double-bounce recording, arbitrary RFC 822 address lists,
+cross-host mailing list loop detection, per-recipient checkpointing,
+downed host backoffs, independent message retry schedules, etc. In
+short, it's up to speed on modern MTA features. qmail also includes a
+drop-in ``sendmail'' wrapper so that it will be used transparently by
+your current UAs.
+
+Mailing Lists
+=============
+
+Mailing list management is one of qmail's strengths. Notable features:
+
+* qmail lets each user handle his own mailing lists. The delivery
+instructions for user-whatever go into ~user/.qmail-whatever.
+
+* qmail makes it really easy to set up mailing list owners. If the user
+touches ~user/.qmail-whatever-owner, all bounces will come back to him.
+
+* qmail supports VERPs, which permit completely reliable automated
+bounce handling for mailing lists of any size.
+
+* SPEED---qmail blasts through mailing lists an order of magnitude
+faster than sendmail. For example, one message was successfully
+delivered to 150 hosts around the world in just 70 seconds, with qmail's
+out-of-the-box configuration.
+
+* qmail automatically prevents mailing list loops, even across hosts.
+
+* qmail allows inconceivably gigantic mailing lists. No random limits.
+
+* qmail handles aliasing and forwarding with the same simple mechanism.
+For example, Postmaster is controlled by ~alias/.qmail-postmaster. This
+means that cross-host loop detection also applies to aliases.
+
+* qmail supports the ezmlm mailing list manager, which easily and
+automatically handles bounces, subscription requests, and archives.
+
+Features
+========
+
+Here are some of qmail's features.
+
+Setup:
+* automatic adaptation to your UNIX variant---no configuration needed
+* AIX, BSD/OS, FreeBSD, HP/UX, Irix, Linux, OSF/1, SunOS, Solaris, and more
+* automatic per-host configuration (config, config-fast)
+* quick installation---no big list of decisions to make
+
+Security:
+* clear separation between addresses, files, and programs
+* minimization of setuid code (qmail-queue)
+* minimization of root code (qmail-start, qmail-lspawn)
+* five-way trust partitioning---security in depth
+* optional logging of one-way hashes, entire contents, etc. (QUEUE_EXTRA)
+
+Message construction (qmail-inject):
+* RFC 822, RFC 1123
+* full support for address groups
+* automatic conversion of old-style address lists to RFC 822 format
+* sendmail hook for compatibility with current user agents
+* header line length limited only by memory
+* host masquerading (control/defaulthost)
+* user masquerading ($MAILUSER, $MAILHOST)
+* automatic Mail-Followup-To creation ($QMAILMFTFILE)
+
+SMTP service (qmail-smtpd):
+* RFC 821, RFC 1123, RFC 1651, RFC 1652, RFC 1854
+* 8-bit clean
+* 931/1413/ident/TAP callback (tcp-env)
+* relay control---stop unauthorized relaying by outsiders (control/rcpthosts)
+* no interference between relay control and forwarding
+* tcpd hook---reject SMTP connections from known abusers
+* automatic recognition of local IP addresses
+* per-buffer timeouts
+* hop counting
+
+Queue management (qmail-send):
+* instant handling of messages added to queue
+* parallelism limit (control/concurrencyremote, control/concurrencylocal)
+* split queue directory---no slowdown when queue gets big
+* quadratic retry schedule---old messages tried less often
+* independent message retry schedules
+* automatic safe queueing---no loss of mail if system crashes
+* automatic per-recipient checkpointing
+* automatic queue cleanups (qmail-clean)
+* queue viewing (qmail-qread)
+* detailed delivery statistics (qmailanalog, available separately)
+
+Bounces (qmail-send):
+* QSBMF bounce messages---both machine-readable and human-readable
+* HCMSSC support---language-independent RFC 1893 error codes
+* double bounces sent to postmaster
+
+Routing by domain (qmail-send):
+* any number of names for local host (control/locals)
+* any number of virtual domains (control/virtualdomains)
+* domain wildcards (control/virtualdomains)
+* configurable percent hack support (control/percenthack)
+* UUCP hook
+
+SMTP delivery (qmail-remote):
+* RFC 821, RFC 974, RFC 1123
+* 8-bit clean
+* automatic downed host backoffs
+* artificial routing---smarthost, localnet, mailertable (control/smtproutes)
+* per-buffer timeouts
+* passive SMTP queue---perfect for SLIP/PPP (serialmail, available separately)
+
+Forwarding and mailing lists (qmail-local):
+* address wildcards (.qmail-default, .qmail-foo-default, etc.)
+* sendmail .forward compatibility (dot-forward, available separately)
+* fast forwarding databases (fastforward, available separately)
+* sendmail /etc/aliases compatibility (fastforward/newaliases)
+* mailing list owners---automatically divert bounces and vacation messages
+* VERPs---automatic recipient identification for mailing list bounces
+* Delivered-To---automatic loop prevention, even across hosts
+* automatic mailing list management (ezmlm, available separately)
+
+Local delivery (qmail-local):
+* user-controlled address hierarchy---fred controls fred-anything
+* mbox delivery
+* reliable NFS delivery (maildir)
+* user-controlled program delivery: procmail etc. (qmail-command)
+* optional new-mail notification (qbiff)
+* optional NRUDT return receipts (qreceipt)
+* conditional filtering (condredirect, bouncesaying)
+
+POP3 service (qmail-popup, qmail-pop3d):
+* RFC 1939
+* UIDL support
+* TOP support
+* APOP hook
+* modular password checking (checkpassword, available separately)
+
+
+Internals
+=========
+
+qmail's modular, lightweight design and sensible queue management make
+it the fastest available message transfer agent. Here's how it stacks up
+against the competition in five different speed measurements.
+
+* Scheduling: I sent a message to 8192 ``trash'' recipients on my home
+machine. All the deliveries were done in a mere 78 seconds---a rate of
+over 9 million deliveries a day! Compare this to the speed advertised
+for Zmailer's scheduling: 1.1 million deliveries a day on a
+SparcStation-10/50. (My home machine is a 16MB Pentium-100 under BSD/OS,
+with the default qmail configuration. qmail's logs were piped through
+accustamp and written to disk as usual.)
+
+* Local mailing lists: When qmail is delivering a message to a mailbox,
+it physically writes the message to disk before it announces success---
+that way, mail doesn't get lost if the power goes out. I tried sending a
+message to 1024 local mailboxes on the same disk on my home machine; all
+the deliveries were done in 25.5 seconds. That's more than 3.4 million
+deliveries a day! Sending 1024 copies to a _single_ mailbox was just as
+fast. Compare these figures to Zmailer's advertised rate for throwing
+recipients away without even delivering the message---only 0.48 million
+per day on the SparcStation.
+
+* Mailing lists with remote recipients: qmail uses the same delivery
+strategy that makes LSOFT's LSMTP so fast for outgoing mailing lists---
+you choose how many parallel SMTP connections you want to run, and qmail
+runs exactly that many. Of course, performance varies depending on how
+far away your recipients are. The advantage of qmail over other packages
+is its smallness: for example, one Linux user is running 60 simultaneous
+connections, without swapping, on a machine with just 16MB of memory!
+
+* Separate local messages: What LSOFT doesn't tell you about LSMTP is
+how many _separate_ messages it can handle in a day. Does it get bogged
+down as the queue fills up? On my home machine, I disabled qmail's
+deliveries and then sent 5000 separate messages to one recipient. The
+messages were all safely written to the queue disk in 23 minutes, with
+no slowdown as the queue filled up. After I reenabled deliveries, all
+the messages were delivered to the recipient's mailbox in under 12
+minutes. End-to-end rate: more than 200000 individual messages a day!
+
+* Overall performance: What really matters is how well qmail performs
+with your mail load. Red Hat Software found one day that their mail hub,
+a 48MB Pentium running sendmail 8.7, was running out of steam at 70000
+messages a day. They shifted the load to qmail---on a _smaller_ machine,
+a 16MB 486/66---and now they're doing fine.
diff --git a/doc/Qmail/FAQ b/doc/Qmail/FAQ
new file mode 100644
index 0000000..8540dbd
--- /dev/null
+++ b/doc/Qmail/FAQ
@@ -0,0 +1,706 @@
+1. Controlling the appearance of outgoing messages
+1.1. How do I set up host masquerading?
+1.2. How do I set up user masquerading?
+1.3. How do I set up Mail-Followup-To automatically?
+
+2. Routing outgoing messages
+2.1. How do I send local messages to another host?
+2.2. How do I set up a null client?
+2.3. How do I send outgoing mail through UUCP?
+2.4. How do I set up a separate queue for a SLIP/PPP link?
+2.5. How do I deal with ``CNAME lookup failed temporarily''?
+
+3. Routing incoming messages by host
+3.1. How do I receive mail for another host name?
+3.2. How do I set up a virtual domain?
+3.3. How do I set up several virtual domains for one user?
+
+4. Routing incoming messages by user
+4.1. How do I forward unrecognized usernames to another host?
+4.2. How do I set up a mailing list?
+4.3. How do I use majordomo with qmail?
+4.4. How do I use procmail with qmail?
+4.5. How do I use elm's filter with qmail?
+4.6. How do I create aliases with dots?
+4.7. How do I use sendmail's .forward files with qmail?
+4.8. How do I use sendmail's /etc/aliases with qmail?
+4.9. How do I make qmail defer messages during NFS or NIS outages?
+4.10. How do I change which account controls an address?
+
+5. Setting up servers
+5.1. How do I run qmail-smtpd under tcpserver?
+5.2. How do I set up qmail-qmtpd?
+5.3. How do I set up qmail-pop3d?
+5.4. How do I allow selected clients to use this host as a relay?
+5.5. How do I fix up messages from broken SMTP clients?
+5.6. How do I set up qmail-qmqpd?
+
+6. Configuring MUAs to work with qmail
+6.1. How do I make BSD mail generate a Date with the local time zone?
+6.2. How do I make pine work with qmail?
+6.3. How do I make MH work with qmail?
+6.4. How do I stop Sun's dtcm from hanging?
+
+7. Managing the mail system
+7.1. How do I safely stop qmail-send?
+7.2. How do I manually run the queue?
+7.3. How do I rejuvenate a message?
+7.4. How do I organize a big network?
+7.5. How do I back up and restore the queue disk?
+7.6. How do I run a supervised copy of qmail?
+7.7. How do I avoid syslog?
+
+8. Miscellany
+8.1. How do I tell qmail to do more deliveries at once?
+8.2. How do I keep a copy of all incoming and outgoing mail messages?
+8.3. How do I switch slowly from sendmail to qmail?
+
+
+
+1. Controlling the appearance of outgoing messages
+
+
+1.1. How do I set up host masquerading? All the users on this host,
+zippy.af.mil, are users on af.mil. When joe sends a message to fred, the
+message should say ``From: joe@af.mil'' and ``To: fred@af.mil'', without
+``zippy'' anywhere.
+
+Answer: echo af.mil > /var/qmail/control/defaulthost; chmod 644
+/var/qmail/control/defaulthost.
+
+
+1.2. How do I set up user masquerading? I'd like my own From lines to
+show boss@af.mil rather than god@heaven.af.mil.
+
+Answer: Add MAILHOST=af.mil and MAILUSER=boss to your environment. To
+override From lines supplied by your MUA, add QMAILINJECT=f to your
+environment.
+
+
+1.3. How do I set up Mail-Followup-To automatically? When I send a
+message to the sos@heaven.af.mil mailing list, I'd like to include
+``Mail-Followup-To: sos@heaven.af.mil''.
+
+Answer: Add QMAILMFTFILE=$HOME/.lists to your environment, and put
+sos@heaven.af.mil into ~/.lists.
+
+
+
+2. Routing outgoing messages
+
+
+2.1. How do I send local messages to another host? All the mail for
+af.mil should be delivered to our disk server, pokey.af.mil. I've set up
+an MX from af.mil to pokey.af.mil, but when a user on the af.mil host
+sends a message to boss@af.mil, af.mil tries to deliver it locally. How
+do I stop that?
+
+Answer: Remove af.mil from /var/qmail/control/locals. If qmail-send is
+running, give it a HUP. Make sure the MX is set up properly before you
+do this. Also make sure that pokey can receive mail for af.mil---see
+question 3.1.
+
+
+2.2. How do I set up a null client? I'd like zippy.af.mil to
+send all mail to bigbang.af.mil.
+
+Answer: echo :bigbang.af.mil > /var/qmail/control/smtproutes;
+chmod 644 /var/qmail/control/smtproutes. Disable local delivery as in
+question 2.1. Turn off qmail-smtpd in /etc/inetd.conf.
+
+
+2.3. How do I send outgoing mail through UUCP? I need qmail to send all
+outgoing mail via UUCP to my upstream UUCP site, gonzo.
+
+Answer: Put
+
+ :alias-uucp
+
+into control/virtualdomains and
+
+ |preline -df /usr/bin/uux - -r -gC
+ -a"${SENDER:-MAILER-DAEMON}" gonzo!rmail "($DEFAULT@$HOST)"
+
+(all on one line) into ~alias/.qmail-uucp-default. (For some UUCP
+software you will need to use -d instead of -df.) If qmail-send is
+running, give it a HUP.
+
+
+2.4. How do I set up a separate queue for a SLIP/PPP link?
+
+Answer: Use serialmail (http://pobox.com/~djb/serialmail.html).
+
+
+2.5. How do I deal with ``CNAME lookup failed temporarily''? The log
+showed that a message was deferred for this reason. Why is qmail doing
+CNAME lookups, anyway?
+
+Answer: The SMTP standard does not permit aliased hostnames, so qmail
+has to do a CNAME lookup in DNS for every recipient host. If the
+relevant DNS server is down, qmail defers the message. It will try again
+soon.
+
+
+
+3. Routing incoming messages by host
+
+
+3.1. How do I receive mail for another host name? I'd like our disk
+server, pokey.af.mil, to receive mail addressed to af.mil. I've set up
+an MX from af.mil to pokey.af.mil, but how do I get pokey to treat
+af.mil as a name for the local host?
+
+Answer: Add af.mil to /var/qmail/control/locals and to
+/var/qmail/control/rcpthosts. If qmail-send is running, give it a HUP
+(or do svc -h /var/run/qmail if qmail is supervised).
+
+
+3.2. How do I set up a virtual domain? I'd like any mail for
+nowhere.mil, including root@nowhere.mil and postmaster@nowhere.mil and
+so on, to be delivered to Bob. I've set up the MX already.
+
+Answer: Put
+
+ nowhere.mil:bob
+
+into control/virtualdomains. Add nowhere.mil to control/rcpthosts. If
+qmail-send is running, give it a HUP (or do svc -h /var/run/qmail if
+qmail is supervised).
+
+Now mail for whatever@nowhere.mil will be delivered locally to
+bob-whatever. Bob can set up ~bob/.qmail-default to catch all the
+possible addresses, ~bob/.qmail-info to catch info@nowhere.mil, etc.
+
+
+3.3. How do I set up several virtual domains for one user? Bob wants
+another virtual domain, everywhere.org, but he wants to handle
+nowhere.mil users and everywhere.org users differently. How can we do
+that without setting up a second account?
+
+Answer: Put two lines into control/virtualdomains:
+
+ nowhere.mil:bob-nowhere
+ everywhere.org:bob-everywhere
+
+Add nowhere.mil and everywhere.org to control/rcpthosts. If qmail-send
+is running, give it a HUP (or do svc -h /var/run/qmail if qmail is
+supervised).
+
+Now Bob can set up separate .qmail-nowhere-* and everywhere-* files. He
+can even set up .qmail-nowhere-default and .qmail-everywhere-default.
+
+
+
+4. Routing incoming messages by user
+
+
+4.1. How do I forward unrecognized usernames to another host? I'd like
+to set up a LUSER_RELAY pointing at bigbang.af.mil.
+
+Answer: Put
+
+ | forward "$LOCAL"@bigbang.af.mil
+
+into ~alias/.qmail-default.
+
+
+4.2. How do I set up a mailing list? I'd like me-sos@my.host.name to be
+forwarded to a bunch of people.
+
+Answer: Put a list of addresses into ~me/.qmail-sos, one per line. Then
+incoming mail for me-sos will be forwarded to each of those addresses.
+You should also touch ~me/.qmail-sos-owner so that bounces come back to
+you rather than the original sender.
+
+Alternative: ezmlm (http://pobox.com/~djb/ezmlm.html) is a modern
+mailing list manager, supporting automatic subscriptions, confirmations,
+archives, fully automatic bounce handling (including warnings to
+subscribers saying which messages they've missed), and more.
+
+
+4.3. How do I use majordomo with qmail?
+
+Answer: See ftp://ftp.eyrie.org/pub/software/majordomo/mjqmail and
+http://www.qmail.org for various methods. majordomo 2.0 is expected to
+support qmail directly.
+
+Beware that majordomo's lists are not crashproof.
+
+
+
+4.4. How do I use procmail with qmail?
+
+Answer: Put
+
+ | preline procmail
+
+into ~/.qmail. You'll have to use a full path for procmail unless
+procmail is in the system's startup PATH. Note that procmail will try to
+deliver to /var/spool/mail/$USER by default; to change this, see
+INSTALL.mbox.
+
+
+4.5. How do I use elm's filter with qmail?
