-
-
Notifications
You must be signed in to change notification settings - Fork 3
2 FAQ
-
IndiMail Frequently Answered Questions
- Intro
- How can I set one virtual domain to be the primary domain for the machine? We don't want to have any /etc/passwd users.
- How do I pick up my virtual domain email? Virtual domain users need to use the following format for their user name when popping in:
- How do I forward all mail that doesn't match any users or .qmail files for a particular domain?
- How do I bounce all mail that doesn't match any users or .qmail files for a particular domain?
- I don't want to bounce emails for non existent users. Instead I want to delete them, how?
- How do hard quota's for users work? How do I set a default quota for new user creation
- I want to use a different file name than /etc/indimail/tcp/tcp.smtp for my static IPs for permanent relay.
- How can we use an IP address per domain, so that users don't need to authenticate with user%domain or user@domain,they just want to use "user"?
- How do I alias a new virtual domain to a current virtualdomain?
- How do I post a email to all users of a virtualdomain or a set of domains?
- How do I setup IndiMail to talk to MySQL
- I want to upgrade IndiMail, what do I need to worry about?
- How do I log when people authenticate with pop/imap?
- How can I uninstall IndiMail?
- I get errors about not finding a .so library, how to fix?
- What is the relationship between /etc/indimail/tcp/open-smtp /etc/indimail/tcp/tcp.smtp and /etc/indimail/tcp/tcp.smtp.cdb and how do they work qmail-smtpd?
- I want to have IndiMail access mysql as indimail and not root. What sql commands to I run?
- I have changed my IP address on a clustered setup. What gets affected
- How to put your custom filters before queuing mail
- I have an atrn domain. I want to set quota while delivering
- I have an atrn domain called etrn.dom. My users are split across multiple servers. How do I distribute mails for my users according to the server on which they belong?
- How do I setup stupid disclaimers
- How do i delete mails lying in a queue having a certain pattern. Can I use regex
- I have been hit by virus. My virus scanner is not able to handle the load. What should I do?
- How do I control access to SMTP for specific domains from specific or set of IP addresses
- How do I restrict and control mail transactions between senders and recipients
- I want to run a program every time post imap/pop3 authentication for every user.
- I want to run a program just once in a lifetime post imap/pop3 authentication for every user.
- How do I have a wildcard smtp route?
- How do I use postfix with IndiMail?
- Controlling the appearance of outgoing messages (using qmail-inject/sendmail)
- Routing outgoing messages
- Routing incoming messages by host
- Routing incoming messages by user
- How do I use procmail with qmail?
- Setting up servers
- How do I fix up messages from broken SMTP clients?
- How do I set up qmail-qmqpd? I'd like to allow fast queueing of outgoing mail from authorized clients.
- How do I set up closed user group mailing
- How do I reject mails from open relays
- How do I use a MDA different from vdelivermail
- How do I implement an efficient virus scanner using clamav
- How do I setup SSL encryption for SMTP, IMAP, POP3
- Configuring MUAs to work with qmail
- Managing the mail system
- How do I organize a big network? I have a lot of machines, and I don't know where to start.
- How do I back up and restore the queue disk?
- How do i immediately schedule messages
- Is it safe to simply delete old file, or is there a cleaner way?
- How to have a different per-IP-concurrency for some hosts.
- Miscellany
- How do i test vchkpass, systpass or any other checkpassword implementation for authenticated SMTP
- The entire world uses crazy attachments. Any idea on how to block them
- How to I prevent spoofing of my domain in mails.
- qmail doesn't deliver mail to superusers
- qmail doesn't deliver mail to users who don't own their home directory
- qmail doesn't deliver mail to users whose usernames contain uppercase letters
- qmail replaces dot(.) in extension addresses with colons(:)
- qmail converts uppercase characters in extension addresses to lowercase
- qmail doesn't use /etc/hosts
- qmail doesn't generate deferral notices
- qmail is slow if queue/lock/trigger is gone/has the wrong permissions/is a regular file
- DNS or IDENT lookups can make SMTP slow
- Carriage Return/Linefeed (CRLF) line breaks don't work
- qmail-send or tcpserver stop working if logs back up
- qmail-inject sets From field to anonymous if USER and LOGNAME aren't set
- How do i disable qmail from adding any headers related to my host when it relays.
- Is there a mailing list available for IndiMail package?
- What should I do if I have trouble with IndiMail
Last updated on Fri Oct 6 07:27:53 PM IST 2023
IndiMail is a secure, reliable, efficient, simple mail server with all major components coded entirely in C. It has very little hardcode paths and settings. Most settings are configurable through control files or environment variables. It has a small footprint. It provides the functionality of delivering mails to the User's mailbox and retrieving the same by any third party MUA used by the Internet Community. It also provided you the ability to insert your own scripts before, during or after a message submission or delivery.
