From 89b7b67a13ebb7965cc7f13ad0595e2194a2d34c Mon Sep 17 00:00:00 2001 From: Jannis Hoffmann Date: Wed, 3 Jul 2024 15:48:04 +0200 Subject: add sqmail-4.2.29a --- doc/BLURB | 251 ++++++++++++++++ doc/CHANGELOG | 196 +++++++++++++ doc/CHANGELOG_V3 | 108 +++++++ doc/CONTRIBUTERS | 31 ++ doc/EXTTODO | 228 +++++++++++++++ doc/LICENSE | 63 +++++ doc/LOGGING | 94 ++++++ doc/Old/PROPOSAL.mav | 124 ++++++++ doc/Old/README.djbdns | 63 +++++ doc/Old/README.mav | 96 +++++++ doc/Old/README.qmq | 73 +++++ doc/Old/README.recipients | 256 +++++++++++++++++ doc/Old/README.wildmat | 100 +++++++ doc/Postgrey.txt | 233 +++++++++++++++ doc/Qmail/BLURB | 222 +++++++++++++++ doc/Qmail/FAQ | 706 ++++++++++++++++++++++++++++++++++++++++++++++ doc/Qmail/INSTALL.alias | 40 +++ doc/Qmail/INSTALL.ctl | 38 +++ doc/Qmail/INSTALL.ids | 72 +++++ doc/Qmail/INSTALL.maildir | 59 ++++ doc/Qmail/INSTALL.mbox | 53 ++++ doc/Qmail/INSTALL.qmail | 84 ++++++ doc/Qmail/INTERNALS | 186 ++++++++++++ doc/Qmail/PIC.local2alias | 37 +++ doc/Qmail/PIC.local2ext | 41 +++ doc/Qmail/PIC.local2local | 40 +++ doc/Qmail/PIC.local2rem | 38 +++ doc/Qmail/PIC.local2virt | 44 +++ doc/Qmail/PIC.nullclient | 38 +++ doc/Qmail/PIC.relaybad | 8 + doc/Qmail/PIC.relaygood | 33 +++ doc/Qmail/PIC.rem2local | 36 +++ doc/Qmail/README | 269 ++++++++++++++++++ doc/Qmail/REMOVE.binmail | 16 ++ doc/Qmail/REMOVE.sendmail | 28 ++ doc/Qmail/SYSDEPS | 17 ++ doc/Qmail/TEST.deliver | 82 ++++++ doc/Qmail/TEST.receive | 41 +++ doc/Qmail/THANKS | 337 ++++++++++++++++++++++ doc/Qmail/THOUGHTS | 418 +++++++++++++++++++++++++++ doc/Qmail/TODO.djb | 23 ++ doc/Qmail/TODO.done | 23 ++ doc/README.clamav | 27 ++ doc/README.smtpreply | 72 +++++ doc/TODO | 14 + doc/smtpreplies | 13 + 46 files changed, 5071 insertions(+) create mode 100644 doc/BLURB create mode 100644 doc/CHANGELOG create mode 100644 doc/CHANGELOG_V3 create mode 100644 doc/CONTRIBUTERS create mode 100644 doc/EXTTODO create mode 100644 doc/LICENSE create mode 100644 doc/LOGGING create mode 100644 doc/Old/PROPOSAL.mav create mode 100644 doc/Old/README.djbdns create mode 100644 doc/Old/README.mav create mode 100644 doc/Old/README.qmq create mode 100644 doc/Old/README.recipients create mode 100644 doc/Old/README.wildmat create mode 100644 doc/Postgrey.txt create mode 100644 doc/Qmail/BLURB create mode 100644 doc/Qmail/FAQ create mode 100644 doc/Qmail/INSTALL.alias create mode 100644 doc/Qmail/INSTALL.ctl create mode 100644 doc/Qmail/INSTALL.ids create mode 100644 doc/Qmail/INSTALL.maildir create mode 100644 doc/Qmail/INSTALL.mbox create mode 100644 doc/Qmail/INSTALL.qmail create mode 100644 doc/Qmail/INTERNALS create mode 100644 doc/Qmail/PIC.local2alias create mode 100644 doc/Qmail/PIC.local2ext create mode 100644 doc/Qmail/PIC.local2local create mode 100644 doc/Qmail/PIC.local2rem create mode 100644 doc/Qmail/PIC.local2virt create mode 100644 doc/Qmail/PIC.nullclient create mode 100644 doc/Qmail/PIC.relaybad create mode 100644 doc/Qmail/PIC.relaygood create mode 100644 doc/Qmail/PIC.rem2local create mode 100644 doc/Qmail/README create mode 100644 doc/Qmail/REMOVE.binmail create mode 100644 doc/Qmail/REMOVE.sendmail create mode 100644 doc/Qmail/SYSDEPS create mode 100644 doc/Qmail/TEST.deliver create mode 100644 doc/Qmail/TEST.receive create mode 100644 doc/Qmail/THANKS create mode 100644 doc/Qmail/THOUGHTS create mode 100644 doc/Qmail/TODO.djb create mode 100644 doc/Qmail/TODO.done create mode 100644 doc/README.clamav create mode 100644 doc/README.smtpreply create mode 100644 doc/TODO create mode 100644 doc/smtpreplies (limited to 'doc') diff --git a/doc/BLURB b/doc/BLURB new file mode 100644 index 0000000..ba7ad5a --- /dev/null +++ b/doc/BLURB @@ -0,0 +1,251 @@ +s/qmail BLURB +============= + +s/sqmail inherits all features of qmail, since it includes its +concept and its code. + +Confidentially: s/qmail adds transmission confidentially by means +of TLS encryption. TLS encryption is provdided by for all protocols +except for QMTP while requiring UCSPI-SSL. + +Privacy: s/qmail does currently not provide email privacy. +The persistance storage (Queue) is unencrypted and shared. +This might be changed in forthcoming releases. + +Authentication: s/sqmail supports user authentication for sending +and receiving mails by means of SMTP(S). QMTP and QMQP however, are +solely host-to-host mail transfer protocols. + +Distribution: s/qmail uses the concept of distributed queues to be +fed either by SMTP or QMTP/QMQP. + +Multi-domain capability: s/qmails allows to set up differently +parametrized transport/distribution pathes based on the domains +under control of the MTA. This concept is close to a multi-tenant +behavior; regarding the domain, not the individual recipient/sender. + + +Authenticated Email Senders +=========================== + +Within s/qmail both + +* qmail-smtpd for receiving emails and +* qmail-remote for sending emails + +support authentication regarding the methods + +- PLAIN, +- LOGIN, and +- CRAM-MD5. + +Additionally, + +* qmail-smtpd accepts authentication based on + +- X.509 client certs. + +* qmail-popup together with +* qmail-pop3d + +provide authentication by means of the methods + +- USER and +- APOP. + +The authentication module + +* qmail-authuser + +replaces the old + +* checkpassword and perhaps +* cmd5checkpw + +programs with much more flexibility. +Given a LDAP infrastucture, + +* qmail-ldapam + +can be used to call the user data from here. + + +Validation receiving Mails +========================== + +Within s/sqmail + +* qmail-smtpd, +* qmail-qmtpd, and +* qmail-qmqpd + +are able to receive email from the Internet. + +While + +* qmail-qmtpd and +* qmail-qmqpd + +use QMTP/QMQP transmitting emails and are currently +only supported by Postfix, Qmail, and s/qmail in a +dedicated environment, + +* qmail-smtpd + +supports both SMTP and ESMTP and is a potential +target for spam, virii, and other unsolicited email. + +Thus + +* qmail-smtpd + +supports greylisting and provides filters for the + +- SMTP envelope information, +- the email content (with different mechanisms) and in + particular to check/validate the existance of a potenial +- email recipient. + +For this purpose, the modules + +* qmail-smtpam, +* qmail-vmailuser, +* ldapam, and +* qmail-authuser together with +* qmail-ldapam + +are available. The RECIPIENTS mechanism supports a +domain dependent validation based on a PAM mechanism +or perhaps a cdb. + +Domain based SPF lookups are provided for + +* qmail-smtpd. + + +Anti-Spam Mechanisms +==================== + +* rblsmtpd (out of the package ucspi-tcp6) + +supports + +- Relay Black Lists (RBL) and +- Greetdelay + +prior of receiving mail by + +* qmail-smtpd. + +In adddition, + +* qmail-smtpd + +provides by means of the + +- QMAILQUEUE hook + +an interface to SpamAssassin and other tools. +A wrapper script is included. + +Further, the well known + +- postgrey + +server can be used by + +* qmail-postgrey + +as an add-on to be called by + +* qmail-smtpd. + + +Anti-Virus Mechanism +==================== + +* qmail-smtpd + +uses + +- MIME and +- LOADER type + +filters to allow an on-the-fly recognition of executable. + +Anti-Virus tools are supported either by + +- QHPSI or by the +- QMAILQUEUE hook. + +A (combined) wrapper script for + +* qmail-queue + +is provided. + + +Bounce Control +============== + +Within s/qmail + +* qmail-send + +is responsible to generated bounces, ie. None Deliverable Reports (NDR). +s/qmail uses qmail's concept to generate the NDRs in the QSMBF (qmail-send +Message Bounce Format) unaltered (http://cr.yp.to/proto/qsbmf.txt). + +To control NDR, s/qmail provides two means: + +* qmail-send + +can be adviced -- while generating a NDR -- to limit it to N bytes. +Effectively this means the orgininal message is truncated and not +completely bounced. + +Upon transmitting bounce messages to third-party MTAs + +* qmail-remote + +can be set-up to use a particular + +- bounce queue (s/qmail instance) + +to take care of this delivery. Thus generic message transmission +is decoupled from bounce processing and does not inflict with it. + + +Logging, Monitoring, and Housekeeping +===================================== + +s/qmail writes log information for + +- qmail-send (qmail-local & qmail-remote/qmail-smtpam) on FD 2 +- qmail-popup (authentication information only) on FD 5 +- qmail-smtpd (see 'LOGGING') on FD 2 + +Either the log information is fed by means of 'splogger' +into the Syslog, or treated by daemontool's 'multilog' +which automatically does the housekeeping and provides +a TAI64N timestamp for each line (event). + +Using 'multilog', the log information can be +picked up by 'qmail-mrtg' and graphically +displayed using 'MRTG' or 'RRDtool'. + +The log information can be analysed using +the 'qmailanalog' facility and for convenience +the program 'tai64nfrac' is included. + +The separate package 'newanalyse' provides +an easy customizable umbrella script for analysis +and long-haule housekeeping together with the +capability to track each incoming and outgoing +mail. + + +E. Hoffmann -- 2021/01/01. + + + diff --git a/doc/CHANGELOG b/doc/CHANGELOG new file mode 100644 index 0000000..e48d1ed --- /dev/null +++ b/doc/CHANGELOG @@ -0,0 +1,196 @@ +s/qmail 4.0 CHANGE log +====================== + +Older changes can be found in CHANGELOG_V3. + +Version Descripition +-------------------- + +4.0.00 Initial version, removed SRS, fixed SPF. +4.0.01 Recovered SRS and added srsforward + srsreverse + as compile option; still depending on librsrs2. + Added man pages for srsforward + srsreverse. + Fixed columnt (buf incorrectly used). +B(2) Changed 'puts' to 'out'; where applicable. + Fixed dnsq call in qmail-smtpd concerning + lookup type "M" -> 'M', "A" -> 'A' (char ). +B(3) Fixed missing timestamp for mails in maildir.c + making qmail-pop3d behaving erratic. + Substituted put -> out almost everywhere. + Fixed wrong 'identity' in Received header ('unknown') + due to misplaced 'if' nesting. + Streamlined qmail-authuser to support APOP auth + even for Unix system accounts (tx Drew). + Fixed wrong CAPA announcement in qmail-popup + (APOP instead of UIDL). +4.0.02 Removed dependency on libsrs2 providing srs2.[c|h] + natively together with sha1[_hmac].[c|h]. + Complete refactoring of sha1 and sha1_hmac. + Included Drew W's enhancements for Dovecot auth + in qmail-authuser. + Fixed bug in IPv4/IPv6 matching for spf_mx. +4.0.03 Enhanced qmail-authuser. + Redone srsforward and srsreverse + man pages. + Fixed qmail-smtpd to cope with new DNS resolver + behaviour (in particular for SPF segfaulting for bounces). + Finally streamlined man pages. +4.0.04 SMTPUT8 is now triggered via environment variable UTF8 for + qmail-smtpd. + Fixed segfaulting qmail-smtpd in case of multiple recipients + in the RCPT TO dialog. + qmail-smtpd exits now if Auth and Auth not announced or PAM missing. +4.0.05 Fixed bug in qmail-remote with wrong CNAME address mangling (tx. Leah). + Removed SMTPUTF8 compiler flags in qmail-remote and qmail-smtpam + which now auto-detect UTF8 encoded addresses. +4.0.06 Fixed qmail-smtpd segfaulting while wrongly evalute 'fakehelo' for SPF. + Added compatibility for other tcpserver/sslserver programs + calling qmail-smtpd and different IPv6 environment variables (4Leah). +4.0.07 Straightend some code in SPF evalution which might prevent it (tx Leah). + Fixed bug returning wrong SPF results in case a TXT but no SPF record is given. + Fixed qmail-remote potentially not binding to IPv4 addresses (tx. MB). + Fixed qmail-authuser insuffient handle of passwords using crypt (tx. MB). +4.0.08 Fix for qmail-vmailuser not respecting vpopmail's home dir (tx. Ueli H.). + Changed qmail-remote to cope better with fehQlibs-15 and IPv4 qualification. + Fixed CVE-2011-0411: Pipelining command injection for qmail-smtpd. + Fixed the Guninski CVE-2005-1513 (in fehQlibs-15): Buffer overflow + if size of mail > 4 GByte. +4.0.09 Reworked fix for CVE-2011-0411 to provide a general solution. (tx. Fabian) + Applied fix to qmail-popup as well. +4.0.10 GCC 10 refactoring (together with fehQlibs-15b). + qmail-remote now recognizes a MX retrieved IP to be itself and skips it. +EOL for 4.0 + +4.1.00 Added TLSA DNS lookup for qmail-remote. +4.1.01 Added qmail-ldapam; needs tweaking and verification still. +4.1.02 Added qmail-postgrey client together with the qmail-smtpd IF (permisssion by jan.mojzis). +4.1.03 Fixed TLSA off-by-one error for qmail-remote. + Removed idedit.c (could be used in later version). + Disabled compilation of qmail-ldapam. (cleanups, beta version). + Added postgrey run script together with adjustments for doc and man. +4.1.04 Included Reiser FS patch; see unlinking problems also with vdeliver (qmail-queue, qmail-local). + Fixed 'incorrect' xtext generation in qmail-remote. + Added qmail-qmaint providing sanity checks on the queue and + allowing removal of messages (based on E. Huss code). + Integrated DANE lookup (exceptions) into tlsdestinations + doc. +4.1.04+ Fixed bug not freeing X509 cert, thus TLSA fails. The X509_digest API is stupid. +4.1.05 Added selector evalution in tlsa_check and re-formulated logic. + Moved header files to ./include directory (and changed conf-cc accordingly). +4.1.06 Compliance with fehQlibs-17 (could solve [20201123#1/4.0.10]). + Fixed bug in smtproutes not authenticating [20210213#1/4.0.10]. + Reformulated qmail-smtpd smtproutes to support setting localip [RfC:20201112#1/4.0.10]. +4.1.07 Fixed bug in qmail-smtpd confusing badmailfrom with badrcptto [20120312#1/4.0.10]. + Adjusted header files to compile on ARM64 (Clang) and with GCC-10 (AMD64). +4.1.08 Removed references to qmail-ldapam in package. + Changed SPF DEFEXP macro using expand for domaiGn rather than 'spf.pobox.com' [20210212#1/4.0.10]. +4.1.09 Fixes for qmail-remote and rewriting the SIZE extension interface (tx. Drew): + a) (Occasional) wrong parsing of multiple X.509 fingerprints in dnstlsa and tls_remote.c + which might qmail-remote advice to reject valid TLSA indicated connections. + b) Wrong SIZE indication (mailfrom, mailfrom_xtext) in SMTP dialogue [20210622#1/4.1.08] (tx. Drew). + c) Wrong SMTPUTF8 indication (mailfrom, mailfrom_xtext) [20210622#2/4.1.08]. + Note: qmail-rspawn API left unchanged wrt vanilla qmail. +4.1.10 Fixed flaw in qmail-remote not producing immediate bounce for server's 5xx reply code. + Fixed bug in qmail-remote introduded in sqmail-4.1.09 evaluating size information for qmtp delivery. +4.1.11 Fixed bug in qmail-vmailuser not evaluating vpopmail's user directories correctly. + Fixed bug in qmail-smtpam segfaulting. Sitting there since 3.0; nobody is using it. + Added 'implicit TLS' support for qmail-remote in control/smtproutes, ./authusers, ./tlsdestinations. + Added 'implicit TLS' support for qmail-smtpam on the command line. +4.1.12 Improved and streamlined qmail-remote TLS errors. + Multiple DNS queries vor TLSA check; first early; second after cert received. + TLSA check working again; stupid OpenSSL doc ;-) +4.1.13 Better RFC 6698 (TLSA) conformance for PKIX-EE (with full X.509 chain given). +4.1.14 TLSA record lookup follows now a CNAME query. Pretty unusual for MX environments. + Removed recognition of 451 SMTP return code as greylisting in qmail-remote logs. +4.1.14a Fixed two integration bugs in 4.1.14 and straightend TLSA lookup and evalution. +4.1.15 Off-by-one error in dnstlsa (cert finterprint too short) and + corrections (and simplifications) to evaluate the TLSA finterprints (tls_remote.c). +4.1.16 Additional corrections for TLSA evaluation with several fingerprints. + TLSA lookup not bound to PTR lookup anymore but just hostname of MX. + qmail-local does not disclose virtual user name extension in 'Delivered-To' field. + Installation routine removes now potential remnants in ./src diretory. + Removed irritating 'greylisting' log info from qmail-remote for certain SMTP reply codes. + qmail-queue fast injection race condition fix from Manvendra included. + qmail-remote evaluates MX distance according to IPv4/IPv6 local bindings. +4.1.17 Fixed OpenSSL's X509_pubkey_digest() function for TLSA. +EOL for 4.1 + + +4.2.00 Taken over qmail-ldapam development from 4.1. +4.2.03 Synced with current s/qmail (4.1.16); enhanced RECIPIENTS mechanmism to read + users/assign.cdb. Note: This breaks old qmail, since the name was just 'cdb' here. + Adjusted qmail-newu to confirm with this decision. +4.2.04 First step integrating libdkim (from Kai Peter's implementation and adjustments + for current OpenSSL and LibreSSL). +4.2.05 libdkim implemented (native C++) als qmail-dkim; added stub qmail-dksign. + Synced with sqmail-4.1.17. New requirement: fehQlibs-20 due to dns_txt.c changes. +4.2.06 Integration tests and documentation for qmail-dksign. +4.2.07 Integration tests successful; except for DKIM over QMTP. Needs changes for qmail-qmtpd. + Included man pages for qmail-dkim.8 and qmail-dksign.8. +4.2.08 Replace 'execve' with 'pathexec' in qmail-rspawn and qmail-dksign. + Fixed permissions on DKIM 'default' files. Preliminary qmail-dkverify.c. + Removed creation of qmail-ldapam; still a useful solution is required (separate package?). + Changed defaults for qmail-dksign to the anticipated ones; verified CRLF prior of signing. + qmail-dkim options work now as expected. Fixed wrong hash functions in dkimsign (tx. Pascal). + DKIM signing working now. +4.2.09 Removed 'Allman' code from DKIM. Adjusted qmail-dksign man page. + First attempt for qmail-dkverify.c. Removed the qmail-ldap dependencies. +4.2.10 Included 'Ed25519' signatures in dkimsign.cpp. Works fine - but untested. + Removed chdir(auto_qmail) dependency from qmail-dkim; universal usage again. + Moved back to include tabs for the DKIM header; double WSP seems not to work well here. + Removed ADSP (Author Domain Signing Practice) from dkverify.cpp (RFC 6541; experimental). +4.2.11 qmail-remote recognizes now Greylisting after HELO with SMTP Reply > 400 (and tries again). + Big reminder: Always use byte arrays in constmap hash tables => tls_destination()++. + Added 'l' (length) flag in dkimdomains for specific customization. + Changed dkimsign's BodyLength calculation; was strange before. +4.2.12 Progress on dkimverify.cpp. +4.2.13 dkimverify.cpp stripped down and working now with socket interface. +4.2.14 Fixed bug in spf_exists return wrong results for DNS lookup (tx. Laurentiu). + First version with working qmail-dkverify. Tests pending. +4.2.15 qmail-dkverify working now; except for Ed25519 signatures. + Replaced socket interface by file interface for reporting results to qmail-dkverify. + Stripped CR from outgoing mails. qmail-dksign ignores input domains for which no privkey exists. +4.2.16 qmail-dkverify considers now d=domain in X-Authentication results. + Removed obsolete 'selector' file in ssl/domainkeys/ and rather + permit now tailored selector names in ssl/domainkeys// to pick up private key. + Ed25519 signing and verification working now. Fixed wrong variable for 'sender' upon call. +4.2.17 Fixed premature close of cdb in fastforward; removed slurpclose.c. + Final trimming and documentation. + qmail-remotes's cafile and cipher handling reworked. +4.2.18 Removed 'selector' as file name for qmail-dksign and used 'default' instead, making it more robust. + Changed erroneous 'domain' to 'sdid' in qmail-dksign (tx. Pascal). Udated man page for qmail-dksign. +4.2.19 Changed back to 4.2.16 behavior of reading the DKIM private key based on selector. + Added new default signing capability for qmail-dksign to consider only 'own' domains, + which are given in rcpthosts. The token '=:' can be used in control/dkimdomains. + Compatibility with LibreSSL 3.7.x and Ed25519 signature operations (tx. Nicolai). + Improved robustness and error message handling for qmail-dksign. +4.2.20 Updated mkdkimkey.sh; no TLSA lookup for bounces. + dkimverify update for message with both RSA and Ed25519 signatures and selection. + Added more verbose logging to qmail-remote in case of unsuccessful delivery. + qmail-rspawn does not read control/dkimdomains but rather stats it -> less FDs. +4.2.21 Fixed wrong DKIM ed25519 indication in DKIM header. DKIM ed25519 key stripped from ASN.1 header + in order to conform with RFC 8463 while prepending that for DKIM verification. + SPF evaluation considers now fehQlibs-22 new CIDR API. +4.2.22 Internal version with first attempt for hybrid DKIM signatures. + Fixed qmail-remote abends in case of contacting RFC (2)821 none-compliant SMTP MTAs. +4.2.23 Fix for qmail-remote handling of none StartTLS MTAs to fallback for unencrypted service. +4.2.23 Hybrid DKIM signatures working now; required changes of qmail-dkim API and qmail-dksign. +4.2.23a Some typos in documentation and spelling mistakes fixed. +4.2.24 Fixed SPF PTR lookup (cleared up weired logic) [202310503#1/4.2.24] and straightened error output line. + Tweaks for DNS behavior in case of missing DNS records and bouncing for qmail-remote. + Added Return Code values in man pages for DNS client programs. +4.2.25 Fixed bug in DKIM validation not considering Pubkey if k= is missing in DNS TXT record => DKIM fail. +4.2.26 Backported fixes for [20230922#1/4.3.01], [20230920#1/4.3.01], and [20230823#1/4.3.00] included. +4.2.27 Fixed qmail-smtpd Auth bug segfaulting if no/wrong arguments [20230931#1/4.2.27] +4.2.27a Misspelled prototype in smtpd.log may lead to confusing auth eror messages [20231003#1/4.2.27a]. +4.2.27b control/domainips adds erroneously a \0 to helohost which violates RFC 2821 [20231004#1/4.2.27b]. +4.2.28 Backported TLSA handling for qmail-remote from s/qmail 4.3. +4.2.29 DKIM sender evaluated in lowercase for signing [20231109#1/4.2.29]; + DKIM header for verification does not depend on position of 'Content' header (missing verification). + Fixed irritating log output in case no DKIM key is found. + DKIM signing now robust against wrong keys and remnant files left in DKIM staging area. + Fixed crash in qmail-smtpd while logging SPF evaluation with un-terminated spfbounce [20231203#1/4.2.29]. + Fixed 'missing' mails for bounces problem in case DKIM signing failed due to missing key [20231119#1/4.2.29]. +EOL for 4.2 +4.2.29a Fix for EHLO X-fields and StartTLS in qmail-remote. + Fix for recipients() and assign.cdb reading. + Fix for qmail-dkverify with incomplete information in email header. + Fix for qmail-dksign reading from inital stage file in case of signing errors. diff --git a/doc/CHANGELOG_V3 b/doc/CHANGELOG_V3 new file mode 100644 index 0000000..4e8b2f9 --- /dev/null +++ b/doc/CHANGELOG_V3 @@ -0,0 +1,108 @@ +Changelog of s/qmail +-------------------- + + +3.0.0 First public release (2015-12-24). +3.0.1 Second public release (2016-01-12). + Fixed [20160108#1/3.0.0] and additional cleanups. +3.0.2 Third public release (2016-02-01). + Fixed [20160131#1/3.0.1] and additional cleanups. + +3.1.4 Minor installation issues. + Enhanced qmail-authuser for virtual users. + 'Pi' release (2016-04-23). +3.1.5 Fixed [20160428#1/3.1.4] strict Auth error. + 'Pi+' release (2016-04-01). +3.1.6 Fixed [20160414#1/3.0.2] hook for more FDs. + 'Pi++' release (2016-05-05). +3.1.7 Fixed [20160522#1/3.1.6] qmail-smtpd abends + with Mail From: <..@[ ..]