mdw@git.distorted.org.uk Git - qmail/blob - INSTALL.mbox

   1 The qmail package includes a local delivery agent, qmail-local, which
   2 provides user-controlled mailing lists, cross-host alias loop detection,
   3 and many other important qmail features.
   4
   5 There's one part of qmail-local that you need to know about right now:
   6 qmail-local doesn't support an insecure central mail spool. It delivers
   7 mail by default into ~user/Mailbox (in mbox format).
   8
   9 This file explains what you should do to deal with this change. It also
  10 points out some reasons that you might want to make an even bigger
  11 change, switching from mbox format to a new format, maildir.
  12
  13 If you desperately don't want to change anything, see INSTALL.qsmhook.
  14
  15
  16 Contents:
  17 1. Throw away /usr/spool/mail!
  18 2. The trouble with mbox
  19 3. Sun's Network F_\bail_\bu_\bre System
  20
  21
  22 1. Throw away /usr/spool/mail!
  23
  24 /usr/spool/mail, often called /var/spool/mail or /var/mail, is a
  25 security disaster. A user's mailbox belongs in his home directory, not a
  26 shared directory. Even if you don't install qmail, you should destroy
  27 /usr/spool/mail. This takes four steps:
  28
  29    A. Convince your local mailer to deliver to ~user/Mailbox. If you're
  30    using something like procmail, this is easy---just change SYSTEM_MBOX
  31    in config.h. If you're installing qmail, you don't have to do
  32    anything. Otherwise, take a look at hlfsd from
  33    ftp.cs.columbia.edu/pub/amd.
  34
  35    B. Move each /usr/spool/mail/user to ~user/Mailbox. For safety, do
  36    this in single-user mode---you don't want to risk corrupting
  37    mailboxes. (qmail makes it easy to turn off deliveries temporarily:
  38    just kill the qmail-send daemon. But you aren't running qmail yet.)
  39    When you're done, remove /usr/spool/mail.
  40
  41    C. Put ``setenv MAIL $HOME/Mailbox'' in your system-wide .cshrc,
  42    ``MAIL=$HOME/Mailbox; export MAIL'' in your system-wide .profile,
  43    ``inbox-path=Mailbox'' in your system-wide pine.conf. If you're using
  44    qpopper 2.2, you'll have to recompile with -DHOMEDIRMAIL in CFLAGS
  45    and with /.mail changed to /Mailbox in pop_dropcopy.c. If you're
  46    using elm on a multiuser system, you'll have to recompile elm with
  47    "mailbox" changed to "Mailbox" around line 388 of newmbox.c.
  48
  49    D. Announce the change.
  50
  51 Some vendors, in a misguided attempt to solve the security problems of
  52 /usr/spool/mail, have made all MUAs (e.g., /usr/ucb/Mail) setgid mail.
  53 After you get rid of /usr/spool/mail, you can also disable those
  54 setgid-mail bits.
  55
  56
  57 2. The trouble with mbox
  58
  59 The mbox format---the format of ~user/Mailbox, understood by BSD Mail
  60 and lots of other MUAs---is inherently unreliable.
  61
  62 Think about it: what happens if the system crashes while a program is
  63 appending a new message to ~user/Mailbox? The message will be truncated.
  64 Even worse, if it was truncated in the middle of a line, it will end up
  65 being merged with the next message! Sure, the mailer understands that it
  66 wasn't successful, so it'll try delivering the message again later, but
  67 it can't fix your corrupted mbox.
  68
  69 Other formats, such as mh folders, are just as unreliable.
  70
  71 qmail supports maildir, a crashproof format for incoming mail messages.
  72 maildir is fast and easy for MUAs to use. Even better, maildir works
  73 wonders over NFS---see below.
  74
  75 I don't want to cram maildir down people's throats, so it's not the
  76 default. Nevertheless, I encourage you to start asking for maildir
  77 versions of your favorite MUAs, and to switch over to maildir as soon as
  78 you can.
  79
  80 WARNING: qmail uses flock() to lock ~user/Mailbox. This agrees with the
  81 modern mail.local locking choice. If your MUA doesn't use flock(), your
  82 best bet is to switch to maildir, and to set up synchronous maildir2mbox
  83 execution, as described below.
  84
  85
  86 3. Sun's Network F_\bail_\bu_\bre System
  87
  88 Anyone who tells you that mail can be safely delivered in mbox format
  89 over NFS is pulling your leg---as explained above, mbox format is
  90 inherently unreliable even on a single machine.
  91
  92 Anyway, NFS is the most unreliable computing environment ever invented,
  93 and qmail doesn't even pretend to support mbox over NFS.
  94
  95 You should switch to maildir, which works fine over NFS without any
  96 locking. You can safely read your mail over NFS if it's in maildir
  97 format. Any number of machines can deliver mail to you at the same time.
  98 (On the other hand, for efficiency, it's better to get NFS out of the
  99 picture---your mail should be delivered on the server that contains your
 100 home directory.)
 101
 102 Here's how to set up qmail to use maildir for your incoming mail:
 103
 104    % maildirmake $HOME/Maildir
 105    % echo ./Maildir/ > ~/.qmail
 106
 107 Make sure you include the trailing slash on Maildir/.
 108
 109 Until your MUA supports maildir, you'll probably want to convert maildir
 110 format to (gaaack) mbox format. I've supplied a maildir2mbox utility
 111 that does the trick, along with some tiny qail and elq and pinq wrappers
 112 that call maildir2mbox before calling Mail or elm or pine.