However IndiMail does not provide any Email Client or web mail Client. It is designed for typical Internet-connected UNIX hosts. It is expected that one use any IMAP/POP3 client that you are comfortable with.
How can I set one virtual domain to be the primary domain for the machine? We don't want to have any /etc/passwd users.
Create the default domain with
$ sudo vadddomain vdomain
Setup your imap/pop3 services with DEFAULT_DOMAIN=vdomain
$ sudo sh -c "echo vdomain > /service/qmail-imapd-ssl.993/variables/DEFAULT_DOMAIN"
$ sudo sh -c "echo vdomain > /service/qmail-imapd.143/variables/DEFAULT_DOMAIN"
$ sudo sh -c "echo vdomain > /service/qmail-pop3d-ssl.995/variables/DEFAULT_DOMAIN"
$ sudo sh -c "echo vdomain > /service/qmail-pop3d.110/variables/DEFAULT_DOMAIN"
Then restart the services for the variable to take effect
$ sudo svc -r /service/qmail-imapd-ssl.993 /service/qmail-imapd.143 \
/service/qmail-pop3d-995 /service/qmail-pop3d.110
If you have your own scripts to start these services, then you need to set the DEFAULT_DOMIAN environment variable in your script.
This will allow users of the primary domain to set their pop user name to user instead of user%vdomain / user@vdomain.
See the documentation for vadddomain for all options.
How do I pick up my virtual domain email? Virtual domain users need to use the following format for their user name when popping in:
user%vdomain
Eudora might require the following syntax
user%vdomain@pophost
Microsoft clients may the following syntax:
user@vdomain
If you don't include the %vdomain or @vdomain, IndiMail will assume it is either a /etc/passwd user or a user in /etc/indimail/users (See qmail-users(5)) or configured with "default domain".
Edit the ~indimail/domains/virtual_domain/.qmail-default
file and change the last parameter to an email address of the form: user@domain. For example
|/sbin/vfilter '' user@domain
or
|/sbin/vdelivermail '' user@domain
See the documentation for vfilter and vdelivermail
Edit the ~indimail/domains/vdomain/.qmail-default
file and change the last parameter to bounce-no-mailbox.
| /sbin/vfilter '' bounce-no-mailbox
or
| /sbin/vdelivermail '' bounce-no-mailbox
The last parameter in the .qmail-default file tells vdelivermail what to do with non-matching emails. The default is bounce-no-mailbox, which bounces the email back to the sender. But you can also delete it instead.
| /sbin/vfilter '' delete
or
| /sbin/vdelivermail '' delete
Read this document
I want to use a different file name than /etc/indimail/tcp/tcp.smtp for my static IPs for permanent relay.
For compile time configuration, pass --enable-tcpsever-file to ./configure
$ ./configure –enable-tcpserver-file=smtp-relay-file
For binary installations, edit your tcpserver run file and change the -x option.
See the documentation for tcpserver for all options.
How can we use an IP address per domain, so that users don't need to authenticate with user%domain or user@domain,they just want to use "user"?
$ ./configure --enable-ip-alias-domains=y
Then run the below command for each IP you want to link to a domain.
$ vipmap -a IP vdomain
Consult the documentation for vipmap for all options
$ sudo vaddaliasdomain newdomain olddomain
See vaddaliasdomain
use the new vbulletin program:
$ vbulletin -f email_file vdomain1 vdomain2 ...
To see all the available options see this documentation on vbulletin.
Learn how to use dbinfo or the control file mcdinfo. A non-distributed setup uses the control file host.mysql Read this document
Following things happen in any upgrade that involves software
Binaries, library change. Sometimes database table structure change, sometimes files get new permissions. The right way to for any software to do is to handle changes seamlessly. In few cases this may not be possible where existing software configuration needs to be modified for the new software to run. Usually this gets taken care by the upgrade post install scripts. This is how indimail does it either through the upgrade scripts qlocal_upgrade and ilocal_upgrade. IndiMail also has a utility ischema, which allows custom action on every upgrade. ischema has the ability to update MySQL tables, run commands, edit configuration files.
However, none of the users or domain get touched. So to upgrade IndiMail, you just need to run yum/dnf update, apt-get update && apt-get upgrade, zypper upgrade, etc (depending on your OS). For Source installation you need to
- download new IndiMail software / git pull
- run configure with your options
- make
- make install-strip
- check if ilocal_upgrade.in, qlocal_upgrade.in have been updated. Check if indimail.schema file has been updated. If yes, run the scripts manually.
- upgrade completed.