+
+Answer: Put
+
+ | preline filter
+
+into ~/.qmail. You'll have to use a full path for filter unless filter
+is in the system's startup PATH.
+
+
+4.6. How do I create aliases with dots? I tried setting up
+~alias/.qmail-P.D.Q.Bach, but it doesn't do anything.
+
+Answer: Use .qmail-p:d:q:bach. Dots are converted to colons, and
+uppercase is converted to lowercase.
+
+
+4.7. How do I use sendmail's .forward files with qmail?
+
+Answer: Install the dot-forward package
+(http://pobox.com/~djb/dot-forward.html).
+
+
+4.8. How do I use sendmail's /etc/aliases with qmail?
+
+Answer: Install the fastforward package
+(http://pobox.com/~djb/fastforward.html).
+
+
+4.9. How do I make qmail defer messages during NFS or NIS outages? If
+~joe suddenly disappears, I'd like mail for joe to be deferred.
+
+Answer: Build a qmail-users database, so that qmail no longer checks
+home directories and the password database. This takes three steps.
+First, put your complete user list (including local and NIS passwords)
+into /var/qmail/users/passwd. Second, run
+
+ # qmail-pw2u -h < /var/qmail/users/passwd > /var/qmail/users/assign
+
+Here -h means that every user must have a home directory; if you happen
+to run qmail-pw2u during an NFS outage, it will print an error message
+and stop. Third, run
+
+ # qmail-newu
+
+Make sure to rebuild the database whenever you change your user list.
+
+
+4.10. How do I change which account controls an address? I set up
+~alias/.qmail-www, but qmail is looking at ~www/.qmail instead.
+
+Answer: If you do
+
+ # chown root ~www
+
+then qmail will no longer consider www to be a user; see qmail-getpw.0.
+For more precise control over address assignments, see qmail-users.0.
+
+
+
+5. Setting up servers
+
+
+5.1. How do I run qmail-smtpd under tcpserver? inetd is barfing at high
+loads, cutting off service for ten-minute stretches. I'd also like
+better connection logging.
+
+Answer: First, install the tcpserver program, part of the ucspi-tcp
+package (http://pobox.com/~djb/ucspi-tcp.html). Second, remove the smtp
+line from /etc/inetd.conf, and put the line
+
+ tcpserver -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd &
+
+into your system startup files. Replace 7770 with your qmaild uid, and
+replace 2108 with your nofiles gid. Don't forget the &. The change will
+take effect at your next reboot.
+
+By default, tcpserver allows at most 40 simultaneous qmail-smtpd
+processes. To raise this limit to 400, use tcpserver -c 400. To keep
+track of who's connecting and for how long, run (on two lines)
+
+ tcpserver -v -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd \
+ 2>&1 | /var/qmail/bin/splogger smtpd 3 &
+
+
+5.2. How do I set up qmail-qmtpd?
+
+Answer: Two steps. First, put a
+
+ qmtp 209/tcp
+
+line into /etc/services. Second, put (all on one line)
+
+ qmtp stream tcp nowait qmaild
+ /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-qmtpd
+
+into /etc/inetd.conf, and give inetd a HUP.
+
+If you have tcpserver installed, skip the inetd step, and set up
+
+ tcpserver -u 7770 -g 2108 0 qmtp /var/qmail/bin/qmail-qmtpd &
+
+replacing 7770 and 2108 with the qmaild uid and nofiles gid. See
+question 5.1 for more details on tcpserver.
+
+
+5.3. How do I set up qmail-pop3d? My old POP server works with mbox
+delivery; I'd like to switch to maildir delivery.
+
+Answer: Four steps. First, install the checkpassword program
+(http://pobox.com/~djb/checkpwd.html). Second, make sure you have a
+
+ pop3 110/tcp
+
+line in /etc/services. Third, put (all on one line, including
+qmail-popup twice)
+
+ pop3 stream tcp nowait root
+ /var/qmail/bin/qmail-popup qmail-popup
+ YOURHOST /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir
+
+into /etc/inetd.conf, and give inetd a HUP; replace YOURHOST with your
+host's fully qualified domain name. Fourth, set up Maildir delivery for
+any user who wants to read mail via POP.
+
+If you have tcpserver installed, skip the inetd step, and set up (on two
+lines)
+
+ tcpserver 0 pop3 /var/qmail/bin/qmail-popup YOURHOST \
+ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &
+
+replacing YOURHOST with your host's fully qualified domain name. See
+question 5.1 for more details on tcpserver.
+
+Security note: pop3d should be used only within a secure network;
+otherwise an eavesdropper can steal passwords.
+
+
+5.4. How do I allow selected clients to use this host as a relay? I see
+that qmail-smtpd rejects messages to any host not listed in
+control/rcpthosts.
+
+Answer: Three steps. First, install tcp-wrappers, available separately,
+including hosts_options. Second, change your qmail-smtpd line in
+inetd.conf to
+
+ smtp stream tcp nowait qmaild /usr/local/bin/tcpd
+ /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd
+
+(all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow,
+make a line setting the environment variable RELAYCLIENT to the empty
+string for the selected clients:
+
+ tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT
+
+Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd
+ignores control/rcpthosts when RELAYCLIENT is set. (It also appends
+RELAYCLIENT to each envelope recipient address. See question 5.5 for an
+application.)
+
+Alternative procedure, if you are using tcpserver 0.80 or above: Create
+/etc/tcp.smtp containing
+
+ 1.2.3.6:allow,RELAYCLIENT=""
+ 127.:allow,RELAYCLIENT=""
+
+to allow clients with IP addresses 1.2.3.6 and 127.*. Run
+
+ tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
+
+Finally, insert
+
+ -x /etc/tcp.smtp.cdb
+
+after tcpserver in your qmail-smtpd invocation.
+
+
+5.5. How do I fix up messages from broken SMTP clients?
+
+Answer: Three steps. First, put
+
+ | bouncesaying 'Permission denied' [ "@$HOST" != "@fixme" ]
+ | qmail-inject -f "$SENDER" -- "$DEFAULT"
+
+into ~alias/.qmail-fixup-default. Second, put
+
+ fixme:fixup
+
+into /var/qmail/control/virtualdomains, and give qmail-send a HUP.
+Third, follow the procedure in question 5.4, but set RELAYCLIENT to the
+string ``@fixme'':
+
+ tcp-env: 1.2.3.6, 1.2.3.7: setenv = RELAYCLIENT @fixme
+
+Here 1.2.3.6 and 1.2.3.7 are the clients' IP addresses. If you are using
+tcpserver instead of inetd and tcpd, put
+
+ 1.2.3.6:allow,RELAYCLIENT="@fixme"
+ 1.2.3.7:allow,RELAYCLIENT="@fixme"
+
+into /etc/tcp.smtp, and run tcprules as in question 5.4.
+
+
+5.6. How do I set up qmail-qmqpd? I'd like to allow fast queueing of
+outgoing mail from authorized clients.
+
+Answer: Make sure you have installed tcpserver 0.80 or above. Create
+/etc/qmqp.tcp in tcprules format to allow connections from authorized
+hosts. For example, if queueing is allowed from 1.2.3.*:
+
+ 1.2.3.:allow
+ :deny
+
+Convert /etc/qmqp.tcp to /etc/qmqp.cdb:
+
+ tcprules /etc/qmqp.cdb /etc/qmqp.tmp < /etc/qmqp.tcp
+
+Finally, set up
+
+ tcpserver -x /etc/qmqp.cdb -u 7770 -g 2108 0 628 /var/qmail/bin/qmail-qmqpd &
+
+replacing 7770 and 2108 with the qmaild uid and nofiles gid. See
+question 5.1 for more details on tcpserver.
+
+
+
+6. Configuring MUAs to work with qmail
+
+
+6.1. How do I make BSD mail generate a Date with the local time zone?
+When I send mail, I'd rather use the local time zone than GMT, since
+some MUAs don't know how to display Date in the receiver's time zone.
+
+Answer: Put
+
+ set sendmail=/var/qmail/bin/datemail
+
+into your .mailrc or your system-wide Mail.rc. Beware that BSD mail is
+neither secure nor reliable.
+
+
+6.2. How do I make pine work with qmail?
+
+Answer: Put
+
+ sendmail-path=/usr/lib/sendmail -oem -oi -t
+
+into /usr/local/lib/pine.conf. (This will work with sendmail too.)
+Beware that pine is neither secure nor reliable.
+
+
+6.3. How do I make MH work with qmail?
+
+Answer: Put
+
+ postproc: /usr/mh/lib/spost
+
+into each user's .mh_profile. (This will work with sendmail too.) Beware
+that MH is neither secure nor reliable.
+
+
+6.4. How do I stop Sun's dtcm from hanging?
+
+Answer: There is a novice programming error in dtcm, known as ``failure
+to close the output side of the pipe in the child.'' Sun has, at the
+time of this writing, not yet provided a patch. Sorry.
+
+
+
+7. Managing the mail system
+
+
+7.1. How do I safely stop qmail-send? Back when we were running
+sendmail, it was always tricky to kill sendmail without risking the loss
+of current deliveries; what should I do with qmail-send?
+
+Answer: Go ahead and kill the qmail-send process. It will shut down
+cleanly. Wait for ``exiting'' to show up in the log. To restart qmail,
+run /var/qmail/rc the same way it is run from your system boot scripts,
+with the proper PATH, resource limits, etc.
+
+Alternative, if qmail is supervised: svc -t /var/run/qmail. The
+supervise process will kill qmail, wait for it to stop, and restart it.
+Use -d instead of -t if you don't want qmail to restart automatically;
+to manually restart it, use -u.
+
+
+7.2. How do I manually run the queue? I'd like qmail to try delivering
+all the remote messages right now.
+
+Answer: Give the qmail-send process an ALRM. (Do svc -a /var/run/qmail
+if qmail is supervised.)
+
+You may want to run qmail-tcpok first, to guarantee that qmail-remote
+will try all addresses. Normally, if an address fails repeatedly,
+qmail-remote leaves it alone for an hour.
+
+
+7.3. How do I rejuvenate a message? Somebody broke into Eric's computer
+again; it's going to be down for at least another two days. I know Eric
+has been expecting an important message---in fact, I see it sitting here
+in /var/qmail/queue/mess/15/26902. It's been in the queue for six days;
+how can I make sure it isn't bounced tomorrow?
+
+Answer: Just touch /var/qmail/queue/info/15/26902. (This is the only
+form of queue modification that's safe while qmail is running.)
+
+
+7.4. How do I organize a big network? I have a lot of machines, and I
+don't know where to start.
+
+Answer: First, choose the domain name where your users will receive
+mail. This is normally the shortest domain name you control. If you are
+in charge of *.movie.edu, you can use addresses like joe@movie.edu.
+
+Second, choose the machine that will know what to do with different
+users at movie.edu. Set up a host name in DNS for this machine:
+
+ mailhost.movie.edu IN A 1.2.3.4
+ 4.3.2.1.in-addr.arpa IN PTR mailhost.movie.edu
+
+Here 1.2.3.4 is the IP address of that machine.
+
+Third, make a list of machines where mail should end up. For example, if
+mail for Bob should end up on Bob's workstation, put Bob's workstation
+onto the list. For each of these machines, set up a host name in DNS:
+
+ bobshost.movie.edu IN A 1.2.3.7
+ 7.3.2.1.in-addr.arpa IN PTR bobshost.movie.edu
+
+Fourth, install qmail on bobshost.movie.edu. qmail will automatically
+configure itself to accept messages for bob@bobshost.movie.edu and
+deliver them to ~bob/Mailbox on bobshost. Do the same for the other
+machines where mail should end up.
+
+Fifth, install qmail on mailhost.movie.edu. Put
+
+ movie.edu:alias-movie
+
+into control/virtualdomains on mailhost. Then forward bob@movie.edu to
+bob@bobshost.movie.edu, by putting
+
+ bob@bobshost.movie.edu
+
+into ~alias/.qmail-movie-bob. Do the same for other users.
+
+Sixth, put movie.edu into control/rcpthosts on mailhost.movie.edu, so
+that mailhost.movie.edu will accept messages for users at movie.edu.
+
+Seventh, set up an MX record in DNS to deliver movie.edu messages to
+mailhost:
+
+ movie.edu IN MX 10 mailhost.movie.edu
+
+Eighth, on all your machines, put movie.edu into control/defaulthost.
+
+
+7.5. How do I back up and restore the queue disk?
+
+Answer: You can't.
+
+One difficulty is that you can't get a consistent snapshot of the queue
+while qmail-send is running. Another difficulty is that messages in the
+queue must have filenames that match their inode numbers.
+
+However, the big problem is that backups---even twice-daily backups---
+are far too unreliable for mail. If your disk dies, there will be very
+little overlap between the messages saved in the last backup and the
+messages that were lost.
+
+There are several ways to add real reliability to a mail server. Battery
+backups will keep your server alive, letting you park the disk to avoid
+a head crash, when the power goes out. Solid-state disks have their own
+battery backups. RAID boxes let you replace dead disks without losing
+any data.
+
+
+7.6. How do I run a supervised copy of qmail? svc sounds useful.
+
+Answer: Install daemontools (http://pobox.com/~djb/daemontools.html).
+Create a /var/run/qmail directory. Change
+
+ /var/qmail/rc
+
+to
+
+ supervise /var/run/qmail /var/qmail/rc
+
+in your boot scripts. Make sure that supervise is in the startup PATH.
+Now you can use svc to stop or restart qmail, and svstat to check
+whether qmail is running.
+
+
+7.7. How do I avoid syslog? It chews up a lot of CPU time and isn't
+reliable.
+
+Answer: Install daemontools (http://pobox.com/~djb/daemontools.html).
+Make a /var/log/qmail directory, owned by qmaill, mode 2700. Do
+
+ qmail-start ./Mailbox /usr/local/bin/accustamp \
+ | setuser qmaill /usr/local/bin/cyclog /var/log/qmail &
+
+in /var/qmail/rc.
+
+If you are logging tcpserver connections, make a /var/log/smtpd
+directory, and use cyclog /var/log/smtpd for tcpserver. You shouldn't
+run several copies of cyclog with the same log directory.
+
+By default, cyclog keeps 10 automatically rotated log files, each
+containing up to 100KB of log data. To keep 20 files with 1MB each, use
+cyclog -s 1000000 -n 20.
+
+
+
+8. Miscellany
+
+
+8.1. How do I tell qmail to do more deliveries at once? It's running
+only 20 parallel qmail-remote processes.
+
+Answer: Decide how many deliveries you want to allow at once. Put that
+number into control/concurrencyremote. Restart qmail-send as in question
+7.1. If your system has resource limits, make sure you set the
+descriptors limit to at least double the concurrency plus 5; otherwise
+you'll get lots of unnecessary deferrals whenever a big burst of mail
+shows up. Note that qmail also imposes a compile-time concurrency limit,
+120 by default; this is set in conf-spawn.
+
+
+8.2. How do I keep a copy of all incoming and outgoing mail messages?
+
+Answer: Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h.
+Recompile qmail. Put ./msg-log into ~alias/.qmail-log.
+
+You can also use QUEUE_EXTRA to, e.g., record the Message-ID of every
+message: run
+
+ | awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'
+
+from ~alias/.qmail-log.
+
+
+8.3. How do I switch slowly from sendmail to qmail? I'm thinking of
+moving the heaven.af.mil network over to qmail, but first I'd like to
+give my users a chance to try out qmail without affecting current
+sendmail deliveries. We're using NFS.
+
+Answer: Find a host in your network, say pc.heaven.af.mil, that isn't
+running an SMTP server. (If addresses at pc.heaven.af.mil are used, you
+should already have an MX pointing pc.heaven.af.mil to your mail hub.)
+
+Set up a new MX record pointing lists.heaven.af.mil to pc.heaven.af.mil.
+Install qmail on pc.heaven.af.mil. Replace pc with lists in the control
+files. Make the qmail man pages available on all your machines.
+
+Now tell your users about qmail. A user can forward joe@heaven.af.mil to
+joe@lists.heaven.af.mil to get ~/Mailbox delivery; he can set up .qmail
+files; he can start running his own mailing lists @lists.heaven.af.mil.
+
+When you're ready to turn sendmail off, you can set up pc.heaven.af.mil
+as your new mail hub. Add heaven.af.mil to control/locals, and change
+the heaven.af.mil MX to point to pc.heaven.af.mil. Make sure you leave
+lists.heaven.af.mil in control/locals so that transition addresses will
+continue to work.
diff --git a/doc/Qmail/INSTALL.alias b/doc/Qmail/INSTALL.alias
new file mode 100644
index 0000000..672365a
--- /dev/null
+++ b/doc/Qmail/INSTALL.alias
@@ -0,0 +1,40 @@
+qmail lets each user control all addresses of the form user-anything.
+Addresses that don't start with a username are controlled by a special
+user, alias. Delivery instructions for foo go into ~alias/.qmail-foo;
+delivery instructions for user-foo go into ~user/.qmail-foo. See
+dot-qmail.0 for the full story.
+
+qmail doesn't have any built-in support for /etc/aliases. If you have a
+big /etc/aliases and you'd like to keep it, install the fastforward
+package, available separately. /etc/aliases should already include the
+aliases discussed below---Postmaster, MAILER-DAEMON, and root.
+
+If you don't have a big /etc/aliases, you'll find it easier to use
+qmail's native alias mechanism. Here's a checklist of aliases you should
+set up right now.