> addresses including '[]', + in particular double bounces. + Fixed [20160522#2/3.1.6] badmailfrom wrong RC 110. + [20160527#1/3.1.6] OpenBSD installation adjustment. + 'Pi3+' release (2016-06-04). +3.1.8 Fixed [20160615#1/3.1.7] qmail-smtpd does not + return for err_size(). (bug present since Spamcontrol) +3.1.9 Fixed [20160712#1/3.1.8] Bounces are not deleted from queue + if Bouncemaxbytes not set. + Wrong if/else nesting in qmail-send.c (tx. Pascal Nobus). + +3.2.13 Initial release with SPF capabilities. + Fixed OpenBSD fastforward bug [20161001#1] (prototyping). +3.2.14 Added SPF information in qmail-smtpd log. + qmail-mrtg changed to display SPF authorized/failed sessions. + Fixed IP bitstring evalation; SPF redirect is working now. + Fixed userid evaluation in qmail-authuser. + Fixes for OpenBSD installation. + SPF Header is written befor SMTP received header. +3.2.15 Included LibreSSL hook (ucspi-ssl-0.98++ required). + Added Maildir extensions in qmail-local from Tobi. + Fixed SPF qmail-mrtg evaluation. + Fixed man page installation + installation issues for OpenBSD. +3.2.16 Added qmail-vpopbox and qmail-vmailbox PAM for Recipients. +3.2.17 Final release of version 3.2; minor adjustments only. + The scripts have been reworked and integrated into the + package production chain. + This version is expected to work with OpenSSL 1.0/1.1 + LibreSSL + together with ucspi-ssl-0.99. +3.2.18 Fixed bug [20170217#1/3.2.18] wrong order of badmailform evaluation + & DNS MF check within qmail-smtpd. +3.2.19 Fixed bug [20170307#1/3.2.19] wrong nesting in badmailfrom evaluation + in qmail-smtpd. + +3.3.3 Initial release including Andre Oppermann's EXTTODO for qmail-send + (without explicit permission [asked 3x], though BSD licensed). + Fixed bug in package/run script not to include 'defaultdelivery'. +3.3.4 qmail-authuser supports now Dovecot as IdP. + Added PAM qmail-vmailuser (for Recipients extension). +3.3.5 Added SHA1 and SHA256 as hash method for passwords in qmail-authentication. + Fixed bug [20170625#1/3.3.5] wrong IP addresss display in qmail-remote log + if lowest MX is IPv6 and connection is IPv4. +3.3.6 Fixed qmail-remote TLS bug [20170626#1/3.3.6] with missing parms -tx Standa. +3.3.7 Fixed wrong compactification of IPv6 addresses (at least somehow ..). + Added SMTPUTF8 support in qmail-smtpd, qmail-remote, and qmail-smtpam. + Added IDN2 support for qmail-remote. +3.3.8 Finished testing, updated docs. +3.3.9 Added 'socket option' for qmail-authuser (Dovecot). + Added symlinking s/qmail sendmail in package/run script. + Fixed smtplf missing '\r' for header line. +3.3.10 Fixed qmail-authuser for Dovecot -- gossiping. +3.3.11 Fixed flaw in qmail-smtpd (since 3.2.19) for DNSMF lookup (timeout in case of bounces). + Changed defaults for SMTPUTF8/IDN2 installation. +3.3.12 Fixed bug in qmail-remote tlsdestination. One \0 byte too much. +3.3.13 Fixed two small SMTPUTF8 bugs in qmail-remote (tx. M. Mausz) and + a wrong displayed Received header due to a qmail-smtpd bug. +3.3.13a Spelling mistake in Makefile (spfdinsip.o instead spfdnsip.o). +3.3.14 Fixed OpenSSL 1.1.0.f-2 SSL state engine query call (tx. Hans-Christian Jehg). +3.3.15 Fixed wrong character count for tlsdestinations; comparisons don't work. +3.3.16 Reworked OpenSSL renegotiation call within tls_timemout.c. +3.3.17 Maintainence release; use option -O0 for gcc 4.7.2; otherwise qmail-smtpd abends with SPF enabled. +3.3.18 Potential fix for spfdnsip.c as back-port from aQmail (the first one). +3.3.19 Bug in qmail-remote.c's evaluation of 'control/domaincerts' with missing attributes (crash on read). + Strange enough, this bug is not present in qmail-smtpam.c; optimized too much. (tx. J.C. Burley) +3.3.20 Bug in qmail-remote.c & qmail-smtpam.c evalutating tls remote host name + for the |domain in tlsdestinations. (tx. Johannes Weberhofer) +3.3.21 Bug in qmail-smtpam not reading tlsdestinations. (tx. Ueli) +3.3.22 Crash of qmail-remote if domaincerts are populated with '*' as domain. (tx. Oleg) + Error in qmail-smtpd not requiring TLS before Auth. + package/ucspissl updated to support different OpenSSL versions (as given in conf-ucspissl). + +*) backported fixes from s/qmail 3.4 (see below). + +3.4 Major release based on fehQlbis(-13). + Bugs fixed: qmail-remote*: Ciphers in tlsdestinations are not evaluated and used. + Flaw fixed: qmail-smtpd: Wrong copy of authhost to relayhost. + Core changes: Replaced substdio by buffer. New dns stub resolver based on fehQlibs. + Added SW: dnscname - return A/AAAA record for CNAME. +3.4.24 Buffer name conventions straightend. +3.4.26 Flaw fix: qmail-authuser* now chdirs to sqmail home. +3.4.27 More specific return codes (110, 111, 112). Fixed buffer in qmail-remote. dns.c finished. +3.4.28 qmail-authuser now takes full advantage of the POP3 logging scheme; extended for APOP. +3.4.29 Fixed missing QUIT flush in qmail-remote* ;-). Removed by mistake. +3.4.30 First beta. +3.4.31 Second beta: Fixed missing buffer flushes in qmail-smtpd and buffer mangling in qmail-local. + 'hostname' is now installed in $QMAILHOME/bin. +3.4.40 First attempt to include SRS seriously (after 2nd beta). +3.4.41 Fix for qmail-remote: flagallalias (statement missing). + Fix for qmail-smtpd*: Returning SMTP session in case of DNS temp failures (and not pass thru). +3.4.42 Integrated SRS with libsrs2. diff --git a/doc/CONTRIBUTERS b/doc/CONTRIBUTERS new file mode 100644 index 0000000..af07311 --- /dev/null +++ b/doc/CONTRIBUTERS @@ -0,0 +1,31 @@ +Contributers to s/qmail: +----------------------- + +- D.J. Bernstein - the original Qmail 1.03 +- M. Delany - Wildmat patch +- N. Balazas - MFCHECK patch +- C. Johnson - Tarpitting for qmail-smtpd +- S. Gifford - IPME and MOREIPME extension & STARTTLS hook +- W. Harris - SIZE extension +- M. Stumpf - Logging for qmail-smtpd +- C. Cazabon - Null Sender patch +- K. Dabrowski - qmail-smtpd Auth extension +- R. Nelson - Inspired Warlord extension (virusscan patch) & doublebouncetrim +- B. Guenter - Bigtodo + Queue Extra extension +- M. Andree - sendmail extensions +- E. Sjölund - qmail-local fix for .qmail delivery +- F. Denis - Bounce size limitiation +- B. Kalkbrenner - qmail-remote Auth +- A.B. Guzmain - Outgoing IP patch +- W. Harris - parts of TLS implementation for qmail-remote +- K. Fujikawa, F. von Leitner, T. Spier (blazing) - IPv6 extensions +- J. Saout - SPF hook (tx; great solution) +- A. Oppermann - EXTTODO + BIGTODO development (included in his LDAP patch) +- A. Gulbrandsen - some ideas about EAI support have been taken from his patch +- Shevek - libsrs2 framework +- Alt.N - libdkim + + +I would like to thank those authors for their significant +contribution to s/qmail and respect their initial work though +the current code may not directly reflect their input. diff --git a/doc/EXTTODO b/doc/EXTTODO new file mode 100644 index 0000000..991f108 --- /dev/null +++ b/doc/EXTTODO @@ -0,0 +1,228 @@ +EXTTODO by Claudio Jeker and +Andre Oppermann +(c) 1998,1999,2000,2001,2002 Internet Business Solutions Ltd. + +The EXTTODO patch is a part of the qmail-ldap patch. +This patches for qmail come with NO WARRANTY. + +These patches are under the BSD license. + +RELEASE: 5. Jan. 2003 + +EXTTODO: +====================== + +TOC: + WHAT DOES IT DO + INSTALL + CONFIG FILES + SETUP + BIG PICTURE + +NEWS: + + This is the first release of the EXTTODO patch. + +================================================================================ + +WHAT DOES IT DO + + The exttodo patch addresses a problem known as the silly qmail (queue) + problem. This problem is found only on system with high injection rates. + + qmail with a big local and remote concurrency could deliver a tremendous + amount of messages but normally this can not be achieved because qmail-send + becomes a bottleneck on those high volumes servers. + qmail-send preprocesses all new messages before distributing them for local + or remote delivering. In one run qmail-send does one todo run but has the + ability to close multiple jobs. Because of this layout qmail-send can not + feed all the new available (local/remote) delivery slots and therefor it is + not possible to achieve the maximum throughput. + This would be a minor problem if one qmail-send run could be done in extreme + short time but because of many file system calls (fsync and (un)link) a todo + run is expensive and throttles the throughput. + + The exttodo patch tries to solve the problem by moving the todo routine into + an external program. This reduces the run time in qmail-send. + + exttodo adds a new program to qmail called qmail-todo. qmail-todo prepares + incoming messages for local and remote delivering (by creating info/ + local/ and remote/ and removing todo/). See also + INTERNALS. As next qmail-todo transmits the to qmail-send which will + add this message into the priority queue which schedules the message for + delivery. + +INSTALL + + To enable the exttodo patch you need to define EXTERNAL_TODO while compiling + qmail(-ldap) this can be done with the -D flag of cc (e.g. cc -DEXTERNAL_TODO). + + NOTE: the exttodo patch can also be used on qmail systems without the + qmail-ldap patch. + +================================================================================ + +CONFIG FILES + + No additional control files are used or needed. + +================================================================================ + +SETUP + + qmail-todo will be started by qmail-start and therefor no additional setup + is needed. + + To verify that exttodo is running just check if qmail-todo is running. + +================================================================================ + +BIG PICTURE + + +-------+ +-------+ + | clean | | clean | + +--0-1--+ +--0-1--+ +-----------+ + trigger ^ | ^ | +->0,1 lspawn | + | | v | v / +-----------+ + +-------+ v +--2-3--+ +--5-6--+ / + | | | | 0<--7 1,2<-+ + | queue |--+--| todo | | send | + | | | | 1-->8 3,4<-+ + +-------+ +-------+ +---0---+ \ + | \ +-----------+ + v +->0,1 rspwan | + +---0---+ +-----------+ + | logger| + +-------+ + +Communication between qmail-send and qmail-todo + +todo -> send: + D[LRB]\0 + Start delivery for new message with id . + the character L, R or B defines the type + of delivery, local, remote or both respectively. + L\0 + Dump string to the logger without adding additional \n or similar. +send -> todo: + H Got a SIGHUP reread ~/control/locals and ~/control/virtualdomains + X Quit ASAP. + +qmail-todo sends "\0" terminated messages whereas qmail-send just send one +character to qmail-todo. + + +EXTTODO by Claudio Jeker and +Andre Oppermann +(c) 1998,1999,2000,2001,2002 Internet Business Solutions Ltd. + +The EXTTODO patch is a part of the qmail-ldap patch. +This patches for qmail come with NO WARRANTY. + +These patches are under the BSD license. + +RELEASE: 5. Jan. 2003 + +EXTTODO: +====================== + +TOC: + WHAT DOES IT DO + INSTALL + CONFIG FILES + SETUP + BIG PICTURE + +NEWS: + + This is the first release of the EXTTODO patch. + +================================================================================ + +WHAT DOES IT DO + + The exttodo patch addresses a problem known as the silly qmail (queue) + problem. This problem is found only on system with high injection rates. + + qmail with a big local and remote concurrency could deliver a tremendous + amount of messages but normally this can not be achieved because qmail-send + becomes a bottleneck on those high volumes servers. + qmail-send preprocesses all new messages before distributing them for local + or remote delivering. In one run qmail-send does one todo run but has the + ability to close multiple jobs. Because of this layout qmail-send can not + feed all the new available (local/remote) delivery slots and therefor it is + not possible to achieve the maximum throughput. + This would be a minor problem if one qmail-send run could be done in extreme + short time but because of many file system calls (fsync and (un)link) a todo + run is expensive and throttles the throughput. + + The exttodo patch tries to solve the problem by moving the todo routine into + an external program. This reduces the run time in qmail-send. + + exttodo adds a new program to qmail called qmail-todo. qmail-todo prepares + incoming messages for local and remote delivering (by creating info/ + local/ and remote/ and removing todo/). See also + INTERNALS. As next qmail-todo transmits the to qmail-send which will + add this message into the priority queue which schedules the message for + delivery. + +INSTALL + + To enable the exttodo patch you need to define EXTERNAL_TODO while compiling + qmail(-ldap) this can be done with the -D flag of cc (e.g. cc -DEXTERNAL_TODO). + + NOTE: the exttodo patch can also be used on qmail systems without the + qmail-ldap patch. + +================================================================================ + +CONFIG FILES + + No additional control files are used or needed. + +================================================================================ + +SETUP + + qmail-todo will be started by qmail-start and therefor no additional setup + is needed. + + To verify that exttodo is running just check if qmail-todo is running. + +================================================================================ + +BIG PICTURE + + +-------+ +-------+ + | clean | | clean | + +--0-1--+ +--0-1--+ +-----------+ + trigger ^ | ^ | +->0,1 lspawn | + | | v | v / +-----------+ + +-------+ v +--2-3--+ +--5-6--+ / + | | | | 0<--7 1,2<-+ + | queue |--+--| todo | | send | + | | | | 1-->8 3,4<-+ + +-------+ +-------+ +---0---+ \ + | \ +-----------+ + v +->0,1 rspwan | + +---0---+ +-----------+ + | logger| + +-------+ + +Communication between qmail-send and qmail-todo + +todo -> send: + D[LRB]\0 + Start delivery for new message with id . + the character L, R or B defines the type + of delivery, local, remote or both respectively. + L\0 + Dump string to the logger without adding additional \n or similar. +send -> todo: + H Got a SIGHUP reread ~/control/locals and ~/control/virtualdomains + X Quit ASAP. + +qmail-todo sends "\0" terminated messages whereas qmail-send just send one +character to qmail-todo. + + diff --git a/doc/LICENSE b/doc/LICENSE new file mode 100644 index 0000000..12d3dcb --- /dev/null +++ b/doc/LICENSE @@ -0,0 +1,63 @@ +AUTHOR +====== + +Author: + Dr. Erwin Hoffmann - FEHCom Germany +Web-Site: + https://www.fehcom.de/sqmail.html +E-Mail: + feh@fehcom.de + + +LICENSE +======= + +s/qmail is free software placed into the Public Domain. +s/qmail is based on D.J. Bernstein's 'qmail' also put in the Public Domain. + +This includes: + You can download and use s/qmail (and parts of it) as you like. + You can modify the source code without notification to or permission by the author. +Please check: + http://www.cr.yp.to/softwarelaw.html +Note: + s/qmail may use/may depend on third party software with different + license and/or distribution conditions. + + +DEPENDENCIES +============ + +s/qmail depends on the following package: + fehQlibs found on https://www/ipnet/qlibs.html, + ucspi-ssl found on https://www.fehcom.de/ipnet/ucspi-ssl.html. + ucspi-tcp6 (for rblsmtpd and other add-ons) found at https://www.fehcom.de/ipnet/ucspi-tcp6.html. +s/qmail uses: + OpenSSL or LibreSSL routines and requires those for encryption services. + MD5, SHA1, SHA2 routines from the Public Domain or given the included License. + Other parties contributions (Wildmat, SPF, EXTTODO) also available in the Public Domain + or used by permission. + + +Note: +----- + +The author of the program may unsolicitedly change the dependencies. +Thus, it is you obligation to follow and consider any changes! + + +FITNESS +======= + +The Author does not guarantee a specific fitness of s/qmail. +If you use s/qmail, it's on your own risk. + + +DISTRIBUTION +============ + +s/qmail may be included in ports and packages under the following conditions: + + - The files VERSION and BUILD has to be part of the distribution. + - This LICENSE file has to be included in the distribution. + diff --git a/doc/LOGGING b/doc/LOGGING new file mode 100644 index 0000000..6f07dc5 --- /dev/null +++ b/doc/LOGGING @@ -0,0 +1,94 @@ +Logging of SMTP Sessions +======================== + +Normally, qmail-smtpd doesn't log anything. + +Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts. + +Format: "qmail-smtpd: pid PID Action::Type::Condition: Information" + +In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd) +the log line includes now the PID. + +Here's the glue: + + + Action Type Condition Explanation + ----------------------------------------- + + Reject AUTH missing AUTHentication missing + Reject AUTH setup AUTHentication impossible due to missing PAM + Reject AUTH type AUTHentication of 'type' rejected + Reject Auth Method AUTHentication Method rejected + Accept AUTH type AUTHentication of 'type' accepted + + Reject DATA Invalid_Size DATA exceeds sizelimit + Reject DATA Bad_MIME DATA includes BASE 64 MIME type listed in badmimetypes + Reject DATA Bad_Loader DATA includes BASE64 loader type listed in badmimetypes + Reject DATA Virus_Infected DATA includes virus infected message ( | 'AV scanner') + Reject DATA Spam_Message DATA includes an identified Spam message. + + Reject ORIG Bad_Mailfrom ORIG is in badmailfrom + Reject ORIG DNS_MF Domain part of ORIG has no DNS MX RR + Reject ORIG Failed_Auth ORIG tried SMTP Authentication; but failed + Reject ORIG Require_Auth SMTP Authentication required; but not granted + Reject ORIG Invalid_Sender ORIG not allowed to send + Reject ORIG Missing_Auth SMTP Authentication required, but not granted + Reject ORIG SPF ORIG was rejected due to failed SPF permissions + Accept ORIG Local_Sender ORIG was identified as local sender address + Accept ORIG Relay_Mailfrom ORIG was accepted als Relaymailfrom + + Reject RCPT Bad_Rcptto RCPT is in badrcptto + Reject RCPT Toomany_Rcptto Too many RCPTs + Reject RCPT Failed_Rcptto RCPT could not acceptd as per recipients/cdb. + Accept RCPT Recipients_Cdb RCPT was accepted as per recipients/cdb. + Accept RCPT Recipients_Pam RCPT was accepted as per recipients/pam plug-in. + Accept RCPT Recipients_Wild RCPT was accepted as per recipients/wildlisting. + Accept RCPT Rcpthosts_Rcptto RCPT was accepted as per rcpthosts/morercpthosts + + Reject SNDR Bad_Helo SNDR's HELO is in the badhelo + Reject SNDR DNS_HELO SNDR's HELO has no DNS A RR + Reject SNDR Invalid_Relay SNDR's tries relaying; but not allowd + Accept SNDR Relay_Client SNDR was identified as relay client + + Reject TLS missing TLS connection could not be established + Reject TLS required TLS connection could not be established + + Accept SPF Recipients_Cdb ORIG was authorized and RCPT accepted as per recipients/cdb. + Accept SPF Recipients_Pam ORIG was authorized and RCPT accepted as per recipients/pam plug-in. + Accept SPF Recipients_Wild ORIG was authorized and RCPT was accepted as per recipients/wildlisting. + Accept SPF Rcpthosts_Rcptto ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts + + Reject SPF Fail ORIG authorization failed per SPF + + Deferred GREY Grey_Listed SNDR was temporarily greylisted + + Reject DKIM Signature DATA failed DKIM verification + + +SNDR (S) corresponds to the sending MTA. +ORIG (F) is the "MAIL From: ". +RCPT (T) is the "RCPT To: ". +DATA is the Message. +GREY is triple of envelope data: SNDR+ORIG+RCPT. + +Protocol +-------- + SMTP plain SMTP + ESMTP 'enhanced' SMTP + ESMTPA ESMTP + authentication + ESMPTS TLS secured EMSTP + ESMTPSA TLS secured ESMTP + auth + ESMTP[SA]UTF8 ESMTP[SA] with UTF-8 + + + +The Information is typically constructed from the SMTP envelope like: + + S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto + + +This scheme is easy extendable to other successful/deferred SMTP sessions. + +In addition for POP3 services this scheme is used; but now logging takes place on FD 5. + diff --git a/doc/Old/PROPOSAL.mav b/doc/Old/PROPOSAL.mav new file mode 100644 index 0000000..4e10d8a --- /dev/null +++ b/doc/Old/PROPOSAL.mav @@ -0,0 +1,124 @@ +Mail From: Address Verification, MAV-2005 +Copyright 2005 + +Erwin Hoffmann, feh@fehcom.de + + +1. Scope + +SMTP is a protocol with very few commands. Only 'Helo'/'Ehlo', +'Mail From:', 'Rcpt To:', 'Data' and 'Quit' are necessary +to initiate, perform, and terminate a SMTP session. Here, +the 'Helo'/'Ehlo' provides information about the sending MTA, +which in current MTA implementations is not always required, +while the 'Mail From:' and 'Rcpt To:' is used to build the +SMTP envelope. + +Apart from the 'Rcpt To:' information, the recipient MTA can +not verify any other information. Both the 'Helo'/'Ehlo' and the +'Mail From:' is often forged or faked, thus not reliable in +particular in case of Spam emails. + +The proposed 'Mail From:' Address Verification (MAV) implements +a scheme, how the associated information can be verified at the +responsible sending email gateway and perhaps can be promoted to the +recipient MTA. In this scheme, the provided 'Mail From:' information +is authoritive. + + +2. Responsible Email Gateway + +MAV takes place at the responsible email gateway. The responsible +email gateway acts as relaying gateway for those networks and users +solely transmitting (and receiving) SMTP emails through this gateway. + +Though SMTP is a Host-to-Host protocol, SMTP Authentication yields +a User-to-Host mechanism. Thus, the responsible gateway has to take +care about the following senders: + +(1) networks/hosts, identified by there IP or FQDN (available by + DNS lookup), +(2) users/senders, identified by means of SMTP Authentication or other + mechanisms like POP-before-SMTP. + +With MAV, it is possible to check and verify the integrity of the +provided 'Mail From:' envelope address + +(a) domain-based, by means of the provided IP-address/FQDN of the + sending MTA, +(b) user-based, in case SMTP Authentication (or another user-based + method) is in place. + +Typically in the first case, only the domain-part of the 'Mail From:' +SMTP envelope address can be verified (the part right from the '@', +i.e. user@domain), while in the second case the full qualified +address may be subject of the MAV, providing a mapping between the +userid for SMTP Authentication and the chosen 'Mail From:' address. + + +3. Comparision with other verification schemes + +Today, it is common to reject emails in case it fails certain +authorization/verification criteria: + +(1) Testing the IP address of the sending MTA against Realtime Blacklists + (RBL) available on the Internet, +(2) verification of the domain-part of the provided 'Mail From:' address + doing a DNS lookup (reverse Return-Path must exist) or SMTP lookups, +(3) employing the Sender Policy Framework (SPF), thus checking whether + the domain-part of the 'Mail From:' address is authoritive with + respect to the sending MTA, +(4) verifying (locally) the existance of the forseen recipient ('Rcpt To:'), +(5) checking the contents of the email by means of baysean approaches + or by checksums. + +In any case, the receiving MTA is responsible to realize more or less +complex checks to accept or reject emails applying those means. + +Opposite to this, MAV adds a qualification to the responsible email +gateway; comparable with SMTP Authentication. + + +4. MAV enabled responsibe email gateway + +The tasks of a MAV enabled responsibe gateway are the following: + +(1) The gateway is knowledgeable about those emails to be allowed + for unrestricted relaying. Typically this is facilitated due + to the knowledge to the sender's IP/FQDN or by means of SMTP + Authentication, Pop-before-SMTP, or any other. +(2) The gateway has access to a list which maps the sender + qualification information with a list of allowed domains as + part of the 'Mail From:' address or particular 'Mail From:' + addresses. +(3) Emails failing this test will be rejected initially during + the SMTP session. +(4) Emails passing the test are allowed to relay. +(5) The gateway adds the keyword 'ESMTPM' into the receiving + email header. Thus, the next hop email system is able to + verify the authoritive usage of the 'Mail From:' address. + + +5. Dependencies on other email RFCs + +- RFC 2821: Service extensions: None. +- RFC 1893: Enhanced Mail System Status Codes: None. +- RFC 3848: ESMTP and LMTP Transmission Types Registration: Yes. + MAV adds a new keyword 'ESMTPM' which complements the keywords + 'ESMTPA' and 'ESMTPS'; thus in addition the combinations + 'ESMTPAM', 'ESMTPSM', and 'ESMTPSAM' are valid. + + +6. Security considerations + +Information in the email header is easy to forge or manipulate. + + +7. History + +Parts of the MAV approach was first introduced in the SPAMCONTROL +patch for Qmail 1.03, based on ideas initiated by the LDI, Mainz, Germany. + + + + diff --git a/doc/Old/README.djbdns b/doc/Old/README.djbdns new file mode 100644 index 0000000..c87897b --- /dev/null +++ b/doc/Old/README.djbdns @@ -0,0 +1,63 @@ +QMAIL + DJBDNS +============== + +You may want to link qmail's DNS lookups +against DJBDNS and not against libresolv +as provided by Nikola Vladov. + +Here's the provisionell bootstrapping recipe + +1. Step: + +- Install: qmail as ./qmail-1.03 + +- make qmail (after you have raised accounts + dirs) + +- Install: djbdns as ./djbdns-1.05. + *) You may need to fix "error.h" in the above djbdns-dir: + Edit conf-cc: + + cc -O2 -include /usr/include/errno.h + + **) You want to increase the UDP buffer from 513 to 4097 byte: + Edit dns_transmit.c: + + int dns_transmit_get(struct dns_transmit *d,const iopause_fd *x,const struct taia *when) + { + char udpbuf[4097]; /* instead original buffer [513] byte */ + unsigned char ch; + +- Now do 'make setup' in djbdns-1.05. + + +2. Step: + +- Download: http://riemann.fmi.uni-sofia.bg/vladov/ftp/djbdns+qmail.tar.gz + (it is also part of SPAMCONTROL). + +- Untar Nikola's patch in djbdns-1.05 (and read his README.qmail). + +- Adjust the path to the qmail dir: conf-qmail (if necessary). + +- Install Nikola's patch: make -f Makefile.qmail + +- Test the patch: make -f Makefile.qmail check + + +3. Step: + +- Untar SPAMCONTROL in the qmail-1.03 source directory. + +- Edit conf-djbdns and include the path to djbdns-1.05 (if necessary). + +- Run install_spamcontrol.sh and see in the spamcontrol.log if changes applied. + +- (Re)Make qmail: make setup check. + + +4. Step: + +- Enjoy and relax. Now qmail-remote + qmail-smtpd use djbdns libs instead of libresolv. + + +--eh. 2010-04-26 diff --git a/doc/Old/README.mav b/doc/Old/README.mav new file mode 100644 index 0000000..761155f --- /dev/null +++ b/doc/Old/README.mav @@ -0,0 +1,96 @@ +Mail Address Verification (MAV) +=============================== + +Introduction +------------ + +Mail Address Verification (MAV) makes the +'Mail From:' envelope sender address authoritive. +This is facilitated by comparing the received +'Mail From:' address in the SMTP dialoge, with a list +of addresses/domains included in a list matching + +(1) the userid (=> $TCPREMOTEINFO). +(2) the IP (=> $TCPREMOTEIP), +(3) the FQDN (=> $TCPREMOTHOST), + +of the connecting SMTP client to qmail-smtpd. + + +MAV invocation +-------------- + +Use the evironment variable 'LOCALMFCHECK' by +means of the qmail-smtpd start script or by means +of tcpserver's cdb file with the following definitions: + +(1) LOCALMFCHECK="" - unqualified checking against + control/rcpthosts +(2) LOCALMFSCHECK="!" - qualified checking against + control/mailfromrules.cdb +(3) LOCALMFCHECK="example.com" - qualified checking + with fixed name + + +MAV database +------------ + +Include into the file contol/mailfromrules +a list of assigned senders and designated 'Mail From:' +addresses in the following format: + +12.34.56.:@example.com +12.34.56.78:jffy@example.com,fred@noexample.com +=example.com:@example.com +joe@example.com:joe.stein@example.com + + +Note 1: The addresses are included in a tcpserver +compatible format. + +Note 2: The length of the assigned email 'Mail From:' +addresses is only limited by memory. + +Note 3: All assigned 'Mail From:' addresses have to +include a '@'. Checks are done for spaces. Comments +are allowed. + +Note 4: All addresses are evaluated in lower case. + + +Run bin/qmail-mfrules to construct control/mailfromrules.cdb +out of control/mailfromrules. + + +Return codes +------------ + +In case, the match was not successful, the sending MTA +client receives the following message: + +"553 sorry, invalid sender address specified (#5.7.1)" + +The message can be customized by means of the environment +variable REPLYMAV="texstring" including 'textstring' between +'specified' and the EMSSC code. + + +Others information +------------------ + +Read PROPOSAL.mav. + +Read man qmail-mfrules. +Read man qmail-smtpd. +Read man qmail-control. +Perform qmail-showctl. + + +Erwin Hoffmann, Cologne 2005-04-26. + + + + + + + diff --git a/doc/Old/README.qmq b/doc/Old/README.qmq new file mode 100644 index 0000000..1940cd1 --- /dev/null +++ b/doc/Old/README.qmq @@ -0,0 +1,73 @@ +Qmail Multiple Queue (Option) -- QMQ(0) +--------------------------------------- + +1. What is QMQ ? + +Qmail Multiple Queue -- is an option (of SPAMCONTROL). +SPAMCONTROL is useful on Qmail hosts attached to the +Internet and receiving e-mails, shortly named MTA +(Mail Transfer Agents). +While SPAMCONTROL tries to take control of the +incoming SMTP traffic, QMQ allows you to control +the e-mail communication to -- and from -- the +(downstream) e-mail domains you are responsible for. + +2. How does QMQ work ? + +In addition to standard Qmail (patched with SPAMCONTROL) +to receive e-mails from the Internet, you set up > N < +secondary instances of Qmail to deliver e-mails to your +downstream domains. +The different Qmail instances are typically set up on +one host; the communication from the primary instance to +the secondary is faciliated by QMTP, though SMTP can be +used as well. +While the primary instance is patched with SPAMCONTROL, +all seconderis can be plain (Vanilla) Qmail. +Once the primary Qmail instance receives an e-mail for +a QMQ domain, it will forward the e-mail via QMTP to +one of the secondary instances, which is responsible +for furthter delivery. +This not only will avoid the so-called "Silly Qmail +Syndrom" but will allow you to fine-tune the delivery +conditions and set-up (e.g. Virus/Spam scanners) +for any recipient domain. + +3. How to set up multiple Qmail instances ? + +You are free to set them up. +However, you can use the scheme, I have developed: +a) Modify "conf-qmq" to your needs. + Here, you define the (local) instances by name + and their (QMTP) port numbers. +b) Execute ./qmtpt ..../ . This will raise + - ./qmail/skeleton -- + - ./qmail/source + +4. What is the benefit of QMQ ? + +a) Decoupling: Delivery to domain >i< is independent + of domain >k<. +b) Independent delivery parms and perhaps filters for + any secondary domain. +c) Primary instance does not suffer from "Silly Qmail + Syndrom". +d) Set up of a dedicated Bounce Queue. +e) Thruput is increase by a factor of 10 - 100. + + +5. Consideratons: + +a) Using 'qmail-qstat' practically, very littly + e-mails stay in step 'preprocessed' (on the + primary instance) will be realised. +b) Adjust your delivery channels to your needs. + With QMQ, Qmail will easly flood them up. + + +Erwin Hoffmann +Cologne, 17-08-2007 + + + + diff --git a/doc/Old/README.recipients b/doc/Old/README.recipients new file mode 100644 index 0000000..90a4003 --- /dev/null +++ b/doc/Old/README.recipients @@ -0,0 +1,256 @@ +README - qmail-smtpd RECIPIENTS extension +========================================= + +1. Scope: + +qmail-smtpd accepts messages if the SMTP domain part of +recipient address ("RCPT to: ") matches an +entry in control/rcpthosts or control/morercpthosts.cdb. + +The existence of a mailbox/maildir for the corresponding +SMTP recipient is checked later in the delivery chain. + +In case no Mailbox/Maildir exists, the message is bounced +back to the SMTP sender ("MAIL From: "). + +For normal SMTP mail traffic thats fine as long as the rate +of undeliverable messages dont exceed 10% and the sender is +'legitmate'; ie. exists. + +Todays situation is different: Spam and Virus attacks with +forged/faked sender addresses to a bunch of random +recipient addresses yield a undeliverable rate up to 90%. + +Worse, the generated bounces will never reach the sender and +a double-bounce is eventually send to the postmaster. + + +2. qmail-smtpd RECIPIENTS: + +The RECIPIENTS extension makes qmail-smtpd aware of acceptable +recipients, which are fetched from an external source. +Which source to query depends on the domain-part of the +recipient address. + +- The recipients are kept either in 'fastforward' compatible + cdbs for quick lookup during the SMTP session, or +- are available by means of a 'checkpassword' compatible + Plugable Authentication Module (PAM). + +The RECIPIENTS mechanism supports natively Qmail's address +extensions (VERP). If a recipient address like 'foo@mydomain.com' +defined, all VERP addresses like 'foo-bar@mydomain.com' are +accepted for SMTP reception. + +The RECIPIENTS lookup is triggered by the recipient domain, thus +is domain-specific. The domain-part of the envelope address +is evaluated in lower case. You can specify which lookup is performed +per domain within control/recipients. Consider the following: + +a) An entry 'example.com' is used to match 'example.com' and + in addition all subdomain addresses '*.example.com'; + depending in addition on 'control/rcpthosts'. +b) An entry '@example.com' serves as exact match for the + domain address. +c) The entry '*' will match all domains for the respective lookup. +d) Reversely, domains flagged as '!domain.com' are not queried + and all recipients for this domain are accepted. +e) A 'fail-open' behaviour can be achieved adding '!*' as last + statement in control/recipients. Thus, emails for domains not + listed in control/recipients will finally be accepted. + +Thus, the RECIPIENTS extension can be used in a 'fail-closed' or +'fail-open' mode for the domains included in control/recipients. +Without including '!*' on the last line, the recipient check is done +'fail-closed', thus if all queries are negative, the incoming email +with this recipient address will be rejected. + +The RECIPIENTS check is done only in a none-RELAYCLIENT case +and after control/rcpthosts, control/morercpthosts.cdb has been +successfully consulted. + +NOTE: The new wilddomain mechanism superseeds the old cdb-only + wilddomain syntax (which is not working anymore). + The PAM should be in your $PATH or referenced with full path. + + +3. Setting up the recipients control file: + +Release 0.5 the RECIPIENTS extension provides a flexible +new syntax to interprete control/recipients on a domain +base, as part of the RCPT TO: envelope address. + +a) Read 'man qmail-smtpd' and 'man qmail-recipients.' + Some additional scripts can be found in doc. + +b) Legacy: + Put 'recipients.cdb' into control/recipients. + This is a backward compatible mode. + +c) Per Domain cdbs: + Put 'example.com:example.cdb' in + control/recipients and you advise the + RECIPIENTS extension to do a per-domain lookup. + +d) Global cdbs: + Use '*:users/recipients.cdb' in + control/recipients. + This is equivalent to (1.). + +e) Per Domain PAM: + Put 'example.com|checkpassword true' + into control/recipients and the RECIPIENT + extension will use the program defined + after the "|" to check the existence of + the provided RCPT TO. + +f) Global PAM: + Put '*|ldapam myldapserver' into + control/recipients and you delegate the entire + verification of the RCPT TO to the program in charge. + +g) Wildcarded domain: + Prepend the domain name with a '!' and + emails for this domain will be entirely accepted: + '!localhost'. + +h) Pass-Thru for unlisted domains: + Use '!*' as last statement in control/recipients. + +Lines in control/recipients starting with a '#' +are not evaluated, thus are treated as comment lines. + + +4. Generating a cdb with recipient addresses: + +a) Build a list of recipients (with full qualified address). +- Use 'qmail-pwd2recipients' to build this list for + local system users. +- Use 'qmail-alias2recipients' to build this list for + qmail alias users (ie. postmaster, root). +- Use 'qmail-users2recipients' to build this list for + qmail users (as per users/assign). +- You can use 'qmail-vpopmail2recipients' for + vpopmail users. + + Verify that list to be found under users/recipients. + If you have a different Qmail home directory, modify the + above scripts. + + You may need to change "localhost" in the above scripts + to the real hostname. + +b) Run qmail-recipients to transform that list into a cdb: + users/recipients.cdb + +c) After the successful generation of the recipients.cdb + you can rename it to your taste. + +d) Edit control/recipients and + include users/recipients.cdb therein. + +e) If you have 'fastforward' cdbs (those which are generated + by 'setforward') you have to place the output somewhere + in a subdirectory under Qmail's home directory and + include those into control/recipients. + + At that time, your control/recipients file may look like: + + mydomain.com:control/mydomain.cdb + users/recipients.cdb + etc/fastforward.cdb + +f) You can add an arbitary number of cdbs to control/recipients. + Any change regarding control/recipients and/or the content + of the cdbs is effective on the fly. + + +5. VERP support + +The RECIPIENTS extension allows now per default VERP support. +The local part of the recipient addresses is truncted AFTER +the character defined as AUTO_BREAK and only the first part +of the address (plus domain) is used for the evaluation. + +a) If you run EZMLM, you have to set up a list of recipient + addresses for all your mailing lists. + +b) Simply put the full qualified list name apppended with the VERP + charcater into the recipients database (or into the LDAP dir). + +c) Sample: If your list is called: + + mylist@example.com + + define + + mylist-@example.com + + This makes VERP addresses distinguishable from normal addresses. + +d) In order to support generic and VERP addresses, you have to + add both address schemes into the recipient database: + + me@example.com + me-@example.com + + +6. Using a checkpassword compatible PAM: + +The checkpassword API is defined in: + + http://cr.yp.to/checkpwd/interface.html + +and typically consists of the string: + + username\0password\0timestamp\0otherdata\0 + +written to file descriptor 3 (FD 3) to be read by the +checkpassword compatible PAM. + +For email address (recipient) verification, we replace + username\0 +with + email-address\0 +ie. + recipient@domain.tld\0 + +The PAM fetches this information and checks for it's +existance in any external resource, for example a LDAP +directory or a SQL database. + +The PAM returns a '0' in case of successful verification, +otherwise a '1'; and perhaps a '111' in case of problems. + +RECIPIENT's checkpassword API allows to enter up to five +additional arguments; which are specific to the PAM. + +The attached PERL ldap_mail.pl serves as a sample. + + +7. Customization: + +The RECIPIENTS extension needs no customization except for +the following circumstances: + +a) You may need to adjust the provided scripts + 'qmail-pwd2recipients', 'qmail-users2recipients', and + 'qmail-alias2recipient' to your need; these are samples. + +b) The script 'qmail-vpopmail2recipients' is contributed + by David Du SERRE-TELMON, pls. check whether it + suits your vpopmail installation. + +c) A phyton script to generate "Recipients" users out of + - /var/qmail/users/assign + - /var/qmail/alias + -/etc/aliases + and the vpopmail's virtual users can be found at: + + http://www.epigenomics.org/software/oss/qmail/create_recipients.py + + Contributed by Robert Sander + + + +Erwin Hoffmann (www.fehcom.de) - Cologne 2009-09-02 diff --git a/doc/Old/README.wildmat b/doc/Old/README.wildmat new file mode 100644 index 0000000..ccfbe0e --- /dev/null +++ b/doc/Old/README.wildmat @@ -0,0 +1,100 @@ +/* THIS FILE IS INCLUDED FOR HISTORICAL REASONS ONLY */ + + +EADME.wildmat.orig Wed Dec 3 11:46:31 1997 +--- README.wildmat Wed Dec 3 11:53:33 1997 +*************** +*** 0 **** +--- 1,50 ---- ++ wilmat patch version 0.2 for qmail 1.01 ++ Mark Delany ++ 19971203 ++ ++ Changes: ++ -------- ++ 0.1 Initial code ++ 0.2 Fixed buglet relating to systems that had no badmailfrom file ++ but do have a badmailpattern file ++ ++ While the 'badmailfrom' provides some ability to block spam it is ++ fairly restricted as the match must be exact on either the full string ++ or the domain. This means that it's very difficult to block the ++ 1234567@aol.com type addresses that some spammers are employing as you ++ potentially require a large number of entries in 'badmailfrom'. ++ ++ This patch provides the ability to use simple patterns to reject mail ++ from unwanted envelope sender addresses. Naturally all such methods ++ are of limited use against spam as a determined spammer cannot be ++ stopped on the current Internet, but it does help until the time comes ++ that we can really stop spammers. ++ ++ The wildmat patch introduces a new control file called ++ 'badmailpatterns' and is used by qmail-smtpd in conjunction with ++ 'badmailfrom'. You should continue to use 'badmailfrom' when you can ++ as this is much more CPU-efficient than 'badmailpatterns'. ++ ++ For those familiar with INN, the wildmat patch uses the wildmat() ++ routine out of INN and evaluates in the same way. Namely that the ++ envelope sender is pushed thru all patterns and the final match or ++ non-match is used to determine whether to reject the mail. It's ++ implemented this way so that 'not' patterns work. ++ ++ Here is a sample 'badmailpatterns' file: ++ ++ *@earthlink.net ++ !fred@earthlink.net ++ [0-9][0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9][0-9].com ++ answerme@save* ++ ++ This file stops all mail from Earthlink except from ++ fred@earthlink.net. It also stops all mail with addresses like: ++ 123456@1234.com and answerme@savetrees.com ++ ++ This patch does not update the documentation or qmail-showctl. ++ ++ Thanks to Rich Salz for providing wildmat.c by way of the INN ++ distribution. wildmat.c is fast, small and completely self-contained. ++ ++ -- +*** wildmat.c.orig Wed Dec 3 11:46:31 1997 +--- wildmat.c Wed Dec 3 11:46:31 1997 +*************** +*** 0 **** +--- 1,172 ---- ++ /* $Revision: 1.1 $ ++ ** ++ ** Do shell-style pattern matching for ?, \, [], and * characters. ++ ** Might not be robust in face of malformed patterns; e.g., "foo[a-" ++ ** could cause a segmentation violation. It is 8bit clean. ++ ** ++ ** Written by Rich $alz, mirror!rs, Wed Nov 26 19:03:17 EST 1986. ++ ** Rich $alz is now . ++ ** April, 1991: Replaced mutually-recursive calls with in-line code ++ ** for the star character. ++ ** ++ ** Special thanks to Lars Mathiesen for the ABORT code. ++ ** This can greatly speed up failing wildcard patterns. For example: ++ ** pattern: -*-*-*-*-*-*-12-*-*-*-m-*-*-* ++ ** text 1: -adobe-courier-bold-o-normal--12-120-75-75-m-70-iso8859-1 ++ ** text 2: -adobe-courier-bold-o-normal--12-120-75-75-X-70-iso8859-1 ++ ** Text 1 matches with 51 calls, while text 2 fails with 54 calls. Without ++ ** the ABORT code, it takes 22310 calls to fail. Ugh. The following ++ ** explanation is from Lars: ++ ** The precondition that must be fulfilled is that DoMatch will consume ++ ** at least one character in text. This is true if *p is neither '*' nor ++ ** '\0'.) The last return has ABORT instead of FALSE to avoid quadratic ++ ** behaviour in cases like pattern "*a*b*c*d" with text "abcxxxxx". With ++ ** FALSE, each star-loop has to run to the end of the text; with ABORT ++ ** only the last one does. ++ ** ++ ** Once the control of one instance of DoMatch enters the star-loop, that ++ ** instance will return either TRUE or ABORT, and any calling instance ++ ** will therefore return immediately after (without calling recursively ++ ** again). In effect, only one star-loop is ever active. It would be ++ ** possible to modify the code to maintain this context explicitly, ++ ** eliminating all recursive calls at the cost of some complication and ++ ** loss of clarity (and the ABORT stuff seems to be unclear enough by ++ ** itself). I think it would be unwise to try to get this into a ++ ** released version unless you have a good test data base to try it out ++ ** on. ++ */ diff --git a/doc/Postgrey.txt b/doc/Postgrey.txt new file mode 100644 index 0000000..dca92d3 --- /dev/null +++ b/doc/Postgrey.txt @@ -0,0 +1,233 @@ +POSTGREY(1) User Contributed Perl Documentation POSTGREY(1) + + + + +NAME + postgrey - Postfix Greylisting Policy Server + +SYNOPSIS + postgrey [options...] + + -h, --help display this help and exit + --version output version information and exit + -v, --verbose increase verbosity level + --syslog-facility Syslog facility to use (default mail) + -q, --quiet decrease verbosity level + -u, --unix=PATH listen on unix socket PATH + --socketmode=MODE unix socket permission (default 0666) + -i, --inet=[HOST:]PORT listen on PORT, localhost if HOST is not specified + -d, --daemonize run in the background + --pidfile=PATH put daemon pid into this file + --user=USER run as USER (default: postgrey) + --group=GROUP run as group GROUP (default: nogroup) + --dbdir=PATH put db files in PATH (default: /var/spool/postfix/postgrey) + --delay=N greylist for N seconds (default: 300) + --max-age=N delete entries older than N days since the last time + that they have been seen (default: 35) + --retry-window=N allow only N days for the first retrial (default: 2) + append 'h' if you want to specify it in hours + --greylist-action=A if greylisted, return A to Postfix (default: DEFER_IF_PERMIT) + --greylist-text=TXT response when a mail is greylisted + (default: Greylisted + help url, see below) + --lookup-by-subnet strip the last N bits from IP addresses, determined by ipv4cidr and ipv6cidr (default) + --ipv4cidr=N What cidr to use for the subnet on IPv4 addresses when using lookup-by-subnet (default: 24) + --ipv6cidr=N What cidr to use for the subnet on IPv6 addresses when using lookup-by-subnet (default: 64) + --lookup-by-host do not strip the last 8 bits from IP addresses + --privacy store data using one-way hash functions + --hostname=NAME set the hostname (default: `hostname`) + --exim don't reuse a socket for more than one query (exim compatible) + --whitelist-clients=FILE default: /etc/postfix/postgrey_whitelist_clients + --whitelist-recipients=FILE default: /etc/postfix/postgrey_whitelist_recipients + --auto-whitelist-clients=N whitelist host after first successful delivery + N is the minimal count of mails before a client is + whitelisted (turned on by default with value 5) + specify N=0 to disable. + --listen-queue-size=N allow for N waiting connections to our socket + --x-greylist-header=TXT header when a mail was delayed by greylisting + default: X-Greylist: delayed seconds by postgrey- at ; + + Note that the --whitelist-x options can be specified multiple times, + and that per default /etc/postfix/postgrey_whitelist_clients.local is + also read, so that you can put there local entries. + +DESCRIPTION + Postgrey is a Postfix policy server implementing greylisting. + + When a request for delivery of a mail is received by Postfix via SMTP, + the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" is built. If it is the + first time that this triplet is seen, or if the triplet was first seen + less than delay seconds (300 is the default), then the mail gets + rejected with a temporary error. Hopefully spammers or viruses will not + try again later, as it is however required per RFC. + + Note that you shouldn't use the --lookup-by-host option unless you know + what you are doing: there are a lot of mail servers that use a pool of + addresses to send emails, so that they can change IP every time they + try again. That's why without this option postgrey will strip the last + byte of the IP address when doing lookups in the database. + + Installation + o Create a "postgrey" user and the directory where to put the + database dbdir (default: "/var/spool/postfix/postgrey") + + o Write an init script to start postgrey at boot and start it. Like + this for example: + + postgrey --inet=10023 -d + + contrib/postgrey.init in the postgrey source distribution includes + a LSB-compliant init script by Adrian von Bidder for the Debian + system. + + o Put something like this in /etc/main.cf: + + smtpd_recipient_restrictions = + permit_mynetworks + ... + reject_unauth_destination + check_policy_service inet:127.0.0.1:10023 + + o Install the provided postgrey_whitelist_clients and + postgrey_whitelist_recipients in /etc/postfix. + + o Put in /etc/postfix/postgrey_whitelist_recipients users that do not + want greylisting. + + Whitelists + Whitelists allow you to specify client addresses or recipient address, + for which no greylisting should be done. Per default postgrey will read + the following files: + + /etc/postfix/postgrey_whitelist_clients + /etc/postfix/postgrey_whitelist_clients.local + /etc/postfix/postgrey_whitelist_recipients + + You can specify alternative paths with the --whitelist-x options. + + Postgrey whitelists follow similar syntax rules as Postfix access + tables. The following can be specified for recipient addresses: + + domain.addr + "domain.addr" domain and subdomains. + + name@ "name@.*" and extended addresses "name+blabla@.