| 1 | The qmail package includes a local delivery agent, qmail-local, which |
| 2 | provides user-controlled mailing lists, cross-host alias loop detection, |
| 3 | and many other important qmail features. |
| 4 | |
| 5 | There's one part of qmail-local that you need to know about right now: |
| 6 | qmail-local doesn't support an insecure central mail spool. It delivers |
| 7 | mail by default into ~user/Mailbox (in mbox format). |
| 8 | |
| 9 | This file explains what you should do to deal with this change. It also |
| 10 | points out some reasons that you might want to make an even bigger |
| 11 | change, switching from mbox format to a new format, maildir. |
| 12 | |
| 13 | If you desperately don't want to change anything, see INSTALL.qsmhook. |
| 14 | |
| 15 | |
| 16 | Contents: |
| 17 | 1. Throw away /usr/spool/mail! |
| 18 | 2. The trouble with mbox |
| 19 | 3. Sun's Network F_\bail_\bu_\bre System |
| 20 | |
| 21 | |
| 22 | 1. Throw away /usr/spool/mail! |
| 23 | |
| 24 | /usr/spool/mail, often called /var/spool/mail or /var/mail, is a |
| 25 | security disaster. A user's mailbox belongs in his home directory, not a |
| 26 | shared directory. Even if you don't install qmail, you should destroy |
| 27 | /usr/spool/mail. This takes four steps: |
| 28 | |
| 29 | A. Convince your local mailer to deliver to ~user/Mailbox. If you're |
| 30 | using something like procmail, this is easy---just change SYSTEM_MBOX |
| 31 | in config.h. If you're installing qmail, you don't have to do |
| 32 | anything. Otherwise, take a look at hlfsd from |
| 33 | ftp.cs.columbia.edu/pub/amd. |
| 34 | |
| 35 | B. Move each /usr/spool/mail/user to ~user/Mailbox. For safety, do |
| 36 | this in single-user mode---you don't want to risk corrupting |
| 37 | mailboxes. (qmail makes it easy to turn off deliveries temporarily: |
| 38 | just kill the qmail-send daemon. But you aren't running qmail yet.) |
| 39 | When you're done, remove /usr/spool/mail. |
| 40 | |
| 41 | C. Put ``setenv MAIL $HOME/Mailbox'' in your system-wide .cshrc, |
| 42 | ``MAIL=$HOME/Mailbox; export MAIL'' in your system-wide .profile, |
| 43 | ``inbox-path=Mailbox'' in your system-wide pine.conf. If you're using |
| 44 | qpopper 2.2, you'll have to recompile with -DHOMEDIRMAIL in CFLAGS |
| 45 | and with /.mail changed to /Mailbox in pop_dropcopy.c. If you're |
| 46 | using elm on a multiuser system, you'll have to recompile elm with |
| 47 | "mailbox" changed to "Mailbox" around line 388 of newmbox.c. |
| 48 | |
| 49 | D. Announce the change. |
| 50 | |
| 51 | Some vendors, in a misguided attempt to solve the security problems of |
| 52 | /usr/spool/mail, have made all MUAs (e.g., /usr/ucb/Mail) setgid mail. |
| 53 | After you get rid of /usr/spool/mail, you can also disable those |
| 54 | setgid-mail bits. |
| 55 | |
| 56 | |
| 57 | 2. The trouble with mbox |
| 58 | |
| 59 | The mbox format---the format of ~user/Mailbox, understood by BSD Mail |
| 60 | and lots of other MUAs---is inherently unreliable. |
| 61 | |
| 62 | Think about it: what happens if the system crashes while a program is |
| 63 | appending a new message to ~user/Mailbox? The message will be truncated. |
| 64 | Even worse, if it was truncated in the middle of a line, it will end up |
| 65 | being merged with the next message! Sure, the mailer understands that it |
| 66 | wasn't successful, so it'll try delivering the message again later, but |
| 67 | it can't fix your corrupted mbox. |
| 68 | |
| 69 | Other formats, such as mh folders, are just as unreliable. |
| 70 | |
| 71 | qmail supports maildir, a crashproof format for incoming mail messages. |
| 72 | maildir is fast and easy for MUAs to use. Even better, maildir works |
| 73 | wonders over NFS---see below. |
| 74 | |
| 75 | I don't want to cram maildir down people's throats, so it's not the |
| 76 | default. Nevertheless, I encourage you to start asking for maildir |
| 77 | versions of your favorite MUAs, and to switch over to maildir as soon as |
| 78 | you can. |
| 79 | |
| 80 | WARNING: qmail uses flock() to lock ~user/Mailbox. This agrees with the |
| 81 | modern mail.local locking choice. If your MUA doesn't use flock(), your |
| 82 | best bet is to switch to maildir, and to set up synchronous maildir2mbox |
| 83 | execution, as described below. |
| 84 | |
| 85 | |
| 86 | 3. Sun's Network F_\bail_\bu_\bre System |
| 87 | |
| 88 | Anyone who tells you that mail can be safely delivered in mbox format |
| 89 | over NFS is pulling your leg---as explained above, mbox format is |
| 90 | inherently unreliable even on a single machine. |
| 91 | |
| 92 | Anyway, NFS is the most unreliable computing environment ever invented, |
| 93 | and qmail doesn't even pretend to support mbox over NFS. |
| 94 | |
| 95 | You should switch to maildir, which works fine over NFS without any |
| 96 | locking. You can safely read your mail over NFS if it's in maildir |
| 97 | format. Any number of machines can deliver mail to you at the same time. |
| 98 | (On the other hand, for efficiency, it's better to get NFS out of the |
| 99 | picture---your mail should be delivered on the server that contains your |
| 100 | home directory.) |
| 101 | |
| 102 | Here's how to set up qmail to use maildir for your incoming mail: |
| 103 | |
| 104 | % maildirmake $HOME/Maildir |
| 105 | % echo ./Maildir/ > ~/.qmail |
| 106 | |
| 107 | Make sure you include the trailing slash on Maildir/. |
| 108 | |
| 109 | Until your MUA supports maildir, you'll probably want to convert maildir |
| 110 | format to (gaaack) mbox format. I've supplied a maildir2mbox utility |
| 111 | that does the trick, along with some tiny qail and elq and pinq wrappers |
| 112 | that call maildir2mbox before calling Mail or elm or pine. |