| 1 | 1. Controlling the appearance of outgoing messages |
| 2 | 1.1. How do I set up host masquerading? |
| 3 | 1.2. How do I set up user masquerading? |
| 4 | 1.3. How do I set up Mail-Followup-To automatically? |
| 5 | |
| 6 | 2. Routing outgoing messages |
| 7 | 2.1. How do I send local messages to another host? |
| 8 | 2.2. How do I set up a null client? |
| 9 | 2.3. How do I send outgoing mail through UUCP? |
| 10 | 2.4. How do I set up a separate queue for a SLIP/PPP link? |
| 11 | 2.5. How do I deal with ``CNAME lookup failed temporarily''? |
| 12 | |
| 13 | 3. Routing incoming messages by host |
| 14 | 3.1. How do I receive mail for another host name? |
| 15 | 3.2. How do I set up a virtual domain? |
| 16 | 3.3. How do I set up several virtual domains for one user? |
| 17 | |
| 18 | 4. Routing incoming messages by user |
| 19 | 4.1. How do I forward unrecognized usernames to another host? |
| 20 | 4.2. How do I set up a mailing list? |
| 21 | 4.3. How do I use majordomo with qmail? |
| 22 | 4.4. How do I use procmail with qmail? |
| 23 | 4.5. How do I use elm's filter with qmail? |
| 24 | 4.6. How do I create aliases with dots? |
| 25 | 4.7. How do I use sendmail's .forward files with qmail? |
| 26 | 4.8. How do I use sendmail's /etc/aliases with qmail? |
| 27 | 4.9. How do I make qmail defer messages during NFS or NIS outages? |
| 28 | 4.10. How do I change which account controls an address? |
| 29 | |
| 30 | 5. Setting up servers |
| 31 | 5.1. How do I run qmail-smtpd under tcpserver? |
| 32 | 5.2. How do I set up qmail-qmtpd? |
| 33 | 5.3. How do I set up qmail-pop3d? |
| 34 | 5.4. How do I allow selected clients to use this host as a relay? |
| 35 | 5.5. How do I fix up messages from broken SMTP clients? |
| 36 | 5.6. How do I set up qmail-qmqpd? |
| 37 | |
| 38 | 6. Configuring MUAs to work with qmail |
| 39 | 6.1. How do I make BSD mail generate a Date with the local time zone? |
| 40 | 6.2. How do I make pine work with qmail? |
| 41 | 6.3. How do I make MH work with qmail? |
| 42 | 6.4. How do I stop Sun's dtcm from hanging? |
| 43 | |
| 44 | 7. Managing the mail system |
| 45 | 7.1. How do I safely stop qmail-send? |
| 46 | 7.2. How do I manually run the queue? |
| 47 | 7.3. How do I rejuvenate a message? |
| 48 | 7.4. How do I organize a big network? |
| 49 | 7.5. How do I back up and restore the queue disk? |
| 50 | 7.6. How do I run a supervised copy of qmail? |
| 51 | 7.7. How do I avoid syslog? |
| 52 | |
| 53 | 8. Miscellany |
| 54 | 8.1. How do I tell qmail to do more deliveries at once? |
| 55 | 8.2. How do I keep a copy of all incoming and outgoing mail messages? |
| 56 | 8.3. How do I switch slowly from sendmail to qmail? |
| 57 | |
| 58 | |
| 59 | |
| 60 | 1. Controlling the appearance of outgoing messages |
| 61 | |
| 62 | |
| 63 | 1.1. How do I set up host masquerading? All the users on this host, |
| 64 | zippy.af.mil, are users on af.mil. When joe sends a message to fred, the |
| 65 | message should say ``From: joe@af.mil'' and ``To: fred@af.mil'', without |
| 66 | ``zippy'' anywhere. |
| 67 | |
| 68 | Answer: echo af.mil > /var/qmail/control/defaulthost; chmod 644 |
| 69 | /var/qmail/control/defaulthost. |
| 70 | |
| 71 | |
| 72 | 1.2. How do I set up user masquerading? I'd like my own From lines to |
| 73 | show boss@af.mil rather than god@heaven.af.mil. |
| 74 | |
| 75 | Answer: Add MAILHOST=af.mil and MAILUSER=boss to your environment. To |
| 76 | override From lines supplied by your MUA, add QMAILINJECT=f to your |
| 77 | environment. |
| 78 | |
| 79 | |
| 80 | 1.3. How do I set up Mail-Followup-To automatically? When I send a |
| 81 | message to the sos@heaven.af.mil mailing list, I'd like to include |
| 82 | ``Mail-Followup-To: sos@heaven.af.mil''. |