If you want to backup the programs, libraries and include files then run the svctool program with the --backup option. This will backup your configuration, service configuration and also create a MySQL export file.
$ sudo svctool --backup=/home/mail/backup --mysqlPrefix=/usr \
--servicedir=/service
svctool is the main configuration tool for IndiMail.
Make sure you include this configuration option when building IndiMail
./configure –enable-auth-logging=y
You can turn of auth logging by setting NOLASTAUTHLOGGING. e.g.
$ sudo sh -c "echo 1 > /service/qmail-imapd-ssl.993/variables/NOLASTAUTHLOGGING"
$ sudo sh -c "echo 1 > /service/qmail-imapd.143/variables/NOLASTAUTHLOGGING"
$ sudo sh -c "echo 1 > /service/qmail-pop3d-ssl.995/variables/NOLASTAUTHLOGGING"
$ sudo sh -c "echo 1 > /service/qmail-pop3d.110/variables/NOLASTAUTHLOGGING"
Restart the above services using the svc -r
command. If you have your own scripts to start these services, then you need to set the NOLASTAUTHLOGGING environment variable in your script.
Two Options (Use the one you find easier). The options below may also remove all associated software (iwebadmin, indimail-auth, indimail-access, indimail-mta, indimail-utils, procmail, logalert).
Run the following commands for binary installations. The commands below do not remove existing data and configuration.
rpm -e indimail # for rpm based systems
or dpkg --purge indimail # for debian based systems
For source installations
On Gnu/Linux type systems as root: This will completely wipe your data and some configuration.
$ sudo userdel -r indimail
$ sudo groupdel indimail
To completly clean your indimail installation of virtual domains
$ sudo rm -rf /etc/indimail /usr/libexec/indimail /usr/share/indimail
$ sudo rm -rf /var/indimail/domains/*
$ sudo cp /etc/indimail/control/locals /etc/indimail/control/rcpthosts
$ sudo rm -rf /etc/indimail/users/*
If enable roaming users and your tcp.smtp file was not in the /etc/indimail/tcp directory, you will need to remove the open-smtp* files, where ever they are. Remove shared library libindimail.so* from /usr/lib or /usr/lib64 and remove /etc/indimail/control/libindimail /etc/indimail/control/libmysql
Your operating system does not know where those shared object libraries are. On linux read up on how to use ld.so.conf. You can run the svctool with the --fixsharedlibs option. IndiMail doesn't link the libindimail and libmysql library during compile time. They are dynamically opened using dlopen(3). The names of the files are maintained in /etc/indimail/control/libmysql for the MySQL / MariaDB shared library. indimail-mta uses /etc/indimail/control/libindimail to enable indimail virtual domains. It is possible in cases where you upgrade the library, the library name/path changes. In such a case you need to run the following command after upgrade the library (e.g. upgrading MySQL can result in change of the libmysqlclient library name).
$ sudo svctool --fixsharedlibs
What is the relationship between /etc/indimail/tcp/open-smtp /etc/indimail/tcp/tcp.smtp and /etc/indimail/tcp/tcp.smtp.cdb and how do they work qmail-smtpd?
If you are running qmail-smtpd under tcpserver, you should add a -x /etc/indimail/tcp/tcp.smtp.cdb option to it. This makes sure that qmail-smtpd checks in that file for allowed relaying (on top of the ones in /etc/indimail/control/rcpthosts).
The file /etc/indimail/tcp/tcp.smtpd needs to be created manually first. After that run the qmailctl command to create the cdb file (/etc/indimail/tcp/tcp.smtp.cdb)
$ sudo qmailctl cdb
This will enable the roaming for all hosts/networks you put in /etc/indimail/tcp/tcp.smtp. This is necessary if you want to use your mail server from the local network.
Secondly, check the permissions of /etc/indimail/tcp directory and the files in /etc/indimail/tcp. They should be owned by the user running the tcpserver with the IMAP/POP3 server as that user needs to update those files.
Everytime a user logs into the POP3/IMAP server, his ip and a timestamp gets written to /etc/indimail/tcp/open-smtp. If he's allowed in, the tcp.smtp.cdb gets regenerated automatically from the open-smtp file and the tcp.smtp file.
Read this document
-
The following tables
- fstab (host)
- host_table (ipaddr)
- dbinfo (server, mdahost)
- ip_alias_map (ipaddr)
- smtp_port (host, src_host)
-
The control file hostip
-
On the relay servers the file smtproutes. You can use the program ipchange to change IP address in IndiMail tables
Read this chapter on filters
$ sudo vadddomain -t etrn.dom
$ sudo vadduser [email protected] pass -q quota_in_bytes
$ sudo vatrn -i etrn.dom [email protected]
Have the following entry in .qmail-default
|/usr/sbin/vfilter '' homedir/Maildir
where homedir is the home directory created by vadduser for the user postmaster. See the documentation on vatrn for all options.