+
+* Postmaster. You're not an Internet citizen if this address doesn't
+work. Simply touch (and chmod 644) ~alias/.qmail-postmaster; any mail
+for Postmaster will be delivered to ~alias/Mailbox.
+
+* MAILER-DAEMON. Not required, but users sometimes respond to bounce
+messages. Touch (and chmod 644) ~alias/.qmail-mailer-daemon.
+
+* root. Under qmail, root never receives mail. Your system may generate
+mail messages to root every night; if you don't have an alias for root,
+those messages will bounce. (They'll end up double-bouncing to the
+postmaster.) Set up an alias for root in ~alias/.qmail-root. .qmail
+files are similar to .forward files, but beware that they are strictly
+line-oriented---see dot-qmail.0 for details.
+
+* Other non-user accounts. Under qmail, non-user accounts don't get
+mail; ``user'' means a non-root account that owns ~account. Set up
+aliases for any non-user accounts that normally receive mail.
+
+Note that special accounts such as ftp, www, and uucp should always have
+home directories owned by root.
+
+* Default. If you want, you can touch ~alias/.qmail-default to catch
+everything else. Beware: this will also catch typos and other addresses
+that should probably be bounced instead. It won't catch addresses that
+start with a user name---the user can set up his own ~/.qmail-default.
diff --git a/doc/Qmail/INSTALL.ctl b/doc/Qmail/INSTALL.ctl
new file mode 100644
index 0000000..00ce689
--- /dev/null
+++ b/doc/Qmail/INSTALL.ctl
@@ -0,0 +1,38 @@
+As you've seen, qmail has essentially no pre-compilation configuration.
+You should never have to recompile it unless you want to change the
+qmail home directory, usernames, or uids.
+
+qmail does allow quite a bit of easy post-installation configuration. If
+you care how your machine greets other machines via SMTP, for example,
+you can put an appropriate line into /var/qmail/control/smtpgreeting.
+
+But this is all optional---if control/smtpgreeting doesn't exist, qmail
+will do something reasonable by default. You shouldn't worry much about
+configuration right now. You can always come back and tune things later.
+
+There's one big exception. You MUST tell qmail your hostname. Just run
+the config-fast script:
+
+ # ./config-fast your.full.host.name
+
+config-fast puts your.full.host.name into control/me. It also puts it
+into control/locals and control/rcpthosts, so that qmail will accept
+mail for your.full.host.name.
+
+You can instead use the config script, which looks up your host name in
+DNS:
+
+ # ./config
+
+config also looks up your local IP addresses in DNS to decide which
+hosts to accept mail for.
+
+(Why doesn't qmail do these lookups on the fly? This was a deliberate
+design decision. qmail does all its local functions---header rewriting,
+checking if a recipient is local, etc.---without talking to the network.
+The point is that qmail can continue accepting and delivering local mail
+even if your network connection goes down.)
+
+Next, read through FAQ for information on setting up optional features
+like masquerading. If you really want to learn right now what all the
+configuration possibilities are, see qmail-control.0.
diff --git a/doc/Qmail/INSTALL.ids b/doc/Qmail/INSTALL.ids
new file mode 100644
index 0000000..a50e10d
--- /dev/null
+++ b/doc/Qmail/INSTALL.ids
@@ -0,0 +1,72 @@
+Here's how to set up the qmail groups and the qmail users.
+
+On some systems there are commands that make this easy. Solaris and
+Linux:
+
+ # groupadd nofiles
+ # useradd -g nofiles -d /var/qmail/alias alias
+ # useradd -g nofiles -d /var/qmail qmaild
+ # useradd -g nofiles -d /var/qmail qmaill
+ # useradd -g nofiles -d /var/qmail qmailp
+ # groupadd qmail
+ # useradd -g qmail -d /var/qmail qmailq
+ # useradd -g qmail -d /var/qmail qmailr
+ # useradd -g qmail -d /var/qmail qmails
+
+FreeBSD 2.2:
+
+ # pw groupadd nofiles
+ # pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
+ # pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
+ # pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
+ # pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
+ # pw groupadd qmail
+ # pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
+ # pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
+ # pw useradd qmails -g qmail -d /var/qmail -s /nonexistent
+
+BSDI 2.0:
+
+ # addgroup nofiles
+ # adduser -g nofiles -H/var/qmail/alias -G,,, -s/dev/null -P'*' alias
+ # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaild
+ # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaill
+ # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmailp
+ # addgroup qmail
+ # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailq
+ # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailr
+ # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmails
+
+AIX:
+
+ # mkgroup -A nofiles
+ # mkuser pgrp=nofiles home=/var/qmail/alias shell=/bin/true alias
+ # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmaild
+ # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmaill
+ # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmailp
+ # mkgroup -A qmail
+ # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmailq
+ # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmailr
+ # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmails
+
+On other systems, you will have to edit /etc/group and /etc/passwd
+manually. First add two new lines to /etc/group, something like
+
+ qmail:*:2107:
+ nofiles:*:2108:
+
+where 2107 and 2108 are different from the other gids in /etc/group.
+Next (using vipw) add six new lines to /etc/passwd, something like
+
+ alias:*:7790:2108::/var/qmail/alias:/bin/true
+ qmaild:*:7791:2108::/var/qmail:/bin/true
+ qmaill:*:7792:2108::/var/qmail:/bin/true
+ qmailp:*:7793:2108::/var/qmail:/bin/true
+ qmailq:*:7794:2107::/var/qmail:/bin/true
+ qmailr:*:7795:2107::/var/qmail:/bin/true
+ qmails:*:7796:2107::/var/qmail:/bin/true
+
+where 7790 through 7796 are _new_ uids, 2107 is the qmail gid, and 2108
+is the nofiles gid. Make sure you use the nofiles gid for qmaild,
+qmaill, qmailp, and alias, and the qmail gid for qmailq, qmailr, and
+qmails.
diff --git a/doc/Qmail/INSTALL.maildir b/doc/Qmail/INSTALL.maildir
new file mode 100644
index 0000000..72373aa
--- /dev/null
+++ b/doc/Qmail/INSTALL.maildir
@@ -0,0 +1,59 @@
+This file points out some reasons that you might want to switch from
+mbox format to a new format, maildir.
+
+
+1. The trouble with mbox
+
+The mbox format---the format of ~user/Mailbox, understood by BSD Mail
+and lots of other MUAs---is inherently unreliable.
+
+Think about it: what happens if the system crashes while a program is
+appending a new message to ~user/Mailbox? The message will be truncated.
+Even worse, if it was truncated in the middle of a line, it will end up
+being merged with the next message! Sure, the mailer understands that it
+wasn't successful, so it'll try delivering the message again later, but
+it can't fix your corrupted mbox.
+
+Other formats, such as mh folders, are just as unreliable.
+
+qmail supports maildir, a crashproof format for incoming mail messages.
+maildir is fast and easy for MUAs to use. Even better, maildir works
+wonders over NFS---see below.
+
+I don't want to cram maildir down people's throats, so it's not the
+default. Nevertheless, I encourage you to start asking for maildir
+versions of your favorite MUAs, and to switch over to maildir as soon as
+you can.
+
+
+2. Sun's Network F_ail_u_re System
+
+Anyone who tells you that mail can be safely delivered in mbox format
+over NFS is pulling your leg---as explained above, mbox format is
+inherently unreliable even on a single machine.
+
+Anyway, NFS is the most unreliable computing environment ever invented,
+and qmail doesn't even pretend to support mbox over NFS.
+
+You should switch to maildir, which works fine over NFS without any
+locking. You can safely read your mail over NFS if it's in maildir
+format. Any number of machines can deliver mail to you at the same time.
+(On the other hand, for efficiency, it's better to get NFS out of the
+picture---your mail should be delivered on the server that contains your
+home directory.)
+
+Here's how to set up qmail to use maildir for your incoming mail:
+
+ % maildirmake $HOME/Maildir
+ % echo ./Maildir/ > ~/.qmail
+
+Make sure you include the trailing slash on Maildir/.
+
+The system administrator can set up Maildir as the default for everybody
+by creating a maildir in the new-user template directory and replacing
+./Mailbox with ./Maildir/ in /var/qmail/rc.
+
+Until your MUA supports maildir, you'll probably want to convert maildir
+format to (gaaack) mbox format. I've supplied a maildir2mbox utility
+that does the trick, along with some tiny qail and elq and pinq wrappers
+that call maildir2mbox before calling Mail or elm or pine.
diff --git a/doc/Qmail/INSTALL.mbox b/doc/Qmail/INSTALL.mbox
new file mode 100644
index 0000000..93ca16c
--- /dev/null
+++ b/doc/Qmail/INSTALL.mbox
@@ -0,0 +1,53 @@
+The qmail package includes a local delivery agent, qmail-local, which
+provides user-controlled mailing lists, cross-host alias loop detection,
+and many other important qmail features.
+
+There's one important difference between qmail-local and binmail:
+qmail-local delivers mail by default into ~user/Mailbox, rather than
+/var/spool/mail/user. It uses mbox format, with lockf locking on systems
+that don't have flock (HP/UX, Solaris), and flock locking otherwise.
+
+This file explains how to switch your system to ~user/Mailbox. You
+aren't required to do this; for further discussion of /var/spool/mail,
+and an explanation of how to continue using binmail for local
+deliveries, see INSTALL.vsm.
+
+The basic procedure for switching to ~user/Mailbox is simple:
+
+ * Move each /var/spool/mail/user to ~user/Mailbox. For safety, do
+ this in single-user mode.
+
+ * As root, set up a symbolic link from /var/spool/mail/user to
+ ~user/Mailbox for each user. /var/spool/mail should be mode 1777,
+ so users will not be able to accidentally remove these links.
+
+A few mail programs are unable to handle symbolic links, so you will
+have to configure them to look at ~user/Mailbox directly:
+
+ * procmail: Change SYSTEM_MBOX in config.h and recompile; or, with
+ recent versions, define MAILSPOOLHOME in src/authenticate.c.
+
+An alternative to symbolic links is hlfsd. Consult the documentation for
+hlfsd if it is included in your operating system.
+
+If /var/spool/mail is large, you can gain extra speed by configuring
+all your mail software to look at ~user/Mailbox directly:
+
+ * Most MUAs: Put ``setenv MAIL $HOME/Mailbox'' in your system-wide
+ .cshrc and ``MAIL=$HOME/Mailbox; export MAIL'' in your system-wide
+ .profile.
+
+ * elm: Change "mailbox" to "Mailbox" around line 388 of newmbox.c and
+ recompile. (elm looks at $MAIL, but without this change elm will
+ fail if two users try to read mail simultaneously.)
+
+ * pine: Put ``inbox-path=Mailbox'' in your system-wide pine.conf.
+ (For pine versions more recent than 3.91, see also FAQ 6.2.)
+
+ * qpopper 2.2: Change /.mail to /Mailbox in pop_dropcopy.c and
+ recompile with -DHOMEDIRMAIL in CFLAGS.
+
+Some vendors, in a misguided attempt to solve the security problems of
+/var/spool/mail, have made all their mail software setgid mail. After
+you move the mailboxes, you can---and, for security, should---remove
+those setgid-mail bits.
diff --git a/doc/Qmail/INSTALL.qmail b/doc/Qmail/INSTALL.qmail
new file mode 100644
index 0000000..e3b0f09
--- /dev/null
+++ b/doc/Qmail/INSTALL.qmail
@@ -0,0 +1,84 @@
+SAVE COPIES OF YOUR OUTGOING MAIL! Like any other piece of software (and
+information generally), the qmail system comes with NO WARRANTY. It's
+much more secure and reliable than sendmail, but that's not saying much.
+
+
+Things you have to decide before starting:
+
+* The qmail home directory, normally /var/qmail. To change this
+directory, edit conf-qmail now.
+
+* The names of the qmail users and the qmail groups. To change these
+names, edit conf-users and conf-groups now.
+
+
+To create /var/qmail and configure qmail (won't interfere with sendmail):
+
+ 1. Create the qmail home directory:
+ # mkdir /var/qmail
+
+ 2. Read INSTALL.ids. You must set up the qmail group and the qmail
+ users before compiling the programs.
+
+ 3. Compile the programs and create the qmail directory tree:
+ # make setup check
+
+ 4. Read INSTALL.ctl and FAQ. Minimal survival command:
+ # ./config
+
+ 5. Read INSTALL.alias. Minimal survival command:
+ # (cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
+ # chmod 644 ~alias/.qmail*
+
+ 6. Read INSTALL.mbox and INSTALL.vsm.
+
+ 7. Read INSTALL.maildir.
+
+ 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc.
+
+
+To test qmail deliveries (won't interfere with sendmail):
+
+ 9. Enable deliveries of messages injected into qmail:
+ # csh -cf '/var/qmail/rc &'
+
+10. Read TEST.deliver.
+
+
+To upgrade from sendmail to qmail:
+
+11. Read SENDMAIL. This is what your users will want to know about the
+ switch from sendmail to qmail.
+
+12. Read REMOVE.sendmail. You must remove sendmail before installing
+ qmail.
+
+13. Read REMOVE.binmail.
+
+14. Add
+ csh -cf '/var/qmail/rc &'
+ to your boot scripts, so that the qmail daemons are restarted
+ whenever your system reboots. Make sure you include the &.
+
+15. Make qmail's ``sendmail'' wrapper available to MUAs:
+ # ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
+ # ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
+ /usr/sbin might not exist on your system.
+
+16. Set up qmail-smtpd in /etc/inetd.conf (all on one line):
+ smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env
+ tcp-env /var/qmail/bin/qmail-smtpd
+
+17. Reboot. (Or kill -HUP your inetd and make sure the qmail daemons
+ are running.)
+
+18. Read TEST.receive.
+
+
+
+That's it! To report success:
+ % ( echo 'First M. Last'; cat `cat SYSDEPS` ) | mail djb-qst@cr.yp.to
+Replace First M. Last with your name.
+
+If you have questions about qmail, join the qmail mailing list; see
+http://pobox.com/~djb/qmail.html.
diff --git a/doc/Qmail/INTERNALS b/doc/Qmail/INTERNALS
new file mode 100644
index 0000000..effda6f
--- /dev/null
+++ b/doc/Qmail/INTERNALS
@@ -0,0 +1,186 @@
+1. Overview
+
+Here's the data flow in the qmail suite:
+
+ qmail-qmpqd _
+ \
+ qmail-qmtpd __\
+ \
+ qmail-smtpd ---- qmail-queue --- qmail-send --- qmail-rspawn --- qmail-remote
+ / | \
+ qmail-inject -_/ qmail-clean \_ qmail-lspawn --- qmail-local
+
+Every message is added to a central queue directory by qmail-queue.
+qmail-queue is invoked as needed, usually by qmail-inject for locally
+generated messages, qmail-smtpd for messages received through SMTP,
+qmail-local for forwarded messages, or qmail-send for bounce messages.
+
+Every message is then delivered by qmail-send, in cooperation with
+qmail-lspawn and qmail-rspawn, and cleaned up by qmail-clean. These four
+programs are long-running daemons.
+
+The queue is designed to be crashproof, provided that the underlying
+filesystem is crashproof. All cleanups are handled by qmail-send and
+qmail-clean without human intervention. See section 6 for more details.
+
+
+2. Queue structure
+
+Each message in the queue is identified by a unique number, let's say
+457. The queue is organized into several directories, each of which may
+contain files related to message 457:
+
+ mess/457: the message
+ todo/X/457: the envelope: where the message came from, where it's going
+ intd/457: the envelope, under construction by qmail-queue
+ info/457: the envelope sender address, after preprocessing
+ local/457: local envelope recipient addresses, after preprocessing
+ remote/457: remote envelope recipient addresses, after preprocessing
+ bounce/457: permanent delivery errors
+
+Here are all possible states for a message. + means a file exists; -
+means it does not exist; ? means it may or may not exist; X is a hash directory.
+
+ S1. -mess -intd -todo -info -local -remote -bounce
+ S2. +mess -intd -todo -info -local -remote -bounce
+ S3. +mess +intd -todo -info -local -remote -bounce
+ S4. +mess ?intd +todo ?info ?local ?remote -bounce (queued)
+ S5. +mess -intd -todo +info ?local ?remote ?bounce (preprocessed)
+
+Guarantee: If mess/457 exists, it has inode number 457.
+
+
+3. How messages enter the queue
+
+To add a message to the queue, qmail-queue first creates a file in a
+separate directory, pid/, with a unique name. The filesystem assigns
+that file a unique inode number. qmail-queue looks at that number, say
+457. By the guarantee above, message 457 must be in state S1.
+
+qmail-queue renames pid/whatever as mess/457, moving to S2. It writes
+the message to mess/457. It then creates intd/457, moving to S3, and
+writes the envelope information to intd/457.
+
+Finally qmail-queue creates a new link, todo/457, for intd/457, moving
+to S4. At that instant the message has been successfully queued, and
+qmail-queue leaves it for further handling by qmail-send.
+
+qmail-queue starts a 24-hour timer before touching any files, and
+commits suicide if the timer expires.
+
+
+4. How queued messages are preprocessed
+
+Once a message has been queued, qmail-send must decide which recipients
+are local and which recipients are remote. It may also rewrite some
+recipient addresses.