| 83 | |
| 84 | Answer: Add QMAILMFTFILE=$HOME/.lists to your environment, and put |
| 85 | sos@heaven.af.mil into ~/.lists. |
| 86 | |
| 87 | |
| 88 | |
| 89 | 2. Routing outgoing messages |
| 90 | |
| 91 | |
| 92 | 2.1. How do I send local messages to another host? All the mail for |
| 93 | af.mil should be delivered to our disk server, pokey.af.mil. I've set up |
| 94 | an MX from af.mil to pokey.af.mil, but when a user on the af.mil host |
| 95 | sends a message to boss@af.mil, af.mil tries to deliver it locally. How |
| 96 | do I stop that? |
| 97 | |
| 98 | Answer: Remove af.mil from /var/qmail/control/locals. If qmail-send is |
| 99 | running, give it a HUP. Make sure the MX is set up properly before you |
| 100 | do this. Also make sure that pokey can receive mail for af.mil---see |
| 101 | question 3.1. |
| 102 | |
| 103 | |
| 104 | 2.2. How do I set up a null client? I'd like zippy.af.mil to |
| 105 | send all mail to bigbang.af.mil. |
| 106 | |
| 107 | Answer: echo :bigbang.af.mil > /var/qmail/control/smtproutes; |
| 108 | chmod 644 /var/qmail/control/smtproutes. Disable local delivery as in |
| 109 | question 2.1. Turn off qmail-smtpd in /etc/inetd.conf. |
| 110 | |
| 111 | |
| 112 | 2.3. How do I send outgoing mail through UUCP? I need qmail to send all |
| 113 | outgoing mail via UUCP to my upstream UUCP site, gonzo. |
| 114 | |
| 115 | Answer: Put |
| 116 | |
| 117 | :alias-uucp |
| 118 | |
| 119 | into control/virtualdomains and |
| 120 | |
| 121 | |preline -df /usr/bin/uux - -r -gC |
| 122 | -a"${SENDER:-MAILER-DAEMON}" gonzo!rmail "($DEFAULT@$HOST)" |
| 123 | |
| 124 | (all on one line) into ~alias/.qmail-uucp-default. (For some UUCP |
| 125 | software you will need to use -d instead of -df.) If qmail-send is |
| 126 | running, give it a HUP. |
| 127 | |
| 128 | |
| 129 | 2.4. How do I set up a separate queue for a SLIP/PPP link? |
| 130 | |
| 131 | Answer: Use serialmail (http://pobox.com/~djb/serialmail.html). |
| 132 | |
| 133 | |
| 134 | 2.5. How do I deal with ``CNAME lookup failed temporarily''? The log |
| 135 | showed that a message was deferred for this reason. Why is qmail doing |
| 136 | CNAME lookups, anyway? |
| 137 | |
| 138 | Answer: The SMTP standard does not permit aliased hostnames, so qmail |
| 139 | has to do a CNAME lookup in DNS for every recipient host. If the |
| 140 | relevant DNS server is down, qmail defers the message. It will try again |
| 141 | soon. |
| 142 | |
| 143 | |
| 144 | |
| 145 | 3. Routing incoming messages by host |
| 146 | |
| 147 | |
| 148 | 3.1. How do I receive mail for another host name? I'd like our disk |
| 149 | server, pokey.af.mil, to receive mail addressed to af.mil. I've set up |
| 150 | an MX from af.mil to pokey.af.mil, but how do I get pokey to treat |
| 151 | af.mil as a name for the local host? |
| 152 | |
| 153 | Answer: Add af.mil to /var/qmail/control/locals and to |
| 154 | /var/qmail/control/rcpthosts. If qmail-send is running, give it a HUP |
| 155 | (or do svc -h /var/run/qmail if qmail is supervised). |
| 156 | |
| 157 | |
| 158 | 3.2. How do I set up a virtual domain? I'd like any mail for |
| 159 | nowhere.mil, including root@nowhere.mil and postmaster@nowhere.mil and |
| 160 | so on, to be delivered to Bob. I've set up the MX already. |
| 161 | |
| 162 | Answer: Put |
| 163 | |
| 164 | nowhere.mil:bob |
| 165 | |
| 166 | into control/virtualdomains. Add nowhere.mil to control/rcpthosts. If |
| 167 | qmail-send is running, give it a HUP (or do svc -h /var/run/qmail if |
| 168 | qmail is supervised). |
| 169 | |
| 170 | Now mail for whatever@nowhere.mil will be delivered locally to |
| 171 | bob-whatever. Bob can set up ~bob/.qmail-default to catch all the |