I have an atrn domain called etrn.dom. My users are split across multiple servers. How do I distribute mails for my users according to the server on which they belong?
- Create a virtual domain (e.g. mysme.com). This domain will just act as a container domain for atrn MAPS.
$ sudo vadddomain -t mysme.com
- Create artificial ATRN domains for each server with ATRN access.
$ vadddomain -t chn.mysme.com
$ vadddomain -t mum.mysme.com
NOTE: If you want to set quota, edit the file /var/indimail/autoturn/chn.mysme.com/Maildir/maildirsize
- Create rule for each user's mail to get distributed to the subdomain Maildir
$ valias -i /var/indimail/autoturn/chn.mysme.com/Maildir/ [email protected]
$ valias -i /var/indimail/autoturn/mum.mysme.com/Maildir/ [email protected]
$ valias -i /var/indimail/autoturn/mum.mysme.com/Maildir/ [email protected]
See the documentation for valias for all options.
- Create the .qvirtual file in each of these subdomains to etrn.dom
echo mysme.com > /var/indimail/autoturn/chn.mysme.com/.qvirtual
echo mysme.com > /var/indimail/autoturn/mum.mysme.com/.qvirtual
- Create atrn maps (users having access to the above atrn domains)
$ vadduser [email protected] xxxxxxxx # For auth and atrn
$ vatrn -i chn.mysme.com [email protected]
$ vadduser [email protected] xxxxxxxx
$ vatrn -i mum.mysme.com [email protected]
- .qvirtual allows mails for a main domain to be distributed across multiple directories in /var/indimail/autoturn directory. i.e. if etrn.dom is the main domain and mails have been split into directories location1.etrn.dom and location2.etrn.dom specify .qvirtual having etrn.dom in /var/indimail/autoturn/location1.etrn.dom and /var/indimail/autoturn/location2.etrn.dom.
- .qvirtual also allows mails for a domain to be delivered to any directory and the domain identified by looking up the .qvirtual file
- xxxxxxxx is the password for the above users.
See the documentation on vatrn for all options.
Disclaimers are stupid and organizations too if they want disclaimers.
http://www.goldmark.org/jeff/stupid-disclaimers
However if your organization still insists on stupidity read this Setting Disclaimers in your emails
Use qmail-rm command. It can quickly delete mails matching a given pattern. You can use -e and -p pattern to remove mails that have a certain text in the body.
Use the signatures or the bodycheck control files. For external virus scanner you can set VIRUSCHECK variable to 4, 5 or 6 which uses qscanq to run an external virus scanner
Use the hostaccess control file. e.g. to allow mails from yahoo.com from 2 IP addresses, 210.210.122.80 and 210.210.122.81 have the following in hostaccess control file.
yahoo.com:210.210.122.80-81
The behaviour of hostaccess can be modified by setting the PARANOID or DOMAIN_MASQUERADE environment variables. See qmail-smtpd(8) for more details
How do I control access to SMTP for specific domains from specific or set of IP addresses for certain users
Use from.envrules control file to restrict hostaccess control file for specfic MAIL FROM addresses. You can also use auth.envrules control file to restrict hostaccess control file use for SMTP authentication by specific users.
e.g. The below set of control files /etc/indimail/control/auth.envrules and /etc/indimail/control/hostaccess.local will restrict user [email protected] to authenticate from 2 IP address - 210.210.122.80 and 210.210.122.81.
$ cat /etc/indimail/control/auth.envrules
[email protected]:HOSTACESS=/etc/indimail/control/hostaccess.local
$ cat /etc/indimail/control/hostaccess.local
indimail.org:210.210.122.80.81
Read this SMTP Access List
Define the environment variable POSTAUTH pointing to an executable which you desire to run. This can be defined in the IMAP/POP3 variables directory. e.g. to enable it for IMAPS, do the following.
$ sudo sh -c "echo "path_to_program" > /service/qmail-imapd-ssl.993/variables/POSTAUTH"
$ sudo sh -c "echo "path_to_program" > /service/qmail-imapd.143/variables/POSTAUTH"
$ sudo sh -c "echo "path_to_program" > /service/qmail-pop3d-ssl.995/variables/POSTAUTH"
$ sudo sh -c "echo "path_to_program" > /service/qmail-pop3d.110/variables/POSTAUTH"
Restart the above services using the svc -r
command. If you have your own scripts to start these services, then you need to set the POSTAUTH environment variable in your script.