*". + + name@domain.addr + "name@domain.addr" and extended addresses. + + /regexp/ anything that matches "regexp" (the full address is matched). + + The following can be specified for client addresses: + + domain.addr + "domain.addr" domain and subdomains. + + IP1.IP2.IP3.IP4 + IP address IP1.IP2.IP3.IP4. You can also leave off one + number, in which case only the first specified numbers will + be checked. + + IP1.IP2.IP3.IP4/MASK + CIDR-syle network. Example: 192.168.1.0/24 + + /regexp/ anything that matches "regexp" (the full address is matched). + + Auto-whitelisting clients + With the option --auto-whitelist-clients a client IP address will be + automatically whitelisted if the following conditions are met: + + o At least 5 successfull attempts of delivering a mail (after + greylisting was done). That number can be changed by specifying a + number after the --auto-whitelist-clients argument. Only one + attempt per hour counts. + + o The client was last seen before --max-age days (35 per default). + + Greylist Action + To set the action to be returned to postfix when a message fails + postgrey's tests and should be deferred, use the + --greylist-action=ACTION option. + + By default, postgrey returns DEFER_IF_PERMIT, which causes postfix to + check the rest of the restrictions and defer the message only if it + would otherwise be accepted. A delay action of 451 causes postfix to + always defer the message with an SMTP reply code of 451 (temp fail). + + See the postfix manual page access(5) for a discussion of the actions + allowed. + + Greylist Text + When a message is greylisted, an error message like this will be sent + at the SMTP-level: + + Greylisted, see http://postgrey.schweikert.ch/help/example.com.html + + Usually no user should see that error message and the idea of that URL + is to provide some help to system administrators seeing that message or + users of broken mail clients which try to send mails directly and get a + greylisting error. Note that the default help-URL contains the original + recipient domain (example.com), so that domain-specific help can be + presented to the user (on the default page it is said to contact + postmaster@example.com) + + You can change the text (and URL) with the --greylist-text parameter. + The following special variables will be replaced in the text: + + %s How many seconds left until the greylisting is over (300). + + %r Mail-domain of the recipient (example.com). + + Greylist Header + When a message is greylisted, an additional header can be prepended to + the header section of the mail: + + X-Greylist: delayed %t seconds by postgrey-%v at %h; %d + + You can change the text with the --x-greylist-header parameter. The + following special variables will be replaced in the text: + + %t How many seconds the mail has been delayed due to greylisting. + + %v The version of postgrey. + + %d The date. + + %h The host. + + + Privacy + The --privacy option enable the use of a SHA1 hash function to store + IPs and emails in the greylisting database. This will defeat straight + forward attempts to retrieve mail user behaviours. + + SEE ALSO + See for a description of what greylisting + is and for a + description of how Postfix policy servers work. + +COPYRIGHT + Copyright (c) 2004-2007 by ETH Zurich. All rights reserved. Copyright + (c) 2007 by Open Systems AG. All rights reserved. + +LICENSE + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 675 Mass Ave, Cambridge, MA 02139, USA. + +AUTHOR + David Schweikert + + + +perl v5.32.0 2015-09-01 POSTGREY(1) diff --git a/doc/Qmail/BLURB b/doc/Qmail/BLURB new file mode 100644 index 0000000..48ae4c4 --- /dev/null +++ b/doc/Qmail/BLURB @@ -0,0 +1,222 @@ +Qmail BLURB +=========== + +qmail is a secure, reliable, efficient, simple message transfer agent. +It is meant as a replacement for the entire sendmail-binmail system on +typical Internet-connected UNIX hosts. + +Secure: Security isn't just a goal, but an absolute requirement. Mail +delivery is critical for users; it cannot be turned off, so it must be +completely secure. (This is why I started writing qmail: I was sick of +the security holes in sendmail and other MTAs.) + +Reliable: qmail's straight-paper-path philosophy guarantees that a +message, once accepted into the system, will never be lost. qmail also +supports maildir, a new, super-reliable user mailbox format. Maildirs, +unlike mbox files and mh folders, won't be corrupted if the system +crashes during delivery. Even better, not only can a user safely read +his mail over NFS, but any number of NFS clients can deliver mail to him +at the same time. + +Efficient: On a Pentium under BSD/OS, qmail can easily sustain 200000 +local messages per day---that's separate messages injected and delivered +to mailboxes in a real test! Although remote deliveries are inherently +limited by the slowness of DNS and SMTP, qmail overlaps 20 simultaneous +deliveries by default, so it zooms quickly through mailing lists. (This +is why I finished qmail: I had to get a big mailing list set up.) + +Simple: qmail is vastly smaller than any other Internet MTA. Some +reasons why: (1) Other MTAs have separate forwarding, aliasing, and +mailing list mechanisms. qmail has one simple forwarding mechanism that +lets users handle their own mailing lists. (2) Other MTAs offer a +spectrum of delivery modes, from fast+unsafe to slow+queued. qmail-send +is instantly triggered by new items in the queue, so the qmail system +has just one delivery mode: fast+queued. (3) Other MTAs include, in +effect, a specialized version of inetd that watches the load average. +qmail's design inherently limits the machine load, so qmail-smtpd can +safely run from your system's inetd. + +Replacement for sendmail: qmail supports host and user masquerading, +full host hiding, virtual domains, null clients, list-owner rewriting, +relay control, double-bounce recording, arbitrary RFC 822 address lists, +cross-host mailing list loop detection, per-recipient checkpointing, +downed host backoffs, independent message retry schedules, etc. In +short, it's up to speed on modern MTA features. qmail also includes a +drop-in ``sendmail'' wrapper so that it will be used transparently by +your current UAs. + +Mailing Lists +============= + +Mailing list management is one of qmail's strengths. Notable features: + +* qmail lets each user handle his own mailing lists. The delivery +instructions for user-whatever go into ~user/.qmail-whatever. + +* qmail makes it really easy to set up mailing list owners. If the user +touches ~user/.qmail-whatever-owner, all bounces will come back to him. + +* qmail supports VERPs, which permit completely reliable automated +bounce handling for mailing lists of any size. + +* SPEED---qmail blasts through mailing lists an order of magnitude +faster than sendmail. For example, one message was successfully +delivered to 150 hosts around the world in just 70 seconds, with qmail's +out-of-the-box configuration. + +* qmail automatically prevents mailing list loops, even across hosts. + +* qmail allows inconceivably gigantic mailing lists. No random limits. + +* qmail handles aliasing and forwarding with the same simple mechanism. +For example, Postmaster is controlled by ~alias/.qmail-postmaster. This +means that cross-host loop detection also applies to aliases. + +* qmail supports the ezmlm mailing list manager, which easily and +automatically handles bounces, subscription requests, and archives. + +Features +======== + +Here are some of qmail's features. + +Setup: +* automatic adaptation to your UNIX variant---no configuration needed +* AIX, BSD/OS, FreeBSD, HP/UX, Irix, Linux, OSF/1, SunOS, Solaris, and more +* automatic per-host configuration (config, config-fast) +* quick installation---no big list of decisions to make + +Security: +* clear separation between addresses, files, and programs +* minimization of setuid code (qmail-queue) +* minimization of root code (qmail-start, qmail-lspawn) +* five-way trust partitioning---security in depth +* optional logging of one-way hashes, entire contents, etc. (QUEUE_EXTRA) + +Message construction (qmail-inject): +* RFC 822, RFC 1123 +* full support for address groups +* automatic conversion of old-style address lists to RFC 822 format +* sendmail hook for compatibility with current user agents +* header line length limited only by memory +* host masquerading (control/defaulthost) +* user masquerading ($MAILUSER, $MAILHOST) +* automatic Mail-Followup-To creation ($QMAILMFTFILE) + +SMTP service (qmail-smtpd): +* RFC 821, RFC 1123, RFC 1651, RFC 1652, RFC 1854 +* 8-bit clean +* 931/1413/ident/TAP callback (tcp-env) +* relay control---stop unauthorized relaying by outsiders (control/rcpthosts) +* no interference between relay control and forwarding +* tcpd hook---reject SMTP connections from known abusers +* automatic recognition of local IP addresses +* per-buffer timeouts +* hop counting + +Queue management (qmail-send): +* instant handling of messages added to queue +* parallelism limit (control/concurrencyremote, control/concurrencylocal) +* split queue directory---no slowdown when queue gets big +* quadratic retry schedule---old messages tried less often +* independent message retry schedules +* automatic safe queueing---no loss of mail if system crashes +* automatic per-recipient checkpointing +* automatic queue cleanups (qmail-clean) +* queue viewing (qmail-qread) +* detailed delivery statistics (qmailanalog, available separately) + +Bounces (qmail-send): +* QSBMF bounce messages---both machine-readable and human-readable +* HCMSSC support---language-independent RFC 1893 error codes +* double bounces sent to postmaster + +Routing by domain (qmail-send): +* any number of names for local host (control/locals) +* any number of virtual domains (control/virtualdomains) +* domain wildcards (control/virtualdomains) +* configurable percent hack support (control/percenthack) +* UUCP hook + +SMTP delivery (qmail-remote): +* RFC 821, RFC 974, RFC 1123 +* 8-bit clean +* automatic downed host backoffs +* artificial routing---smarthost, localnet, mailertable (control/smtproutes) +* per-buffer timeouts +* passive SMTP queue---perfect for SLIP/PPP (serialmail, available separately) + +Forwarding and mailing lists (qmail-local): +* address wildcards (.qmail-default, .qmail-foo-default, etc.) +* sendmail .forward compatibility (dot-forward, available separately) +* fast forwarding databases (fastforward, available separately) +* sendmail /etc/aliases compatibility (fastforward/newaliases) +* mailing list owners---automatically divert bounces and vacation messages +* VERPs---automatic recipient identification for mailing list bounces +* Delivered-To---automatic loop prevention, even across hosts +* automatic mailing list management (ezmlm, available separately) + +Local delivery (qmail-local): +* user-controlled address hierarchy---fred controls fred-anything +* mbox delivery +* reliable NFS delivery (maildir) +* user-controlled program delivery: procmail etc. (qmail-command) +* optional new-mail notification (qbiff) +* optional NRUDT return receipts (qreceipt) +* conditional filtering (condredirect, bouncesaying) + +POP3 service (qmail-popup, qmail-pop3d): +* RFC 1939 +* UIDL support +* TOP support +* APOP hook +* modular password checking (checkpassword, available separately) + + +Internals +========= + +qmail's modular, lightweight design and sensible queue management make +it the fastest available message transfer agent. Here's how it stacks up +against the competition in five different speed measurements. + +* Scheduling: I sent a message to 8192 ``trash'' recipients on my home +machine. All the deliveries were done in a mere 78 seconds---a rate of +over 9 million deliveries a day! Compare this to the speed advertised +for Zmailer's scheduling: 1.1 million deliveries a day on a +SparcStation-10/50. (My home machine is a 16MB Pentium-100 under BSD/OS, +with the default qmail configuration. qmail's logs were piped through +accustamp and written to disk as usual.) + +* Local mailing lists: When qmail is delivering a message to a mailbox, +it physically writes the message to disk before it announces success--- +that way, mail doesn't get lost if the power goes out. I tried sending a +message to 1024 local mailboxes on the same disk on my home machine; all +the deliveries were done in 25.5 seconds. That's more than 3.4 million +deliveries a day! Sending 1024 copies to a _single_ mailbox was just as +fast. Compare these figures to Zmailer's advertised rate for throwing +recipients away without even delivering the message---only 0.48 million +per day on the SparcStation. + +* Mailing lists with remote recipients: qmail uses the same delivery +strategy that makes LSOFT's LSMTP so fast for outgoing mailing lists--- +you choose how many parallel SMTP connections you want to run, and qmail +runs exactly that many. Of course, performance varies depending on how +far away your recipients are. The advantage of qmail over other packages +is its smallness: for example, one Linux user is running 60 simultaneous +connections, without swapping, on a machine with just 16MB of memory! + +* Separate local messages: What LSOFT doesn't tell you about LSMTP is +how many _separate_ messages it can handle in a day. Does it get bogged +down as the queue fills up? On my home machine, I disabled qmail's +deliveries and then sent 5000 separate messages to one recipient. The +messages were all safely written to the queue disk in 23 minutes, with +no slowdown as the queue filled up. After I reenabled deliveries, all +the messages were delivered to the recipient's mailbox in under 12 +minutes. End-to-end rate: more than 200000 individual messages a day! + +* Overall performance: What really matters is how well qmail performs +with your mail load. Red Hat Software found one day that their mail hub, +a 48MB Pentium running sendmail 8.7, was running out of steam at 70000 +messages a day. They shifted the load to qmail---on a _smaller_ machine, +a 16MB 486/66---and now they're doing fine. diff --git a/doc/Qmail/FAQ b/doc/Qmail/FAQ new file mode 100644 index 0000000..8540dbd --- /dev/null +++ b/doc/Qmail/FAQ @@ -0,0 +1,706 @@ +1. Controlling the appearance of outgoing messages +1.1. How do I set up host masquerading? +1.2. How do I set up user masquerading? +1.3. How do I set up Mail-Followup-To automatically? + +2. Routing outgoing messages +2.1. How do I send local messages to another host? +2.2. How do I set up a null client? +2.3. How do I send outgoing mail through UUCP? +2.4. How do I set up a separate queue for a SLIP/PPP link? +2.5. How do I deal with ``CNAME lookup failed temporarily''? + +3. Routing incoming messages by host +3.1. How do I receive mail for another host name? +3.2. How do I set up a virtual domain? +3.3. How do I set up several virtual domains for one user? + +4. Routing incoming messages by user +4.1. How do I forward unrecognized usernames to another host? +4.2. How do I set up a mailing list? +4.3. How do I use majordomo with qmail? +4.4. How do I use procmail with qmail? +4.5. How do I use elm's filter with qmail? +4.6. How do I create aliases with dots? +4.7. How do I use sendmail's .forward files with qmail? +4.8. How do I use sendmail's /etc/aliases with qmail? +4.9. How do I make qmail defer messages during NFS or NIS outages? +4.10. How do I change which account controls an address? + +5. Setting up servers +5.1. How do I run qmail-smtpd under tcpserver? +5.2. How do I set up qmail-qmtpd? +5.3. How do I set up qmail-pop3d? +5.4. How do I allow selected clients to use this host as a relay? +5.5. How do I fix up messages from broken SMTP clients? +5.6. How do I set up qmail-qmqpd? + +6. Configuring MUAs to work with qmail +6.1. How do I make BSD mail generate a Date with the local time zone? +6.2. How do I make pine work with qmail? +6.3. How do I make MH work with qmail? +6.4. How do I stop Sun's dtcm from hanging? + +7. Managing the mail system +7.1. How do I safely stop qmail-send? +7.2. How do I manually run the queue? +7.3. How do I rejuvenate a message? +7.4. How do I organize a big network? +7.5. How do I back up and restore the queue disk? +7.6. How do I run a supervised copy of qmail? +7.7. How do I avoid syslog? + +8. Miscellany +8.1. How do I tell qmail to do more deliveries at once? +8.2. How do I keep a copy of all incoming and outgoing mail messages? +8.3. How do I switch slowly from sendmail to qmail? + + + +1. Controlling the appearance of outgoing messages + + +1.1. How do I set up host masquerading? All the users on this host, +zippy.af.mil, are users on af.mil. When joe sends a message to fred, the +message should say ``From: joe@af.mil'' and ``To: fred@af.mil'', without +``zippy'' anywhere. + +Answer: echo af.mil > /var/qmail/control/defaulthost; chmod 644 +/var/qmail/control/defaulthost. + + +1.2. How do I set up user masquerading? I'd like my own From lines to +show boss@af.mil rather than god@heaven.af.mil. + +Answer: Add MAILHOST=af.mil and MAILUSER=boss to your environment. To +override From lines supplied by your MUA, add QMAILINJECT=f to your +environment. + + +1.3. How do I set up Mail-Followup-To automatically? When I send a +message to the sos@heaven.af.mil mailing list, I'd like to include +``Mail-Followup-To: sos@heaven.af.mil''. + +Answer: Add QMAILMFTFILE=$HOME/.lists to your environment, and put +sos@heaven.af.mil into ~/.lists. + + + +2. Routing outgoing messages + + +2.1. How do I send local messages to another host? All the mail for +af.mil should be delivered to our disk server, pokey.af.mil. I've set up +an MX from af.mil to pokey.af.mil, but when a user on the af.mil host +sends a message to boss@af.mil, af.mil tries to deliver it locally. How +do I stop that? + +Answer: Remove af.mil from /var/qmail/control/locals. If qmail-send is +running, give it a HUP. Make sure the MX is set up properly before you +do this. Also make sure that pokey can receive mail for af.mil---see +question 3.1. + + +2.2. How do I set up a null client? I'd like zippy.af.mil to +send all mail to bigbang.af.mil. + +Answer: echo :bigbang.af.mil > /var/qmail/control/smtproutes; +chmod 644 /var/qmail/control/smtproutes. Disable local delivery as in +question 2.1. Turn off qmail-smtpd in /etc/inetd.conf. + + +2.3. How do I send outgoing mail through UUCP? I need qmail to send all +outgoing mail via UUCP to my upstream UUCP site, gonzo. + +Answer: Put + + :alias-uucp + +into control/virtualdomains and + + |preline -df /usr/bin/uux - -r -gC + -a"${SENDER:-MAILER-DAEMON}" gonzo!rmail "($DEFAULT@$HOST)" + +(all on one line) into ~alias/.qmail-uucp-default. (For some UUCP +software you will need to use -d instead of -df.) If qmail-send is +running, give it a HUP. + + +2.4. How do I set up a separate queue for a SLIP/PPP link? + +Answer: Use serialmail (http://pobox.com/~djb/serialmail.html). + + +2.5. How do I deal with ``CNAME lookup failed temporarily''? The log +showed that a message was deferred for this reason. Why is qmail doing +CNAME lookups, anyway? + +Answer: The SMTP standard does not permit aliased hostnames, so qmail +has to do a CNAME lookup in DNS for every recipient host. If the +relevant DNS server is down, qmail defers the message. It will try again +soon. + + + +3. Routing incoming messages by host + + +3.1. How do I receive mail for another host name? I'd like our disk +server, pokey.af.mil, to receive mail addressed to af.mil. I've set up +an MX from af.mil to pokey.af.mil, but how do I get pokey to treat +af.mil as a name for the local host? + +Answer: Add af.mil to /var/qmail/control/locals and to +/var/qmail/control/rcpthosts. If qmail-send is running, give it a HUP +(or do svc -h /var/run/qmail if qmail is supervised). + + +3.2. How do I set up a virtual domain? I'd like any mail for +nowhere.mil, including root@nowhere.mil and postmaster@nowhere.mil and +so on, to be delivered to Bob. I've set up the MX already. + +Answer: Put + + nowhere.mil:bob + +into control/virtualdomains. Add nowhere.mil to control/rcpthosts. If +qmail-send is running, give it a HUP (or do svc -h /var/run/qmail if +qmail is supervised). + +Now mail for whatever@nowhere.mil will be delivered locally to +bob-whatever. Bob can set up ~bob/.qmail-default to catch all the +possible addresses, ~bob/.qmail-info to catch info@nowhere.mil, etc. + + +3.3. How do I set up several virtual domains for one user? Bob wants +another virtual domain, everywhere.org, but he wants to handle +nowhere.mil users and everywhere.org users differently. How can we do +that without setting up a second account? + +Answer: Put two lines into control/virtualdomains: + + nowhere.mil:bob-nowhere + everywhere.org:bob-everywhere + +Add nowhere.mil and everywhere.org to control/rcpthosts. If qmail-send +is running, give it a HUP (or do svc -h /var/run/qmail if qmail is +supervised). + +Now Bob can set up separate .qmail-nowhere-* and everywhere-* files. He +can even set up .qmail-nowhere-default and .qmail-everywhere-default. + + + +4. Routing incoming messages by user + + +4.1. How do I forward unrecognized usernames to another host? I'd like +to set up a LUSER_RELAY pointing at bigbang.af.mil. + +Answer: Put + + | forward "$LOCAL"@bigbang.af.mil + +into ~alias/.qmail-default. + + +4.2. How do I set up a mailing list? I'd like me-sos@my.host.name to be +forwarded to a bunch of people. + +Answer: Put a list of addresses into ~me/.qmail-sos, one per line. Then +incoming mail for me-sos will be forwarded to each of those addresses. +You should also touch ~me/.qmail-sos-owner so that bounces come back to +you rather than the original sender. + +Alternative: ezmlm (http://pobox.com/~djb/ezmlm.html) is a modern +mailing list manager, supporting automatic subscriptions, confirmations, +archives, fully automatic bounce handling (including warnings to +subscribers saying which messages they've missed), and more. + + +4.3. How do I use majordomo with qmail? + +Answer: See ftp://ftp.eyrie.org/pub/software/majordomo/mjqmail and +http://www.qmail.org for various methods. majordomo 2.0 is expected to +support qmail directly. + +Beware that majordomo's lists are not crashproof. + + + +4.4. How do I use procmail with qmail? + +Answer: Put + + | preline procmail + +into ~/.qmail. You'll have to use a full path for procmail unless +procmail is in the system's startup PATH. Note that procmail will try to +deliver to /var/spool/mail/$USER by default; to change this, see +INSTALL.mbox. + + +4.5. How do I use elm's filter with qmail? + +Answer: Put + + | preline filter + +into ~/.qmail. You'll have to use a full path for filter unless filter +is in the system's startup PATH. + + +4.6. How do I create aliases with dots? I tried setting up +~alias/.qmail-P.D.Q.Bach, but it doesn't do anything. + +Answer: Use .qmail-p:d:q:bach. Dots are converted to colons, and +uppercase is converted to lowercase. + + +4.7. How do I use sendmail's .forward files with qmail? + +Answer: Install the dot-forward package +(http://pobox.com/~djb/dot-forward.html). + + +4.8. How do I use sendmail's /etc/aliases with qmail? + +Answer: Install the fastforward package +(http://pobox.com/~djb/fastforward.html). + + +4.9. How do I make qmail defer messages during NFS or NIS outages? If +~joe suddenly disappears, I'd like mail for joe to be deferred. + +Answer: Build a qmail-users database, so that qmail no longer checks +home directories and the password database. This takes three steps. +First, put your complete user list (including local and NIS passwords) +into /var/qmail/users/passwd. Second, run + + # qmail-pw2u -h < /var/qmail/users/passwd > /var/qmail/users/assign + +Here -h means that every user must have a home directory; if you happen +to run qmail-pw2u during an NFS outage, it will print an error message +and stop. Third, run + + # qmail-newu + +Make sure to rebuild the database whenever you change your user list. + + +4.10. How do I change which account controls an address? I set up +~alias/.qmail-www, but qmail is looking at ~www/.qmail instead. + +Answer: If you do + + # chown root ~www + +then qmail will no longer consider www to be a user; see qmail-getpw.0. +For more precise control over address assignments, see qmail-users.0. + + + +5. Setting up servers + + +5.1. How do I run qmail-smtpd under tcpserver? inetd is barfing at high +loads, cutting off service for ten-minute stretches. I'd also like +better connection logging. + +Answer: First, install the tcpserver program, part of the ucspi-tcp +package (http://pobox.com/~djb/ucspi-tcp.html). Second, remove the smtp +line from /etc/inetd.conf, and put the line + + tcpserver -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd & + +into your system startup files. Replace 7770 with your qmaild uid, and +replace 2108 with your nofiles gid. Don't forget the &. The change will +take effect at your next reboot. + +By default, tcpserver allows at most 40 simultaneous qmail-smtpd +processes. To raise this limit to 400, use tcpserver -c 400. To keep +track of who's connecting and for how long, run (on two lines) + + tcpserver -v -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd \ + 2>&1 | /var/qmail/bin/splogger smtpd 3 & + + +5.2. How do I set up qmail-qmtpd? + +Answer: Two steps. First, put a + + qmtp 209/tcp + +line into /etc/services. Second, put (all on one line) + + qmtp stream tcp nowait qmaild + /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-qmtpd + +into /etc/inetd.conf, and give inetd a HUP. + +If you have tcpserver installed, skip the inetd step, and set up + + tcpserver -u 7770 -g 2108 0 qmtp /var/qmail/bin/qmail-qmtpd & + +replacing 7770 and 2108 with the qmaild uid and nofiles gid. See +question 5.1 for more details on tcpserver. + + +5.3. How do I set up qmail-pop3d? My old POP server works with mbox +delivery; I'd like to switch to maildir delivery. + +Answer: Four steps. First, install the checkpassword program +(http://pobox.com/~djb/checkpwd.html). Second, make sure you have a + + pop3 110/tcp + +line in /etc/services. Third, put (all on one line, including +qmail-popup twice) + + pop3 stream tcp nowait root + /var/qmail/bin/qmail-popup qmail-popup + YOURHOST /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir + +into /etc/inetd.conf, and give inetd a HUP; replace YOURHOST with your +host's fully qualified domain name. Fourth, set up Maildir delivery for +any user who wants to read mail via POP. + +If you have tcpserver installed, skip the inetd step, and set up (on two +lines) + + tcpserver 0 pop3 /var/qmail/bin/qmail-popup YOURHOST \ + /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir & + +replacing YOURHOST with your host's fully qualified domain name. See +question 5.1 for more details on tcpserver. + +Security note: pop3d should be used only within a secure network; +otherwise an eavesdropper can steal passwords. + + +5.4. How do I allow selected clients to use this host as a relay? I see +that qmail-smtpd rejects messages to any host not listed in +control/rcpthosts. + +Answer: Three steps. First, install tcp-wrappers, available separately, +including hosts_options. Second, change your qmail-smtpd line in +inetd.conf to + + smtp stream tcp nowait qmaild /usr/local/bin/tcpd + /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd + +(all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow, +make a line setting the environment variable RELAYCLIENT to the empty +string for the selected clients: + + tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT + +Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd +ignores control/rcpthosts when RELAYCLIENT is set. (It also appends +RELAYCLIENT to each envelope recipient address. See question 5.5 for an +application.) + +Alternative procedure, if you are using tcpserver 0.80 or above: Create +/etc/tcp.smtp containing + + 1.2.3.6:allow,RELAYCLIENT="" + 127.:allow,RELAYCLIENT="" + +to allow clients with IP addresses 1.2.3.6 and 127.