| 172 | possible addresses, ~bob/.qmail-info to catch info@nowhere.mil, etc. |
| 173 | |
| 174 | |
| 175 | 3.3. How do I set up several virtual domains for one user? Bob wants |
| 176 | another virtual domain, everywhere.org, but he wants to handle |
| 177 | nowhere.mil users and everywhere.org users differently. How can we do |
| 178 | that without setting up a second account? |
| 179 | |
| 180 | Answer: Put two lines into control/virtualdomains: |
| 181 | |
| 182 | nowhere.mil:bob-nowhere |
| 183 | everywhere.org:bob-everywhere |
| 184 | |
| 185 | Add nowhere.mil and everywhere.org to control/rcpthosts. If qmail-send |
| 186 | is running, give it a HUP (or do svc -h /var/run/qmail if qmail is |
| 187 | supervised). |
| 188 | |
| 189 | Now Bob can set up separate .qmail-nowhere-* and everywhere-* files. He |
| 190 | can even set up .qmail-nowhere-default and .qmail-everywhere-default. |
| 191 | |
| 192 | |
| 193 | |
| 194 | 4. Routing incoming messages by user |
| 195 | |
| 196 | |
| 197 | 4.1. How do I forward unrecognized usernames to another host? I'd like |
| 198 | to set up a LUSER_RELAY pointing at bigbang.af.mil. |
| 199 | |
| 200 | Answer: Put |
| 201 | |
| 202 | | forward "$LOCAL"@bigbang.af.mil |
| 203 | |
| 204 | into ~alias/.qmail-default. |
| 205 | |
| 206 | |
| 207 | 4.2. How do I set up a mailing list? I'd like me-sos@my.host.name to be |
| 208 | forwarded to a bunch of people. |
| 209 | |
| 210 | Answer: Put a list of addresses into ~me/.qmail-sos, one per line. Then |
| 211 | incoming mail for me-sos will be forwarded to each of those addresses. |
| 212 | You should also touch ~me/.qmail-sos-owner so that bounces come back to |
| 213 | you rather than the original sender. |
| 214 | |
| 215 | Alternative: ezmlm (http://pobox.com/~djb/ezmlm.html) is a modern |
| 216 | mailing list manager, supporting automatic subscriptions, confirmations, |
| 217 | archives, fully automatic bounce handling (including warnings to |
| 218 | subscribers saying which messages they've missed), and more. |
| 219 | |
| 220 | |
| 221 | 4.3. How do I use majordomo with qmail? |
| 222 | |
| 223 | Answer: See ftp://ftp.eyrie.org/pub/software/majordomo/mjqmail and |
| 224 | http://www.qmail.org for various methods. majordomo 2.0 is expected to |
| 225 | support qmail directly. |
| 226 | |
| 227 | Beware that majordomo's lists are not crashproof. |
| 228 | |
| 229 | |
| 230 | |
| 231 | 4.4. How do I use procmail with qmail? |
| 232 | |
| 233 | Answer: Put |
| 234 | |
| 235 | | preline procmail |
| 236 | |
| 237 | into ~/.qmail. You'll have to use a full path for procmail unless |
| 238 | procmail is in the system's startup PATH. Note that procmail will try to |
| 239 | deliver to /var/spool/mail/$USER by default; to change this, see |
| 240 | INSTALL.mbox. |
| 241 | |
| 242 | |
| 243 | 4.5. How do I use elm's filter with qmail? |
| 244 | |
| 245 | Answer: Put |
| 246 | |
| 247 | | preline filter |
| 248 | |
| 249 | into ~/.qmail. You'll have to use a full path for filter unless filter |
| 250 | is in the system's startup PATH. |
| 251 | |
| 252 | |
| 253 | 4.6. How do I create aliases with dots? I tried setting up |
| 254 | ~alias/.qmail-P.D.Q.Bach, but it doesn't do anything. |
| 255 | |
| 256 | Answer: Use .qmail-p:d:q:bach. Dots are converted to colons, and |
| 257 | uppercase is converted to lowercase. |
| 258 | |
| 259 | |
| 260 | 4.7. How do I use sendmail's .forward files with qmail? |
| 261 | |
| 262 | Answer: Install the dot-forward package |
| 263 | (http://pobox.com/~djb/dot-forward.html). |
| 264 | |
| 265 | |
| 266 | 4.8. How do I use sendmail's /etc/aliases with qmail? |
| 267 | |
| 268 | Answer: Install the fastforward package |
| 269 | (http://pobox.com/~djb/fastforward.html). |