Define the environment variable MIGRATEUSER pointing to an executable which you desire to run. Additionally define MIGRATEFLAG which should be a name of a file without any path component. e.g. indimail.txt is a valid name but /tmp/indimail.txt is invalid. After running the program, IndiMail will create a 0 bytes file and prevent further invocation of the program. If the program is again desired to be run, either delete the file defined by MIGRATEFLAG or change the value of MIGRATEFLAG environment variable in the IMAP/POP3 variables directory.
This scheme of defining MIGRATEUSER and MIGRATEFLAG is useful for doing adhoc migrations.
Having the following entry in /etc/indimail/control/smtproutes
:202.144.77.55:25
directs all remote deliveries to the host 202.144.77.55 on port 25
IndiMail has a wrapper to vdelivermail called 'postdel' for postfix.
- Add the following two lines to main.cf
mydestination=indimail.org,satyam.net.in # domains added by vadddomain
local_transport=vdel
vdel_destination_recipient_limit=1
- Add the following to master.cf
vdel unix - n n - 100 pipe
flags=Fq. user=indimail argv=/usr/sbin/postdel -f -u $user -d $recipient -r $sender
- How do I set up host masquerading? All the users on this host, webmail1.indimail.org, are users on indimail.org. When raj sends a message to prem, the message should say
From: [email protected]
andTo: [email protected]
, withoutwebmail1
anywhere.
$ sudo sh -c "echo indimail.org > /etc/indimail/control/defaulthost"
$ sudo chmod 644 /etc/indimail/control/defaulthost.
- How do I set up user masquerading? I'd like my own From lines to show "The Boss" [email protected] rather than [email protected].
Add MAILHOST=indimail.org, MAILNAME="The Boss" and MAILUSER=boss to your environment. To override From lines supplied by your MUA, add QMAILINJECT=f to your environment.
$ echo indimail.org > ~/.defaultqueue/MAILHOST
$ echo boss > ~/.defaultqueue/MAILUSER
$ echo "The Boss" > ~/.defaultqueue/MAILNAME
$ echo f > ~/.defaultqueue/QMAILINJECT
- How do I set up Mail-Followup-To automatically? When I send a message to the [email protected] mailing list, I'd like to include
Mail-Followup-To: [email protected]
.
Add QMAILMFTFILE=$HOME/.lists to your environment, and put [email protected] into ~/.lists.
$ echo $HOME/.lists > ~/.defaultqueue/QMAILMFTFILE
$ echo [email protected] > ~/.lists
- How do I send local messages to another host? All the mail for indimail.org should be delivered to our disk server, pokey.indimail.org. I've set up an MX from indimail.org to pokey.indimail.org, but when a user on the indimail.org host sends a message to [email protected], indimail.org tries to deliver it locally. How do I stop that?
Remove indimail.org from /etc/indimail/control/locals. If qmail-send is running, give it a HUP. Make sure the MX is set up properly before you do this. Also make sure that pokey can receive mail for indimail.org. Read point 1 in Routing incoming messages by host. Also create a wildcard smtproute to send mail mails to pokey.indimail.org
- How do I set up a null client? I'd like zippy.indimail.org to send all mail to bigbang.indimail.org
$ sudo sh -c "echo :bigbang.indimail.org > /etc/indimail/control/smtproutes"
$ sudo chmod 644 /etc/indimail/control/smtproutes.
Disable local delivery. Turn off SMTP
$ sudo touch /service/qmail-send.25/down /service/qmail-smtpd.25/down \
/service/qmail-smtpd.587/down /service/qmail-smtpd.465/down
$ sudo svc -d /service/qmail-send.25/down /service/qmail-smtpd.25/down \
/service/qmail-smtpd.587/down /service/qmail-smtpd.465/down
- How do I send outgoing mail through UUCP? I need qmail to send all outgoing mail via UUCP to my upstream UUCP site, gonzo.
Put
:alias-uucp
into /etc/indimail/control/virtualdomains and
|preline -df /usr/bin/uux - -r -gC -a"${SENDER:-MAILER-DAEMON}" gonzo!rmail "($DEFAULT@$HOST)"
(all on one line) into ~alias/.qmail-uucp-default. (For some UUCP software you will need to use -d instead of -df.) If qmail-send is running, give it a HUP.
- How do I set up a separate queue for a SLIP/PPP link?
Deliver to a maildir. Configure ETRN/AUTOTURN or ATRN to access the maildir and deliver the mails.
- How do I deal with ``CNAME lookup failed temporarily''? The log showed that a message was deferred for this reason. Why is qmail doing CNAME lookups, anyway?
The SMTP standard does not permit aliased hostnames, so qmail has to do a CNAME lookup in DNS for every recipient host. If the relevant DNS server is down, qmail defers the message. It will try againsoon.