*. Run + + tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp + +Finally, insert + + -x /etc/tcp.smtp.cdb + +after tcpserver in your qmail-smtpd invocation. + + +5.5. How do I fix up messages from broken SMTP clients? + +Answer: Three steps. First, put + + | bouncesaying 'Permission denied' [ "@$HOST" != "@fixme" ] + | qmail-inject -f "$SENDER" -- "$DEFAULT" + +into ~alias/.qmail-fixup-default. Second, put + + fixme:fixup + +into /var/qmail/control/virtualdomains, and give qmail-send a HUP. +Third, follow the procedure in question 5.4, but set RELAYCLIENT to the +string ``@fixme'': + + tcp-env: 1.2.3.6, 1.2.3.7: setenv = RELAYCLIENT @fixme + +Here 1.2.3.6 and 1.2.3.7 are the clients' IP addresses. If you are using +tcpserver instead of inetd and tcpd, put + + 1.2.3.6:allow,RELAYCLIENT="@fixme" + 1.2.3.7:allow,RELAYCLIENT="@fixme" + +into /etc/tcp.smtp, and run tcprules as in question 5.4. + + +5.6. How do I set up qmail-qmqpd? I'd like to allow fast queueing of +outgoing mail from authorized clients. + +Answer: Make sure you have installed tcpserver 0.80 or above. Create +/etc/qmqp.tcp in tcprules format to allow connections from authorized +hosts. For example, if queueing is allowed from 1.2.3.*: + + 1.2.3.:allow + :deny + +Convert /etc/qmqp.tcp to /etc/qmqp.cdb: + + tcprules /etc/qmqp.cdb /etc/qmqp.tmp < /etc/qmqp.tcp + +Finally, set up + + tcpserver -x /etc/qmqp.cdb -u 7770 -g 2108 0 628 /var/qmail/bin/qmail-qmqpd & + +replacing 7770 and 2108 with the qmaild uid and nofiles gid. See +question 5.1 for more details on tcpserver. + + + +6. Configuring MUAs to work with qmail + + +6.1. How do I make BSD mail generate a Date with the local time zone? +When I send mail, I'd rather use the local time zone than GMT, since +some MUAs don't know how to display Date in the receiver's time zone. + +Answer: Put + + set sendmail=/var/qmail/bin/datemail + +into your .mailrc or your system-wide Mail.rc. Beware that BSD mail is +neither secure nor reliable. + + +6.2. How do I make pine work with qmail? + +Answer: Put + + sendmail-path=/usr/lib/sendmail -oem -oi -t + +into /usr/local/lib/pine.conf. (This will work with sendmail too.) +Beware that pine is neither secure nor reliable. + + +6.3. How do I make MH work with qmail? + +Answer: Put + + postproc: /usr/mh/lib/spost + +into each user's .mh_profile. (This will work with sendmail too.) Beware +that MH is neither secure nor reliable. + + +6.4. How do I stop Sun's dtcm from hanging? + +Answer: There is a novice programming error in dtcm, known as ``failure +to close the output side of the pipe in the child.'' Sun has, at the +time of this writing, not yet provided a patch. Sorry. + + + +7. Managing the mail system + + +7.1. How do I safely stop qmail-send? Back when we were running +sendmail, it was always tricky to kill sendmail without risking the loss +of current deliveries; what should I do with qmail-send? + +Answer: Go ahead and kill the qmail-send process. It will shut down +cleanly. Wait for ``exiting'' to show up in the log. To restart qmail, +run /var/qmail/rc the same way it is run from your system boot scripts, +with the proper PATH, resource limits, etc. + +Alternative, if qmail is supervised: svc -t /var/run/qmail. The +supervise process will kill qmail, wait for it to stop, and restart it. +Use -d instead of -t if you don't want qmail to restart automatically; +to manually restart it, use -u. + + +7.2. How do I manually run the queue? I'd like qmail to try delivering +all the remote messages right now. + +Answer: Give the qmail-send process an ALRM. (Do svc -a /var/run/qmail +if qmail is supervised.) + +You may want to run qmail-tcpok first, to guarantee that qmail-remote +will try all addresses. Normally, if an address fails repeatedly, +qmail-remote leaves it alone for an hour. + + +7.3. How do I rejuvenate a message? Somebody broke into Eric's computer +again; it's going to be down for at least another two days. I know Eric +has been expecting an important message---in fact, I see it sitting here +in /var/qmail/queue/mess/15/26902. It's been in the queue for six days; +how can I make sure it isn't bounced tomorrow? + +Answer: Just touch /var/qmail/queue/info/15/26902. (This is the only +form of queue modification that's safe while qmail is running.) + + +7.4. How do I organize a big network? I have a lot of machines, and I +don't know where to start. + +Answer: First, choose the domain name where your users will receive +mail. This is normally the shortest domain name you control. If you are +in charge of *.movie.edu, you can use addresses like joe@movie.edu. + +Second, choose the machine that will know what to do with different +users at movie.edu. Set up a host name in DNS for this machine: + + mailhost.movie.edu IN A 1.2.3.4 + 4.3.2.1.in-addr.arpa IN PTR mailhost.movie.edu + +Here 1.2.3.4 is the IP address of that machine. + +Third, make a list of machines where mail should end up. For example, if +mail for Bob should end up on Bob's workstation, put Bob's workstation +onto the list. For each of these machines, set up a host name in DNS: + + bobshost.movie.edu IN A 1.2.3.7 + 7.3.2.1.in-addr.arpa IN PTR bobshost.movie.edu + +Fourth, install qmail on bobshost.movie.edu. qmail will automatically +configure itself to accept messages for bob@bobshost.movie.edu and +deliver them to ~bob/Mailbox on bobshost. Do the same for the other +machines where mail should end up. + +Fifth, install qmail on mailhost.movie.edu. Put + + movie.edu:alias-movie + +into control/virtualdomains on mailhost. Then forward bob@movie.edu to +bob@bobshost.movie.edu, by putting + + bob@bobshost.movie.edu + +into ~alias/.qmail-movie-bob. Do the same for other users. + +Sixth, put movie.edu into control/rcpthosts on mailhost.movie.edu, so +that mailhost.movie.edu will accept messages for users at movie.edu. + +Seventh, set up an MX record in DNS to deliver movie.edu messages to +mailhost: + + movie.edu IN MX 10 mailhost.movie.edu + +Eighth, on all your machines, put movie.edu into control/defaulthost. + + +7.5. How do I back up and restore the queue disk? + +Answer: You can't. + +One difficulty is that you can't get a consistent snapshot of the queue +while qmail-send is running. Another difficulty is that messages in the +queue must have filenames that match their inode numbers. + +However, the big problem is that backups---even twice-daily backups--- +are far too unreliable for mail. If your disk dies, there will be very +little overlap between the messages saved in the last backup and the +messages that were lost. + +There are several ways to add real reliability to a mail server. Battery +backups will keep your server alive, letting you park the disk to avoid +a head crash, when the power goes out. Solid-state disks have their own +battery backups. RAID boxes let you replace dead disks without losing +any data. + + +7.6. How do I run a supervised copy of qmail? svc sounds useful. + +Answer: Install daemontools (http://pobox.com/~djb/daemontools.html). +Create a /var/run/qmail directory. Change + + /var/qmail/rc + +to + + supervise /var/run/qmail /var/qmail/rc + +in your boot scripts. Make sure that supervise is in the startup PATH. +Now you can use svc to stop or restart qmail, and svstat to check +whether qmail is running. + + +7.7. How do I avoid syslog? It chews up a lot of CPU time and isn't +reliable. + +Answer: Install daemontools (http://pobox.com/~djb/daemontools.html). +Make a /var/log/qmail directory, owned by qmaill, mode 2700. Do + + qmail-start ./Mailbox /usr/local/bin/accustamp \ + | setuser qmaill /usr/local/bin/cyclog /var/log/qmail & + +in /var/qmail/rc. + +If you are logging tcpserver connections, make a /var/log/smtpd +directory, and use cyclog /var/log/smtpd for tcpserver. You shouldn't +run several copies of cyclog with the same log directory. + +By default, cyclog keeps 10 automatically rotated log files, each +containing up to 100KB of log data. To keep 20 files with 1MB each, use +cyclog -s 1000000 -n 20. + + + +8. Miscellany + + +8.1. How do I tell qmail to do more deliveries at once? It's running +only 20 parallel qmail-remote processes. + +Answer: Decide how many deliveries you want to allow at once. Put that +number into control/concurrencyremote. Restart qmail-send as in question +7.1. If your system has resource limits, make sure you set the +descriptors limit to at least double the concurrency plus 5; otherwise +you'll get lots of unnecessary deferrals whenever a big burst of mail +shows up. Note that qmail also imposes a compile-time concurrency limit, +120 by default; this is set in conf-spawn. + + +8.2. How do I keep a copy of all incoming and outgoing mail messages? + +Answer: Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h. +Recompile qmail. Put ./msg-log into ~alias/.qmail-log. + +You can also use QUEUE_EXTRA to, e.g., record the Message-ID of every +message: run + + | awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' + +from ~alias/.qmail-log. + + +8.3. How do I switch slowly from sendmail to qmail? I'm thinking of +moving the heaven.af.mil network over to qmail, but first I'd like to +give my users a chance to try out qmail without affecting current +sendmail deliveries. We're using NFS. + +Answer: Find a host in your network, say pc.heaven.af.mil, that isn't +running an SMTP server. (If addresses at pc.heaven.af.mil are used, you +should already have an MX pointing pc.heaven.af.mil to your mail hub.) + +Set up a new MX record pointing lists.heaven.af.mil to pc.heaven.af.mil. +Install qmail on pc.heaven.af.mil. Replace pc with lists in the control +files. Make the qmail man pages available on all your machines. + +Now tell your users about qmail. A user can forward joe@heaven.af.mil to +joe@lists.heaven.af.mil to get ~/Mailbox delivery; he can set up .qmail +files; he can start running his own mailing lists @lists.heaven.af.mil. + +When you're ready to turn sendmail off, you can set up pc.heaven.af.mil +as your new mail hub. Add heaven.af.mil to control/locals, and change +the heaven.af.mil MX to point to pc.heaven.af.mil. Make sure you leave +lists.heaven.af.mil in control/locals so that transition addresses will +continue to work. diff --git a/doc/Qmail/INSTALL.alias b/doc/Qmail/INSTALL.alias new file mode 100644 index 0000000..672365a --- /dev/null +++ b/doc/Qmail/INSTALL.alias @@ -0,0 +1,40 @@ +qmail lets each user control all addresses of the form user-anything. +Addresses that don't start with a username are controlled by a special +user, alias. Delivery instructions for foo go into ~alias/.qmail-foo; +delivery instructions for user-foo go into ~user/.qmail-foo. See +dot-qmail.0 for the full story. + +qmail doesn't have any built-in support for /etc/aliases. If you have a +big /etc/aliases and you'd like to keep it, install the fastforward +package, available separately. /etc/aliases should already include the +aliases discussed below---Postmaster, MAILER-DAEMON, and root. + +If you don't have a big /etc/aliases, you'll find it easier to use +qmail's native alias mechanism. Here's a checklist of aliases you should +set up right now. + +* Postmaster. You're not an Internet citizen if this address doesn't +work. Simply touch (and chmod 644) ~alias/.qmail-postmaster; any mail +for Postmaster will be delivered to ~alias/Mailbox. + +* MAILER-DAEMON. Not required, but users sometimes respond to bounce +messages. Touch (and chmod 644) ~alias/.qmail-mailer-daemon. + +* root. Under qmail, root never receives mail. Your system may generate +mail messages to root every night; if you don't have an alias for root, +those messages will bounce. (They'll end up double-bouncing to the +postmaster.) Set up an alias for root in ~alias/.qmail-root. .qmail +files are similar to .forward files, but beware that they are strictly +line-oriented---see dot-qmail.0 for details. + +* Other non-user accounts. Under qmail, non-user accounts don't get +mail; ``user'' means a non-root account that owns ~account. Set up +aliases for any non-user accounts that normally receive mail. + +Note that special accounts such as ftp, www, and uucp should always have +home directories owned by root. + +* Default. If you want, you can touch ~alias/.qmail-default to catch +everything else. Beware: this will also catch typos and other addresses +that should probably be bounced instead. It won't catch addresses that +start with a user name---the user can set up his own ~/.qmail-default. diff --git a/doc/Qmail/INSTALL.ctl b/doc/Qmail/INSTALL.ctl new file mode 100644 index 0000000..00ce689 --- /dev/null +++ b/doc/Qmail/INSTALL.ctl @@ -0,0 +1,38 @@ +As you've seen, qmail has essentially no pre-compilation configuration. +You should never have to recompile it unless you want to change the +qmail home directory, usernames, or uids. + +qmail does allow quite a bit of easy post-installation configuration. If +you care how your machine greets other machines via SMTP, for example, +you can put an appropriate line into /var/qmail/control/smtpgreeting. + +But this is all optional---if control/smtpgreeting doesn't exist, qmail +will do something reasonable by default. You shouldn't worry much about +configuration right now. You can always come back and tune things later. + +There's one big exception. You MUST tell qmail your hostname. Just run +the config-fast script: + + # ./config-fast your.full.host.name + +config-fast puts your.full.host.name into control/me. It also puts it +into control/locals and control/rcpthosts, so that qmail will accept +mail for your.full.host.name. + +You can instead use the config script, which looks up your host name in +DNS: + + # ./config + +config also looks up your local IP addresses in DNS to decide which +hosts to accept mail for. + +(Why doesn't qmail do these lookups on the fly? This was a deliberate +design decision. qmail does all its local functions---header rewriting, +checking if a recipient is local, etc.---without talking to the network. +The point is that qmail can continue accepting and delivering local mail +even if your network connection goes down.) + +Next, read through FAQ for information on setting up optional features +like masquerading. If you really want to learn right now what all the +configuration possibilities are, see qmail-control.0. diff --git a/doc/Qmail/INSTALL.ids b/doc/Qmail/INSTALL.ids new file mode 100644 index 0000000..a50e10d --- /dev/null +++ b/doc/Qmail/INSTALL.ids @@ -0,0 +1,72 @@ +Here's how to set up the qmail groups and the qmail users. + +On some systems there are commands that make this easy. Solaris and +Linux: + + # groupadd nofiles + # useradd -g nofiles -d /var/qmail/alias alias + # useradd -g nofiles -d /var/qmail qmaild + # useradd -g nofiles -d /var/qmail qmaill + # useradd -g nofiles -d /var/qmail qmailp + # groupadd qmail + # useradd -g qmail -d /var/qmail qmailq + # useradd -g qmail -d /var/qmail qmailr + # useradd -g qmail -d /var/qmail qmails + +FreeBSD 2.2: + + # pw groupadd nofiles + # pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent + # pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent + # pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent + # pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent + # pw groupadd qmail + # pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent + # pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent + # pw useradd qmails -g qmail -d /var/qmail -s /nonexistent + +BSDI 2.0: + + # addgroup nofiles + # adduser -g nofiles -H/var/qmail/alias -G,,, -s/dev/null -P'*' alias + # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaild + # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaill + # adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmailp + # addgroup qmail + # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailq + # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailr + # adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmails + +AIX: + + # mkgroup -A nofiles + # mkuser pgrp=nofiles home=/var/qmail/alias shell=/bin/true alias + # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmaild + # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmaill + # mkuser pgrp=nofiles home=/var/qmail shell=/bin/true qmailp + # mkgroup -A qmail + # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmailq + # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmailr + # mkuser pgrp=qmail home=/var/qmail shell=/bin/true qmails + +On other systems, you will have to edit /etc/group and /etc/passwd +manually. First add two new lines to /etc/group, something like + + qmail:*:2107: + nofiles:*:2108: + +where 2107 and 2108 are different from the other gids in /etc/group. +Next (using vipw) add six new lines to /etc/passwd, something like + + alias:*:7790:2108::/var/qmail/alias:/bin/true + qmaild:*:7791:2108::/var/qmail:/bin/true + qmaill:*:7792:2108::/var/qmail:/bin/true + qmailp:*:7793:2108::/var/qmail:/bin/true + qmailq:*:7794:2107::/var/qmail:/bin/true + qmailr:*:7795:2107::/var/qmail:/bin/true + qmails:*:7796:2107::/var/qmail:/bin/true + +where 7790 through 7796 are _new_ uids, 2107 is the qmail gid, and 2108 +is the nofiles gid. Make sure you use the nofiles gid for qmaild, +qmaill, qmailp, and alias, and the qmail gid for qmailq, qmailr, and +qmails. diff --git a/doc/Qmail/INSTALL.maildir b/doc/Qmail/INSTALL.maildir new file mode 100644 index 0000000..72373aa --- /dev/null +++ b/doc/Qmail/INSTALL.maildir @@ -0,0 +1,59 @@ +This file points out some reasons that you might want to switch from +mbox format to a new format, maildir. + + +1. The trouble with mbox + +The mbox format---the format of ~user/Mailbox, understood by BSD Mail +and lots of other MUAs---is inherently unreliable. + +Think about it: what happens if the system crashes while a program is +appending a new message to ~user/Mailbox? The message will be truncated. +Even worse, if it was truncated in the middle of a line, it will end up +being merged with the next message! Sure, the mailer understands that it +wasn't successful, so it'll try delivering the message again later, but +it can't fix your corrupted mbox. + +Other formats, such as mh folders, are just as unreliable. + +qmail supports maildir, a crashproof format for incoming mail messages. +maildir is fast and easy for MUAs to use. Even better, maildir works +wonders over NFS---see below. + +I don't want to cram maildir down people's throats, so it's not the +default. Nevertheless, I encourage you to start asking for maildir +versions of your favorite MUAs, and to switch over to maildir as soon as +you can. + + +2. Sun's Network F_ail_u_re System + +Anyone who tells you that mail can be safely delivered in mbox format +over NFS is pulling your leg---as explained above, mbox format is +inherently unreliable even on a single machine. + +Anyway, NFS is the most unreliable computing environment ever invented, +and qmail doesn't even pretend to support mbox over NFS. + +You should switch to maildir, which works fine over NFS without any +locking. You can safely read your mail over NFS if it's in maildir +format. Any number of machines can deliver mail to you at the same time. +(On the other hand, for efficiency, it's better to get NFS out of the +picture---your mail should be delivered on the server that contains your +home directory.) + +Here's how to set up qmail to use maildir for your incoming mail: + + % maildirmake $HOME/Maildir + % echo ./Maildir/ > ~/.qmail + +Make sure you include the trailing slash on Maildir/. + +The system administrator can set up Maildir as the default for everybody +by creating a maildir in the new-user template directory and replacing +./Mailbox with ./Maildir/ in /var/qmail/rc. + +Until your MUA supports maildir, you'll probably want to convert maildir +format to (gaaack) mbox format. I've supplied a maildir2mbox utility +that does the trick, along with some tiny qail and elq and pinq wrappers +that call maildir2mbox before calling Mail or elm or pine. diff --git a/doc/Qmail/INSTALL.mbox b/doc/Qmail/INSTALL.mbox new file mode 100644 index 0000000..93ca16c --- /dev/null +++ b/doc/Qmail/INSTALL.mbox @@ -0,0 +1,53 @@ +The qmail package includes a local delivery agent, qmail-local, which +provides user-controlled mailing lists, cross-host alias loop detection, +and many other important qmail features. + +There's one important difference between qmail-local and binmail: +qmail-local delivers mail by default into ~user/Mailbox, rather than +/var/spool/mail/user. It uses mbox format, with lockf locking on systems +that don't have flock (HP/UX, Solaris), and flock locking otherwise. + +This file explains how to switch your system to ~user/Mailbox. You +aren't required to do this; for further discussion of /var/spool/mail, +and an explanation of how to continue using binmail for local +deliveries, see INSTALL.vsm. + +The basic procedure for switching to ~user/Mailbox is simple: + + * Move each /var/spool/mail/user to ~user/Mailbox. For safety, do + this in single-user mode. + + * As root, set up a symbolic link from /var/spool/mail/user to + ~user/Mailbox for each user. /var/spool/mail should be mode 1777, + so users will not be able to accidentally remove these links. + +A few mail programs are unable to handle symbolic links, so you will +have to configure them to look at ~user/Mailbox directly: + + * procmail: Change SYSTEM_MBOX in config.h and recompile; or, with + recent versions, define MAILSPOOLHOME in src/authenticate.c. + +An alternative to symbolic links is hlfsd. Consult the documentation for +hlfsd if it is included in your operating system. + +If /var/spool/mail is large, you can gain extra speed by configuring +all your mail software to look at ~user/Mailbox directly: + + * Most MUAs: Put ``setenv MAIL $HOME/Mailbox'' in your system-wide + .cshrc and ``MAIL=$HOME/Mailbox; export MAIL'' in your system-wide + .profile. + + * elm: Change "mailbox" to "Mailbox" around line 388 of newmbox.c and + recompile. (elm looks at $MAIL, but without this change elm will + fail if two users try to read mail simultaneously.) + + * pine: Put ``inbox-path=Mailbox'' in your system-wide pine.conf. + (For pine versions more recent than 3.91, see also FAQ 6.2.) + + * qpopper 2.2: Change /.mail to /Mailbox in pop_dropcopy.c and + recompile with -DHOMEDIRMAIL in CFLAGS. + +Some vendors, in a misguided attempt to solve the security problems of +/var/spool/mail, have made all their mail software setgid mail. After +you move the mailboxes, you can---and, for security, should---remove +those setgid-mail bits. diff --git a/doc/Qmail/INSTALL.qmail b/doc/Qmail/INSTALL.qmail new file mode 100644 index 0000000..e3b0f09 --- /dev/null +++ b/doc/Qmail/INSTALL.qmail @@ -0,0 +1,84 @@ +SAVE COPIES OF YOUR OUTGOING MAIL! Like any other piece of software (and +information generally), the qmail system comes with NO WARRANTY. It's +much more secure and reliable than sendmail, but that's not saying much. + + +Things you have to decide before starting: + +* The qmail home directory, normally /var/qmail. To change this +directory, edit conf-qmail now. + +* The names of the qmail users and the qmail groups. To change these +names, edit conf-users and conf-groups now. + + +To create /var/qmail and configure qmail (won't interfere with sendmail): + + 1. Create the qmail home directory: + # mkdir /var/qmail + + 2. Read