| 270 | |
| 271 | |
| 272 | 4.9. How do I make qmail defer messages during NFS or NIS outages? If |
| 273 | ~joe suddenly disappears, I'd like mail for joe to be deferred. |
| 274 | |
| 275 | Answer: Build a qmail-users database, so that qmail no longer checks |
| 276 | home directories and the password database. This takes three steps. |
| 277 | First, put your complete user list (including local and NIS passwords) |
| 278 | into /var/qmail/users/passwd. Second, run |
| 279 | |
| 280 | # qmail-pw2u -h < /var/qmail/users/passwd > /var/qmail/users/assign |
| 281 | |
| 282 | Here -h means that every user must have a home directory; if you happen |
| 283 | to run qmail-pw2u during an NFS outage, it will print an error message |
| 284 | and stop. Third, run |
| 285 | |
| 286 | # qmail-newu |
| 287 | |
| 288 | Make sure to rebuild the database whenever you change your user list. |
| 289 | |
| 290 | |
| 291 | 4.10. How do I change which account controls an address? I set up |
| 292 | ~alias/.qmail-www, but qmail is looking at ~www/.qmail instead. |
| 293 | |
| 294 | Answer: If you do |
| 295 | |
| 296 | # chown root ~www |
| 297 | |
| 298 | then qmail will no longer consider www to be a user; see qmail-getpw.0. |
| 299 | For more precise control over address assignments, see qmail-users.0. |
| 300 | |
| 301 | |
| 302 | |
| 303 | 5. Setting up servers |
| 304 | |
| 305 | |
| 306 | 5.1. How do I run qmail-smtpd under tcpserver? inetd is barfing at high |
| 307 | loads, cutting off service for ten-minute stretches. I'd also like |
| 308 | better connection logging. |
| 309 | |
| 310 | Answer: First, install the tcpserver program, part of the ucspi-tcp |
| 311 | package (http://pobox.com/~djb/ucspi-tcp.html). Second, remove the smtp |
| 312 | line from /etc/inetd.conf, and put the line |
| 313 | |
| 314 | tcpserver -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd & |
| 315 | |
| 316 | into your system startup files. Replace 7770 with your qmaild uid, and |
| 317 | replace 2108 with your nofiles gid. Don't forget the &. The change will |
| 318 | take effect at your next reboot. |
| 319 | |
| 320 | By default, tcpserver allows at most 40 simultaneous qmail-smtpd |
| 321 | processes. To raise this limit to 400, use tcpserver -c 400. To keep |
| 322 | track of who's connecting and for how long, run (on two lines) |
| 323 | |
| 324 | tcpserver -v -u 7770 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd \ |
| 325 | 2>&1 | /var/qmail/bin/splogger smtpd 3 & |
| 326 | |
| 327 | |
| 328 | 5.2. How do I set up qmail-qmtpd? |
| 329 | |
| 330 | Answer: Two steps. First, put a |
| 331 | |
| 332 | qmtp 209/tcp |
| 333 | |
| 334 | line into /etc/services. Second, put (all on one line) |
| 335 | |
| 336 | qmtp stream tcp nowait qmaild |
| 337 | /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-qmtpd |
| 338 | |
| 339 | into /etc/inetd.conf, and give inetd a HUP. |
| 340 | |
| 341 | If you have tcpserver installed, skip the inetd step, and set up |
| 342 | |
| 343 | tcpserver -u 7770 -g 2108 0 qmtp /var/qmail/bin/qmail-qmtpd & |
| 344 | |
| 345 | replacing 7770 and 2108 with the qmaild uid and nofiles gid. See |
| 346 | question 5.1 for more details on tcpserver. |
| 347 | |
| 348 | |
| 349 | 5.3. How do I set up qmail-pop3d? My old POP server works with mbox |
| 350 | delivery; I'd like to switch to maildir delivery. |
| 351 | |
| 352 | Answer: Four steps. First, install the checkpassword program |
| 353 | (http://pobox.com/~djb/checkpwd.html). Second, make sure you have a |
| 354 | |
| 355 | pop3 110/tcp |
| 356 | |
| 357 | line in /etc/services. Third, put (all on one line, including |
| 358 | qmail-popup twice) |
| 359 | |
| 360 | pop3 stream tcp nowait root |