+
+When qmail-send notices todo/457, it knows that message 457 is in S4. It
+removes info/457, local/457, and remote/457 if they exist. Then it reads
+through todo/457. It creates info/457, possibly local/457, and possibly
+remote/457. When it is done, it removes intd/457. The message is still
+in S4 at this point. Finally qmail-send removes todo/457, moving to S5.
+At that instant the message has been successfully preprocessed.
+
+
+5. How preprocessed messages are delivered
+
+Messages at S5 are handled as follows. Each address in local/457 and
+remote/457 is marked either NOT DONE or DONE.
+
+ DONE: The message was successfully delivered, or the last delivery
+ attempt met with permanent failure. Either way, qmail-send
+ should not attempt further delivery to this address.
+
+ NOT DONE: If there have been any delivery attempts, they have all
+ met with temporary failure. Either way, qmail-send should
+ try delivery in the future.
+
+qmail-send may at its leisure try to deliver a message to a NOT DONE
+address. If the message is successfully delivered, qmail-send marks the
+address as DONE. If the delivery attempt meets with permanent failure,
+qmail-send first appends a note to bounce/457, creating bounce/457 if
+necessary; then it marks the address as DONE. Note that bounce/457 is
+not crashproof.
+
+qmail-send may handle bounce/457 at any time, as follows: it (1) injects
+a new bounce message, created from bounce/457 and mess/457; (2) deletes
+bounce/457.
+
+When all addresses in local/457 are DONE, qmail-send deletes local/457.
+Same for remote/457.
+
+When local/457 and remote/457 are gone, qmail-send eliminates the
+message, as follows. First, if bounce/457 exists, qmail-send handles it
+as described above. Once bounce/457 is definitely gone, qmail-send
+deletes info/457, moving to S2, and finally mess/457, moving to S1.
+
+
+6. Cleanups
+
+If the computer crashes while qmail-queue is trying to queue a message,
+or while qmail-send is eliminating a message, the message may be left in
+state S2 or S3.
+
+When qmail-send sees a message in state S2 or S3---other than one
+it is currently eliminating!---where mess/457 is more than 36 hours old,
+it deletes intd/457 if that exists, then deletes mess/457. Note that any
+qmail-queue handling the message must be dead.
+
+Similarly, when qmail-send sees a file in the pid/ directory that is
+more than 36 hours old, it deletes it.
+
+Cleanups are not necessary if the computer crashes while qmail-send is
+delivering a message. At worst a message may be delivered twice. (There
+is no way for a distributed mail system to eliminate the possibility of
+duplication. What if an SMTP connection is broken just before the server
+acknowledges successful receipt of the message? The client must assume
+the worst and send the message again. Similarly, if the computer crashes
+just before qmail-send marks a message as DONE, the new qmail-send must
+assume the worst and send the message again. The usual solutions in the
+database literature---e.g., keeping log files---amount to saying that
+it's the recipient's computer's job to discard duplicate messages.)
+
+
+7. Bounces
+
+Bounces (aka 'None-Delivery Reports, NDR) are formated as QMBF messages.
+Generated by qmail-send, bounce message handling is not bullet proof.
+The size of bounce messages is typically larger than the original email
+and maybe therefore be subject of rejection by the sender, resulting
+in 'double bounces' (redirected to the postmaster).
+
+Bounce control can be achieved by means of 'control/bouncemaxbytes'
+truncating the bounce message to the specified size. Further, bounce
+hosts and be set up by 'control/smtproutes' and 'control/qmtroutes'.
+Double bounces can also be redirected to a special address provided in
+'control/doublebounceto' allowing in addition to dump double bounces.
+
+
+8. Further notes
+
+Currently info/457 serves two purposes: first, it records the envelope
+sender; second, its modification time is used to decide when a message
+has been in the queue too long. In the future info/457 may store more
+information. Any non-backwards-compatible changes will be identified by
+version numbers.
+
+When qmail-queue has successfully placed a message into the queue, it
+pulls a trigger offered by qmail-send. Here is the current triggering
+mechanism: lock/trigger is a named pipe. Before scanning todo/,
+qmail-send opens lock/trigger O_NDELAY for reading. It then selects for
+readability on lock/trigger. qmail-queue pulls the trigger by writing a
+byte O_NDELAY to lock/trigger. This makes lock/trigger readable and
+wakes up qmail-send. Before scanning todo/ again, qmail-send closes and
+reopens lock/trigger.
+
+The 'bigtodo' enhancements splits up the 'todo' dir into the number
+of subdirectories given by 'conf-split'. With a very large number of
+email in the state 'todo' this helps improving stat'ing and speeds up
+performance at almost no costs.
+
+--
+
+Note: The original description was written by DJB and is mostly unaltered.
+
+
diff --git a/doc/Qmail/PIC.local2alias b/doc/Qmail/PIC.local2alias
new file mode 100644
index 0000000..75cff56
--- /dev/null
+++ b/doc/Qmail/PIC.local2alias
@@ -0,0 +1,37 @@
+ Original message:
+
+ To: help
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to help@heaven.af.mil
+ | From: joe@heaven.af.mil
+ | To: help@heaven.af.mil
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, help@heaven.af.mil.
+ | Is heaven.af.mil in locals? Yes.
+ | Deliver locally to help@heaven.af.mil.
+ V
+
+qmail-lspawn ./Mailbox
+
+ | Look at mailbox name, help.
+ | Is help listed in qmail-users? No.
+ | Is there a help account? No.
+ | Give control of the message to alias.
+ | Run qmail-local.
+ V
+
+qmail-local alias ~alias help - help heaven.af.mil joe@heaven.af.mil ./Mailbox
+
+ Does ~alias/.qmail-help exist? Yes: "john".
+ Forward message to john.
diff --git a/doc/Qmail/PIC.local2ext b/doc/Qmail/PIC.local2ext
new file mode 100644
index 0000000..a8bf644
--- /dev/null
+++ b/doc/Qmail/PIC.local2ext
@@ -0,0 +1,41 @@
+ Original message:
+
+ To: fred-sos
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to fred-sos@heaven.af.mil
+ | From: joe@heaven.af.mil
+ | To: fred-sos@heaven.af.mil
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, fred-sos@heaven.af.mil.
+ | Is heaven.af.mil in locals? Yes.
+ | Deliver locally to fred-sos@heaven.af.mil.
+ V
+
+qmail-lspawn ./Mailbox
+
+ | Look at mailbox name, fred-sos.
+ | Is fred-sos listed in qmail-users? No.
+ | Is there a fred-sos account? No.
+ | Is there a fred account? Yes.
+ | Is fred's uid nonzero? Yes.
+ | Is ~fred visible to the qmailp user? Yes.
+ | Is ~fred owned by fred? Yes.
+ | Give control of the message to fred.
+ | Run qmail-local.
+ V
+
+qmail-local fred ~fred fred-sos - sos heaven.af.mil joe@heaven.af.mil ./Mailbox
+
+ Does ~fred/.qmail-sos exist? Yes: "./Extramail".
+ Write message to ./Extramail in mbox format.
diff --git a/doc/Qmail/PIC.local2local b/doc/Qmail/PIC.local2local
new file mode 100644
index 0000000..3a067e0
--- /dev/null
+++ b/doc/Qmail/PIC.local2local
@@ -0,0 +1,40 @@
+ Original message:
+
+ To: fred
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to fred@heaven.af.mil
+ | From: joe@heaven.af.mil
+ | To: fred@heaven.af.mil
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, fred@heaven.af.mil.
+ | Is heaven.af.mil in locals? Yes.
+ | Deliver locally to fred@heaven.af.mil.
+ V
+
+qmail-lspawn ./Mailbox
+
+ | Look at mailbox name, fred.
+ | Is fred listed in qmail-users? No.
+ | Is there a fred account? Yes.
+ | Is fred's uid nonzero? Yes.
+ | Is ~fred visible to the qmailp user? Yes.
+ | Is ~fred owned by fred? Yes.
+ | Give control of the message to fred.
+ | Run qmail-local.
+ V
+
+qmail-local fred ~fred fred '' '' heaven.af.mil joe@heaven.af.mil ./Mailbox
+
+ Does ~fred/.qmail exist? No.
+ Write message to ./Mailbox in mbox format.
diff --git a/doc/Qmail/PIC.local2rem b/doc/Qmail/PIC.local2rem
new file mode 100644
index 0000000..6857af5
--- /dev/null
+++ b/doc/Qmail/PIC.local2rem
@@ -0,0 +1,38 @@
+ Original message:
+
+ To: bill@irs.gov
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to bill@irs.gov
+ | From: joe@heaven.af.mil
+ | To: bill@irs.gov
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, bill@irs.gov.
+ | Is irs.gov in locals? No.
+ | Is bill@irs.gov in virtualdomains? No.
+ | Is irs.gov in virtualdomains? No.
+ | Is .gov in virtualdomains? No.
+ | Deliver remotely to bill@irs.gov.
+ V
+
+qmail-rspawn Run qmail-remote.
+
+ |
+ V
+
+qmail-remote Look at host name, irs.gov.
+ Is irs.gov listed in smtproutes? No.
+ Look up DNS MX/A for irs.gov and connect to it by SMTP:
+
+ MAIL FROM:<joe@heaven.af.mil>
+ RCPT TO:<bill@irs.gov>
diff --git a/doc/Qmail/PIC.local2virt b/doc/Qmail/PIC.local2virt
new file mode 100644
index 0000000..60f80c8
--- /dev/null
+++ b/doc/Qmail/PIC.local2virt
@@ -0,0 +1,44 @@
+ Original message:
+
+ To: dude@tommy.gov
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to dude@tommy.gov
+ | From: joe@heaven.af.mil
+ | To: dude@tommy.gov
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, dude@tommy.gov.
+ | Is tommy.gov in locals? No.
+ | Is dude@tommy.gov in virtualdomains? No.
+ | Is tommy.gov in virtualdomains? Yes: "tommy.gov:fred".
+ | Deliver locally to fred-dude@tommy.gov.
+ V
+
+qmail-lspawn ./Mailbox
+
+ | Look at mailbox name, fred-dude.
+ | Is fred-dude listed in qmail-users? No.
+ | Is there a fred-dude account? No.
+ | Is there a fred account? Yes.
+ | Is fred's uid nonzero? Yes.
+ | Is ~fred visible to the qmailp user? Yes.
+ | Is ~fred owned by fred? Yes.
+ | Give control of the message to fred.
+ | Run qmail-local.
+ V
+
+qmail-local fred ~fred fred-dude - dude tommy.gov joe@heaven.af.mil ./Mailbox
+
+ Does ~fred/.qmail-dude exist? No.
+ Does ~fred/.qmail-default exist? Yes: "./Mail.tommy".
+ Write message to ./Mail.tommy in mbox format.
diff --git a/doc/Qmail/PIC.nullclient b/doc/Qmail/PIC.nullclient
new file mode 100644
index 0000000..a90d7cb
--- /dev/null
+++ b/doc/Qmail/PIC.nullclient
@@ -0,0 +1,38 @@
+ Original message:
+
+ To: bill@irs.gov
+ Hi.
+
+qmail-inject Fill in the complete envelope and header:
+
+ | (envelope) from joe@heaven.af.mil to bill@irs.gov
+ | From: joe@heaven.af.mil
+ | To: bill@irs.gov
+ |
+ | Hi.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, bill@irs.gov.
+ | Is irs.gov in locals? No.
+ | Is bill@irs.gov in virtualdomains? No.
+ | Is irs.gov in virtualdomains? No.
+ | Is .gov in virtualdomains? No.
+ | Deliver remotely to bill@irs.gov.
+ V
+
+qmail-rspawn Run qmail-remote.
+
+ |
+ V
+
+qmail-remote Look at host name, irs.gov.
+ Is irs.gov listed in smtproutes? Yes: ":bigbang.af.mil".
+ Look up DNS A for bigbang.af.mil and connect by SMTP:
+
+ MAIL FROM:<joe@heaven.af.mil>
+ RCPT TO:<bill@irs.gov>
diff --git a/doc/Qmail/PIC.relaybad b/doc/Qmail/PIC.relaybad
new file mode 100644
index 0000000..513f74f
--- /dev/null
+++ b/doc/Qmail/PIC.relaybad
@@ -0,0 +1,8 @@
+qmail-smtpd Receive message by SMTP from another host:
+
+ MAIL FROM:<spammer@aol.com>
+ RCPT TO:<bill@irs.gov>
+
+ Is $RELAYCLIENT set? No.
+ Is irs.gov in rcpthosts? No.
+ Reject RCPT.
diff --git a/doc/Qmail/PIC.relaygood b/doc/Qmail/PIC.relaygood
new file mode 100644
index 0000000..0d62fa9
--- /dev/null
+++ b/doc/Qmail/PIC.relaygood
@@ -0,0 +1,33 @@
+qmail-smtpd Receive message by SMTP from another host:
+
+ | MAIL FROM:<joe@heaven.af.mil>
+ | RCPT TO:<bill@irs.gov>
+ |
+ | Is $RELAYCLIENT set? Yes: "".
+ | Accept RCPT.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, bill@irs.gov.
+ | Is irs.gov in locals? No.
+ | Is bill@irs.gov in virtualdomains? No.
+ | Is irs.gov in virtualdomains? No.
+ | Is .gov in virtualdomains? No.
+ | Deliver remotely to bill@irs.gov.
+ V
+
+qmail-rspawn Run qmail-remote.
+
+ |
+ V
+
+qmail-remote Look at host name, irs.gov.
+ Is irs.gov listed in smtproutes? No.
+ Look up DNS MX/A for irs.gov and connect to it by SMTP:
+
+ MAIL FROM:<joe@heaven.af.mil>
+ RCPT TO:<bill@irs.gov>
diff --git a/doc/Qmail/PIC.rem2local b/doc/Qmail/PIC.rem2local
new file mode 100644
index 0000000..62fe61a
--- /dev/null
+++ b/doc/Qmail/PIC.rem2local
@@ -0,0 +1,36 @@
+qmail-smtpd Receive message by SMTP from another host:
+
+ | MAIL FROM:<bill@irs.gov>
+ | RCPT TO:<joe@heaven.af.mil>
+ |
+ | Is $RELAYCLIENT set? No.
+ | Is heaven.af.mil in rcpthosts? Yes.
+ | Accept RCPT.
+ V
+
+qmail-queue Store message safely on disk.
+ Trigger qmail-send.
+ |
+ V
+
+qmail-send Look at envelope recipient, joe@heaven.af.mil.
+ | Is heaven.af.mil in locals? Yes.
+ | Deliver locally to joe@heaven.af.mil.
+ V
+
+qmail-lspawn ./Mailbox
+
+ | Look at mailbox name, joe.
+ | Is joe listed in qmail-users? No.
+ | Is there a joe account? Yes.
+ | Is joe's uid nonzero? Yes.
+ | Is ~joe visible to the qmailp user? Yes.
+ | Is ~joe owned by joe? Yes.
+ | Give control of the message to joe.
+ | Run qmail-local.
+ V
+
+qmail-local joe ~joe joe '' '' heaven.af.mil bill@irs.gov ./Mailbox
+
+ Does ~joe/.qmail exist? No.
+ Write message to ./Mailbox in mbox format.
diff --git a/doc/Qmail/README b/doc/Qmail/README
new file mode 100644
index 0000000..5208eaf
--- /dev/null
+++ b/doc/Qmail/README
@@ -0,0 +1,269 @@
+qmail 1.03
+19980615
+Copyright 1998
+D. J. Bernstein, qmail@pobox.com
+
+qmail is a secure, reliable, efficient, simple message transfer agent.
+It is meant as a replacement for the entire sendmail-binmail system on
+typical Internet-connected UNIX hosts. See BLURB, BLURB2, BLURB3, and
+BLURB4 for more detailed advertisements.
+
+INSTALL says how to set up and test qmail. If you're upgrading from a
+previous version, read UPGRADE instead.
+
+See PIC.* for some ``end-to-end'' pictures of mail flowing through the
+qmail system.
+
+See http://pobox.com/~djb/qmail.html for other qmail-related software
+and a pointer to the qmail mailing list.
+
+Other documentation: http://pobox.com/~djb/proto.html shows solutions to
+several Internet mail problems; many of these solutions are implemented
+in qmail. CHANGES and THANKS show how qmail has changed since it was
+first released. SECURITY, INTERNALS, THOUGHTS, and TODO record many of
+the qmail design decisions.
+
+The rest of this file is a list of systypes where various versions of
+qmail have been reported to work. 0.96 was the final gamma version; 1.00
+had exactly the same code as 0.96. To see your systype, make systype;
+cat systype.