-
How do I receive mail for another host name? I'd like our disk server, pokey.indimail.org, to receive mail addressed to indimail.org. I've set up an MX from indimail.org to pokey.indimail.org, but how do I get pokey to treat indimail.org as a name for the local host?
Add indimail.org to /etc/indimail/control/locals and to /etc/indimail/control/rcpthosts. If qmail-send is running, give it a HUP(or do svc -h /service/-send. if qmail-send is supervised).
-
How do I set up a virtual domain? I'd like any mail for indimail.org, including [email protected] and [email protected] and so on, to be delivered to Manny. I've set up the MX already.
Answer: Put
indimail.org:manny
into /etc/indimail/control/virtualdomains. Add indimail.org to /etc/indimail/control/rcpthosts. If qmail-send is running, give it a HUP (or do svc -h /service/-send. if qmail-send is supervised).
Now mail for [email protected] will be delivered locally to manny-whatever
. Manny can set up ~manny/.qmail-default
to catch all the possible addresses, ~manny/.qmail-info
to catch [email protected], etc.
- How do I set up several virtual domains for one user? Manny wants another virtual domain, everywhere.org, but he wants to handle indimail.org users and everywhere.org users differently. How can we do that without setting up a second account?
Answer: Put two lines into /etc/indimail/control/virtualdomains:
indimail.org:manny-nowhere
everywhere.org:manny-everywhere
Add indimail.org and everywhere.org to /etc/indimail/control/rcpthosts. If qmail-send is running, give it a HUP (or do
$ sudo svc -h /service*/*-send.* (if qmail-send is supervised).
Now Manny can set up separate .qmail-nowhere-* and everywhere-* files. He can even set up .qmail-nowhere-default and .qmail-everywhere-default.
-
How do I forward unrecognized usernames to another host? I'd like to set up a LUSER_RELAY pointing at bigbang.indimail.org.
Put
| forward "$LOCAL"@bigbang.indimail.org
into ~alias/.qmail-default.
-
How do I set up a mailing list? I'd like [email protected] to be forwarded to a bunch of people.
Put a list of addresses into ~me/.qmail-sos, one per line. Then incoming mail for me-sos will be forwarded to each of those addresses. You should also touch ~me/.qmail-sos-owner so that bounces come back to you rather than the original sender.
Alternative: ezmlm (http://pobox.com/~djb/ezmlm.html) is a modern mailing list manager, supporting automatic subscriptions, confirmations, archives, fully automatic bounce handling (including warnings to subscribers saying which messages they've missed), and more.
Put
| preline procmail
into ~/.qmail. You'll have to use a full path for procmail unless procmail is in the system's startup PATH. Note that procmail will try to deliver to /var/spool/mail/$USER by default; to change this, see INSTALL.mbox.
-
How do I use elm's filter with qmail?
Put
| preline filter
into ~/.qmail. You'll have to use a full path for filter unless filter is in the system's startup PATH.
-
How do I create aliases with dots? I tried setting up ~alias/.qmail-P.D.Q.Bach, but it doesn't do anything.
Use .qmail-p:d:q:bach. Dots are converted to colons, and uppercase is converted to lowercase.
-
How do I use sendmail's .forward files with qmail?
Use dot-forward
-
How do I use sendmail's /etc/aliases with qmail?
Use fastforward
-
How do I make qmail defer messages during NFS or NIS outages? If ~joe suddenly disappears, I'd like mail for joe to be deferred.
Build a qmail-users database, so that qmail no longer checks home directories and the password database. This takes three steps.
First, put your complete user list (including local and NIS passwords) into /etc/indimail/users/passwd.
Second, run qmail-pw2u
$ sudo qmail-pw2u -h < /etc/indimail/users/passwd > /etc/indimail/users/assign
Here -h means that every user must have a home directory; if you happen to run qmail-pw2u during an NFS outage, it will print an error message and stop.
Third, run qmail-newu
$ sudo qmail-newu
Make sure to rebuild the database whenever you change your user list.
-
How do I change which account controls an address? I set up ~alias/.qmail-www, but qmail is looking at ~www/.qmail instead.
If you do
$ sudo chown root ~www
then qmail will no longer consider www to be a user; see qmail-getpw.0. For more precise control over address assignments, see qmail-users.0.
-
How do I run qmail-smtpd under tcpserver? inetd is barfing at high loads, cutting off service for ten-minute stretches. I'd also like better connection logging.
tcpserver -u 7770 -g 2108 0 smtp /usr/sbin/qmail-smtpd &
into your system startup files. Replace 7770 and 2108 with your indimail uid, gid. Don't forget the &. The change will take effect at your next reboot.