INSTALL.ids. You must set up the qmail group and the qmail + users before compiling the programs. + + 3. Compile the programs and create the qmail directory tree: + # make setup check + + 4. Read INSTALL.ctl and FAQ. Minimal survival command: + # ./config + + 5. Read INSTALL.alias. Minimal survival command: + # (cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root) + # chmod 644 ~alias/.qmail* + + 6. Read INSTALL.mbox and INSTALL.vsm. + + 7. Read INSTALL.maildir. + + 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc. + + +To test qmail deliveries (won't interfere with sendmail): + + 9. Enable deliveries of messages injected into qmail: + # csh -cf '/var/qmail/rc &' + +10. Read TEST.deliver. + + +To upgrade from sendmail to qmail: + +11. Read SENDMAIL. This is what your users will want to know about the + switch from sendmail to qmail. + +12. Read REMOVE.sendmail. You must remove sendmail before installing + qmail. + +13. Read REMOVE.binmail. + +14. Add + csh -cf '/var/qmail/rc &' + to your boot scripts, so that the qmail daemons are restarted + whenever your system reboots. Make sure you include the &. + +15. Make qmail's ``sendmail'' wrapper available to MUAs: + # ln -s /var/qmail/bin/sendmail /usr/lib/sendmail + # ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail + /usr/sbin might not exist on your system. + +16. Set up qmail-smtpd in /etc/inetd.conf (all on one line): + smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env + tcp-env /var/qmail/bin/qmail-smtpd + +17. Reboot. (Or kill -HUP your inetd and make sure the qmail daemons + are running.) + +18. Read TEST.receive. + + + +That's it! To report success: + % ( echo 'First M. Last'; cat `cat SYSDEPS` ) | mail djb-qst@cr.yp.to +Replace First M. Last with your name. + +If you have questions about qmail, join the qmail mailing list; see +http://pobox.com/~djb/qmail.html. diff --git a/doc/Qmail/INTERNALS b/doc/Qmail/INTERNALS new file mode 100644 index 0000000..effda6f --- /dev/null +++ b/doc/Qmail/INTERNALS @@ -0,0 +1,186 @@ +1. Overview + +Here's the data flow in the qmail suite: + + qmail-qmpqd _ + \ + qmail-qmtpd __\ + \ + qmail-smtpd ---- qmail-queue --- qmail-send --- qmail-rspawn --- qmail-remote + / | \ + qmail-inject -_/ qmail-clean \_ qmail-lspawn --- qmail-local + +Every message is added to a central queue directory by qmail-queue. +qmail-queue is invoked as needed, usually by qmail-inject for locally +generated messages, qmail-smtpd for messages received through SMTP, +qmail-local for forwarded messages, or qmail-send for bounce messages. + +Every message is then delivered by qmail-send, in cooperation with +qmail-lspawn and qmail-rspawn, and cleaned up by qmail-clean. These four +programs are long-running daemons. + +The queue is designed to be crashproof, provided that the underlying +filesystem is crashproof. All cleanups are handled by qmail-send and +qmail-clean without human intervention. See section 6 for more details. + + +2. Queue structure + +Each message in the queue is identified by a unique number, let's say +457. The queue is organized into several directories, each of which may +contain files related to message 457: + + mess/457: the message + todo/X/457: the envelope: where the message came from, where it's going + intd/457: the envelope, under construction by qmail-queue + info/457: the envelope sender address, after preprocessing + local/457: local envelope recipient addresses, after preprocessing + remote/457: remote envelope recipient addresses, after preprocessing + bounce/457: permanent delivery errors + +Here are all possible states for a message. + means a file exists; - +means it does not exist; ? means it may or may not exist; X is a hash directory. + + S1. -mess -intd -todo -info -local -remote -bounce + S2. +mess -intd -todo -info -local -remote -bounce + S3. +mess +intd -todo -info -local -remote -bounce + S4. +mess ?intd +todo ?info ?local ?remote -bounce (queued) + S5. +mess -intd -todo +info ?local ?remote ?bounce (preprocessed) + +Guarantee: If mess/457 exists, it has inode number 457. + + +3. How messages enter the queue + +To add a message to the queue, qmail-queue first creates a file in a +separate directory, pid/, with a unique name. The filesystem assigns +that file a unique inode number. qmail-queue looks at that number, say +457. By the guarantee above, message 457 must be in state S1. + +qmail-queue renames pid/whatever as mess/457, moving to S2. It writes +the message to mess/457. It then creates intd/457, moving to S3, and +writes the envelope information to intd/457. + +Finally qmail-queue creates a new link, todo/457, for intd/457, moving +to S4. At that instant the message has been successfully queued, and +qmail-queue leaves it for further handling by qmail-send. + +qmail-queue starts a 24-hour timer before touching any files, and +commits suicide if the timer expires. + + +4. How queued messages are preprocessed + +Once a message has been queued, qmail-send must decide which recipients +are local and which recipients are remote. It may also rewrite some +recipient addresses. + +When qmail-send notices todo/457, it knows that message 457 is in S4. It +removes info/457, local/457, and remote/457 if they exist. Then it reads +through todo/457. It creates info/457, possibly local/457, and possibly +remote/457. When it is done, it removes intd/457. The message is still +in S4 at this point. Finally qmail-send removes todo/457, moving to S5. +At that instant the message has been successfully preprocessed. + + +5. How preprocessed messages are delivered + +Messages at S5 are handled as follows. Each address in local/457 and +remote/457 is marked either NOT DONE or DONE. + + DONE: The message was successfully delivered, or the last delivery + attempt met with permanent failure. Either way, qmail-send + should not attempt further delivery to this address. + + NOT DONE: If there have been any delivery attempts, they have all + met with temporary failure. Either way, qmail-send should + try delivery in the future. + +qmail-send may at its leisure try to deliver a message to a NOT DONE +address. If the message is successfully delivered, qmail-send marks the +address as DONE. If the delivery attempt meets with permanent failure, +qmail-send first appends a note to bounce/457, creating bounce/457 if +necessary; then it marks the address as DONE. Note that bounce/457 is +not crashproof. + +qmail-send may handle bounce/457 at any time, as follows: it (1) injects +a new bounce message, created from bounce/457 and mess/457; (2) deletes +bounce/457. + +When all addresses in local/457 are DONE, qmail-send deletes local/457. +Same for remote/457. + +When local/457 and remote/457 are gone, qmail-send eliminates the +message, as follows. First, if bounce/457 exists, qmail-send handles it +as described above. Once bounce/457 is definitely gone, qmail-send +deletes info/457, moving to S2, and finally mess/457, moving to S1. + + +6. Cleanups + +If the computer crashes while qmail-queue is trying to queue a message, +or while qmail-send is eliminating a message, the message may be left in +state S2 or S3. + +When qmail-send sees a message in state S2 or S3---other than one +it is currently eliminating!---where mess/457 is more than 36 hours old, +it deletes intd/457 if that exists, then deletes mess/457. Note that any +qmail-queue handling the message must be dead. + +Similarly, when qmail-send sees a file in the pid/ directory that is +more than 36 hours old, it deletes it. + +Cleanups are not necessary if the computer crashes while qmail-send is +delivering a message. At worst a message may be delivered twice. (There +is no way for a distributed mail system to eliminate the possibility of +duplication. What if an SMTP connection is broken just before the server +acknowledges successful receipt of the message? The client must assume +the worst and send the message again. Similarly, if the computer crashes +just before qmail-send marks a message as DONE, the new qmail-send must +assume the worst and send the message again. The usual solutions in the +database literature---e.g., keeping log files---amount to saying that +it's the recipient's computer's job to discard duplicate messages.) + + +7. Bounces + +Bounces (aka 'None-Delivery Reports, NDR) are formated as QMBF messages. +Generated by qmail-send, bounce message handling is not bullet proof. +The size of bounce messages is typically larger than the original email +and maybe therefore be subject of rejection by the sender, resulting +in 'double bounces' (redirected to the postmaster). + +Bounce control can be achieved by means of 'control/bouncemaxbytes' +truncating the bounce message to the specified size. Further, bounce +hosts and be set up by 'control/smtproutes' and 'control/qmtroutes'. +Double bounces can also be redirected to a special address provided in +'control/doublebounceto' allowing in addition to dump double bounces. + + +8. Further notes + +Currently info/457 serves two purposes: first, it records the envelope +sender; second, its modification time is used to decide when a message +has been in the queue too long. In the future info/457 may store more +information. Any non-backwards-compatible changes will be identified by +version numbers. + +When qmail-queue has successfully placed a message into the queue, it +pulls a trigger offered by qmail-send. Here is the current triggering +mechanism: lock/trigger is a named pipe. Before scanning todo/, +qmail-send opens lock/trigger O_NDELAY for reading. It then selects for +readability on lock/trigger. qmail-queue pulls the trigger by writing a +byte O_NDELAY to lock/trigger. This makes lock/trigger readable and +wakes up qmail-send. Before scanning todo/ again, qmail-send closes and +reopens lock/trigger. + +The 'bigtodo' enhancements splits up the 'todo' dir into the number +of subdirectories given by 'conf-split'. With a very large number of +email in the state 'todo' this helps improving stat'ing and speeds up +performance at almost no costs. + +-- + +Note: The original description was written by DJB and is mostly unaltered. + + diff --git a/doc/Qmail/PIC.local2alias b/doc/Qmail/PIC.local2alias new file mode 100644 index 0000000..75cff56 --- /dev/null +++ b/doc/Qmail/PIC.local2alias @@ -0,0 +1,37 @@ + Original message: + + To: help + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to help@heaven.af.mil + | From: joe@heaven.af.mil + | To: help@heaven.af.mil + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, help@heaven.af.mil. + | Is heaven.af.mil in locals? Yes. + | Deliver locally to help@heaven.af.mil. + V + +qmail-lspawn ./Mailbox + + | Look at mailbox name, help. + | Is help listed in qmail-users? No. + | Is there a help account? No. + | Give control of the message to alias. + | Run qmail-local. + V + +qmail-local alias ~alias help - help heaven.af.mil joe@heaven.af.mil ./Mailbox + + Does ~alias/.qmail-help exist? Yes: "john". + Forward message to john. diff --git a/doc/Qmail/PIC.local2ext b/doc/Qmail/PIC.local2ext new file mode 100644 index 0000000..a8bf644 --- /dev/null +++ b/doc/Qmail/PIC.local2ext @@ -0,0 +1,41 @@ + Original message: + + To: fred-sos + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to fred-sos@heaven.af.mil + | From: joe@heaven.af.mil + | To: fred-sos@heaven.af.mil + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, fred-sos@heaven.af.mil. + | Is heaven.af.mil in locals? Yes. + | Deliver locally to fred-sos@heaven.af.mil. + V + +qmail-lspawn ./Mailbox + + | Look at mailbox name, fred-sos. + | Is fred-sos listed in qmail-users? No. + | Is there a fred-sos account? No. + | Is there a fred account? Yes. + | Is fred's uid nonzero? Yes. + | Is ~fred visible to the qmailp user? Yes. + | Is ~fred owned by fred? Yes. + | Give control of the message to fred. + | Run qmail-local. + V + +qmail-local fred ~fred fred-sos - sos heaven.af.mil joe@heaven.af.mil ./Mailbox + + Does ~fred/.qmail-sos exist? Yes: "./Extramail". + Write message to ./Extramail in mbox format. diff --git a/doc/Qmail/PIC.local2local b/doc/Qmail/PIC.local2local new file mode 100644 index 0000000..3a067e0 --- /dev/null +++ b/doc/Qmail/PIC.local2local @@ -0,0 +1,40 @@ + Original message: + + To: fred + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to fred@heaven.af.mil + | From: joe@heaven.af.mil + | To: fred@heaven.af.mil + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, fred@heaven.af.mil. + | Is heaven.af.mil in locals? Yes. + | Deliver locally to fred@heaven.af.mil. + V + +qmail-lspawn ./Mailbox + + | Look at mailbox name, fred. + | Is fred listed in qmail-users? No. + | Is there a fred account? Yes. + | Is fred's uid nonzero? Yes. + | Is ~fred visible to the qmailp user? Yes. + | Is ~fred owned by fred? Yes. + | Give control of the message to fred. + | Run qmail-local. + V + +qmail-local fred ~fred fred '' '' heaven.af.mil joe@heaven.af.mil ./Mailbox + + Does ~fred/.qmail exist? No. + Write message to ./Mailbox in mbox format. diff --git a/doc/Qmail/PIC.local2rem b/doc/Qmail/PIC.local2rem new file mode 100644 index 0000000..6857af5 --- /dev/null +++ b/doc/Qmail/PIC.local2rem @@ -0,0 +1,38 @@ + Original message: + + To: bill@irs.gov + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to bill@irs.gov + | From: joe@heaven.af.mil + | To: bill@irs.gov + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, bill@irs.gov. + | Is irs.gov in locals? No. + | Is bill@irs.gov in virtualdomains? No. + | Is irs.gov in virtualdomains? No. + | Is .gov in virtualdomains? No. + | Deliver remotely to bill@irs.gov. + V + +qmail-rspawn Run qmail-remote. + + | + V + +qmail-remote Look at host name, irs.gov. + Is irs.gov listed in smtproutes? No. + Look up DNS MX/A for irs.gov and connect to it by SMTP: + + MAIL FROM: + RCPT TO: diff --git a/doc/Qmail/PIC.local2virt b/doc/Qmail/PIC.local2virt new file mode 100644 index 0000000..60f80c8 --- /dev/null +++ b/doc/Qmail/PIC.local2virt @@ -0,0 +1,44 @@ + Original message: + + To: dude@tommy.gov + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to dude@tommy.gov + | From: joe@heaven.af.mil + | To: dude@tommy.gov + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, dude@tommy.gov. + | Is tommy.gov in locals? No. + | Is dude@tommy.gov in virtualdomains? No. + | Is tommy.gov in virtualdomains? Yes: "tommy.gov:fred". + | Deliver locally to fred-dude@tommy.gov. + V + +qmail-lspawn ./Mailbox + + | Look at mailbox name, fred-dude. + | Is fred-dude listed in qmail-users? No. + | Is there a fred-dude account? No. + | Is there a fred account? Yes. + | Is fred's uid nonzero? Yes. + | Is ~fred visible to the qmailp user? Yes. + | Is ~fred owned by fred? Yes. + | Give control of the message to fred. + | Run qmail-local. + V + +qmail-local fred ~fred fred-dude - dude tommy.gov joe@heaven.af.mil ./Mailbox + + Does ~fred/.qmail-dude exist? No. + Does ~fred/.qmail-default exist? Yes: "./Mail.tommy". + Write message to ./Mail.tommy in mbox format. diff --git a/doc/Qmail/PIC.nullclient b/doc/Qmail/PIC.nullclient new file mode 100644 index 0000000..a90d7cb --- /dev/null +++ b/doc/Qmail/PIC.nullclient @@ -0,0 +1,38 @@ + Original message: + + To: bill@irs.gov + Hi. + +qmail-inject Fill in the complete envelope and header: + + | (envelope) from joe@heaven.af.mil to bill@irs.gov + | From: joe@heaven.af.mil + | To: bill@irs.gov + | + | Hi. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, bill@irs.gov. + | Is irs.gov in locals? No. + | Is bill@irs.gov in virtualdomains? No. + | Is irs.gov in virtualdomains? No. + | Is .gov in virtualdomains? No. + | Deliver remotely to bill@irs.gov. + V + +qmail-rspawn Run qmail-remote. + + | + V + +qmail-remote Look at host name, irs.gov. + Is irs.gov listed in smtproutes? Yes: ":bigbang.af.mil". + Look up DNS A for bigbang.af.mil and connect by SMTP: + + MAIL FROM: + RCPT TO: diff --git a/doc/Qmail/PIC.relaybad b/doc/Qmail/PIC.relaybad new file mode 100644 index 0000000..513f74f --- /dev/null +++ b/doc/Qmail/PIC.relaybad @@ -0,0 +1,8 @@ +qmail-smtpd Receive message by SMTP from another host: + + MAIL FROM: + RCPT TO: + + Is $RELAYCLIENT set? No. + Is irs.gov in rcpthosts? No. + Reject RCPT. diff --git a/doc/Qmail/PIC.relaygood b/doc/Qmail/PIC.relaygood new file mode 100644 index 0000000..0d62fa9 --- /dev/null +++ b/doc/Qmail/PIC.relaygood @@ -0,0 +1,33 @@ +qmail-smtpd Receive message by SMTP from another host: + + | MAIL FROM: + | RCPT TO: + | + | Is $RELAYCLIENT set? Yes: "". + | Accept RCPT. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, bill@irs.gov. + | Is irs.gov in locals? No. + | Is bill@irs.gov in virtualdomains? No. + | Is irs.gov in virtualdomains? No. + | Is .gov in virtualdomains? No. + | Deliver remotely to bill@irs.gov. + V + +qmail-rspawn Run qmail-remote. + + | + V + +qmail-remote Look at host name, irs.gov. + Is irs.gov listed in smtproutes? No. + Look up DNS MX/A for irs.gov and connect to it by SMTP: + + MAIL FROM: + RCPT TO: diff --git a/doc/Qmail/PIC.rem2local b/doc/Qmail/PIC.rem2local new file mode 100644 index 0000000..62fe61a --- /dev/null +++ b/doc/Qmail/PIC.rem2local @@ -0,0 +1,36 @@ +qmail-smtpd Receive message by SMTP from another host: + + | MAIL FROM: + | RCPT TO: + | + | Is $RELAYCLIENT set? No. + | Is heaven.af.mil in rcpthosts? Yes. + | Accept RCPT. + V + +qmail-queue Store message safely on disk. + Trigger qmail-send. + | + V + +qmail-send Look at envelope recipient, joe@heaven.af.mil. + | Is heaven.af.mil in locals? Yes. + | Deliver locally to joe@heaven.af.mil. + V + +qmail-lspawn ./Mailbox + + | Look at mailbox name, joe. + | Is joe listed in qmail-users? No. + | Is there a joe account? Yes. + | Is joe's uid nonzero? Yes. + | Is ~joe visible to the qmailp user? Yes. + | Is ~joe owned by joe? Yes. + | Give control of the message to joe. + | Run qmail-local. + V + +qmail-local joe ~joe joe '' '' heaven.af.mil bill@irs.gov ./Mailbox + + Does ~joe/.qmail exist? No. + Write message to ./Mailbox in mbox format. diff --git a/doc/Qmail/README b/doc/Qmail/README new file mode 100644 index 0000000..5208eaf --- /dev/null +++ b/doc/Qmail/README @@ -0,0 +1,269 @@ +qmail 1.03 +19980615 +Copyright 1998 +D. J. Bernstein, qmail@pobox.com + +qmail is a secure, reliable, efficient, simple message transfer agent. +It is meant as a replacement for the entire sendmail-binmail system on +typical Internet-connected UNIX hosts. See BLURB, BLURB2, BLURB3, and +BLURB4 for more detailed advertisements. + +INSTALL says how to set up and test qmail. If you're upgrading from a +previous version, read UPGRADE instead. + +See PIC.* for some ``end-to-end'' pictures of mail flowing through the +qmail system. + +See http://pobox.com/~djb/qmail.html for other qmail-related software +and a pointer to the qmail mailing list. + +Other documentation: http://pobox.com/~djb/proto.html shows solutions to +several Internet mail problems; many of these solutions are implemented +in qmail. CHANGES and THANKS show how qmail has changed since it was +first released. SECURITY, INTERNALS, THOUGHTS, and TODO record many of +the qmail design decisions. + +The rest of this file is a list of systypes where various versions of +qmail have been reported to work. 0.96 was the final gamma version; 1.00 +had exactly the same code as 0.96. To see your systype, make systype; +cat systype. + +1.00: a.ux-3.0-svr2-:-:-:mc68030-:- (tnx RF) +1.01: aix-3-2-:-:-:000000406300-:- (tnx DG) +1.01: aix-3-2-:-:-:000011216700-:- (tnx JLB) +1.01: aix-4-1-:-:-:000041574c00-:- (tnx M2H) +1.01: aix-4-1-:-:-:000088581000-:- (tnx HJB) +1.01: aix-4-1-:-:-:002b51134c00-:- (tnx MP) +1.00: aix-4-1-:-:-:00910033a000-:- (tnx KJJ) +1.01: aix-4-2-:-:-:000055247900-:- (tnx JLB) +1.01: aix-4-2-:-:-:000062295800-:- (tnx TD) +1.01: aix-4-2-:-:-:000136094c00-:- (tnx T2U) +1.00: aix-4-2-:-:-:000205254600-:- (tnx MGM) +1.01: aix-4-2-:-:-:005255bc4c00-:- (tnx DS) +1.01: aix-4-2-:-:-:006030944c00-:- +1.01: bsd.386-1.1-0-:i386-:-:i386-:- (tnx T2M) +1.01: bsd.os-2.0-:i386-:-:pentium-:- (tnx MSS) +1.01: bsd.os-2.0.1-:i386-:-:i486-:- (tnx KR) +0.96: bsd.os-2.1-:i386-:-:-:- (tnx DAR) +1.00: bsd.os-2.1-:i386-:-:i486-:- (tnx RJC) +0.96: bsd.os-2.1-:i386-:-:pentium-:- (tnx UO) +1.01: bsd.os-3.0-:i386-:-:-:- (tnx VU) +1.01: bsd.os-3.0-:i386-:-:pentium-:- (tnx RJO) +1.01: bsd.os-3.1-:i386-:-:pentium-:- (tnx ABC) +1.01: bsd.os-3.1-:i386-:-:pentium.ii-:- (tnx UO) +0.96: dgux-5.4r2.01-generic-:-:-:aviion-:- (tnx HWM) +1.01: freebsd-2.1.0-release-:i386-:-:i486-dx-:- (tnx VV) +1.01: freebsd-2.1.0-release-:i386-:-:i486.dx2-:- (tnx JLB) +1.00: freebsd-2.1.0-release-:i386-:-:i486dx-:- (tnx chrisj=???) +1.01: freebsd-2.1.0-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx MBS) +1.01: freebsd-2.1.5-release-:i386-:-:i486-dx-:- (tnx B1F) +0.96: freebsd-2.1.5-release-:i386-:-:i486dx-:- (tnx FN) +1.01: freebsd-2.1.5-release-:i386-:-:unknown.-:- (tnx BMF) +1.00: freebsd-2.1.6-release-:i386-:-:-:- (tnx TM) +0.96: freebsd-2.1.6-release-:i386-:-:Pentium-Pro.150-:- (tnx CH) +1.01: freebsd-2.1.6-release-:i386-:-:cy486dlc-:- (tnx M3H) +0.96: freebsd-2.1.6.1-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx MF) +1.01: freebsd-2.1.7-release-:i386-:-:i486-dx-:- (tnx AAF) +1.00: freebsd-2.1.7-release-:i386-:-:pentium.735\90.or.815\100-:- (tnx JBB) +1.01: freebsd-2.1.7-release-:i386-:-:pentium.815\100-:- (tnx B1F) +1.01: freebsd-2.2-970422-releng-:i386-:-:-:- (tnx TM) +1.00: freebsd-2.2-release-:i386-:-:-:- (tnx MT) +1.01: freebsd-2.2-stable-:i386-:-:cyrix.5x86-:- (tnx A2B) +1.01: freebsd-2.2-stable-:i386-:-:pentium-:- (tnx gary@systemics=???) +1.01: freebsd-2.2.1-release-:i386-:-:-:- (tnx M2R) +1.01: freebsd-2.2.1-release-:i386-:-:i486-dx-:- (tnx PGR) +1.00: freebsd-2.2.1-release-:i386-:-:i486.dx2-:- (tnx BR) +1.01: freebsd-2.2.1-release-:i386-:-:pentium-:- (tnx REB) +1.01: freebsd-2.2.1-release-:i386-:-:pentium.pro-:- (tnx JS) +1.01: freebsd-2.2.2-release-:i386-:-:amd.am5x86.write-through-:- (tnx AGB) +1.01: freebsd-2.2.2-release-:i386-:-:i486-dx-:- (tnx A2L) +1.01: freebsd-2.2.2-release-:i386-:-:i486.dx2-:- (tnx D3S) +1.01: freebsd-2.2.2-release-:i386-:-:pentium-:- (tnx B2F) +1.01: freebsd-2.2.2-release-:i386-:-:pentium.pro-:- (tnx M2G) +1.01: freebsd-2.2.5-release-:i386-:-:i486-dx-:- (tnx R2N) +1.01: freebsd-2.2.5-release-:i386-:-:i486.dx2-:- (tnx AY) +1.01: freebsd-2.2.5-release-:i386-:-:pentium.pro-:- (tnx AI) +1.01: freebsd-2.2.5-stable-:i386-:-:i486.dx2-:- (tnx JK) +1.01: freebsd-2.2.5-stable-:i386-:-:pentium-:- (tnx root@defiant=???) +1.01: freebsd-2.2.6-release-:i386-:-:-:- (tnx TM) +1.01: freebsd-2.2.6-release-:i386-:-:amd.am5x86.write-through-:- (tnx root@skully=???) +1.00: freebsd-3.0-970209-snap-:i386-:-:-:- (tnx YF) +1.01: freebsd-3.0-970428-snap-:i386-:-:pentium-:- (tnx M3S) +1.01: freebsd-3.0-970807-snap-:i386-:-:amd.k6-:- (tnx KMD) +1.01: freebsd-3.0-980309-snap-:i386-:-:pentium-:- (tnx MM) +1.01: freebsd-3.0-current-:i386-:-:pentium-:- (tnx KB) +1.01: hp-ux-a.09.05-a-:-:-:9000.712-:- (tnx SV) +1.01: hp-ux-a.09.07-a-:-:-:9000.712-:- (tnx LB) +1.00: hp-ux-b.09.00-a-:-:-:9000.360-:- (tnx VV) +1.01: hp-ux-b.10.20-a-:-:-:9000.755-:- (tnx BCK) +1.01: irix-5.3-11091812-:-:-:ip22-:- (tnx JL) +1.01: irix-6.2-03131015-:-:-:ip22-:- (tnx DS) +1.01: irix64-6.2-03131016-:-:-:ip19-:- (tnx AH) +1.01: irix64-6.2-06101031-:-:-:ip28-:- (tnx DB) +1.01: linux-1.2.13-:i386-:-:i486-:- (tnx RF) +1.01: linux-1.2.13-:i386-:-:pentium-:- (tnx MEE) +1.01: linux-1.99.4-:i386-:-:pentium-:- (tnx C2H) +1.01: linux-2.0.0-:i386-:-:i486-:- (tnx kragen@gentle=???) +1.01: linux-2.0.0-:i386-:-:pentium-:- (tnx MJD) +1.01: linux-2.0.6-:i386-:-:pentium-:- +1.00: linux-2.0.6-:i386-:-:ppro-:- (tnx MR) +1.01: linux-2.0.7-:i386-:-:i486-:- (tnx TLM) +1.01: linux-2.0.9-:i386-:-:i486-:- (tnx VBM) +0.96: linux-2.0.13-:i386-:-:pentium-:- (tnx BW) +1.01: linux-2.0.15-:i386-:-:i486-:- (tnx JCD) +1.01: linux-2.0.18-:i386-:-:i486-:- (tnx tk@avalon=???) +1.01: linux-2.0.18-:i386-:-:pentium-:- (tnx root@webtvchat=???) +1.00: linux-2.0.22-:i386-:-:pentium-:- (tnx MDI) +1.00: linux-2.0.23-:i386-:-:i486-:- (tnx B2L) +1.01: linux-2.0.24-:i386-:-:i486-:- (tnx GLM) +1.00: linux-2.0.24-:i386-:-:pentium-:- (tnx VV) +0.96: linux-2.0.25-:i386-:-:i486-:- (tnx BDB) +1.01: linux-2.0.25-:i386-:-:pentium-:- (tnx KA) +0.93: linux-2.0.26-:i386-:-:i486-:- (tnx blynch@texas=???) +1.01: linux-2.0.26-:i386-:-:pentium-:- (tnx robbie@opus=???) +1.00: linux-2.0.27-:-:-:sparc-:- (tnx SVD) +1.00: linux-2.0.27-:i386-:-:i386-:- (tnx ECG) +1.01: linux-2.0.27-:i386-:-:i486-:- (tnx BN) +1.01: linux-2.0.27-:i386-:-:pentium-:- (tnx EK) +1.01: linux-2.0.27-:i386-:-:ppro-:- (tnx L3L) +1.01: linux-2.0.28-:i386-:-:i486-:- (tnx AAF) +1.00: linux-2.0.28-:i386-:-:pentium-:- (tnx root@duggy=???) +1.01: linux-2.0.28-:i386-:-:ppro-:- (tnx S3T) +1.01: linux-2.0.28-osfmach3-:-:-:ppc-:- (tnx CG) +1.01: linux-2.0.29-:alpha-:-:alpha-:- (tnx MB) +1.01: linux-2.0.29-:i386-:-:i386-:- (tnx AJK) +1.01: linux-2.0.29-:i386-:-:i486-:- (tnx FPL) +1.01: linux-2.0.29-:i386-:-:pentium-:- (tnx FW) +1.00: linux-2.0.29-:i386-:-:ppro-:- (tnx MMM) +1.01: linux-2.0.30-:-:-:sparc-:- (tnx J2P) +1.01: linux-2.0.30-:alpha-:-:alpha-:- (tnx WS) +1.01: linux-2.0.30-:i386-:-:i386-:- (tnx OK) +1.00: linux-2.0.30-:i386-:-:i486-:- (tnx KUT) +1.01: linux-2.0.30-:i386-:-:i486-:- (tnx PK) +1.01: linux-2.0.30-:i386-:-:pentium-:- (tnx AV) +1.00: linux-2.0.30-:i386-:-:ppro-:- (tnx root@gate=???) +1.01: linux-2.0.30-osfmach3-:-:-:ppc-:- (tnx PTW) +1.01: linux-2.0.30u11-:i386-:-:pentium-:- (tnx JTB) +1.01: linux-2.0.31-:i386-:-:i486-:- (tnx SAE) +1.01: linux-2.0.31-:i386-:-:pentium-:- (tnx B3W) +1.01: linux-2.0.31-:i386-:-:ppro-:- (tnx JAK) +1.01: linux-2.0.32-:-:-:ie86-:- (tnx root@vmlinuz=???) +1.01: linux-2.0.32-:alpha-:-:alpha-:- (tnx NR) +1.01: linux-2.0.32-:i386-:-:i486-:- (tnx SC) +1.01: linux-2.0.32-:i386-:-:pentium-:- (tnx HT) +1.01: linux-2.0.32-:i386-:-:ppro-:- (tnx RK) +1.01: linux-2.0.33-:i386-:-:i486-:- (tnx RAB) +1.01: linux-2.0.33-:i386-:-:pentium-:- (tnx AF) +1.01: linux-2.0.33-:i386-:-:ppro-:- (tnx B2W) +1.01: linux-2.1.9-:i386-:-:i486-:- (tnx SJB) +1.01: linux-2.1.10-:i386-:-:i486-:- (tnx JB) +0.96: linux-2.1.13-:i386-:-:i486-:- (tnx ML) +0.96: linux-2.1.14-:i386-:-:pentium-:- (tnx SCW) +0.96: linux-2.1.23-:i386-:-:pentium-:- (tnx JF) +1.01: linux-2.1.24-:-:-:ppc-:- (tnx meta=???) +0.96: linux-2.1.25-:i386-:-:i486-:- (tnx JBF) +0.96: linux-2.1.25-:i386-:-:pentium-:- (tnx UO) +1.00: linux-2.1.26-:i386-:-:i486-:- (tnx DK) +1.00: linux-2.1.27-:i386-:-:pentium-:- (tnx JF) +1.01: linux-2.1.28-:i386-:-:i486-:- (tnx HDG) +1.00: linux-2.1.28-:i386-:-:pentium-:- (tnx RGS) +1.00: linux-2.1.29-:i386-:-:i486-:- (tnx SJW) +1.01: linux-2.1.35-:i386-:-:pentium-:- (tnx JF) +1.01: linux-2.1.36-:i386-:-:i486-:- (tnx ML) +1.01: linux-2.1.42-:i386-:-:i486-:- (tnx wtanaka=???) +1.01: linux-2.1.46-:i386-:-:pentium-:- (tnx VR) +1.01: linux-2.1.51-:i386-:-:pentium-:- (tnx KO) +1.01: linux-2.1.61-:i386-:-:i486-:- (tnx RO) +1.01: linux-2.1.65-:i386-:-:i486-:- (tnx F2T) +1.01: linux-2.1.71-:i386-:-:ppro-:- (tnx MJG) +1.01: linux-2.1.78-:i386-:-:pentium-:- (tnx AS) +1.01: linux-2.1.82-:i386-:-:pentium-:- (tnx AY) +1.01: linux-2.1.85-:i386-:-:pentium-:- (tnx PJH) +1.00: machten-4-0.4-:-:-:powerpc-:- (tnx RAM) +1.01: netbsd-1.1-:i386-:-:pentium.