+
+1.00: a.ux-3.0-svr2-:-:-:mc68030-:- (tnx RF)
+1.01: aix-3-2-:-:-:000000406300-:- (tnx DG)
+1.01: aix-3-2-:-:-:000011216700-:- (tnx JLB)
+1.01: aix-4-1-:-:-:000041574c00-:- (tnx M2H)
+1.01: aix-4-1-:-:-:000088581000-:- (tnx HJB)
+1.01: aix-4-1-:-:-:002b51134c00-:- (tnx MP)
+1.00: aix-4-1-:-:-:00910033a000-:- (tnx KJJ)
+1.01: aix-4-2-:-:-:000055247900-:- (tnx JLB)
+1.01: aix-4-2-:-:-:000062295800-:- (tnx TD)
+1.01: aix-4-2-:-:-:000136094c00-:- (tnx T2U)
+1.00: aix-4-2-:-:-:000205254600-:- (tnx MGM)
+1.01: aix-4-2-:-:-:005255bc4c00-:- (tnx DS)
+1.01: aix-4-2-:-:-:006030944c00-:-
+1.01: bsd.386-1.1-0-:i386-:-:i386-:- (tnx T2M)
+1.01: bsd.os-2.0-:i386-:-:pentium-:- (tnx MSS)
+1.01: bsd.os-2.0.1-:i386-:-:i486-:- (tnx KR)
+0.96: bsd.os-2.1-:i386-:-:-:- (tnx DAR)
+1.00: bsd.os-2.1-:i386-:-:i486-:- (tnx RJC)
+0.96: bsd.os-2.1-:i386-:-:pentium-:- (tnx UO)
+1.01: bsd.os-3.0-:i386-:-:-:- (tnx VU)
+1.01: bsd.os-3.0-:i386-:-:pentium-:- (tnx RJO)
+1.01: bsd.os-3.1-:i386-:-:pentium-:- (tnx ABC)
+1.01: bsd.os-3.1-:i386-:-:pentium.ii-:- (tnx UO)
+0.96: dgux-5.4r2.01-generic-:-:-:aviion-:- (tnx HWM)
+1.01: freebsd-2.1.0-release-:i386-:-:i486-dx-:- (tnx VV)
+1.01: freebsd-2.1.0-release-:i386-:-:i486.dx2-:- (tnx JLB)
+1.00: freebsd-2.1.0-release-:i386-:-:i486dx-:- (tnx chrisj=???)
+1.01: freebsd-2.1.0-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx MBS)
+1.01: freebsd-2.1.5-release-:i386-:-:i486-dx-:- (tnx B1F)
+0.96: freebsd-2.1.5-release-:i386-:-:i486dx-:- (tnx FN)
+1.01: freebsd-2.1.5-release-:i386-:-:unknown.-:- (tnx BMF)
+1.00: freebsd-2.1.6-release-:i386-:-:-:- (tnx TM)
+0.96: freebsd-2.1.6-release-:i386-:-:Pentium-Pro.150-:- (tnx CH)
+1.01: freebsd-2.1.6-release-:i386-:-:cy486dlc-:- (tnx M3H)
+0.96: freebsd-2.1.6.1-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx MF)
+1.01: freebsd-2.1.7-release-:i386-:-:i486-dx-:- (tnx AAF)
+1.00: freebsd-2.1.7-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx JBB)
+1.01: freebsd-2.1.7-release-:i386-:-:pentium.815\100-:- (tnx B1F)
+1.01: freebsd-2.2-970422-releng-:i386-:-:-:- (tnx TM)
+1.00: freebsd-2.2-release-:i386-:-:-:- (tnx MT)
+1.01: freebsd-2.2-stable-:i386-:-:cyrix.5x86-:- (tnx A2B)
+1.01: freebsd-2.2-stable-:i386-:-:pentium-:- (tnx gary@systemics=???)
+1.01: freebsd-2.2.1-release-:i386-:-:-:- (tnx M2R)
+1.01: freebsd-2.2.1-release-:i386-:-:i486-dx-:- (tnx PGR)
+1.00: freebsd-2.2.1-release-:i386-:-:i486.dx2-:- (tnx BR)
+1.01: freebsd-2.2.1-release-:i386-:-:pentium-:- (tnx REB)
+1.01: freebsd-2.2.1-release-:i386-:-:pentium.pro-:- (tnx JS)
+1.01: freebsd-2.2.2-release-:i386-:-:amd.am5x86.write-through-:- (tnx AGB)
+1.01: freebsd-2.2.2-release-:i386-:-:i486-dx-:- (tnx A2L)
+1.01: freebsd-2.2.2-release-:i386-:-:i486.dx2-:- (tnx D3S)
+1.01: freebsd-2.2.2-release-:i386-:-:pentium-:- (tnx B2F)
+1.01: freebsd-2.2.2-release-:i386-:-:pentium.pro-:- (tnx M2G)
+1.01: freebsd-2.2.5-release-:i386-:-:i486-dx-:- (tnx R2N)
+1.01: freebsd-2.2.5-release-:i386-:-:i486.dx2-:- (tnx AY)
+1.01: freebsd-2.2.5-release-:i386-:-:pentium.pro-:- (tnx AI)
+1.01: freebsd-2.2.5-stable-:i386-:-:i486.dx2-:- (tnx JK)
+1.01: freebsd-2.2.5-stable-:i386-:-:pentium-:- (tnx root@defiant=???)
+1.01: freebsd-2.2.6-release-:i386-:-:-:- (tnx TM)
+1.01: freebsd-2.2.6-release-:i386-:-:amd.am5x86.write-through-:- (tnx root@skully=???)
+1.00: freebsd-3.0-970209-snap-:i386-:-:-:- (tnx YF)
+1.01: freebsd-3.0-970428-snap-:i386-:-:pentium-:- (tnx M3S)
+1.01: freebsd-3.0-970807-snap-:i386-:-:amd.k6-:- (tnx KMD)
+1.01: freebsd-3.0-980309-snap-:i386-:-:pentium-:- (tnx MM)
+1.01: freebsd-3.0-current-:i386-:-:pentium-:- (tnx KB)
+1.01: hp-ux-a.09.05-a-:-:-:9000.712-:- (tnx SV)
+1.01: hp-ux-a.09.07-a-:-:-:9000.712-:- (tnx LB)
+1.00: hp-ux-b.09.00-a-:-:-:9000.360-:- (tnx VV)
+1.01: hp-ux-b.10.20-a-:-:-:9000.755-:- (tnx BCK)
+1.01: irix-5.3-11091812-:-:-:ip22-:- (tnx JL)
+1.01: irix-6.2-03131015-:-:-:ip22-:- (tnx DS)
+1.01: irix64-6.2-03131016-:-:-:ip19-:- (tnx AH)
+1.01: irix64-6.2-06101031-:-:-:ip28-:- (tnx DB)
+1.01: linux-1.2.13-:i386-:-:i486-:- (tnx RF)
+1.01: linux-1.2.13-:i386-:-:pentium-:- (tnx MEE)
+1.01: linux-1.99.4-:i386-:-:pentium-:- (tnx C2H)
+1.01: linux-2.0.0-:i386-:-:i486-:- (tnx kragen@gentle=???)
+1.01: linux-2.0.0-:i386-:-:pentium-:- (tnx MJD)
+1.01: linux-2.0.6-:i386-:-:pentium-:-
+1.00: linux-2.0.6-:i386-:-:ppro-:- (tnx MR)
+1.01: linux-2.0.7-:i386-:-:i486-:- (tnx TLM)
+1.01: linux-2.0.9-:i386-:-:i486-:- (tnx VBM)
+0.96: linux-2.0.13-:i386-:-:pentium-:- (tnx BW)
+1.01: linux-2.0.15-:i386-:-:i486-:- (tnx JCD)
+1.01: linux-2.0.18-:i386-:-:i486-:- (tnx tk@avalon=???)
+1.01: linux-2.0.18-:i386-:-:pentium-:- (tnx root@webtvchat=???)
+1.00: linux-2.0.22-:i386-:-:pentium-:- (tnx MDI)
+1.00: linux-2.0.23-:i386-:-:i486-:- (tnx B2L)
+1.01: linux-2.0.24-:i386-:-:i486-:- (tnx GLM)
+1.00: linux-2.0.24-:i386-:-:pentium-:- (tnx VV)
+0.96: linux-2.0.25-:i386-:-:i486-:- (tnx BDB)
+1.01: linux-2.0.25-:i386-:-:pentium-:- (tnx KA)
+0.93: linux-2.0.26-:i386-:-:i486-:- (tnx blynch@texas=???)
+1.01: linux-2.0.26-:i386-:-:pentium-:- (tnx robbie@opus=???)
+1.00: linux-2.0.27-:-:-:sparc-:- (tnx SVD)
+1.00: linux-2.0.27-:i386-:-:i386-:- (tnx ECG)
+1.01: linux-2.0.27-:i386-:-:i486-:- (tnx BN)
+1.01: linux-2.0.27-:i386-:-:pentium-:- (tnx EK)
+1.01: linux-2.0.27-:i386-:-:ppro-:- (tnx L3L)
+1.01: linux-2.0.28-:i386-:-:i486-:- (tnx AAF)
+1.00: linux-2.0.28-:i386-:-:pentium-:- (tnx root@duggy=???)
+1.01: linux-2.0.28-:i386-:-:ppro-:- (tnx S3T)
+1.01: linux-2.0.28-osfmach3-:-:-:ppc-:- (tnx CG)
+1.01: linux-2.0.29-:alpha-:-:alpha-:- (tnx MB)
+1.01: linux-2.0.29-:i386-:-:i386-:- (tnx AJK)
+1.01: linux-2.0.29-:i386-:-:i486-:- (tnx FPL)
+1.01: linux-2.0.29-:i386-:-:pentium-:- (tnx FW)
+1.00: linux-2.0.29-:i386-:-:ppro-:- (tnx MMM)
+1.01: linux-2.0.30-:-:-:sparc-:- (tnx J2P)
+1.01: linux-2.0.30-:alpha-:-:alpha-:- (tnx WS)
+1.01: linux-2.0.30-:i386-:-:i386-:- (tnx OK)
+1.00: linux-2.0.30-:i386-:-:i486-:- (tnx KUT)
+1.01: linux-2.0.30-:i386-:-:i486-:- (tnx PK)
+1.01: linux-2.0.30-:i386-:-:pentium-:- (tnx AV)
+1.00: linux-2.0.30-:i386-:-:ppro-:- (tnx root@gate=???)
+1.01: linux-2.0.30-osfmach3-:-:-:ppc-:- (tnx PTW)
+1.01: linux-2.0.30u11-:i386-:-:pentium-:- (tnx JTB)
+1.01: linux-2.0.31-:i386-:-:i486-:- (tnx SAE)
+1.01: linux-2.0.31-:i386-:-:pentium-:- (tnx B3W)
+1.01: linux-2.0.31-:i386-:-:ppro-:- (tnx JAK)
+1.01: linux-2.0.32-:-:-:ie86-:- (tnx root@vmlinuz=???)
+1.01: linux-2.0.32-:alpha-:-:alpha-:- (tnx NR)
+1.01: linux-2.0.32-:i386-:-:i486-:- (tnx SC)
+1.01: linux-2.0.32-:i386-:-:pentium-:- (tnx HT)
+1.01: linux-2.0.32-:i386-:-:ppro-:- (tnx RK)
+1.01: linux-2.0.33-:i386-:-:i486-:- (tnx RAB)
+1.01: linux-2.0.33-:i386-:-:pentium-:- (tnx AF)
+1.01: linux-2.0.33-:i386-:-:ppro-:- (tnx B2W)
+1.01: linux-2.1.9-:i386-:-:i486-:- (tnx SJB)
+1.01: linux-2.1.10-:i386-:-:i486-:- (tnx JB)
+0.96: linux-2.1.13-:i386-:-:i486-:- (tnx ML)
+0.96: linux-2.1.14-:i386-:-:pentium-:- (tnx SCW)
+0.96: linux-2.1.23-:i386-:-:pentium-:- (tnx JF)
+1.01: linux-2.1.24-:-:-:ppc-:- (tnx meta=???)
+0.96: linux-2.1.25-:i386-:-:i486-:- (tnx JBF)
+0.96: linux-2.1.25-:i386-:-:pentium-:- (tnx UO)
+1.00: linux-2.1.26-:i386-:-:i486-:- (tnx DK)
+1.00: linux-2.1.27-:i386-:-:pentium-:- (tnx JF)
+1.01: linux-2.1.28-:i386-:-:i486-:- (tnx HDG)
+1.00: linux-2.1.28-:i386-:-:pentium-:- (tnx RGS)
+1.00: linux-2.1.29-:i386-:-:i486-:- (tnx SJW)
+1.01: linux-2.1.35-:i386-:-:pentium-:- (tnx JF)
+1.01: linux-2.1.36-:i386-:-:i486-:- (tnx ML)
+1.01: linux-2.1.42-:i386-:-:i486-:- (tnx wtanaka=???)
+1.01: linux-2.1.46-:i386-:-:pentium-:- (tnx VR)
+1.01: linux-2.1.51-:i386-:-:pentium-:- (tnx KO)
+1.01: linux-2.1.61-:i386-:-:i486-:- (tnx RO)
+1.01: linux-2.1.65-:i386-:-:i486-:- (tnx F2T)
+1.01: linux-2.1.71-:i386-:-:ppro-:- (tnx MJG)
+1.01: linux-2.1.78-:i386-:-:pentium-:- (tnx AS)
+1.01: linux-2.1.82-:i386-:-:pentium-:- (tnx AY)
+1.01: linux-2.1.85-:i386-:-:pentium-:- (tnx PJH)
+1.00: machten-4-0.4-:-:-:powerpc-:- (tnx RAM)
+1.01: netbsd-1.1-:i386-:-:pentium.(genuineintel.586-class.cpu)-:- (tnx GL)
+1.01: netbsd-1.2-:hp300-:-:-:- (tnx ML)
+1.01: netbsd-1.2-:i386-:-:i486dx.(genuineintel.486-class.cpu)-:- (tnx T2K)
+0.96: netbsd-1.2-:i386-:-:pentium.(genuineintel.586-class.cpu)-:- (tnx GH)
+1.01: netbsd-1.2.1-:mac68k-:-:apple.macintosh.se/30..(68030)-:- (tnx HM)
+1.01: netbsd-1.2.1-:sparc-:-:fmi,mb86904.@.110.mhz,.on-chip.fpu-:- (tnx ZU)
+0.96: netbsd-1.2c-:pmax-:-:-:- (tnx JLW)
+1.01: netbsd-1.3-:hp300-:-:hp.9000/433.(33mhz.mc68040.cpu+mmu+fpu,.4k.on-chip.physical.i/d.caches)-:- (tnx TB)
+1.01: netbsd-1.3.1-:sun3-:-:sun.3/60-:- (tnx MBS)
+1.01: netbsd-1.3_alpha-:i386-:-:intel.pentium.(p54c).(586-class)-:- (tnx GL)
+1.01: nextstep-3.1-:mc680x0-:-:68040-:- (tnx JRY)
+1.01: nextstep-3.3-:hppa-:-:7100lc-:-
+1.01: nextstep-3.3-:i386-:-:pentium-:- (tnx HM)
+1.01: nextstep-3.3-:mc680x0-:-:68040-:- (tnx WEB)
+1.01: nextstep-4.1-:mc680x0-:-:68040-:- (tnx FN)
+1.00: openbsd-2.0-hoth#0-:openbsd.i386-:-:i386-:- (tnx MBS)
+1.00: openbsd-2.0-mr_potatoe_head#2-:openbsd.i386-:-:i386-:- (tnx JJMK)
+0.96: openbsd-2.0-puma#1-:openbsd.m68k-:-:mac68k-:- (tnx AKB)
+1.01: openbsd-2.1-asgard#1-:openbsd.i386-:-:i386-:- (tnx ETT)
+1.01: openbsd-2.1-generic#71-:openbsd.sparc-:-:sparc-:- (tnx MMM2)
+1.01: openbsd-2.1-katana#2-:openbsd.i386-:-:i386-:- (tnx CHR)
+1.01: openbsd-2.1-puma#0-:openbsd.m68k-:-:mac68k-:- (tnx AKB)
+1.01: openbsd-2.2-ele#2-:openbsd.i386-:-:i386-:- (tnx RC)
+1.01: openbsd-2.2-generic#424-:openbsd.i386-:-:i386-:- (tnx ETT)
+1.01: osf1-v2.0-240-:-:-:alpha-:- (tnx JF)
+1.00: osf1-v3.2-148-:-:-:alpha-:- (tnx DL)
+1.01: osf1-v3.2-148-:-:-:alpha-:- (tnx RSK)
+1.01: osf1-v3.2-41-:-:-:alpha-:- (tnx MSD)
+1.01: osf1-v3.2-mp-4.2-:-:-:alpha-:- (tnx MSD)
+1.01: osf1-v4.0-386-:-:-:alpha-:- (tnx TEE)
+1.01: osf1-v4.0-464-:-:-:alpha-:- (tnx AWB)
+1.01: osf1-v4.0-564-:-:-:alpha-:- (tnx A2P)
+1.01: osf1-v4.0-564.32-:-:-:alpha-:- (tnx TLF)
+1.01: osf1-v4.0-878-:-:-:alpha-:- (tnx BJM)
+1.01: sco_sv-3.2-2-:-:-:i386-:- (tnx PW)
+1.01: sinix-l-5.41-d0005-:-:-:mx300i-:- (tnx IH)
+1.01: sunos-4.1.1-1-:mc68020-:sun3-:sun3-:sun3- (tnx JWB)
+1.01: sunos-4.1.1-1-:mc68020-:sun3-:sun3x-:sun3x- (tnx TT)
+1.01: sunos-4.1.3-jl-2-:sparc-:sun4-:sun4c-:sun4c- (tnx T2K)
+1.01: sunos-4.1.3_u1-1-:sparc-:sun4-:sun4c-:sun4c- (tnx MBS)
+1.01: sunos-4.1.3_u1-1-:sparc-:sun4-:sun4m-:sun4m- (tnx RSK)
+1.01: sunos-4.1.3_u1-10-:sparc-:sun4-:sun4m-:sun4m- (tnx aoki=???)