By default, tcpserver allows at most 40 simultaneous qmail-smtpd processes. To raise this limit to 400, use tcpserver -c 400. To keep track of who's connecting and for how long, run (on two lines)
tcpserver -v -u 7770 -g 2108 0 smtp /usr/sbin/qmail-smtpd 2>&1 | /usr/sbin/splogger smtpd 3 &
-
How do I set up qmail-qmtpd?
If you have tcpserver installed, set up
tcpserver -u 7770 -g 2108 0 qmtp /usr/sbin/qmail-qmtpd &
replacing 7770 and 2108 with the indimail uid and gid.
-
How do I allow selected clients to use this host as a relay? I see that qmail-smtpd rejects messages to any host not listed in /etc/indimail/control/rcpthosts.
Three steps. First, install tcp-wrappers, available separately, including hosts\_options. Second, change your qmail-smtpd line in inetd.conf to
smtp stream tcp nowait qmaild /usr/local/bin/tcpd /bin/tcp-env /usr/sbin/qmail-smtpd
(all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow, make a line setting the environment variable RELAYCLIENT to the empty string for the selected clients:
tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT
Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd ignores /etc/indimail/control/rcpthosts when RELAYCLIENT is set. (It also appends RELAYCLIENT to each envelope recipient address. See question 53.4 for an application.)
Alternative procedure, if you are using tcpserver: Create /etc/indimail/tcp/tcp.smtp containing
1.2.3.6:allow,RELAYCLIENT="" 127.:allow,RELAYCLIENT=""
to allow clients with IP addresses 1.2.3.6 and 127.*.
After creating the above entry run tcprules by executing
$ sudo qmailctl cdb
Finally, insert
-x /etc/indimail/tcp/tcp.smtp.cdb
after tcpserver in your qmail-smtpd invocation.
Three steps. First, put
| bouncesaying 'Permission denied' [ "@$HOST" != "@fixme" ]
| qmail-inject -f "$SENDER" -- "$DEFAULT"
into ~alias/.qmail-fixup-default.
Second, put
fixme:fixup
into /etc/indimail/control/virtualdomains, and give qmail-send a HUP.
Third, follow the procedure in question 5.4, but set RELAYCLIENT to the string ``@fixme'':
tcp-env: 1.2.3.6, 1.2.3.7: setenv = RELAYCLIENT @fixme
Here 1.2.3.6 and 1.2.3.7 are the clients' IP addresses. If you are using tcpserver instead of inetd and tcpd, put
1.2.3.6:allow,RELAYCLIENT="@fixme"
1.2.3.7:allow,RELAYCLIENT="@fixme"
into /etc/indimail/tcp/tcp.smtp, and run tcprules as in question 53.3.
How do I set up qmail-qmqpd? I'd like to allow fast queueing of outgoing mail from authorized clients.
Make sure you have installed tcpserver. Create /etc/indimail/tcp/qmqp.tcp in tcprules format to allow connections from authorized hosts. For example, if queueing is allowed from 1.2.3.*:
1.2.3.:allow
:deny
Convert /etc/indimail/tcp/qmqp.tcp to /etc/indimail/tcp/qmqp.cdb:
$ sudo qmailctl cdb
Finally, set up
tcpserver -x /etc/indimail/tcp/qmqp.cdb -u 7770 -g 2108 0 628 /usr/sbin/qmail-qmqpd &
replacing 7770 and 2108 with the indimail uid and gid.
Follow the two simple steps below
1. Set the environment variable CUGMAIL - qmail-smtpd accepts mail only from local users (domains in rcpthosts)
2. unset the environment variable CHECKRELAY - This stops relaying of mails (i.e. domains not in rcpthosts)
Set the following in the qmail-smtpd run file
tcpserver -u 7770 -g 2108 0 smtp sh -c '
if tcpclient -T2 -RH -l0 $TCPREMOTEIP 25 /sbin/relaytest
then
env OPENRELAY=1 /usr/sbin/qmail-smtpd
else
/usr/sbin/qmail-smtpd
fi'
You can either set this in the .qmail-default file or in case you are using vfilter in .qmail-default, set the environment variable MDA (in the qmail-send variables directory)
1. Install clamav http://www.clamav.net
Download and extract clamav-0.94.2.tar.gz
./configure –prefix=/usr -sysconfdir=/etc/indimail \
--with-user=qscand –with-group=qscand
make
su root
make install-strip
groupadd qscand
useradd -g qscand -G qmail -d /var/indimail/qscanq qscand
2. Define the environment variables
QHPSI=/bin/clamdscan %s --quiet –disable-summary”
QHPSIRC=1
QHPSIRN=0
REJECTVIRUS=””
in the variables directory or the run file for qmail-smtpd
3. Configure /etc/clamd.d/scan.conf with the following
LogFile stderr
DatabaseDirectory /var/indimail/clamd
LocalSocket /run/clamd.scan/clamd.sock
FixStaleSocket
User qscand
AllowSupplementaryGroups
Foreground
ScanPE
DetectBrokenExecutables
ScanOLE2
ScanMail
ScanHTML
ScanArchive
4. Install Services freshclam and clamd
svctool --qscanq --servicedir=/service --clamdPrefix=/usr --sysconfdir=/etc/clamd.d
You can either use a certificate from a Certificate Authoriity like verisign or generate your own self-signed certificate