(genuineintel.586-class.cpu)-:- (tnx GL) +1.01: netbsd-1.2-:hp300-:-:-:- (tnx ML) +1.01: netbsd-1.2-:i386-:-:i486dx.(genuineintel.486-class.cpu)-:- (tnx T2K) +0.96: netbsd-1.2-:i386-:-:pentium.(genuineintel.586-class.cpu)-:- (tnx GH) +1.01: netbsd-1.2.1-:mac68k-:-:apple.macintosh.se/30..(68030)-:- (tnx HM) +1.01: netbsd-1.2.1-:sparc-:-:fmi,mb86904.@.110.mhz,.on-chip.fpu-:- (tnx ZU) +0.96: netbsd-1.2c-:pmax-:-:-:- (tnx JLW) +1.01: netbsd-1.3-:hp300-:-:hp.9000/433.(33mhz.mc68040.cpu+mmu+fpu,.4k.on-chip.physical.i/d.caches)-:- (tnx TB) +1.01: netbsd-1.3.1-:sun3-:-:sun.3/60-:- (tnx MBS) +1.01: netbsd-1.3_alpha-:i386-:-:intel.pentium.(p54c).(586-class)-:- (tnx GL) +1.01: nextstep-3.1-:mc680x0-:-:68040-:- (tnx JRY) +1.01: nextstep-3.3-:hppa-:-:7100lc-:- +1.01: nextstep-3.3-:i386-:-:pentium-:- (tnx HM) +1.01: nextstep-3.3-:mc680x0-:-:68040-:- (tnx WEB) +1.01: nextstep-4.1-:mc680x0-:-:68040-:- (tnx FN) +1.00: openbsd-2.0-hoth#0-:openbsd.i386-:-:i386-:- (tnx MBS) +1.00: openbsd-2.0-mr_potatoe_head#2-:openbsd.i386-:-:i386-:- (tnx JJMK) +0.96: openbsd-2.0-puma#1-:openbsd.m68k-:-:mac68k-:- (tnx AKB) +1.01: openbsd-2.1-asgard#1-:openbsd.i386-:-:i386-:- (tnx ETT) +1.01: openbsd-2.1-generic#71-:openbsd.sparc-:-:sparc-:- (tnx MMM2) +1.01: openbsd-2.1-katana#2-:openbsd.i386-:-:i386-:- (tnx CHR) +1.01: openbsd-2.1-puma#0-:openbsd.m68k-:-:mac68k-:- (tnx AKB) +1.01: openbsd-2.2-ele#2-:openbsd.i386-:-:i386-:- (tnx RC) +1.01: openbsd-2.2-generic#424-:openbsd.i386-:-:i386-:- (tnx ETT) +1.01: osf1-v2.0-240-:-:-:alpha-:- (tnx JF) +1.00: osf1-v3.2-148-:-:-:alpha-:- (tnx DL) +1.01: osf1-v3.2-148-:-:-:alpha-:- (tnx RSK) +1.01: osf1-v3.2-41-:-:-:alpha-:- (tnx MSD) +1.01: osf1-v3.2-mp-4.2-:-:-:alpha-:- (tnx MSD) +1.01: osf1-v4.0-386-:-:-:alpha-:- (tnx TEE) +1.01: osf1-v4.0-464-:-:-:alpha-:- (tnx AWB) +1.01: osf1-v4.0-564-:-:-:alpha-:- (tnx A2P) +1.01: osf1-v4.0-564.32-:-:-:alpha-:- (tnx TLF) +1.01: osf1-v4.0-878-:-:-:alpha-:- (tnx BJM) +1.01: sco_sv-3.2-2-:-:-:i386-:- (tnx PW) +1.01: sinix-l-5.41-d0005-:-:-:mx300i-:- (tnx IH) +1.01: sunos-4.1.1-1-:mc68020-:sun3-:sun3-:sun3- (tnx JWB) +1.01: sunos-4.1.1-1-:mc68020-:sun3-:sun3x-:sun3x- (tnx TT) +1.01: sunos-4.1.3-jl-2-:sparc-:sun4-:sun4c-:sun4c- (tnx T2K) +1.01: sunos-4.1.3_u1-1-:sparc-:sun4-:sun4c-:sun4c- (tnx MBS) +1.01: sunos-4.1.3_u1-1-:sparc-:sun4-:sun4m-:sun4m- (tnx RSK) +1.01: sunos-4.1.3_u1-10-:sparc-:sun4-:sun4m-:sun4m- (tnx aoki=???) +1.00: sunos-4.1.3_u1-4-:unknown-:sun4-:sun4m-:sun4m- (tnx J2B) +1.01: sunos-4.1.3_u1-6-:sparc-:sun4-:sun4m-:sun4m- (tnx RD) +1.01: sunos-4.1.4-1-:unknown-:sun4-:sun4m-:sun4m- (tnx M3S) +1.01: sunos-4.1.4-2-:sparc-:sun4-:sun4m-:sun4m- +1.01: sunos-5.3-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx JDJ) +1.01: sunos-5.4-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx jimo=???) +0.96: sunos-5.4-generic_101945-10-:sparc-:sun4-:sun4m-:sun4m- (tnx W2K) +1.00: sunos-5.4-generic_101945-34-:sparc-:sun4-:sun4m-:sun4m- (tnx ACB) +0.96: sunos-5.4-generic_101946-35-:i386-:i86pc-:i86pc-:i86pc- (tnx CK) +1.01: sunos-5.5-generic-:i386-:i86pc-:i86pc-:i86pc- (tnx seong=???) +1.01: sunos-5.5-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx SPM) +1.01: sunos-5.5-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx RDM) +1.01: sunos-5.5-generic-:sparc-:sun4-:sun4u-:sun4u- (tnx YC) +1.01: sunos-5.5-generic_103093-02-:sparc-:sun4-:sun4m-:sun4m- (tnx RF) +0.96: sunos-5.5-generic_103093-03-:sparc-:sun4-:sun4m-:sun4m- (tnx RDM) +1.01: sunos-5.5-generic_103093-06-:sparc-:sun4-:sun4m-:sun4m- (tnx ERH) +1.01: sunos-5.5-generic_103093-10-:sparc-:sun4-:sun4d-:sun4d- (tnx KT) +1.01: sunos-5.5-generic_103094-05-:i386-:i86pc-:i86pc-:i86pc- (tnx M2G) +1.01: sunos-5.5.1-generic-:i386-:i86pc-:i86pc-:i86pc- (tnx cro=???) +1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx CG) +1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx MBS) +1.01: sunos-5.5.1-generic-:sparc-:sun4-:sun4u-:sun4u- +0.96: sunos-5.5.1-generic_103640-02-:sparc-:sun4-:sun4m-:sun4m- (tnx SGC) +1.00: sunos-5.5.1-generic_103640-03-:sparc-:sun4-:sun4u-:sun4u- (tnx EG) +1.00: sunos-5.5.1-generic_103640-05-:sparc-:sun4-:sun4m-:sun4m- (tnx L2L) +1.01: sunos-5.5.1-generic_103640-05-:sparc-:sun4-:sun4u-:sun4u- (tnx KY) +1.01: sunos-5.5.1-generic_103640-06-:sparc-:sun4-:sun4u-:sun4u- (tnx RA) +1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4c-:sun4c- (tnx RA) +1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4d-:sun4d- (tnx MS) +1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4m-:sun4m- (tnx S2P) +1.01: sunos-5.5.1-generic_103640-08-:sparc-:sun4-:sun4u-:sun4u- (tnx CM) +1.01: sunos-5.5.1-generic_103640-12-:sparc-:sun4-:sun4m-:sun4m- (tnx IK) +1.01: sunos-5.5.1-generic_103640-18-:sparc-:sun4-:sun4u-:sun4u- (tnx PMH) +1.01: sunos-5.5.1-generic_103641-08-:i386-:i86pc-:i86pc-:i86pc- (tnx TL) +1.01: sunos-5.5.1-generic_103641-12-:i386-:i86pc-:i86pc-:i86pc- (tnx JS) +1.01: sunos-5.5.1-generic_105428-01-:sparc-:sun4-:sun4u-:sun4u- (tnx BCM) +0.96: sunos-5.5.1-generic_patch-:i386-:i86pc-:i86pc-:i86pc- (tnx D2K) +1.01: sunos-5.6-generic-:sparc-:sun4-:sun4c-:sun4c- (tnx DS) +1.01: sunos-5.6-generic-:sparc-:sun4-:sun4m-:sun4m- (tnx BDM) +1.01: sunos-5.6-generic-:sparc-:sun4-:sun4u-:sun4u- (tnx RPS) +1.01: sunos-5.6-generic_105182-01-:i386-:i86pc-:i86pc-:i86pc- (tnx JFK) +1.01: sunos-5.6-generic_105182-04-:i386-:i86pc-:i86pc-:i86pc- (tnx YC) +0.96: ultrix-4.3-1-:pmax-:-:risc-:- (tnx YF) +1.01: ultrix-4.4-0-:-:-:risc-:- (tnx RSK) +1.01: unix_sv-4.2mp-2.1.2-:i386-:-:i386-:- (tnx J2W) diff --git a/doc/Qmail/REMOVE.binmail b/doc/Qmail/REMOVE.binmail new file mode 100644 index 0000000..9532ac9 --- /dev/null +++ b/doc/Qmail/REMOVE.binmail @@ -0,0 +1,16 @@ +Here's how to remove binmail from your system. Don't do this if you have +configured qmail to use binmail for local delivery. + + +1. Find the binmail binary on your system: /usr/libexec/mail.local if + that exists, otherwise /bin/mail. + +2. Remove permissions from the binmail binary: + # chmod 0 /usr/libexec/mail.local + +3. If the binmail binary was /bin/mail, make sure that ``mail'' still + invokes a usable mailer. Under SVR4 you may want to link mail to + mailx. + +4. Comment out the comsat line in /etc/inetd.conf, and kill -HUP your + inetd. diff --git a/doc/Qmail/REMOVE.sendmail b/doc/Qmail/REMOVE.sendmail new file mode 100644 index 0000000..5be6e78 --- /dev/null +++ b/doc/Qmail/REMOVE.sendmail @@ -0,0 +1,28 @@ +Here's how to remove sendmail from your system. + +1. Find sendmail in your boot scripts. It's usually in either /etc/rc or + /etc/init.d/sendmail. It looks like + sendmail -bd -q15m + -q15m means that it should run the queue every 15 minutes; you may + see a different number. Comment out this line. + +2. Kill the sendmail daemon. You should first kill -STOP the daemon; if + any children are running, you should kill -CONT, wait, kill -STOP + again, and repeat ad nauseam. If there aren't any children, kill + -TERM and then kill -CONT. + +3. Check whether you have any messages in the sendmail queue, + /var/spool/mqueue. If you do, you will have to try flushing them with + sendmail.bak -q. If necessary, wait a while and run sendmail.bak -q + again. Repeat until the queue is empty. This may take several days. + +4. Remove the setuid bit on the sendmail binary, to prevent local users + from gaining extra privileges through sendmail's security holes. The + binary may be at several different locations: + # chmod 0 /usr/lib/sendmail + # chmod 0 /usr/sbin/sendmail + # chmod 0 /usr/lib/sendmail.mx + +5. Move the sendmail binary out of the way: + # mv /usr/lib/sendmail /usr/lib/sendmail.bak + # mv /usr/sbin/sendmail /usr/sbin/sendmail.bak diff --git a/doc/Qmail/SYSDEPS b/doc/Qmail/SYSDEPS new file mode 100644 index 0000000..0bb01ec --- /dev/null +++ b/doc/Qmail/SYSDEPS @@ -0,0 +1,17 @@ +VERSION +systype +hasshsgr.h +hasnpbg1.h +select.h +hasflock.h +hassalen.h +fork.h +hassgact.h +direntry.h +hassgprm.h +haswaitp.h +hasmkffo.h +uint32.h +dns.lib +socket.lib +syslog.lib diff --git a/doc/Qmail/TEST.deliver b/doc/Qmail/TEST.deliver new file mode 100644 index 0000000..4fc4c32 --- /dev/null +++ b/doc/Qmail/TEST.deliver @@ -0,0 +1,82 @@ +You can do several tests of qmail delivery without setting up qmail to +accept messages through SMTP or through /usr/lib/sendmail: + +1. After you start qmail, look for a + qmail: status: local 0/10 remote 0/20 + line in syslog. qmail-send always prints either ``cannot start'' or + ``status''. (The big number is a splogger timestamp.) + +2. Do a ps and look for the qmail daemons. There should be four of + them, all idle: qmail-send, running as qmails; qmail-lspawn, running + as root; qmail-rspawn, running as qmailr; and qmail-clean, running + as qmailq. You will also see splogger, running as qmaill. + +3. Local-local test: Send yourself an empty message. (Replace ``me'' + with your username. Make sure to include the ``to:'' colon.) + % echo to: me | /var/qmail/bin/qmail-inject + The message will show up immediately in your mailbox, and syslog + will show something like this: + qmail: new msg 53 + qmail: info msg 53: bytes 246 from qp 20345 uid 666 + qmail: starting delivery 1: msg 53 to local me@domain + qmail: status: local 1/10 remote 0/20 + qmail: delivery 1: success: did_1+0+0/ + qmail: status: local 0/10 remote 0/20 + qmail: end msg 53 + (53 is an inode number; 20345 is a process ID; your numbers will + probably be different.) + +4. Local-error test: Send a message to a nonexistent local address. + % echo to: nonexistent | /var/qmail/bin/qmail-inject + qmail: new msg 53 + qmail: info msg 53: bytes 246 from qp 20351 uid 666 + qmail: starting delivery 2: msg 53 to local nonexistent@domain + qmail: status: local 1/10 remote 0/20 + qmail: delivery 2: failure: No_such_address.__#5.1.1_/ + qmail: status: local 0/10 remote 0/20 + qmail: bounce msg 53 qp 20357 + qmail: end msg 53 + qmail: new msg 54 + qmail: info msg 54: bytes 743 from <> qp 20357 uid 666 + qmail: starting delivery 3: msg 54 to local me@domain + qmail: status: local 1/10 remote 0/20 + qmail: delivery 3: success: did_1+0+0/ + qmail: status: local 0/10 remote 0/20 + qmail: end msg 54 + You will now have a bounce message in your mailbox. + +5. Local-remote test: Send an empty message to your account on another + machine. + % echo to: me@wherever | /var/qmail/bin/qmail-inject + qmail: new msg 53 + qmail: info msg 53: bytes 246 from qp 20372 uid 666 + qmail: starting delivery 4: msg 53 to remote me@wherever + qmail: status: local 0/10 remote 1/20 + qmail: delivery 4: success: 1.2.3.4_accepted_message./... + qmail: status: local 0/10 remote 0/20 + qmail: end msg 53 + There will be a pause between ``starting delivery'' and ``success''; + SMTP is slow. Check that the message is in your mailbox on the other + machine. + +6. Local-postmaster test: Send mail to postmaster, any capitalization. + % echo to: POSTmaster | /var/qmail/bin/qmail-inject + Look for the message in the alias mailbox, normally ~alias/Mailbox. + +7. Double-bounce test: Send a message with a completely bad envelope. + % /var/qmail/bin/qmail-inject -f nonexistent + To: unknownuser + Subject: testing + + This is a test. This is only a test. + % + (Use end-of-file, not dot, to end the message.) Look for the double + bounce in the alias mailbox. + +8. Group membership test: + % cat > ~me/.qmail-groups + |groups >> MYGROUPS; exit 0 + % /var/qmail/bin/qmail-inject me-groups < /dev/null + % cat ~me/MYGROUPS + MYGROUPS will show your normal gid and nothing else. (Under Solaris, + make sure to use /usr/ucb/groups; /usr/bin/groups is broken.) diff --git a/doc/Qmail/TEST.receive b/doc/Qmail/TEST.receive new file mode 100644 index 0000000..7644845 --- /dev/null +++ b/doc/Qmail/TEST.receive @@ -0,0 +1,41 @@ +You can do several tests of messages entering the qmail system: + +1. SMTP server test: Forge some mail locally via SMTP. Replace ``me'' + with your username and ``domain'' with your host's name. + % telnet 127.0.0.1 25 + Trying 127.0.0.1... + Connected to 127.0.0.1. + Escape character is '^]'. + 220 domain ESMTP + helo dude + 250 domain + mail + 250 ok + rcpt + 250 ok + data + 354 go ahead + Subject: testing + + This is a test. + . + 250 ok 812345679 qp 12345 + quit + 221 domain + Connection closed by foreign host. + % + Look for the message in your mailbox. (Note for programmers: Most + SMTP servers need more text after MAIL and RCPT. See RFC 821.) + +2. Remote-local test: Send yourself some mail from another machine. + Look for the message in your mailbox. + +3. Remote-error test: Send some mail from another machine to + nonexistent@domain. Look for a bounce message in the remote mailbox. + +4. UA test: Try sending mail, first to a local account, then to a + remote account, with your normal user agent. + +5. Remote-postmaster test: Send mail from another machine to + PoStMaStEr@domain. Look for the message in the alias mailbox, + normally ~alias/Mailbox. diff --git a/doc/Qmail/THANKS b/doc/Qmail/THANKS new file mode 100644 index 0000000..b1ad88e --- /dev/null +++ b/doc/Qmail/THANKS @@ -0,0 +1,337 @@ +Thanks to lots of people for success and failure reports, code, ideas, +and documentation. See CHANGES for details of specific contributions. +Sorry if I left anyone out. + +A2B = Are Bryne +A2L = Ali Lomonaco +A2P = Andrea Paolini +AAF = Adam A. Frey +AB = Alan Briggs +ABC = Alan B. Clegg +AC = Arne Coucheron +ACB = Andy C. Brandt +AF = Andreas Faerber +AG = Armin Gruner +AGB = Andre Grosse Bley +AH = Amos Hayes +AI = Akihiro Iijima +AJ = Alan Jaffray +AJK = Antti-Juhani Kaijanaho +AKB = Allen K. Briggs +AL = Andreas Lamprecht +ALB = Allan L. Bazinet +ANR = Adriano Nagelschmidt Rodrigues +AP = Andrew Pam +AS = Akos Szalkai +AV = Alex Vostrikov +AWB = Andy W. Barclay +AY = Araki Yasuhiro +B1F = Bo Fussing +B2F = Brad Forschinger +B2H = Buck Huppmann +B2L = Brent Laminack +B2W = Bil Wendling +B3W = Boris Wedl +BB = Bruce Bodger +BC = Bob Collie +BCK = Benjamin C. Kite +BCM = Bill C. Miller +BDB = Boris D. Beletsky +BDM = Byron D. Miller +BEO = Bruce E. O'Neel +BET = Bennett E. Todd +BG = Bert Gijsbers +BH = Brad Howes +BJ = Brian Jackson +BJM = Barry J. Miller +BL = Brian Litzinger +BMF = Brian M. Fisk +BN = Bill Nugent +BP = Bruce Perens +BR = Brian J. Reichert +BS = Bjoern Stabell +BT = Brad Templeton +BTW = Brian T. Wightman +BW = Bill Weinman +BZ = Blaz Zupan +C2F = Chuck Foster +C2H = Christoph Heidermanns +C2S = Craig Shrimpton +CEJ = Colin Eric Johnson +CF = C. Ferree +CG = Chris Garrigues +CH = Chael Hall +CHR = Craig H. Rowland +CK = Christoph Kaesling +CL = Carsten Leonhardt +CLS = Christopher L. Seawood +CM = Charles Mattair +CMP = Chase M. Phillips +CR = Christian Riede +CS = Cloyce Spradling +CSH = Clayton S. Haapala +D1H = Dieter Heidner +D2H = Dan Hollis +D2K = Dax Kelson +D2S = Dan Senie +D3S = Don Samek +DA = Dave Arcuri +DAR = Daniel A. Reish +DB = David Buscher +DBK = Douglas B. Kerry +DC = Dan Cross +DCC = Daniel C. Cotey +DE = Daniel Egnor +DEH = Daniel E. Harris +DF = Dale Farnsworth +DG = David Guntner +DK = Dave Kopper +DL = Daniel Lawrence +DM = David Mazieres +DML = David M. Lew +DP = Dave Platt +DS = Dave Sill +DST = Daniel S. Thibadeau +DWS = David Wayne Summers +EC = Evan Champion +ECG = Eric C. Garrison +EG = Eivind Gjelseth +EK = Eric Krohn +EP = Emanuele Pucciarelli +ERH = Eric R. Hankins +ES = Eric Smith +ESM = Edward S. Marshall +ET = Eivind Tagseth +ETT = Emmanuel T. Tardieu +F2T = Frank Thieme +FE = Frank Ederveen +FN = Faried Nawaz +FPL = Frederik P. Lindberg +FT = Frank Tegtmeyer +FW = Frank Wagner +G1A = Graham Adams +G2A = Greg Andrews +GAW = Greg A. Woods +GB = Glenn Barry +GH = Gene Hightower +GL = Giles Lean +GLM = Grant L. Miller +H2S = Harley Silver +HCJ = Helio Coelho Jr. +HDG = Hans de Graaff +HG = Howard Goldstein +HHO = Harald Hanche-Olsen +HJB = Herbert J. Bernstein +HM = Hirokazu Morikawa +HS = Harlan Stenn +HT = Henry Timmerman +HW = Hal Wine +HWM = Henry W. Miller +IH = Ingmar Hupp +IK = Ivan Kohler +IKW = Ian Keith Wynne +IS = Icarus Sparry +IW = Ian Westcott +J1B = John Banghart +J1K = Jost Krieger +J2B = Jos Backus +J2K = Johannes Kroeger +J2M = Joel Maslak +J2P = John Parker +J2W = Jim Whitby +JAB = Jeremy A. Bussard +JAK = Johan A. Kullstam +JB = Joshua Buysse +JBB = Jason B. Brown +JBF = John B. Fleming +JC = Jim Clausing +JCD = Jeffrey C. Dege +JD = Joe Doupnik +JDHB = Johannes D. H. Beekhuizen +JDJ = Joshua D. Juran +JF = Janos Farkas +JFK = James F. Kane III +JGM = John G. Myers +JJB = J. J. Bailey +JJMK = Jonathan J. M. Katz +JJR = Jaron J. Rubenstein +JK = Jari Kirma +JL = Jim Littlefield +JLB = Julie L. Baumler +JLH = Jason L. Haar +JLW = Jason L. Wright +JM = Jim Meehan +JMS = Jason M. Stokes +JMT = John M. Twilley +JP = John Palkovic +JPB = Joe Block +JPH = Justin P. Hannah +JPR = Jean-Pierre Radley +JRL = John R. Levine +JRM = Jason R. Mastaler +JRY = Jamie R. Yukes +JS = Jesper Skriver +JTB = Jonathan T. Bowie +JW = John Whittaker +JWB = James W. Birdsall +K1J = Kyle Jones +K2J = Kevin Johnson +KA = Klaus Aigte +KB = Keith Burdis +KE = Kenny Elliott +KJJ = Kevin J. Johnson +KJS = Kevin J. Sawyer +KMD = Kevin M. Dulzo +KO = Keith Owens +KR = Kenji Rikitake +KT = Karsten Thygesen +KUT = Kai Uwe Tempel +KY = Kentaro Yoshitomi +L2L = Louis Larry +L3L = Luis Lopes +LB = Laurentiu Badea +LL = lilo +LW = Lionel Widdifield +M2C = Mark Crimmins +M2G = Michael R. Gile +M2H = Martin Hager +M2L = M. Lyons +M2R = Mark Riekenberg +M2S = Mikael Suokas +M3H = Michael Holzt +M3L = Michael Lazarou +M3S = Morten Skjelland +M4S = Michael Shields +MB = Martin Budsj? +MBS = Michael B. Scher +MC = Michael Cooley +MD = Mark Delany +MDI = Miguel de Icaza +ME = Marc Ewing +MEE = Mads E. Eilertsen +MF = Massimo Fusaro +MG = Michael Graff +MGM = Mitchell G. Morris +MH = Markus Hofmann +MJD = Mark-Jason Dominus +MJG = Manuel J. Galan +ML = Martin Lucina +MLH = May Liss Haarstad +MM = Martin Mersberger +MMM = Momchil M. Momchev +MMM2 = Marc M. Martinez +MP = Matt Paduano +MR = Mosfeq Rashid +MRG = Matthew R. Green +MS = Mark Spears +MSD = Mandell S. Degerness +MSS = Matthew S. Soffen +MT = Mark Thompson +MW = Mate Wierdl +MWE = Mark W. Eichin +NA = Norm Aleks +NAA = Nicholas A. Amato +NH = Nick Holloway +NND = N. Dudorov +NR = Norbert Roeding +NW = Nicholas Waples +OK = Oezguer Kesim +OR = Ollivier Robert +OS = Oliver Seiler +PB = Peter Bowyer +PCO = Peter C. Olsen +PGF = Paul Fox +PGR = Phil G. Rorex +PH = Paul Harrington +PJG = Paul Graham +PJH = Peter J. Hunter +PK = Petri Kaukasoina +PMH = Peter M. Haworth +PO = Paul Overell +PS = Paul Svensson +PT = Paul Taylor +PTW = P. T. Withington +PW = Peter Wilkinson +R2N = Rivo Nurges +RA = Russ Allbery +RAB = Randolph Allen Bentson +RAM = Robin A. McCollum +RB = Robert Bridgham +RC = Ryan Crum +RD = Rahul Dhesi +RDM = Raul D. Miller +REB = Ronald E. Bickers +RF = Rainer Fraedrich +RFH = Robert F. Harrison +RGS = Richard G. Sharman +RJC = Robert J. Carter +RJH = Randy Harmon +RJO = Richard J. Ohnemus +RK = Riho Kurg +RL = Robert Luce +RM = Rich McClellan +RN = Russell Nelson +RO = Roberto Oppedisano +RPS = Russell P. Sutherland +RS = Robert Sanders +RSK = Robert S. Krzaczek +S1R = Satish Ramachandran +S2P = Stefan Puscasu +S2R = Sean Reifschneider +S2S = Scott Schwartz +S2T = Steve Taylor +S3T = Steffen Thorsen +SA = Satoshi Adachi +SAE = Stefaan A. Eeckels +SAS = Steven A. Schrader +SB = Stephane Bortzmeyer +SC = Stefan Cars +SCW = Steven C. Work +SG = Steven Grimm +SGC = Stephen G. Comings +SJ = Sudish Joseph +SJB = SJ Burns +SJW = Stephen J. White +SLB = Steven L. Baur +SM = Shawn McHorse +SP = Stephen Parker +SPM = Salvatore P. Miccicke +SS = Simon Shapiro +SSB = Stik Bakken +ST = Steve Tylock +SV = Sven Velt +SVD = Stef Van Dessel +T2K = Tomoya Konishi +T2M = Toni Mueller +T2U = Todd Underwood +TA = Tetsuo Aoki +TB = Tobias Brox +TD = Tom Demmer +TEE = Thomas E. Erskine +TG = Tim Goodwin +TH = Ton Hospel +TJH = Timothy J. Hunt +TK = Terry Kennedy +TL = Timothy Lorenc +TLF = Timo L. Felbinger +TLM = Timothy L. Mayo +TM = Toshinori Maeno +TN = Thomas Neumann +TRR = Tracy R. Reed +TT = Takaki Taniguchi +TU = Tetsu Ushijima +TV = Tommi Virtanen +TVP = Tom van Peer +UO = Uwe Ohse +VBM = Vladimir B. Machulsky +VR = Vincenzo Romano +VU = Viriya Upatising +VV = Vince Vielhaber +W2K = Wolfram Kahl +WEB = William E. Baxter +WK = Werner Koch +WS = Wilbur Sims +WW = Wei Wu +YC = Yuji Chikahiro +YF = Yaroslav Faybishenko +ZU = Zin Uda diff --git a/doc/Qmail/THOUGHTS b/doc/Qmail/THOUGHTS new file mode 100644 index 0000000..d6910da --- /dev/null +++ b/doc/Qmail/THOUGHTS @@ -0,0 +1,418 @@ +Please note that this file is not called ``Internet Mail For Dummies.'' +It _records_ my thoughts on various issues. It does not _explain_ them. +Paragraphs are not organized except by section. The required background +varies wildly from one paragraph to the next. + +In this file, ``sendmail'' means Allman's creation; ``sendmail-clone'' +means the program in this package. + + +1. Security + +There are lots of interesting remote denial-of-service attacks on any +mail system. A long-term solution is to insist on prepayment for +unauthorized resource use. The tricky technical problem is to make the +prepayment enforcement mechanism cheaper than the expected cost of the +attacks. (For local denial-of-service attacks it's enough to be able to +figure out which user is responsible.) + +qmail-send's log was originally designed for profiling. It subsequently +sprouted some tracing features. However, there's no way to verify +securely that a particular message came from a particular local user; +how do you know the recipient is telling you the truth about the +contents of the message? With QUEUE_EXTRA it'd be possible to record a +one-way hash of each outgoing message, but a user who wants to send +``bad'' mail can avoid qmail entirely. + +I originally decided on security grounds not to put qmail advertisements +into SMTP responses: advertisements often act as version identifiers. +But this problem went away when I found a stable qmail URL. + +As qmail grows in popularity, the mere knowledge that rcpthosts is so +easily available will deter people from setting up unauthorized MXs. +(I've never seen an unauthorized MX, but I can imagine that it would be +rather annoying.) Note that, unlike the bat book checkcompat() kludge, +rcpthosts doesn't interfere with mailing lists. + +qmail-start doesn't bother with tty dissociation. On some old machines +this means that random people can send tty