+1.00: sunos-4.1.3_u1-4-:unknown-:sun4-:sun4m-:sun4m- (tnx J2B)
+1.01: sunos-4.1.3_u1-6-:sparc-:sun4-:sun4m-:sun4m- (tnx RD)
+1.01: sunos-4.1.4-1-:unknown-:sun4-:sun4m-:sun4m- (tnx M3S)
+1.01: sunos-4.1.4-2-:sparc-:sun4-:sun4m-:sun4m-
+1.01: sunos-5.3-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx JDJ)
+1.01: sunos-5.4-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx jimo=???)
+0.96: sunos-5.4-generic_101945-10-:sparc-:sun4-:sun4m-:sun4m- (tnx W2K)
+1.00: sunos-5.4-generic_101945-34-:sparc-:sun4-:sun4m-:sun4m- (tnx ACB)
+0.96: sunos-5.4-generic_101946-35-:i386-:i86pc-:i86pc-:i86pc- (tnx CK)
+1.01: sunos-5.5-generic-:i386-:i86pc-:i86pc-:i86pc- (tnx seong=???)
+1.01: sunos-5.5-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx SPM)
+1.01: sunos-5.5-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx RDM)
+1.01: sunos-5.5-generic-:sparc-:sun4-:sun4u-:sun4u- (tnx YC)
+1.01: sunos-5.5-generic_103093-02-:sparc-:sun4-:sun4m-:sun4m- (tnx RF)
+0.96: sunos-5.5-generic_103093-03-:sparc-:sun4-:sun4m-:sun4m- (tnx RDM)
+1.01: sunos-5.5-generic_103093-06-:sparc-:sun4-:sun4m-:sun4m- (tnx ERH)
+1.01: sunos-5.5-generic_103093-10-:sparc-:sun4-:sun4d-:sun4d- (tnx KT)
+1.01: sunos-5.5-generic_103094-05-:i386-:i86pc-:i86pc-:i86pc- (tnx M2G)
+1.01: sunos-5.5.1-generic-:i386-:i86pc-:i86pc-:i86pc- (tnx cro=???)
+1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx CG)
+1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx MBS)
+1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4u-:sun4u-
+0.96: sunos-5.5.1-generic_103640-02-:sparc-:sun4-:sun4m-:sun4m- (tnx SGC)
+1.00: sunos-5.5.1-generic_103640-03-:sparc-:sun4-:sun4u-:sun4u- (tnx EG)
+1.00: sunos-5.5.1-generic_103640-05-:sparc-:sun4-:sun4m-:sun4m- (tnx L2L)
+1.01: sunos-5.5.1-generic_103640-05-:sparc-:sun4-:sun4u-:sun4u- (tnx KY)
+1.01: sunos-5.5.1-generic_103640-06-:sparc-:sun4-:sun4u-:sun4u- (tnx RA)
+1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4c-:sun4c- (tnx RA)
+1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4d-:sun4d- (tnx MS)
+1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4m-:sun4m- (tnx S2P)
+1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4u-:sun4u- (tnx CM)
+1.01: sunos-5.5.1-generic_103640-12-:sparc-:sun4-:sun4m-:sun4m- (tnx IK)
+1.01: sunos-5.5.1-generic_103640-18-:sparc-:sun4-:sun4u-:sun4u- (tnx PMH)
+1.01: sunos-5.5.1-generic_103641-08-:i386-:i86pc-:i86pc-:i86pc- (tnx TL)
+1.01: sunos-5.5.1-generic_103641-12-:i386-:i86pc-:i86pc-:i86pc- (tnx JS)
+1.01: sunos-5.5.1-generic_105428-01-:sparc-:sun4-:sun4u-:sun4u- (tnx BCM)
+0.96: sunos-5.5.1-generic_patch-:i386-:i86pc-:i86pc-:i86pc- (tnx D2K)
+1.01: sunos-5.6-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx DS)
+1.01: sunos-5.6-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx BDM)
+1.01: sunos-5.6-generic-:sparc-:sun4-:sun4u-:sun4u- (tnx RPS)
+1.01: sunos-5.6-generic_105182-01-:i386-:i86pc-:i86pc-:i86pc- (tnx JFK)
+1.01: sunos-5.6-generic_105182-04-:i386-:i86pc-:i86pc-:i86pc- (tnx YC)
+0.96: ultrix-4.3-1-:pmax-:-:risc-:- (tnx YF)
+1.01: ultrix-4.4-0-:-:-:risc-:- (tnx RSK)
+1.01: unix_sv-4.2mp-2.1.2-:i386-:-:i386-:- (tnx J2W)
diff --git a/doc/Qmail/REMOVE.binmail b/doc/Qmail/REMOVE.binmail
new file mode 100644
index 0000000..9532ac9
--- /dev/null
+++ b/doc/Qmail/REMOVE.binmail
@@ -0,0 +1,16 @@
+Here's how to remove binmail from your system. Don't do this if you have
+configured qmail to use binmail for local delivery.
+
+
+1. Find the binmail binary on your system: /usr/libexec/mail.local if
+ that exists, otherwise /bin/mail.
+
+2. Remove permissions from the binmail binary:
+ # chmod 0 /usr/libexec/mail.local
+
+3. If the binmail binary was /bin/mail, make sure that ``mail'' still
+ invokes a usable mailer. Under SVR4 you may want to link mail to
+ mailx.
+
+4. Comment out the comsat line in /etc/inetd.conf, and kill -HUP your
+ inetd.
diff --git a/doc/Qmail/REMOVE.sendmail b/doc/Qmail/REMOVE.sendmail
new file mode 100644
index 0000000..5be6e78
--- /dev/null
+++ b/doc/Qmail/REMOVE.sendmail
@@ -0,0 +1,28 @@
+Here's how to remove sendmail from your system.
+
+1. Find sendmail in your boot scripts. It's usually in either /etc/rc or
+ /etc/init.d/sendmail. It looks like
+ sendmail -bd -q15m
+ -q15m means that it should run the queue every 15 minutes; you may
+ see a different number. Comment out this line.
+
+2. Kill the sendmail daemon. You should first kill -STOP the daemon; if
+ any children are running, you should kill -CONT, wait, kill -STOP
+ again, and repeat ad nauseam. If there aren't any children, kill
+ -TERM and then kill -CONT.
+
+3. Check whether you have any messages in the sendmail queue,
+ /var/spool/mqueue. If you do, you will have to try flushing them with
+ sendmail.bak -q. If necessary, wait a while and run sendmail.bak -q
+ again. Repeat until the queue is empty. This may take several days.
+
+4. Remove the setuid bit on the sendmail binary, to prevent local users
+ from gaining extra privileges through sendmail's security holes. The
+ binary may be at several different locations:
+ # chmod 0 /usr/lib/sendmail
+ # chmod 0 /usr/sbin/sendmail
+ # chmod 0 /usr/lib/sendmail.mx
+
+5. Move the sendmail binary out of the way:
+ # mv /usr/lib/sendmail /usr/lib/sendmail.bak
+ # mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
diff --git a/doc/Qmail/SYSDEPS b/doc/Qmail/SYSDEPS
new file mode 100644
index 0000000..0bb01ec
--- /dev/null
+++ b/doc/Qmail/SYSDEPS
@@ -0,0 +1,17 @@
+VERSION
+systype
+hasshsgr.h
+hasnpbg1.h
+select.h
+hasflock.h
+hassalen.h
+fork.h
+hassgact.h
+direntry.h
+hassgprm.h
+haswaitp.h
+hasmkffo.h
+uint32.h
+dns.lib
+socket.lib
+syslog.lib
diff --git a/doc/Qmail/TEST.deliver b/doc/Qmail/TEST.deliver
new file mode 100644
index 0000000..4fc4c32
--- /dev/null
+++ b/doc/Qmail/TEST.deliver
@@ -0,0 +1,82 @@
+You can do several tests of qmail delivery without setting up qmail to
+accept messages through SMTP or through /usr/lib/sendmail:
+
+1. After you start qmail, look for a
+ qmail: status: local 0/10 remote 0/20
+ line in syslog. qmail-send always prints either ``cannot start'' or
+ ``status''. (The big number is a splogger timestamp.)
+
+2. Do a ps and look for the qmail daemons. There should be four of
+ them, all idle: qmail-send, running as qmails; qmail-lspawn, running
+ as root; qmail-rspawn, running as qmailr; and qmail-clean, running
+ as qmailq. You will also see splogger, running as qmaill.
+
+3. Local-local test: Send yourself an empty message. (Replace ``me''
+ with your username. Make sure to include the ``to:'' colon.)
+ % echo to: me | /var/qmail/bin/qmail-inject
+ The message will show up immediately in your mailbox, and syslog
+ will show something like this:
+ qmail: new msg 53
+ qmail: info msg 53: bytes 246 from <me@domain> qp 20345 uid 666
+ qmail: starting delivery 1: msg 53 to local me@domain
+ qmail: status: local 1/10 remote 0/20
+ qmail: delivery 1: success: did_1+0+0/
+ qmail: status: local 0/10 remote 0/20
+ qmail: end msg 53
+ (53 is an inode number; 20345 is a process ID; your numbers will
+ probably be different.)
+
+4. Local-error test: Send a message to a nonexistent local address.
+ % echo to: nonexistent | /var/qmail/bin/qmail-inject
+ qmail: new msg 53
+ qmail: info msg 53: bytes 246 from <me@domain> qp 20351 uid 666
+ qmail: starting delivery 2: msg 53 to local nonexistent@domain
+ qmail: status: local 1/10 remote 0/20
+ qmail: delivery 2: failure: No_such_address.__#5.1.1_/
+ qmail: status: local 0/10 remote 0/20
+ qmail: bounce msg 53 qp 20357
+ qmail: end msg 53
+ qmail: new msg 54
+ qmail: info msg 54: bytes 743 from <> qp 20357 uid 666
+ qmail: starting delivery 3: msg 54 to local me@domain
+ qmail: status: local 1/10 remote 0/20
+ qmail: delivery 3: success: did_1+0+0/
+ qmail: status: local 0/10 remote 0/20
+ qmail: end msg 54
+ You will now have a bounce message in your mailbox.
+
+5. Local-remote test: Send an empty message to your account on another
+ machine.
+ % echo to: me@wherever | /var/qmail/bin/qmail-inject
+ qmail: new msg 53
+ qmail: info msg 53: bytes 246 from <me@domain> qp 20372 uid 666
+ qmail: starting delivery 4: msg 53 to remote me@wherever
+ qmail: status: local 0/10 remote 1/20
+ qmail: delivery 4: success: 1.2.3.4_accepted_message./...
+ qmail: status: local 0/10 remote 0/20
+ qmail: end msg 53
+ There will be a pause between ``starting delivery'' and ``success'';
+ SMTP is slow. Check that the message is in your mailbox on the other
+ machine.
+
+6. Local-postmaster test: Send mail to postmaster, any capitalization.
+ % echo to: POSTmaster | /var/qmail/bin/qmail-inject
+ Look for the message in the alias mailbox, normally ~alias/Mailbox.
+
+7. Double-bounce test: Send a message with a completely bad envelope.
+ % /var/qmail/bin/qmail-inject -f nonexistent
+ To: unknownuser
+ Subject: testing
+
+ This is a test. This is only a test.
+ %
+ (Use end-of-file, not dot, to end the message.) Look for the double
+ bounce in the alias mailbox.
+
+8. Group membership test:
+ % cat > ~me/.qmail-groups
+ |groups >> MYGROUPS; exit 0
+ % /var/qmail/bin/qmail-inject me-groups < /dev/null
+ % cat ~me/MYGROUPS
+ MYGROUPS will show your normal gid and nothing else. (Under Solaris,
+ make sure to use /usr/ucb/groups; /usr/bin/groups is broken.)
diff --git a/doc/Qmail/TEST.receive b/doc/Qmail/TEST.receive
new file mode 100644
index 0000000..7644845
--- /dev/null
+++ b/doc/Qmail/TEST.receive
@@ -0,0 +1,41 @@
+You can do several tests of messages entering the qmail system:
+
+1. SMTP server test: Forge some mail locally via SMTP. Replace ``me''
+ with your username and ``domain'' with your host's name.
+ % telnet 127.0.0.1 25
+ Trying 127.0.0.1...
+ Connected to 127.0.0.1.
+ Escape character is '^]'.
+ 220 domain ESMTP
+ helo dude
+ 250 domain
+ mail <me@domain>
+ 250 ok
+ rcpt <me@domain>
+ 250 ok
+ data
+ 354 go ahead
+ Subject: testing
+
+ This is a test.
+ .
+ 250 ok 812345679 qp 12345
+ quit
+ 221 domain
+ Connection closed by foreign host.
+ %
+ Look for the message in your mailbox. (Note for programmers: Most
+ SMTP servers need more text after MAIL and RCPT. See RFC 821.)
+
+2. Remote-local test: Send yourself some mail from another machine.
+ Look for the message in your mailbox.
+
+3. Remote-error test: Send some mail from another machine to
+ nonexistent@domain. Look for a bounce message in the remote mailbox.
+
+4. UA test: Try sending mail, first to a local account, then to a
+ remote account, with your normal user agent.
+
+5. Remote-postmaster test: Send mail from another machine to
+ PoStMaStEr@domain. Look for the message in the alias mailbox,
+ normally ~alias/Mailbox.
diff --git a/doc/Qmail/THANKS b/doc/Qmail/THANKS
new file mode 100644
index 0000000..b1ad88e
--- /dev/null
+++ b/doc/Qmail/THANKS
@@ -0,0 +1,337 @@
+Thanks to lots of people for success and failure reports, code, ideas,
+and documentation. See CHANGES for details of specific contributions.
+Sorry if I left anyone out.
+
+A2B = Are Bryne
+A2L = Ali Lomonaco
+A2P = Andrea Paolini
+AAF = Adam A. Frey
+AB = Alan Briggs
+ABC = Alan B. Clegg
+AC = Arne Coucheron
+ACB = Andy C. Brandt
+AF = Andreas Faerber
+AG = Armin Gruner
+AGB = Andre Grosse Bley
+AH = Amos Hayes
+AI = Akihiro Iijima
+AJ = Alan Jaffray
+AJK = Antti-Juhani Kaijanaho
+AKB = Allen K. Briggs
+AL = Andreas Lamprecht
+ALB = Allan L. Bazinet
+ANR = Adriano Nagelschmidt Rodrigues
+AP = Andrew Pam
+AS = Akos Szalkai
+AV = Alex Vostrikov
+AWB = Andy W. Barclay
+AY = Araki Yasuhiro
+B1F = Bo Fussing
+B2F = Brad Forschinger
+B2H = Buck Huppmann
+B2L = Brent Laminack
+B2W = Bil Wendling
+B3W = Boris Wedl
+BB = Bruce Bodger
+BC = Bob Collie
+BCK = Benjamin C. Kite
+BCM = Bill C. Miller
+BDB = Boris D. Beletsky
+BDM = Byron D. Miller
+BEO = Bruce E. O'Neel
+BET = Bennett E. Todd
+BG = Bert Gijsbers
+BH = Brad Howes
+BJ = Brian Jackson
+BJM = Barry J. Miller
+BL = Brian Litzinger
+BMF = Brian M. Fisk
+BN = Bill Nugent
+BP = Bruce Perens
+BR = Brian J. Reichert
+BS = Bjoern Stabell
+BT = Brad Templeton
+BTW = Brian T. Wightman
+BW = Bill Weinman
+BZ = Blaz Zupan
+C2F = Chuck Foster
+C2H = Christoph Heidermanns
+C2S = Craig Shrimpton
+CEJ = Colin Eric Johnson
+CF = C. Ferree
+CG = Chris Garrigues
+CH = Chael Hall
+CHR = Craig H. Rowland
+CK = Christoph Kaesling
+CL = Carsten Leonhardt
+CLS = Christopher L. Seawood
+CM = Charles Mattair
+CMP = Chase M. Phillips
+CR = Christian Riede
+CS = Cloyce Spradling
+CSH = Clayton S. Haapala
+D1H = Dieter Heidner
+D2H = Dan Hollis
+D2K = Dax Kelson
+D2S = Dan Senie
+D3S = Don Samek
+DA = Dave Arcuri
+DAR = Daniel A. Reish
+DB = David Buscher
+DBK = Douglas B. Kerry
+DC = Dan Cross
+DCC = Daniel C. Cotey
+DE = Daniel Egnor
+DEH = Daniel E. Harris
+DF = Dale Farnsworth
+DG = David Guntner
+DK = Dave Kopper
+DL = Daniel Lawrence
+DM = David Mazieres
+DML = David M. Lew
+DP = Dave Platt
+DS = Dave Sill
+DST = Daniel S. Thibadeau
+DWS = David Wayne Summers
+EC = Evan Champion
+ECG = Eric C. Garrison
+EG = Eivind Gjelseth
+EK = Eric Krohn
+EP = Emanuele Pucciarelli
+ERH = Eric R. Hankins
+ES = Eric Smith
+ESM = Edward S. Marshall
+ET = Eivind Tagseth
+ETT = Emmanuel T. Tardieu
+F2T = Frank Thieme
+FE = Frank Ederveen
+FN = Faried Nawaz
+FPL = Frederik P. Lindberg
+FT = Frank Tegtmeyer
+FW = Frank Wagner
+G1A = Graham Adams
+G2A = Greg Andrews
+GAW = Greg A. Woods
+GB = Glenn Barry
+GH = Gene Hightower
+GL = Giles Lean
+GLM = Grant L. Miller
+H2S = Harley Silver
+HCJ = Helio Coelho Jr.