| 361 | /var/qmail/bin/qmail-popup qmail-popup |
| 362 | YOURHOST /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir |
| 363 | |
| 364 | into /etc/inetd.conf, and give inetd a HUP; replace YOURHOST with your |
| 365 | host's fully qualified domain name. Fourth, set up Maildir delivery for |
| 366 | any user who wants to read mail via POP. |
| 367 | |
| 368 | If you have tcpserver installed, skip the inetd step, and set up (on two |
| 369 | lines) |
| 370 | |
| 371 | tcpserver 0 pop3 /var/qmail/bin/qmail-popup YOURHOST \ |
| 372 | /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir & |
| 373 | |
| 374 | replacing YOURHOST with your host's fully qualified domain name. See |
| 375 | question 5.1 for more details on tcpserver. |
| 376 | |
| 377 | Security note: pop3d should be used only within a secure network; |
| 378 | otherwise an eavesdropper can steal passwords. |
| 379 | |
| 380 | |
| 381 | 5.4. How do I allow selected clients to use this host as a relay? I see |
| 382 | that qmail-smtpd rejects messages to any host not listed in |
| 383 | control/rcpthosts. |
| 384 | |
| 385 | Answer: Three steps. First, install tcp-wrappers, available separately, |
| 386 | including hosts_options. Second, change your qmail-smtpd line in |
| 387 | inetd.conf to |
| 388 | |
| 389 | smtp stream tcp nowait qmaild /usr/local/bin/tcpd |
| 390 | /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd |
| 391 | |
| 392 | (all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow, |
| 393 | make a line setting the environment variable RELAYCLIENT to the empty |
| 394 | string for the selected clients: |
| 395 | |
| 396 | tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT |
| 397 | |
| 398 | Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd |
| 399 | ignores control/rcpthosts when RELAYCLIENT is set. (It also appends |
| 400 | RELAYCLIENT to each envelope recipient address. See question 5.5 for an |
| 401 | application.) |
| 402 | |
| 403 | Alternative procedure, if you are using tcpserver 0.80 or above: Create |
| 404 | /etc/tcp.smtp containing |
| 405 | |
| 406 | 1.2.3.6:allow,RELAYCLIENT="" |
| 407 | 127.:allow,RELAYCLIENT="" |
| 408 | |
| 409 | to allow clients with IP addresses 1.2.3.6 and 127.*. Run |
| 410 | |
| 411 | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp |
| 412 | |
| 413 | Finally, insert |
| 414 | |
| 415 | -x /etc/tcp.smtp.cdb |
| 416 | |
| 417 | after tcpserver in your qmail-smtpd invocation. |
| 418 | |
| 419 | |
| 420 | 5.5. How do I fix up messages from broken SMTP clients? |
| 421 | |
| 422 | Answer: Three steps. First, put |
| 423 | |
| 424 | | bouncesaying 'Permission denied' [ "@$HOST" != "@fixme" ] |
| 425 | | qmail-inject -f "$SENDER" -- "$DEFAULT" |
| 426 | |
| 427 | into ~alias/.qmail-fixup-default. Second, put |
| 428 | |
| 429 | fixme:fixup |
| 430 | |
| 431 | into /var/qmail/control/virtualdomains, and give qmail-send a HUP. |
| 432 | Third, follow the procedure in question 5.4, but set RELAYCLIENT to the |
| 433 | string ``@fixme'': |
| 434 | |
| 435 | tcp-env: 1.2.3.6, 1.2.3.7: setenv = RELAYCLIENT @fixme |
| 436 | |
| 437 | Here 1.2.3.6 and 1.2.3.7 are the clients' IP addresses. If you are using |
| 438 | tcpserver instead of inetd and tcpd, put |
| 439 | |
| 440 | 1.2.3.6:allow,RELAYCLIENT="@fixme" |
| 441 | 1.2.3.7:allow,RELAYCLIENT="@fixme" |
| 442 | |
| 443 | into /etc/tcp.smtp, and run tcprules as in question 5.4. |
| 444 | |
| 445 | |
| 446 | 5.6. How do I set up qmail-qmqpd? I'd like to allow fast queueing of |
| 447 | outgoing mail from authorized clients. |
| 448 | |
| 449 | Answer: Make sure you have installed tcpserver 0.80 or above. Create |
| 450 | /etc/qmqp.tcp in tcprules format to allow connections from authorized |