signals to the qmail daemons. +That's a security flaw in the job control subsystem, not in qmail. + +The resolver library isn't too bloated (before 4.9.4, at least), but it +uses stdio, which _is_ bloated. Reading /etc/resolv.conf costs lots of +memory in each qmail-remote process. So it's tempting to incorporate a +smaller resolver library into qmail. (Bonus: I'd avoid system-specific +problems with old resolvers.) The problem is that I'd then be writing a +fundamentally insecure library. I'd no longer be able to blame the BIND +authors and vendors for the fact that attackers can easily use DNS to +steal mail. Solution: insist that the resolver run on the same host; the +kernel can guarantee the security of low-numbered 127.0.0.1 UDP ports. + +NFS is the primary enemy of security partitioning under UNIX. Here's the +story. Sun knew from the start that NFS was completely insecure. It +tried to hide that fact by disallowing root access over NFS. Intruders +nevertheless broke into system after system, first obtaining bin access +and then obtaining root access. Various people thus decided to compound +Sun's error and build a wall between root and all other users: if all +system files are owned by root, and if there are no security holes other +than NFS, someone who breaks in via NFS won't be able to wipe out the +operating system---he'll merely be able to wipe out all user files. This +clueless policy means that, for example, all the qmail users have to be +replaced by root. See what I mean by ``enemy''? ... Basic NFS comments: +Aside from the cryptographic problem of having hosts communicate +securely, it's obvious that there's an administrative problem of mapping +client uids to server uids. If a host is secure and under your control, +you shouldn't have to map anything. If a host is under someone else's +control, you'll want to map his uids to one local account; it's his +client's job to decide which of his users get to talk NFS in the first +place. Sun's original map---root to nobody, everyone else left alone--- +is, as far as I can tell, always wrong. + + +2. Injecting mail locally (qmail-inject, sendmail-clone) + +RFC 822 section 3.4.9 prohibits certain visual effects in headers, and +the 822bis draft prohibits even more. qmail-inject could enforce these +absurd restrictions, but why waste the time? If you will suffer from +someone sending you ``flash mail,'' go find a better mail reader. + +qmail-inject's ``Cc: recipient list not shown: ;'' successfully stops +sendmail from adding Apparently-To. Unfortunately, old versions of +sendmail will append a host name. This wasn't fixed until sendmail 8.7. +How many years has it been since RFC 822 came out? + +sendmail discards duplicate addresses. This has probably resulted in +more lost and stolen mail over the years than the entire Chicago branch +of the United States Postal Service. The qmail system delivers messages +exactly as it's told to do. Along the same lines: qmail-inject is both +unable and unwilling to support anything like sendmail's (default) +nometoo option. Of course, a list manager could support nometoo. + +There should be a mechanism in qmail-inject that does for envelope +recipients what Return-Path does for the envelope sender. Then +qmail-inject -n could print the recipients. + +Should qmail-inject bounce messages with no recipients? Should there be +an option for this? If it stays as is (accept the message), qmail-inject +could at least avoid invoking qmail-queue. + +It is possible to extract non-unique Message-IDs out of qmail-inject. +Here's how: stop qmail-inject before it gets to the third line of +main(), then wait until the pids wrap around, then restart qmail-inject +and blast the message through, then start another qmail-inject with the +same pid in the same second. I'm not sure how to fix this without +system-supplied sequence numbers. (Of course, the user could just type +in his own non-unique Message-IDs.) + +The bat book says: ``Rules that hide hosts in a domain should be applied +only to sender addresses.'' Recipient masquerading works fine with +qmail. None of sendmail's pitfalls apply, basically because qmail has a +straight paper path. + +I predicted that I would receive some pressure to make up for the +failings of MUA writers who don't understand the concept of reliability. +(``Like, duh, you mean I'm supposed to check the sendmail exit code?'') +I was right. + + +3. Receiving mail from the network (tcp-env, qmail-smtpd) + +qmail-smtpd doesn't allow privacy-invading commands like VRFY and EXPN. +If you really want to publish such information, use a mechanism that +legitimate users actually know about, such as fingerd or httpd. + +RFC 1123 says that VRFY and EXPN are important to track down cross-host +mailing list loops. With Delivered-To, mailing list loops do no damage, +_and_ one of the list administrators gets a bounce message that shows +exactly how the loop occurred. Solve the problem, not the symptom. + +Should dns.c make special allowances for 127.0.0.1/localhost? + +badmailfrom (like 8BITMIME) is a waste of code space. + +In theory a MAIL or RCPT argument can contain unquoted LFs. In practice +there are a huge number of clients that terminate commands with just LF, +even if they use CR properly inside DATA. + + +4. Adding messages to the queue (qmail-queue) + +Should qmail-queue try to make sure enough disk space is free in +advance? When qmail-queue is invoked by qmail-local or (with ESMTP) +qmail-smtpd or qmail-qmtpd or qmail-qmqpd, it could be told a size in +advance. I wish UNIX had an atomic allocate-disk-space routine... + +The qmail.h interface (reflecting the qmail-queue interface, which in +turn reflects the current queue file structure) is constitutionally +incapable of handling an address that contains a 0 byte. I can't imagine +that this will be a problem. + +Should qmail-queue not bother queueing a message with no recipients? + + +5. Handling queued mail (qmail-send, qmail-clean) + +The queue directory must be local. Mounting it over NFS is extremely +dangerous---not that this stops people from running sendmail that way! +Diskless hosts should use mini-qmail instead. + +Queue reliability demands that single-byte writes be atomic. This is +true for a fixed-block filesystem such as UFS, and for a logging +filesystem such as LFS. + +qmail-send uses 8 bytes of memory per queued message. Double that for +reallocation. (Fix: use a small forest of heaps; i.e., keep several +prioqs.) Double again for buddy malloc()s. (Fix: be clever about the +heap sizes.) 32 bytes is worrisome, but not devastating. Even on my +disk-heavy memory-light machine, I'd run out of inodes long before +running out of memory. + +Some mail systems organize the queue by host. This is pointless as a +means of splitting up the queue directory. The real issue is what to do +when you suddenly find out that a host is up. For local SLIP/PPP links +you know in advance which hosts need this treatment, so you can handle +them with virtualdomains and serialmail. + +For the old queue structure I implemented recipient list compression: +if mail goes out to a giant mailing list, and most of the recipients are +delivered, make a new, compressed, todo list. But this really isn't +worth the effort: it saves only a tiny bit of CPU time. + +qmail-send doesn't have any notions of precedence, priority, fairness, +importance, etc. It handles the queue in first-seen-first-served order. +One could put a lot of work into doing something different, but that +work would be a waste: given the triggering mechanism and qmail's +deferral strategy, it is exceedingly rare for the queue to contain more +than one deliverable message at any given moment. + +Exception: Even with all the concurrency tricks, qmail-send can end up +spending a few minutes on a mailing list with thousands of remote +entries. A user might send a new message to a remote address in the +meantime. The simplest way to handle this would be to put big messages +on a separate channel. + +qmail-send will never start a pass for a job that it already has. This +means that, if one delivery takes longer than the retry interval, the +next pass will be delayed. I implemented the opposite strategy for the +old queue structure. Some hassles: mark() had to understand how job +input was buffered; every new delivery had to check whether the same +mpos in the same message was already being done. + +Some things that qmail-send does synchronously: queueing a bounce +message; doing a cleanup via qmail-clean; classifying and rewriting all +the addresses in a new message. As usual, making these asynchronous +would require some housekeeping, but could speed things up a bit. +(I'm willing to assume POSIX waitpid() for asynchronous bounces; putting +an unbounded buffer into wait_pid() for the sake of NeXTSTEP 3 is not +worthwhile.) + +Disk I/O is a bottleneck; UFS is reliable but it isn't fast. A good +logging filesystem offers much better performance, but logging +filesystems aren't widely available. Solution: Keep a journal, separate +from the queue, adequate to rebuild the queue (with at worst some +duplicate deliveries). Compress the journal. This would dramatically +reduce total disk I/O. + +Bounce aggregation is a dubious feature. Bounce records aren't +crashproof; there can be a huge delay between a failure and a bounce; +the resulting bounce format is unnecessarily complicated. I'm tempted to +scrap the bounce directory and send one bounce for each failing +recipient, with appropriate modifications in the accompanying text. + +qmail-stop implementation: setuid to UID_SEND; kill -TERM -1. Or run +qmail-start under an external service controller, such as supervise; +that's why it runs in the foreground. + +The readdir() interface hides I/O errors. Lower-level interfaces would +lead me into a thicket of portability problems. I'm really not sure what +to do about this. Of course, a hard I/O error means that mail is toast, +but a soft I/O error shouldn't cause any trouble. + +job_open() or pass_dochan() could be paranoid about the same id,channel +already being open; but, since messdone() is so paranoid, the worst +possible effect of a bug along these lines would be double delivery. + +Mathematical amusement: The optimal retry schedule is essentially, +though not exactly, independent of the actual distribution of message +delay times. What really matters is how much cost you assign to retries +and to particular increases in latency. qmail's current quadratic retry +schedule says that an hour-long delay in a day-old message is worth the +same as a ten-minute delay in an hour-old message; this doesn't seem so +unreasonable. + +Insider information: AOL retries their messages every five minutes for +three days straight. Hmmm. + + +6. Sending mail through the network (qmail-rspawn, qmail-remote) + +Are there any hosts, anywhere, whose mailers are bogged down by huge +messages to multiple recipients at a single host? For typical hosts, +multiple RCPTs per SMTP aren't an ``efficiency feature''; they're a +_slowness_ feature. Separate SMTP transactions have much lower latency. + +I've heard three complaints about bandwidth use from masochists sending +messages through a modem through a smarthost to thousands of users--- +without sublists! They can get much better performance with QMQP. + +In the opposite direction: It's tempting to remove the @host part of the +qmail-remote recip argument. Or at least avoid double-dns_cname. + +There are lots of reasons that qmail-rspawn should take a more active +role in qmail-remote's activities. It should call separate programs to +do (1) MX lookups, (2) SMTP connections, (3) QMTP connections. (But this +wouldn't be so important if the DNS library didn't burn so much memory.) + +I bounce ambiguous MXs. (An ``ambiguous MX'' is a best-preference MX +record sending me mail for a host that I don't recognize as local.) +Automatically treating ambiguous MXs as local is incompatible with my +design decision to keep local delivery working when the network goes +down. It puts more faith in DNS than DNS deserves. Much better: Have +your MX records generated automatically from control/locals. + +If I successfully connect to an MX host but it temporarily refuses to +accept the message, I give up and put the message back into the queue. +But several documents seem to suggest that I should try further MX +records. What are they thinking? My approach deals properly with downed +hosts, hosts that are unreachable through a firewall, and load +balancing; what else do people use multiple MX records for? + +Currently qmail-remote sends data in 1024-byte buffers. Perhaps it +should try to take account of the MTU. + +Perhaps qmail-remote should allocate a fixed amount of DNS/connect() +time across any number of MXs; this idea is due to Mark Delany. + +RFC 821 doesn't say what it means by ``text.'' qmail-remote assumes that +the server's reply text doesn't contain bare LFs. + +RFC 821 and RFC 1123 prohibit host names in MAIL FROM and RCPT TO from +being aliases. qmail-remote, like sendmail, rewrites aliases in RCPT; +people who don't list aliases in control/locals or sendmail's Cw are +implicitly relying on this conversion. It is course quite silly for an +internal DNS detail to have such an effect on mail delivery, but that's +how the Internet works. On the other hand, the compatibility arguments +do not apply to MAIL FROM. qmail-remote no longer bothers with CNAME +lookups for the envelope sender host. + + +7. Delivering mail locally (qmail-lspawn, qmail-local) + +qmail-local doesn't support comsat. comsat is a pointless abomination. +Use qbiff if you want that kind of notification. + +The getpwnam() interface hides I/O errors. Solution: qmail-pw2u. + + +8. sendmail V8's new features + +sendmail-8.8.0/doc/op/op.me includes a list of big improvements of +sendmail 8.8.0 over sendmail 5.67. Here's how qmail stacks up against +each of those improvements. (Of course, qmail has its own improvements, +but that's not the point of this list.) + +Connection caching, MX piggybacking: Nope. (Profile. Don't speculate.) + +Response to RCPT command is fast: Yup. + +IP addresses show up in Received lines: Yup. + +Self domain literal is properly handled: Yup. + +Different timeouts for QUIT, RCPT, etc.: No, just a single timeout. + +Proper <> handling, route-address pruning: Yes, but not configurable. + +ESMTP support: Yup. (Server-side, including PIPELINING.) + +8-bit clean: Yup. (Including server-side 8BITMIME support; same as +sendmail with the 8 option.) + +Configurable user database: Yup. + +BIND support: Yup. + +Keyed files: Yes, in fastforward. + +931/1413/Ident/TAP: Yup. + +Correct 822 address list parsing: Yup. (Note that sendmail still has +some major problems with quoting.) + +List-owner handling: Yup. + +Dynamic header allocation: Yup. + +Minimum number of disk blocks: Yes, via tunefs -m. (Or quotas; the right +setup has qmailq with a small quota, qmails with a larger quota, so that +qmail-send always has room to work.) + +Checkpointing: Yes, but not configurable---qmail always checkpoints. + +Error message configuration: Nope. + +GECOS matching: Not directly, but easy to hook in. + +Hop limit configuration: No. (qmail's limit is 100 hops. qmail offers +automatic loop protection much more advanced than hop counting.) + +MIME error messages: No. (qmail uses QSBMF error messages, which are +much easier to parse.) + +Forward file path: Yes, via /etc/passwd. + +Incoming SMTP configuration: Yes, via inetd or tcpserver. + +Privacy options: Yes, but they're not options. + +Best-MX mangling: Nope. See section 6 for further discussion. + +7-bit mangling: Nope. qmail always uses 8 bits. + +Support for up to 20 MX records: Yes, and more. qmail has no limits +other than memory. + +Correct quoting of name-and-address headers: Yup. + +VRFY and EXPN now different: Nope. qmail always hides this information. + +Multi-word classes, deferred macro expansion, separate envelope/header +$g processing, separate per-mailer envelope and header processing, new +command line flags, new configuration lines, new mailer flags, new +macros: These are sendmail-specific; they wouldn't even make sense for +qmail. For example, _of course_ qmail handles envelopes and headers +separately; they're almost entirely different objects! + + +9. Miscellany + +sendmail-clone and qsmhook are too bletcherous to be documented. (The +official replacement for qsmhook is preline, together with the +qmail-command environment variables.) + +I've considered making install atomic, but this is very difficult to do +right, and pointless if it isn't done right. + +RN suggests automatically putting together a reasonable set of lines for +/etc/passwd. I perceive this as getting into the adduser business, which +is worrisome: I'll be lynched the first time I screw up somebody's +passwd file. This should be left to OS-specific installation scripts. + +The BSD 4.2 inetd didn't allow a username. I think I can safely forget +about this. (DS notes that the username works under Ultrix even though +it's undocumented.) + +I should clean up the bput/put choices. + +Some of the stralloc_0()s indicate that certain lower-level routines +should grok stralloc. + +qmail assumes that all times are positive; that pid_t, time_t and ino_t +fit into unsigned long; that gid_t fits into int; that the character set +is ASCII; and that all pointers are interchangeable. Do I care? + +The bat book justifies sendmail's insane line-splitting mechanism by +pointing out that it might be useful for ``a 40-character braille +print-driving program.'' C'mon, guys, is that your best excuse? + +qmail's mascot is a dolphin. diff --git a/doc/Qmail/TODO.djb b/doc/Qmail/TODO.djb new file mode 100644 index 0000000..7ce36b2 --- /dev/null +++ b/doc/Qmail/TODO.djb @@ -0,0 +1,23 @@ +(??) consider stripping vdoms for VERPs; tnx PJH +(??) consider ~ in qmail-local for doing defaultdelivery (not recursively) +(??) consider POP bulletins +turn qmail-upq into a more serious queue-moving utility +(--) consider fast-greeting option in qmail-smtpd -- partly done +(na) build a returnmail package + +(++) expand strerr coverage -- done +(++) redo control interface -- partly done +(++) allow concurrency over 255 -- done +(na) allow more channels at compile time -- done +(na) test for linux fifo close bug at compile time + +(??) eliminate qsmhook -- done +(??) finish OTBS conversion +(na) use mess822 in qmail-inject +(na) use mess822 in qreceipt +(na) use mess822 in qbiff +(na) use mess822 in maildirwatch +(??) eliminate token822, headerbody, hfield +(+-) replace INTERNALS and THOUGHTS with a real paper describing qmail +(++) handle IPv6 -- done +(-?) rewrite everything from scratch diff --git a/doc/Qmail/TODO.done b/doc/Qmail/TODO.done new file mode 100644 index 0000000..6892073 --- /dev/null +++ b/doc/Qmail/TODO.done @@ -0,0 +1,23 @@ +(??) consider stripping vdoms for VERPs; tnx PJH +(??) consider ~ in qmail-local for doing defaultdelivery (not recursively) +(??) consider POP bulletins +turn qmail-upq into a more serious queue-moving utility -- done (qmail-queuefix) +(--) consider fast-greeting option in qmail-smtpd -- partly done +(na) build a returnmail package + +(++) expand strerr coverage -- done +(++) redo control interface -- partly done +(++) allow concurrency over 255 -- done +(na) allow more channels at compile time -- done +(na) test for linux fifo close bug at compile time -- irrelevant + +(??) eliminate qsmhook -- done +(??) finish OTBS conversion +(na) use mess822 in qmail-inject +(na) use mess822 in qreceipt +(na) use mess822 in qbiff +(na) use mess822 in maildirwatch +(??) eliminate token822, headerbody, hfield +(+-) replace INTERNALS and THOUGHTS with a real paper describing qmail -- mostly done +(++) handle IPv6 -- done +(-?) rewrite everything from scratch -- what shall I say? diff --git a/doc/README.clamav b/doc/README.clamav new file mode 100644 index 0000000..2fdc361 --- /dev/null +++ b/doc/README.clamav @@ -0,0 +1,27 @@ +Patch to ClamAV 0.8x/0.9x +========================= + +There is a bug in ClamAV 0.9x not +to write scanning results to STDERR. +Instead all logging is done to STDOUT. + +This inhibits the logging for qmail-smtpd. + +The intended behavior of ClamAV can be +re-established applying the patch + + clamav-0.90.1_output.patch_ + +to + + output.c + +in ClamAV's source directory + + ./shared. + + +--eh. (14.04.2013) + + + diff --git a/doc/README.smtpreply b/doc/README.smtpreply new file mode 100644 index 0000000..84ff016 --- /dev/null +++ b/doc/README.smtpreply @@ -0,0 +1,72 @@ +SMTP Reply Codes with s/qmail +============================= + +SMTP allows to reject Sessions based on some technical +and/or political criteria, which are not well expressed +in the RFCs (2821, 2554, 2505, 1122). + +As protocol mechanism between the client and the server +are defined as Commands and Replies. SMTP uses a +three-letter Reply Code. The first digit tells whether +a command was accepted and completed (2), transaction begin +(3), or whether there was as transient (4) or permanent failure (5). + +In addition, an explanatory description may be given. + +RFC 1893 introduces a concept of "Enhanced Mail System +Status Codes" (EMSSC) which should provide easy parseable +SMTP server conditions and transaction stati, usually +at the end of the SMTP reply and included in paranthesis, +eg. (#5.5.1). + +The STMP Reply Codes and the EMSSC are detailed in the +corresponding RFCs, but don't fit well to each other, +thus either providing redundant information or almost +no additional information at all. In short, the EMSSC +is nowadays almost meaningless. + +Here's a breakdown of s/qmail's SMTP Reply Codes, +informational texts, and the used EMSSC. + +Reply Informational text (EMSSC) +--------------------------------------------------- + + 400 proabably greylisted (#4.3.0) [REPLY_GREYLISTED] + 421 unable to check recipients (#4.3.0) + 421 greylisted (#4.3.0) [REPLY_GREYLISTED] + 450 sorry, mailbox currently unavailable (#4.2.1) [1] + 450 greylisted (#4.3.0) [REPLY_GREYLISTED] + 451 DNS temporary failure (#4.3.0) + 452 sorry, too many recipients (#4.5.3) + 454 TLS not available due to temporary reason (#5.7.3) + + 501 auth exchange canceled (#5.0.0) + 501 malformed auth input (#5.5.4) + 503 you're already authenticated (#5.5.0) + 503 no auth during mail transaction (#5.5.0) + 503 sorry, SMTP Authentication not available (#5.7.3) + 503 DATA command not accepted at this time (#5.5.1) + 504 auth type unimplemented (#5.5.1) + 535 authorization failed (#5.7.1) + 535 STARTTLS required (#5.7.1) + + 550 sorry, invalid HELO/EHLO greeting [*] (#5.7.1) [REPLY_HELO] + 550 sorry, your envelope recipient is in my badrcptto list [*] (#5.7.1) [REPLY_BADRCPTTO] + 550 sorry, mailbox currently unavailable [*] (#4.2.1) [2] [REPLY_MAILBOX] + + 552 sorry, that message size exceeds my databytes limit [*] (#5.3.4) [REPLY_MAXSIZE] + 553 sorry, your envelope sender is in my badmailfrom list [*] (#5.7.1) [REPLY_BADMAILFROM] + 553 sorry, invalid sender address specified [*] (#5.7.1) [REPLY_SENDERINVALID] + 553 sorry, that domain isn't in my list of allowed rcpthosts [*] (#5.7.1) [REPLY_NOGATEWAY] + 553 sorry, your envelope sender domain must exist [*] (#5.7.1) [REPLY_SENDEREXIST] + + 554 too many hops, this message is looping (#5.4.6) + 554 sorry, invalid message content [*] (#5.3.2) [REPLY_CONTENT] + + +Note: + +[1] or [2] depends on setting of environment variable RECIPIENTS550; default [2]. +[*] Additional text can be included here via environment variables provided in paranthesis, + eg. REPLY_HELO='see RFC 2821 section 3.6'. + diff --git a/doc/TODO b/doc/TODO new file mode 100644 index 0000000..38def0d --- /dev/null +++ b/doc/TODO @@ -0,0 +1,14 @@ +Some ideas for s/qmail future features +====================================== + +Cleanups: +- srs2.c refactoring. +- qmail-ldapam.c refactoring and integration. (separate package) +- maildir++ patch inclusion? (done) + +Extensions: +- QMQ integration. +- DKIM API. (done) +- GUUID instead inodes for queue files. +- SMTP pipelining for delivery. +- Native IDN2 support. diff --git a/doc/smtpreplies b/doc/smtpreplies new file mode 100644 index 0000000..a47adde --- /dev/null +++ b/doc/smtpreplies @@ -0,0 +1,13 @@ +# In this file, you can include customizable SMTP reply messages for qmail-smtpd +# Call this file in the qmail-smtpd run script (i.e. '. /var/qmail/etc/smtpreplies') +# such the variables are available in the environment +# +export REPLY_GREYLISTED="" +export REPLY_HELO="" +export REPLY_BADRCPTTO="" +export REPLY_MAILBOX="" +export REPLY_BADMAILFROM="" +export REPLY_SENDERENV="" +export REPLY_NOGATEWAY="" +export REPLY_MAILFROM="" +export REPLY_CONTENT="" -- cgit v1.2.3