+HDG = Hans de Graaff
+HG = Howard Goldstein
+HHO = Harald Hanche-Olsen
+HJB = Herbert J. Bernstein
+HM = Hirokazu Morikawa
+HS = Harlan Stenn
+HT = Henry Timmerman
+HW = Hal Wine
+HWM = Henry W. Miller
+IH = Ingmar Hupp
+IK = Ivan Kohler
+IKW = Ian Keith Wynne
+IS = Icarus Sparry
+IW = Ian Westcott
+J1B = John Banghart
+J1K = Jost Krieger
+J2B = Jos Backus
+J2K = Johannes Kroeger
+J2M = Joel Maslak
+J2P = John Parker
+J2W = Jim Whitby
+JAB = Jeremy A. Bussard
+JAK = Johan A. Kullstam
+JB = Joshua Buysse
+JBB = Jason B. Brown
+JBF = John B. Fleming
+JC = Jim Clausing
+JCD = Jeffrey C. Dege
+JD = Joe Doupnik
+JDHB = Johannes D. H. Beekhuizen
+JDJ = Joshua D. Juran
+JF = Janos Farkas
+JFK = James F. Kane III
+JGM = John G. Myers
+JJB = J. J. Bailey
+JJMK = Jonathan J. M. Katz
+JJR = Jaron J. Rubenstein
+JK = Jari Kirma
+JL = Jim Littlefield
+JLB = Julie L. Baumler
+JLH = Jason L. Haar
+JLW = Jason L. Wright
+JM = Jim Meehan
+JMS = Jason M. Stokes
+JMT = John M. Twilley
+JP = John Palkovic
+JPB = Joe Block
+JPH = Justin P. Hannah
+JPR = Jean-Pierre Radley
+JRL = John R. Levine
+JRM = Jason R. Mastaler
+JRY = Jamie R. Yukes
+JS = Jesper Skriver
+JTB = Jonathan T. Bowie
+JW = John Whittaker
+JWB = James W. Birdsall
+K1J = Kyle Jones
+K2J = Kevin Johnson
+KA = Klaus Aigte
+KB = Keith Burdis
+KE = Kenny Elliott
+KJJ = Kevin J. Johnson
+KJS = Kevin J. Sawyer
+KMD = Kevin M. Dulzo
+KO = Keith Owens
+KR = Kenji Rikitake
+KT = Karsten Thygesen
+KUT = Kai Uwe Tempel
+KY = Kentaro Yoshitomi
+L2L = Louis Larry
+L3L = Luis Lopes
+LB = Laurentiu Badea
+LL = lilo
+LW = Lionel Widdifield
+M2C = Mark Crimmins
+M2G = Michael R. Gile
+M2H = Martin Hager
+M2L = M. Lyons
+M2R = Mark Riekenberg
+M2S = Mikael Suokas
+M3H = Michael Holzt
+M3L = Michael Lazarou
+M3S = Morten Skjelland
+M4S = Michael Shields
+MB = Martin Budsj?
+MBS = Michael B. Scher
+MC = Michael Cooley
+MD = Mark Delany
+MDI = Miguel de Icaza
+ME = Marc Ewing
+MEE = Mads E. Eilertsen
+MF = Massimo Fusaro
+MG = Michael Graff
+MGM = Mitchell G. Morris
+MH = Markus Hofmann
+MJD = Mark-Jason Dominus
+MJG = Manuel J. Galan
+ML = Martin Lucina
+MLH = May Liss Haarstad
+MM = Martin Mersberger
+MMM = Momchil M. Momchev
+MMM2 = Marc M. Martinez
+MP = Matt Paduano
+MR = Mosfeq Rashid
+MRG = Matthew R. Green
+MS = Mark Spears
+MSD = Mandell S. Degerness
+MSS = Matthew S. Soffen
+MT = Mark Thompson
+MW = Mate Wierdl
+MWE = Mark W. Eichin
+NA = Norm Aleks
+NAA = Nicholas A. Amato
+NH = Nick Holloway
+NND = N. Dudorov
+NR = Norbert Roeding
+NW = Nicholas Waples
+OK = Oezguer Kesim
+OR = Ollivier Robert
+OS = Oliver Seiler
+PB = Peter Bowyer
+PCO = Peter C. Olsen
+PGF = Paul Fox
+PGR = Phil G. Rorex
+PH = Paul Harrington
+PJG = Paul Graham
+PJH = Peter J. Hunter
+PK = Petri Kaukasoina
+PMH = Peter M. Haworth
+PO = Paul Overell
+PS = Paul Svensson
+PT = Paul Taylor
+PTW = P. T. Withington
+PW = Peter Wilkinson
+R2N = Rivo Nurges
+RA = Russ Allbery
+RAB = Randolph Allen Bentson
+RAM = Robin A. McCollum
+RB = Robert Bridgham
+RC = Ryan Crum
+RD = Rahul Dhesi
+RDM = Raul D. Miller
+REB = Ronald E. Bickers
+RF = Rainer Fraedrich
+RFH = Robert F. Harrison
+RGS = Richard G. Sharman
+RJC = Robert J. Carter
+RJH = Randy Harmon
+RJO = Richard J. Ohnemus
+RK = Riho Kurg
+RL = Robert Luce
+RM = Rich McClellan
+RN = Russell Nelson
+RO = Roberto Oppedisano
+RPS = Russell P. Sutherland
+RS = Robert Sanders
+RSK = Robert S. Krzaczek
+S1R = Satish Ramachandran
+S2P = Stefan Puscasu
+S2R = Sean Reifschneider
+S2S = Scott Schwartz
+S2T = Steve Taylor
+S3T = Steffen Thorsen
+SA = Satoshi Adachi
+SAE = Stefaan A. Eeckels
+SAS = Steven A. Schrader
+SB = Stephane Bortzmeyer
+SC = Stefan Cars
+SCW = Steven C. Work
+SG = Steven Grimm
+SGC = Stephen G. Comings
+SJ = Sudish Joseph
+SJB = SJ Burns
+SJW = Stephen J. White
+SLB = Steven L. Baur
+SM = Shawn McHorse
+SP = Stephen Parker
+SPM = Salvatore P. Miccicke
+SS = Simon Shapiro
+SSB = Stik Bakken
+ST = Steve Tylock
+SV = Sven Velt
+SVD = Stef Van Dessel
+T2K = Tomoya Konishi
+T2M = Toni Mueller
+T2U = Todd Underwood
+TA = Tetsuo Aoki
+TB = Tobias Brox
+TD = Tom Demmer
+TEE = Thomas E. Erskine
+TG = Tim Goodwin
+TH = Ton Hospel
+TJH = Timothy J. Hunt
+TK = Terry Kennedy
+TL = Timothy Lorenc
+TLF = Timo L. Felbinger
+TLM = Timothy L. Mayo
+TM = Toshinori Maeno
+TN = Thomas Neumann
+TRR = Tracy R. Reed
+TT = Takaki Taniguchi
+TU = Tetsu Ushijima
+TV = Tommi Virtanen
+TVP = Tom van Peer
+UO = Uwe Ohse
+VBM = Vladimir B. Machulsky
+VR = Vincenzo Romano
+VU = Viriya Upatising
+VV = Vince Vielhaber
+W2K = Wolfram Kahl
+WEB = William E. Baxter
+WK = Werner Koch
+WS = Wilbur Sims
+WW = Wei Wu
+YC = Yuji Chikahiro
+YF = Yaroslav Faybishenko
+ZU = Zin Uda
diff --git a/doc/Qmail/THOUGHTS b/doc/Qmail/THOUGHTS
new file mode 100644
index 0000000..d6910da
--- /dev/null
+++ b/doc/Qmail/THOUGHTS
@@ -0,0 +1,418 @@
+Please note that this file is not called ``Internet Mail For Dummies.''
+It _records_ my thoughts on various issues. It does not _explain_ them.
+Paragraphs are not organized except by section. The required background
+varies wildly from one paragraph to the next.
+
+In this file, ``sendmail'' means Allman's creation; ``sendmail-clone''
+means the program in this package.
+
+
+1. Security
+
+There are lots of interesting remote denial-of-service attacks on any
+mail system. A long-term solution is to insist on prepayment for
+unauthorized resource use. The tricky technical problem is to make the
+prepayment enforcement mechanism cheaper than the expected cost of the
+attacks. (For local denial-of-service attacks it's enough to be able to
+figure out which user is responsible.)
+
+qmail-send's log was originally designed for profiling. It subsequently
+sprouted some tracing features. However, there's no way to verify
+securely that a particular message came from a particular local user;
+how do you know the recipient is telling you the truth about the
+contents of the message? With QUEUE_EXTRA it'd be possible to record a
+one-way hash of each outgoing message, but a user who wants to send
+``bad'' mail can avoid qmail entirely.
+
+I originally decided on security grounds not to put qmail advertisements
+into SMTP responses: advertisements often act as version identifiers.
+But this problem went away when I found a stable qmail URL.
+
+As qmail grows in popularity, the mere knowledge that rcpthosts is so
+easily available will deter people from setting up unauthorized MXs.
+(I've never seen an unauthorized MX, but I can imagine that it would be
+rather annoying.) Note that, unlike the bat book checkcompat() kludge,
+rcpthosts doesn't interfere with mailing lists.
+
+qmail-start doesn't bother with tty dissociation. On some old machines
+this means that random people can send tty signals to the qmail daemons.
+That's a security flaw in the job control subsystem, not in qmail.
+
+The resolver library isn't too bloated (before 4.9.4, at least), but it
+uses stdio, which _is_ bloated. Reading /etc/resolv.conf costs lots of
+memory in each qmail-remote process. So it's tempting to incorporate a
+smaller resolver library into qmail. (Bonus: I'd avoid system-specific
+problems with old resolvers.) The problem is that I'd then be writing a
+fundamentally insecure library. I'd no longer be able to blame the BIND
+authors and vendors for the fact that attackers can easily use DNS to
+steal mail. Solution: insist that the resolver run on the same host; the
+kernel can guarantee the security of low-numbered 127.0.0.1 UDP ports.
+
+NFS is the primary enemy of security partitioning under UNIX. Here's the
+story. Sun knew from the start that NFS was completely insecure. It
+tried to hide that fact by disallowing root access over NFS. Intruders
+nevertheless broke into system after system, first obtaining bin access
+and then obtaining root access. Various people thus decided to compound
+Sun's error and build a wall between root and all other users: if all
+system files are owned by root, and if there are no security holes other
+than NFS, someone who breaks in via NFS won't be able to wipe out the
+operating system---he'll merely be able to wipe out all user files. This
+clueless policy means that, for example, all the qmail users have to be
+replaced by root. See what I mean by ``enemy''? ... Basic NFS comments:
+Aside from the cryptographic problem of having hosts communicate
+securely, it's obvious that there's an administrative problem of mapping
+client uids to server uids. If a host is secure and under your control,
+you shouldn't have to map anything. If a host is under someone else's
+control, you'll want to map his uids to one local account; it's his
+client's job to decide which of his users get to talk NFS in the first
+place. Sun's original map---root to nobody, everyone else left alone---
+is, as far as I can tell, always wrong.
+
+
+2. Injecting mail locally (qmail-inject, sendmail-clone)
+
+RFC 822 section 3.4.9 prohibits certain visual effects in headers, and
+the 822bis draft prohibits even more. qmail-inject could enforce these
+absurd restrictions, but why waste the time? If you will suffer from
+someone sending you ``flash mail,'' go find a better mail reader.
+
+qmail-inject's ``Cc: recipient list not shown: ;'' successfully stops
+sendmail from adding Apparently-To. Unfortunately, old versions of
+sendmail will append a host name. This wasn't fixed until sendmail 8.7.
+How many years has it been since RFC 822 came out?
+
+sendmail discards duplicate addresses. This has probably resulted in
+more lost and stolen mail over the years than the entire Chicago branch
+of the United States Postal Service. The qmail system delivers messages
+exactly as it's told to do. Along the same lines: qmail-inject is both
+unable and unwilling to support anything like sendmail's (default)
+nometoo option. Of course, a list manager could support nometoo.
+
+There should be a mechanism in qmail-inject that does for envelope
+recipients what Return-Path does for the envelope sender. Then
+qmail-inject -n could print the recipients.
+
+Should qmail-inject bounce messages with no recipients? Should there be
+an option for this? If it stays as is (accept the message), qmail-inject
+could at least avoid invoking qmail-queue.
+
+It is possible to extract non-unique Message-IDs out of qmail-inject.
+Here's how: stop qmail-inject before it gets to the third line of
+main(), then wait until the pids wrap around, then restart qmail-inject
+and blast the message through, then start another qmail-inject with the
+same pid in the same second. I'm not sure how to fix this without
+system-supplied sequence numbers. (Of course, the user could just type
+in his own non-unique Message-IDs.)
+
+The bat book says: ``Rules that hide hosts in a domain should be applied
+only to sender addresses.'' Recipient masquerading works fine with
+qmail. None of sendmail's pitfalls apply, basically because qmail has a
+straight paper path.
+
+I predicted that I would receive some pressure to make up for the
+failings of MUA writers who don't understand the concept of reliability.
+(``Like, duh, you mean I'm supposed to check the sendmail exit code?'')
+I was right.
+
+
+3. Receiving mail from the network (tcp-env, qmail-smtpd)
+
+qmail-smtpd doesn't allow privacy-invading commands like VRFY and EXPN.
+If you really want to publish such information, use a mechanism that
+legitimate users actually know about, such as fingerd or httpd.
+
+RFC 1123 says that VRFY and EXPN are important to track down cross-host
+mailing list loops. With Delivered-To, mailing list loops do no damage,
+_and_ one of the list administrators gets a bounce message that shows
+exactly how the loop occurred. Solve the problem, not the symptom.
+
+Should dns.c make special allowances for 127.0.0.1/localhost?
+
+badmailfrom (like 8BITMIME) is a waste of code space.
+
+In theory a MAIL or RCPT argument can contain unquoted LFs. In practice
+there are a huge number of clients that terminate commands with just LF,
+even if they use CR properly inside DATA.
+
+
+4. Adding messages to the queue (qmail-queue)
+
+Should qmail-queue try to make sure enough disk space is free in
+advance? When qmail-queue is invoked by qmail-local or (with ESMTP)
+qmail-smtpd or qmail-qmtpd or qmail-qmqpd, it could be told a size in
+advance. I wish UNIX had an atomic allocate-disk-space routine...
+
+The qmail.h interface (reflecting the qmail-queue interface, which in
+turn reflects the current queue file structure) is constitutionally
+incapable of handling an address that contains a 0 byte. I can't imagine
+that this will be a problem.
+
+Should qmail-queue not bother queueing a message with no recipients?
+
+
+5. Handling queued mail (qmail-send, qmail-clean)
+
+The queue directory must be local. Mounting it over NFS is extremely
+dangerous---not that this stops people from running sendmail that way!
+Diskless hosts should use mini-qmail instead.
+
+Queue reliability demands that single-byte writes be atomic. This is
+true for a fixed-block filesystem such as UFS, and for a logging
+filesystem such as LFS.
+
+qmail-send uses 8 bytes of memory per queued message. Double that for
+reallocation. (Fix: use a small forest of heaps; i.e., keep several
+prioqs.) Double again for buddy malloc()s. (Fix: be clever about the
+heap sizes.) 32 bytes is worrisome, but not devastating. Even on my
+disk-heavy memory-light machine, I'd run out of inodes long before
+running out of memory.
+
+Some mail systems organize the queue by host. This is pointless as a
+means of splitting up the queue directory. The real issue is what to do
+when you suddenly find out that a host is up. For local SLIP/PPP links
+you know in advance which hosts need this treatment, so you can handle
+them with virtualdomains and serialmail.
+
+For the old queue structure I implemented recipient list compression:
+if mail goes out to a giant mailing list, and most of the recipients are
+delivered, make a new, compressed, todo list. But this really isn't
+worth the effort: it saves only a tiny bit of CPU time.
+
+qmail-send doesn't have any notions of precedence, priority, fairness,
+importance, etc. It handles the queue in first-seen-first-served order.
+One could put a lot of work into doing something different, but that
+work would be a waste: given the triggering mechanism and qmail's
+deferral strategy, it is exceedingly rare for the queue to contain more
+than one deliverable message at any given moment.
+
+Exception: Even with all the concurrency tricks, qmail-send can end up
+spending a few minutes on a mailing list with thousands of remote
+entries. A user might send a new message to a remote address in the
+meantime. The simplest way to handle this would be to put big messages
+on a separate channel.
+
+qmail-send will never start a pass for a job that it already has. This
+means that, if one delivery takes longer than the retry interval, the
+next pass will be delayed. I implemented the opposite strategy for the
+old queue structure. Some hassles: mark() had to understand how job
+input was buffered; every new delivery had to check whether the same
+mpos in the same message was already being done.