| 451 | hosts. For example, if queueing is allowed from 1.2.3.*: |
| 452 | |
| 453 | 1.2.3.:allow |
| 454 | :deny |
| 455 | |
| 456 | Convert /etc/qmqp.tcp to /etc/qmqp.cdb: |
| 457 | |
| 458 | tcprules /etc/qmqp.cdb /etc/qmqp.tmp < /etc/qmqp.tcp |
| 459 | |
| 460 | Finally, set up |
| 461 | |
| 462 | tcpserver -x /etc/qmqp.cdb -u 7770 -g 2108 0 628 /var/qmail/bin/qmail-qmqpd & |
| 463 | |
| 464 | replacing 7770 and 2108 with the qmaild uid and nofiles gid. See |
| 465 | question 5.1 for more details on tcpserver. |
| 466 | |
| 467 | |
| 468 | |
| 469 | 6. Configuring MUAs to work with qmail |
| 470 | |
| 471 | |
| 472 | 6.1. How do I make BSD mail generate a Date with the local time zone? |
| 473 | When I send mail, I'd rather use the local time zone than GMT, since |
| 474 | some MUAs don't know how to display Date in the receiver's time zone. |
| 475 | |
| 476 | Answer: Put |
| 477 | |
| 478 | set sendmail=/var/qmail/bin/datemail |
| 479 | |
| 480 | into your .mailrc or your system-wide Mail.rc. Beware that BSD mail is |
| 481 | neither secure nor reliable. |
| 482 | |
| 483 | |
| 484 | 6.2. How do I make pine work with qmail? |
| 485 | |
| 486 | Answer: Put |
| 487 | |
| 488 | sendmail-path=/usr/lib/sendmail -oem -oi -t |
| 489 | |
| 490 | into /usr/local/lib/pine.conf. (This will work with sendmail too.) |
| 491 | Beware that pine is neither secure nor reliable. |
| 492 | |
| 493 | |
| 494 | 6.3. How do I make MH work with qmail? |
| 495 | |
| 496 | Answer: Put |
| 497 | |
| 498 | postproc: /usr/mh/lib/spost |
| 499 | |
| 500 | into each user's .mh_profile. (This will work with sendmail too.) Beware |
| 501 | that MH is neither secure nor reliable. |
| 502 | |
| 503 | |
| 504 | 6.4. How do I stop Sun's dtcm from hanging? |
| 505 | |
| 506 | Answer: There is a novice programming error in dtcm, known as ``failure |
| 507 | to close the output side of the pipe in the child.'' Sun has, at the |
| 508 | time of this writing, not yet provided a patch. Sorry. |
| 509 | |
| 510 | |
| 511 | |
| 512 | 7. Managing the mail system |
| 513 | |
| 514 | |
| 515 | 7.1. How do I safely stop qmail-send? Back when we were running |
| 516 | sendmail, it was always tricky to kill sendmail without risking the loss |
| 517 | of current deliveries; what should I do with qmail-send? |
| 518 | |
| 519 | Answer: Go ahead and kill the qmail-send process. It will shut down |
| 520 | cleanly. Wait for ``exiting'' to show up in the log. To restart qmail, |
| 521 | run /var/qmail/rc the same way it is run from your system boot scripts, |
| 522 | with the proper PATH, resource limits, etc. |
| 523 | |
| 524 | Alternative, if qmail is supervised: svc -t /var/run/qmail. The |
| 525 | supervise process will kill qmail, wait for it to stop, and restart it. |
| 526 | Use -d instead of -t if you don't want qmail to restart automatically; |
| 527 | to manually restart it, use -u. |
| 528 | |
| 529 | |
| 530 | 7.2. How do I manually run the queue? I'd like qmail to try delivering |
| 531 | all the remote messages right now. |
| 532 | |
| 533 | Answer: Give the qmail-send process an ALRM. (Do svc -a /var/run/qmail |
| 534 | if qmail is supervised.) |
| 535 | |
| 536 | You may want to run qmail-tcpok first, to guarantee that qmail-remote |
| 537 | will try all addresses. Normally, if an address fails repeatedly, |
| 538 | qmail-remote leaves it alone for an hour. |
| 539 | |
| 540 | |
| 541 | 7.3. How do I rejuvenate a message? Somebody broke into Eric's computer |
| 542 | again; it's going to be down for at least another two days. I know Eric |
| 543 | has been expecting an important message---in fact, I see it sitting here |
| 544 | in /var/qmail/queue/mess/15/26902. It's been in the queue for six days; |
