Commit | Line | Data |
---|---|---|
2117e02e MW |
1 | The qmail package includes a local delivery agent, qmail-local, which |
2 | provides user-controlled mailing lists, cross-host alias loop detection, | |
3 | and many other important qmail features. | |
4 | ||
5 | There's one part of qmail-local that you need to know about right now: | |
6 | qmail-local doesn't support an insecure central mail spool. It delivers | |
7 | mail by default into ~user/Mailbox (in mbox format). | |
8 | ||
9 | This file explains what you should do to deal with this change. It also | |
10 | points out some reasons that you might want to make an even bigger | |
11 | change, switching from mbox format to a new format, maildir. | |
12 | ||
13 | If you desperately don't want to change anything, see INSTALL.qsmhook. | |
14 | ||
15 | ||
16 | Contents: | |
17 | 1. Throw away /usr/spool/mail! | |
18 | 2. The trouble with mbox | |
19 | 3. Sun's Network F_\bail_\bu_\bre System | |
20 | ||
21 | ||
22 | 1. Throw away /usr/spool/mail! | |
23 | ||
24 | /usr/spool/mail, often called /var/spool/mail or /var/mail, is a | |
25 | security disaster. A user's mailbox belongs in his home directory, not a | |
26 | shared directory. Even if you don't install qmail, you should destroy | |
27 | /usr/spool/mail. This takes four steps: | |
28 | ||
29 | A. Convince your local mailer to deliver to ~user/Mailbox. If you're | |
30 | using something like procmail, this is easy---just change SYSTEM_MBOX | |
31 | in config.h. If you're installing qmail, you don't have to do | |
32 | anything. Otherwise, take a look at hlfsd from | |
33 | ftp.cs.columbia.edu/pub/amd. | |
34 | ||
35 | B. Move each /usr/spool/mail/user to ~user/Mailbox. For safety, do | |
36 | this in single-user mode---you don't want to risk corrupting | |
37 | mailboxes. (qmail makes it easy to turn off deliveries temporarily: | |
38 | just kill the qmail-send daemon. But you aren't running qmail yet.) | |
39 | When you're done, remove /usr/spool/mail. | |
40 | ||
41 | C. Put ``setenv MAIL $HOME/Mailbox'' in your system-wide .cshrc, | |
42 | ``MAIL=$HOME/Mailbox; export MAIL'' in your system-wide .profile, | |
43 | ``inbox-path=Mailbox'' in your system-wide pine.conf. If you're using | |
44 | qpopper 2.2, you'll have to recompile with -DHOMEDIRMAIL in CFLAGS | |
45 | and with /.mail changed to /Mailbox in pop_dropcopy.c. If you're | |
46 | using elm on a multiuser system, you'll have to recompile elm with | |
47 | "mailbox" changed to "Mailbox" around line 388 of newmbox.c. | |
48 | ||
49 | D. Announce the change. | |
50 | ||
51 | Some vendors, in a misguided attempt to solve the security problems of | |
52 | /usr/spool/mail, have made all MUAs (e.g., /usr/ucb/Mail) setgid mail. | |
53 | After you get rid of /usr/spool/mail, you can also disable those | |
54 | setgid-mail bits. | |
55 | ||
56 | ||
57 | 2. The trouble with mbox | |
58 | ||
59 | The mbox format---the format of ~user/Mailbox, understood by BSD Mail | |
60 | and lots of other MUAs---is inherently unreliable. | |
61 | ||
62 | Think about it: what happens if the system crashes while a program is | |
63 | appending a new message to ~user/Mailbox? The message will be truncated. | |
64 | Even worse, if it was truncated in the middle of a line, it will end up | |
65 | being merged with the next message! Sure, the mailer understands that it | |
66 | wasn't successful, so it'll try delivering the message again later, but | |
67 | it can't fix your corrupted mbox. | |
68 | ||
69 | Other formats, such as mh folders, are just as unreliable. | |
70 | ||
71 | qmail supports maildir, a crashproof format for incoming mail messages. | |
72 | maildir is fast and easy for MUAs to use. Even better, maildir works | |
73 | wonders over NFS---see below. | |
74 | ||
75 | I don't want to cram maildir down people's throats, so it's not the | |
76 | default. Nevertheless, I encourage you to start asking for maildir | |
77 | versions of your favorite MUAs, and to switch over to maildir as soon as | |
78 | you can. | |
79 | ||
80 | WARNING: qmail uses flock() to lock ~user/Mailbox. This agrees with the | |
81 | modern mail.local locking choice. If your MUA doesn't use flock(), your | |
82 | best bet is to switch to maildir, and to set up synchronous maildir2mbox | |
83 | execution, as described below. | |
84 | ||
85 | ||
86 | 3. Sun's Network F_\bail_\bu_\bre System | |
87 | ||
88 | Anyone who tells you that mail can be safely delivered in mbox format | |
89 | over NFS is pulling your leg---as explained above, mbox format is | |
90 | inherently unreliable even on a single machine. | |
91 | ||
92 | Anyway, NFS is the most unreliable computing environment ever invented, | |
93 | and qmail doesn't even pretend to support mbox over NFS. | |
94 | ||
95 | You should switch to maildir, which works fine over NFS without any | |
96 | locking. You can safely read your mail over NFS if it's in maildir | |
97 | format. Any number of machines can deliver mail to you at the same time. | |
98 | (On the other hand, for efficiency, it's better to get NFS out of the | |
99 | picture---your mail should be delivered on the server that contains your | |
100 | home directory.) | |
101 | ||
102 | Here's how to set up qmail to use maildir for your incoming mail: | |
103 | ||
104 | % maildirmake $HOME/Maildir | |
105 | % echo ./Maildir/ > ~/.qmail | |
106 | ||
107 | Make sure you include the trailing slash on Maildir/. | |
108 | ||
109 | Until your MUA supports maildir, you'll probably want to convert maildir | |
110 | format to (gaaack) mbox format. I've supplied a maildir2mbox utility | |
111 | that does the trick, along with some tiny qail and elq and pinq wrappers | |
112 | that call maildir2mbox before calling Mail or elm or pine. |