+
+Some things that qmail-send does synchronously: queueing a bounce
+message; doing a cleanup via qmail-clean; classifying and rewriting all
+the addresses in a new message. As usual, making these asynchronous
+would require some housekeeping, but could speed things up a bit.
+(I'm willing to assume POSIX waitpid() for asynchronous bounces; putting
+an unbounded buffer into wait_pid() for the sake of NeXTSTEP 3 is not
+worthwhile.)
+
+Disk I/O is a bottleneck; UFS is reliable but it isn't fast. A good
+logging filesystem offers much better performance, but logging
+filesystems aren't widely available. Solution: Keep a journal, separate
+from the queue, adequate to rebuild the queue (with at worst some
+duplicate deliveries). Compress the journal. This would dramatically
+reduce total disk I/O.
+
+Bounce aggregation is a dubious feature. Bounce records aren't
+crashproof; there can be a huge delay between a failure and a bounce;
+the resulting bounce format is unnecessarily complicated. I'm tempted to
+scrap the bounce directory and send one bounce for each failing
+recipient, with appropriate modifications in the accompanying text.
+
+qmail-stop implementation: setuid to UID_SEND; kill -TERM -1. Or run
+qmail-start under an external service controller, such as supervise;
+that's why it runs in the foreground.
+
+The readdir() interface hides I/O errors. Lower-level interfaces would
+lead me into a thicket of portability problems. I'm really not sure what
+to do about this. Of course, a hard I/O error means that mail is toast,
+but a soft I/O error shouldn't cause any trouble.
+
+job_open() or pass_dochan() could be paranoid about the same id,channel
+already being open; but, since messdone() is so paranoid, the worst
+possible effect of a bug along these lines would be double delivery.
+
+Mathematical amusement: The optimal retry schedule is essentially,
+though not exactly, independent of the actual distribution of message
+delay times. What really matters is how much cost you assign to retries
+and to particular increases in latency. qmail's current quadratic retry
+schedule says that an hour-long delay in a day-old message is worth the
+same as a ten-minute delay in an hour-old message; this doesn't seem so
+unreasonable.
+
+Insider information: AOL retries their messages every five minutes for
+three days straight. Hmmm.
+
+
+6. Sending mail through the network (qmail-rspawn, qmail-remote)
+
+Are there any hosts, anywhere, whose mailers are bogged down by huge
+messages to multiple recipients at a single host? For typical hosts,
+multiple RCPTs per SMTP aren't an ``efficiency feature''; they're a
+_slowness_ feature. Separate SMTP transactions have much lower latency.
+
+I've heard three complaints about bandwidth use from masochists sending
+messages through a modem through a smarthost to thousands of users---
+without sublists! They can get much better performance with QMQP.
+
+In the opposite direction: It's tempting to remove the @host part of the
+qmail-remote recip argument. Or at least avoid double-dns_cname.
+
+There are lots of reasons that qmail-rspawn should take a more active
+role in qmail-remote's activities. It should call separate programs to
+do (1) MX lookups, (2) SMTP connections, (3) QMTP connections. (But this
+wouldn't be so important if the DNS library didn't burn so much memory.)
+
+I bounce ambiguous MXs. (An ``ambiguous MX'' is a best-preference MX
+record sending me mail for a host that I don't recognize as local.)
+Automatically treating ambiguous MXs as local is incompatible with my
+design decision to keep local delivery working when the network goes
+down. It puts more faith in DNS than DNS deserves. Much better: Have
+your MX records generated automatically from control/locals.
+
+If I successfully connect to an MX host but it temporarily refuses to
+accept the message, I give up and put the message back into the queue.
+But several documents seem to suggest that I should try further MX
+records. What are they thinking? My approach deals properly with downed
+hosts, hosts that are unreachable through a firewall, and load
+balancing; what else do people use multiple MX records for?
+
+Currently qmail-remote sends data in 1024-byte buffers. Perhaps it
+should try to take account of the MTU.
+
+Perhaps qmail-remote should allocate a fixed amount of DNS/connect()
+time across any number of MXs; this idea is due to Mark Delany.
+
+RFC 821 doesn't say what it means by ``text.'' qmail-remote assumes that
+the server's reply text doesn't contain bare LFs.
+
+RFC 821 and RFC 1123 prohibit host names in MAIL FROM and RCPT TO from
+being aliases. qmail-remote, like sendmail, rewrites aliases in RCPT;
+people who don't list aliases in control/locals or sendmail's Cw are
+implicitly relying on this conversion. It is course quite silly for an
+internal DNS detail to have such an effect on mail delivery, but that's
+how the Internet works. On the other hand, the compatibility arguments
+do not apply to MAIL FROM. qmail-remote no longer bothers with CNAME
+lookups for the envelope sender host.
+
+
+7. Delivering mail locally (qmail-lspawn, qmail-local)
+
+qmail-local doesn't support comsat. comsat is a pointless abomination.
+Use qbiff if you want that kind of notification.
+
+The getpwnam() interface hides I/O errors. Solution: qmail-pw2u.
+
+
+8. sendmail V8's new features
+
+sendmail-8.8.0/doc/op/op.me includes a list of big improvements of
+sendmail 8.8.0 over sendmail 5.67. Here's how qmail stacks up against
+each of those improvements. (Of course, qmail has its own improvements,
+but that's not the point of this list.)
+
+Connection caching, MX piggybacking: Nope. (Profile. Don't speculate.)
+
+Response to RCPT command is fast: Yup.
+
+IP addresses show up in Received lines: Yup.
+
+Self domain literal is properly handled: Yup.
+
+Different timeouts for QUIT, RCPT, etc.: No, just a single timeout.
+
+Proper <> handling, route-address pruning: Yes, but not configurable.
+
+ESMTP support: Yup. (Server-side, including PIPELINING.)
+
+8-bit clean: Yup. (Including server-side 8BITMIME support; same as
+sendmail with the 8 option.)
+
+Configurable user database: Yup.
+
+BIND support: Yup.
+
+Keyed files: Yes, in fastforward.
+
+931/1413/Ident/TAP: Yup.
+
+Correct 822 address list parsing: Yup. (Note that sendmail still has
+some major problems with quoting.)
+
+List-owner handling: Yup.
+
+Dynamic header allocation: Yup.
+
+Minimum number of disk blocks: Yes, via tunefs -m. (Or quotas; the right
+setup has qmailq with a small quota, qmails with a larger quota, so that
+qmail-send always has room to work.)
+
+Checkpointing: Yes, but not configurable---qmail always checkpoints.
+
+Error message configuration: Nope.
+
+GECOS matching: Not directly, but easy to hook in.
+
+Hop limit configuration: No. (qmail's limit is 100 hops. qmail offers
+automatic loop protection much more advanced than hop counting.)
+
+MIME error messages: No. (qmail uses QSBMF error messages, which are
+much easier to parse.)
+
+Forward file path: Yes, via /etc/passwd.
+
+Incoming SMTP configuration: Yes, via inetd or tcpserver.
+
+Privacy options: Yes, but they're not options.
+
+Best-MX mangling: Nope. See section 6 for further discussion.
+
+7-bit mangling: Nope. qmail always uses 8 bits.
+
+Support for up to 20 MX records: Yes, and more. qmail has no limits
+other than memory.
+
+Correct quoting of name-and-address headers: Yup.
+
+VRFY and EXPN now different: Nope. qmail always hides this information.
+
+Multi-word classes, deferred macro expansion, separate envelope/header
+$g processing, separate per-mailer envelope and header processing, new
+command line flags, new configuration lines, new mailer flags, new
+macros: These are sendmail-specific; they wouldn't even make sense for
+qmail. For example, _of course_ qmail handles envelopes and headers
+separately; they're almost entirely different objects!
+
+
+9. Miscellany
+
+sendmail-clone and qsmhook are too bletcherous to be documented. (The
+official replacement for qsmhook is preline, together with the
+qmail-command environment variables.)
+
+I've considered making install atomic, but this is very difficult to do
+right, and pointless if it isn't done right.
+
+RN suggests automatically putting together a reasonable set of lines for
+/etc/passwd. I perceive this as getting into the adduser business, which
+is worrisome: I'll be lynched the first time I screw up somebody's
+passwd file. This should be left to OS-specific installation scripts.
+
+The BSD 4.2 inetd didn't allow a username. I think I can safely forget
+about this. (DS notes that the username works under Ultrix even though
+it's undocumented.)
+
+I should clean up the bput/put choices.
+
+Some of the stralloc_0()s indicate that certain lower-level routines
+should grok stralloc.
+
+qmail assumes that all times are positive; that pid_t, time_t and ino_t
+fit into unsigned long; that gid_t fits into int; that the character set
+is ASCII; and that all pointers are interchangeable. Do I care?
+
+The bat book justifies sendmail's insane line-splitting mechanism by
+pointing out that it might be useful for ``a 40-character braille
+print-driving program.'' C'mon, guys, is that your best excuse?
+
+qmail's mascot is a dolphin.
diff --git a/doc/Qmail/TODO.djb b/doc/Qmail/TODO.djb
new file mode 100644
index 0000000..7ce36b2
--- /dev/null
+++ b/doc/Qmail/TODO.djb
@@ -0,0 +1,23 @@
+(??) consider stripping vdoms for VERPs; tnx PJH
+(??) consider ~ in qmail-local for doing defaultdelivery (not recursively)
+(??) consider POP bulletins
+turn qmail-upq into a more serious queue-moving utility
+(--) consider fast-greeting option in qmail-smtpd -- partly done
+(na) build a returnmail package
+
+(++) expand strerr coverage -- done
+(++) redo control interface -- partly done
+(++) allow concurrency over 255 -- done
+(na) allow more channels at compile time -- done
+(na) test for linux fifo close bug at compile time
+
+(??) eliminate qsmhook -- done
+(??) finish OTBS conversion
+(na) use mess822 in qmail-inject
+(na) use mess822 in qreceipt
+(na) use mess822 in qbiff
+(na) use mess822 in maildirwatch
+(??) eliminate token822, headerbody, hfield
+(+-) replace INTERNALS and THOUGHTS with a real paper describing qmail
+(++) handle IPv6 -- done
+(-?) rewrite everything from scratch
diff --git a/doc/Qmail/TODO.done b/doc/Qmail/TODO.done
new file mode 100644
index 0000000..6892073
--- /dev/null
+++ b/doc/Qmail/TODO.done
@@ -0,0 +1,23 @@
+(??) consider stripping vdoms for VERPs; tnx PJH
+(??) consider ~ in qmail-local for doing defaultdelivery (not recursively)
+(??) consider POP bulletins
+turn qmail-upq into a more serious queue-moving utility -- done (qmail-queuefix)
+(--) consider fast-greeting option in qmail-smtpd -- partly done
+(na) build a returnmail package
+
+(++) expand strerr coverage -- done
+(++) redo control interface -- partly done
+(++) allow concurrency over 255 -- done
+(na) allow more channels at compile time -- done
+(na) test for linux fifo close bug at compile time -- irrelevant
+
+(??) eliminate qsmhook -- done
+(??) finish OTBS conversion
+(na) use mess822 in qmail-inject
+(na) use mess822 in qreceipt
+(na) use mess822 in qbiff
+(na) use mess822 in maildirwatch
+(??) eliminate token822, headerbody, hfield
+(+-) replace INTERNALS and THOUGHTS with a real paper describing qmail -- mostly done
+(++) handle IPv6 -- done
+(-?) rewrite everything from scratch -- what shall I say?
diff --git a/doc/README.clamav b/doc/README.clamav
new file mode 100644
index 0000000..2fdc361
--- /dev/null
+++ b/doc/README.clamav
@@ -0,0 +1,27 @@
+Patch to ClamAV 0.8x/0.9x
+=========================
+
+There is a bug in ClamAV 0.9x not
+to write scanning results to STDERR.
+Instead all logging is done to STDOUT.
+
+This inhibits the logging for qmail-smtpd.
+
+The intended behavior of ClamAV can be
+re-established applying the patch
+
+ clamav-0.90.1_output.patch_
+
+to
+
+ output.c
+
+in ClamAV's source directory
+
+ ./shared.
+
+
+--eh. (14.04.2013)
+
+
+
diff --git a/doc/README.smtpreply b/doc/README.smtpreply
new file mode 100644
index 0000000..84ff016
--- /dev/null
+++ b/doc/README.smtpreply
@@ -0,0 +1,72 @@
+SMTP Reply Codes with s/qmail
+=============================
+
+SMTP allows to reject Sessions based on some technical
+and/or political criteria, which are not well expressed
+in the RFCs (2821, 2554, 2505, 1122).
+
+As protocol mechanism between the client and the server
+are defined as Commands and Replies. SMTP uses a
+three-letter Reply Code. The first digit tells whether
+a command was accepted and completed (2), transaction begin
+(3), or whether there was as transient (4) or permanent failure (5).
+
+In addition, an explanatory description may be given.
+
+RFC 1893 introduces a concept of "Enhanced Mail System
+Status Codes" (EMSSC) which should provide easy parseable
+SMTP server conditions and transaction stati, usually
+at the end of the SMTP reply and included in paranthesis,
+eg. (#5.5.1).
+
+The STMP Reply Codes and the EMSSC are detailed in the
+corresponding RFCs, but don't fit well to each other,
+thus either providing redundant information or almost
+no additional information at all. In short, the EMSSC
+is nowadays almost meaningless.
+
+Here's a breakdown of s/qmail's SMTP Reply Codes,
+informational texts, and the used EMSSC.
+
+Reply Informational text (EMSSC)
+---------------------------------------------------
+
+ 400 proabably greylisted (#4.3.0) [REPLY_GREYLISTED]
+ 421 unable to check recipients (#4.3.0)
+ 421 greylisted (#4.3.0) [REPLY_GREYLISTED]
+ 450 sorry, mailbox currently unavailable (#4.2.1) [1]
+ 450 greylisted (#4.3.0) [REPLY_GREYLISTED]
+ 451 DNS temporary failure (#4.3.0)
+ 452 sorry, too many recipients (#4.5.3)
+ 454 TLS not available due to temporary reason (#5.7.3)
+
+ 501 auth exchange canceled (#5.0.0)
+ 501 malformed auth input (#5.5.4)
+ 503 you're already authenticated (#5.5.0)
+ 503 no auth during mail transaction (#5.5.0)
+ 503 sorry, SMTP Authentication not available (#5.7.3)
+ 503 DATA command not accepted at this time (#5.5.1)
+ 504 auth type unimplemented (#5.5.1)
+ 535 authorization failed (#5.7.1)
+ 535 STARTTLS required (#5.7.1)
+
+ 550 sorry, invalid HELO/EHLO greeting [*] (#5.7.1) [REPLY_HELO]
+ 550 sorry, your envelope recipient is in my badrcptto list [*] (#5.7.1) [REPLY_BADRCPTTO]
+ 550 sorry, mailbox currently unavailable [*] (#4.2.1) [2] [REPLY_MAILBOX]
+
+ 552 sorry, that message size exceeds my databytes limit [*] (#5.3.4) [REPLY_MAXSIZE]
+ 553 sorry, your envelope sender is in my badmailfrom list [*] (#5.7.1) [REPLY_BADMAILFROM]
+ 553 sorry, invalid sender address specified [*] (#5.7.1) [REPLY_SENDERINVALID]
+ 553 sorry, that domain isn't in my list of allowed rcpthosts [*] (#5.7.1) [REPLY_NOGATEWAY]
+ 553 sorry, your envelope sender domain must exist [*] (#5.7.1) [REPLY_SENDEREXIST]
+
+ 554 too many hops, this message is looping (#5.4.6)
+ 554 sorry, invalid message content [*] (#5.3.2) [REPLY_CONTENT]
+
+
+Note:
+
+[1] or [2] depends on setting of environment variable RECIPIENTS550; default [2].
+[*] Additional text can be included here via environment variables provided in paranthesis,
+ eg. REPLY_HELO='see RFC 2821 section 3.6'.
+
diff --git a/doc/TODO b/doc/TODO
new file mode 100644
index 0000000..38def0d
--- /dev/null
+++ b/doc/TODO
@@ -0,0 +1,14 @@
+Some ideas for s/qmail future features
+======================================
+
+Cleanups:
+- srs2.c refactoring.
+- qmail-ldapam.c refactoring and integration. (separate package)
+- maildir++ patch inclusion? (done)
+
+Extensions:
+- QMQ integration.
+- DKIM API. (done)
+- GUUID instead inodes for queue files.
+- SMTP pipelining for delivery.
+- Native IDN2 support.
diff --git a/doc/smtpreplies b/doc/smtpreplies
new file mode 100644
index 0000000..a47adde
--- /dev/null
+++ b/doc/smtpreplies
@@ -0,0 +1,13 @@
+# In this file, you can include customizable SMTP reply messages for qmail-smtpd
+# Call this file in the qmail-smtpd run script (i.e. '. /var/qmail/etc/smtpreplies')
+# such the variables are available in the environment
+#
+export REPLY_GREYLISTED=""
+export REPLY_HELO=""
+export REPLY_BADRCPTTO=""
+export REPLY_MAILBOX=""
+export REPLY_BADMAILFROM=""
+export REPLY_SENDERENV=""
+export REPLY_NOGATEWAY=""
+export REPLY_MAILFROM=""
+export REPLY_CONTENT=""