| 545 | how can I make sure it isn't bounced tomorrow? |
| 546 | |
| 547 | Answer: Just touch /var/qmail/queue/info/15/26902. (This is the only |
| 548 | form of queue modification that's safe while qmail is running.) |
| 549 | |
| 550 | |
| 551 | 7.4. How do I organize a big network? I have a lot of machines, and I |
| 552 | don't know where to start. |
| 553 | |
| 554 | Answer: First, choose the domain name where your users will receive |
| 555 | mail. This is normally the shortest domain name you control. If you are |
| 556 | in charge of *.movie.edu, you can use addresses like joe@movie.edu. |
| 557 | |
| 558 | Second, choose the machine that will know what to do with different |
| 559 | users at movie.edu. Set up a host name in DNS for this machine: |
| 560 | |
| 561 | mailhost.movie.edu IN A 1.2.3.4 |
| 562 | 4.3.2.1.in-addr.arpa IN PTR mailhost.movie.edu |
| 563 | |
| 564 | Here 1.2.3.4 is the IP address of that machine. |
| 565 | |
| 566 | Third, make a list of machines where mail should end up. For example, if |
| 567 | mail for Bob should end up on Bob's workstation, put Bob's workstation |
| 568 | onto the list. For each of these machines, set up a host name in DNS: |
| 569 | |
| 570 | bobshost.movie.edu IN A 1.2.3.7 |
| 571 | 7.3.2.1.in-addr.arpa IN PTR bobshost.movie.edu |
| 572 | |
| 573 | Fourth, install qmail on bobshost.movie.edu. qmail will automatically |
| 574 | configure itself to accept messages for bob@bobshost.movie.edu and |
| 575 | deliver them to ~bob/Mailbox on bobshost. Do the same for the other |
| 576 | machines where mail should end up. |
| 577 | |
| 578 | Fifth, install qmail on mailhost.movie.edu. Put |
| 579 | |
| 580 | movie.edu:alias-movie |
| 581 | |
| 582 | into control/virtualdomains on mailhost. Then forward bob@movie.edu to |
| 583 | bob@bobshost.movie.edu, by putting |
| 584 | |
| 585 | bob@bobshost.movie.edu |
| 586 | |
| 587 | into ~alias/.qmail-movie-bob. Do the same for other users. |
| 588 | |
| 589 | Sixth, put movie.edu into control/rcpthosts on mailhost.movie.edu, so |
| 590 | that mailhost.movie.edu will accept messages for users at movie.edu. |
| 591 | |
| 592 | Seventh, set up an MX record in DNS to deliver movie.edu messages to |
| 593 | mailhost: |
| 594 | |
| 595 | movie.edu IN MX 10 mailhost.movie.edu |
| 596 | |
| 597 | Eighth, on all your machines, put movie.edu into control/defaulthost. |
| 598 | |
| 599 | |
| 600 | 7.5. How do I back up and restore the queue disk? |
| 601 | |
| 602 | Answer: You can't. |
| 603 | |
| 604 | One difficulty is that you can't get a consistent snapshot of the queue |
| 605 | while qmail-send is running. Another difficulty is that messages in the |
| 606 | queue must have filenames that match their inode numbers. |
| 607 | |
| 608 | However, the big problem is that backups---even twice-daily backups--- |
| 609 | are far too unreliable for mail. If your disk dies, there will be very |
| 610 | little overlap between the messages saved in the last backup and the |
| 611 | messages that were lost. |
| 612 | |
| 613 | There are several ways to add real reliability to a mail server. Battery |
| 614 | backups will keep your server alive, letting you park the disk to avoid |
| 615 | a head crash, when the power goes out. Solid-state disks have their own |
| 616 | battery backups. RAID boxes let you replace dead disks without losing |
| 617 | any data. |
| 618 | |
| 619 | |
| 620 | 7.6. How do I run a supervised copy of qmail? svc sounds useful. |
| 621 | |
| 622 | Answer: Install daemontools (http://pobox.com/~djb/daemontools.html). |
| 623 | Create a /var/run/qmail directory. Change |
| 624 | |
| 625 | /var/qmail/rc |
| 626 | |
| 627 | to |
| 628 | |
| 629 | supervise /var/run/qmail /var/qmail/rc |
| 630 | |
| 631 | in your boot scripts. Make sure that supervise is in the startup PATH. |
| 632 | Now you can use svc to stop or restart qmail, and svstat to check |
| 633 | whether qmail is running. |
| 634 | |
| 635 | |
| 636 | 7.7. How do I avoid syslog? It chews up a lot of CPU time and isn't |
| 637 | reliable. |
| 638 | |
| 639 | Answer: Install daemontools (http://pobox.com/~djb/daemontools.html). |
| 640 | Make a /var/log/qmail directory, owned by qmaill, mode 2700. Do |
| 641 | |
| 642 | qmail-start ./Mailbox /usr/local/bin/accustamp \ |
| 643 | | setuser qmaill /usr/local/bin/cyclog /var/log/qmail & |
| 644 | |
| 645 | in /var/qmail/rc. |
| 646 | |
| 647 | If you are logging tcpserver connections, make a /var/log/smtpd |
| 648 | directory, and use cyclog /var/log/smtpd for tcpserver. You shouldn't |
| 649 | run several copies of cyclog with the same log directory. |
| 650 | |
| 651 | By default, cyclog keeps 10 automatically rotated log files, each |
| 652 | containing up to 100KB of log data. To keep 20 files with 1MB each, use |
| 653 | cyclog -s 1000000 -n 20. |
| 654 | |
| 655 | |
| 656 | |
| 657 | 8. Miscellany |
| 658 | |
| 659 | |
| 660 | 8.1. How do I tell qmail to do more deliveries at once? It's running |
| 661 | only 20 parallel qmail-remote processes. |
| 662 | |
| 663 | Answer: Decide how many deliveries you want to allow at once. Put that |
| 664 | number into control/concurrencyremote. Restart qmail-send as in question |
| 665 | 7.1. If your system has resource limits, make sure you set the |
| 666 | descriptors limit to at least double the concurrency plus 5; otherwise |
| 667 | you'll get lots of unnecessary deferrals whenever a big burst of mail |
| 668 | shows up. Note that qmail also imposes a compile-time concurrency limit, |
| 669 | 120 by default; this is set in conf-spawn. |
| 670 | |
| 671 | |
| 672 | 8.2. How do I keep a copy of all incoming and outgoing mail messages? |
| 673 | |
| 674 | Answer: Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h. |
| 675 | Recompile qmail. Put ./msg-log into ~alias/.qmail-log. |
| 676 | |
| 677 | You can also use QUEUE_EXTRA to, e.g., record the Message-ID of every |
| 678 | message: run |
| 679 | |
| 680 | | awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' |
| 681 | |
| 682 | from ~alias/.qmail-log. |
| 683 | |
| 684 | |
| 685 | 8.3. How do I switch slowly from sendmail to qmail? I'm thinking of |
| 686 | moving the heaven.af.mil network over to qmail, but first I'd like to |
| 687 | give my users a chance to try out qmail without affecting current |
| 688 | sendmail deliveries. We're using NFS. |
| 689 | |
| 690 | Answer: Find a host in your network, say pc.heaven.af.mil, that isn't |
| 691 | running an SMTP server. (If addresses at pc.heaven.af.mil are used, you |
| 692 | should already have an MX pointing pc.heaven.af.mil to your mail hub.) |
| 693 | |
| 694 | Set up a new MX record pointing lists.heaven.af.mil to pc.heaven.af.mil. |
| 695 | Install qmail on pc.heaven.af.mil. Replace pc with lists in the control |
| 696 | files. Make the qmail man pages available on all your machines. |
| 697 | |
| 698 | Now tell your users about qmail. A user can forward joe@heaven.af.mil to |
| 699 | joe@lists.heaven.af.mil to get ~/Mailbox delivery; he can set up .qmail |
| 700 | files; he can start running his own mailing lists @lists.heaven.af.mil. |
| 701 | |
| 702 | When you're ready to turn sendmail off, you can set up pc.heaven.af.mil |
| 703 | as your new mail hub. Add heaven.af.mil to control/locals, and change |
| 704 | the heaven.af.mil MX to point to pc.heaven.af.mil. Make sure you leave |
| 705 | lists.heaven.af.mil in control/locals so that transition addresses will |
| 706 | continue to work. |