Certificate from CA
1. Download your certificate files from your DigiCert Customer Account.
2. Create a combined servercert.pem certificate file
Once you have downloaded your Certificate files from your DigiCert Web-PKI Customer Account, gather your new certificate files and the private key you generated when you created your CSR. Open a text editor and paste the contents of each key/certificate one after another in the following order:
1. The Private Key (your_domain_name.key)
2. The Primary Certificate (your_domain_name.cert)
3. The Intermediate Certificate (DigiCertCA.crt)
4. The Root Certificate (TrustedRoot.crt)
Self-Signed Certificate
Just run the command
$ sudo svctool –[email protected] –-config=cert
(replace indimail.org with your domain)
-
How do I make BSD mail generate a Date with the local time zone? When I send mail, I'd rather use the local time zone than GMT, since some MUAs don't know how to display Date in the receiver's time zone.
Put
set sendmail=/bin/datemail
into your .mailrc or your system-wide Mail.rc. Beware that BSD mail is neither secure nor reliable.
-
How do I make pine work with qmail?
Put
sendmail-path=/usr/lib/sendmail -oem -oi -t
into /usr/local/lib/pine.conf. (This will work with sendmail too.) Beware that pine is neither secure nor reliable.
-
How do I make MH work with qmail?
Put
postproc: /usr/mh/lib/spost
into each user's .mh_profile. (This will work with sendmail too.) Beware that MH is neither secure nor reliable.
-
How do I safely stop qmail-send? Back when we were running sendmail, it was always tricky to kill sendmail without risking the loss of current deliveries; what should I do with qmail-send?
Go ahead and kill the qmail-send process. It will shut down cleanly. Wait for ``exiting'' to show up in the log. To restart qmail, do svc -t /service*/-send. The supervise process will kill qmail, wait for it to stop, and restart it. Use -d instead of -t if you don't want qmail to restart automatically; to manually restart it, use -u.
-
How do I manually run the queue? I'd like qmail to try delivering all the remote messages right now.
Give the qmail-daemon process an ALRM.
$ sudo svc -a /service/-send.
You may want to run qmail-tcpok first, to guarantee that qmail-remote will try all addresses. Normally, if an address fails repeatedly, qmail-remote leaves it alone for an hour.
-
How do I rejuvenate a message? Somebody broke into indimail's computer again; it's going to be down for at least another two days. I know Ramraj has been expecting an important message---in fact, I see it sitting here in /queue/queue1/mess/15/26902. It's been in the queue for six days; how can I make sure it isn't bounced tomorrow?
Just touch /queue/queue1/info/15/26902. (This is the only form of queue modification that's safe while qmail is running.)
First, choose the domain name where your users will receive mail. This is normally the shortest domain name you control. If you are in charge of *.indimail.org, you can use addresses like [email protected].
Second, choose the machine that will know what to do with different users at indimail.org. Set up a host name in DNS for this machine:
mailhost.indimail.org IN A 1.2.3.4
4.3.2.1.in-addr.arpa IN PTR mailhost.indimail.org
Here 1.2.3.4 is the IP address of that machine.
Third, make a list of machines where mail should end up. For example, if mail for Raj should end up on Raj's workstation, put Raj's workstation onto the list. For each of these machines, set up a host name in DNS:
rajshost.indimail.org IN A 1.2.3.7
7.3.2.1.in-addr.arpa IN PTR rajshost.indimail.org
Fourth, install qmail on rajshost.indimail.org. qmail will automatically configure itself to accept messages for [email protected] and deliver them to ~raj/Mailbox on rajshost. Do the same for the other machines where mail should end up.
Fifth, install qmail on mailhost.indimail.org. Put
indimail.org:alias-movie
into /etc/indimail/control/virtualdomains on mailhost. Then forward [email protected] to [email protected], by putting
into ~alias/.qmail-movie-raj. Do the same for other users.
Sixth, put indimail.org into /etc/indimail/control/rcpthosts on mailhost.indimail.org, so that mailhost.indimail.org will accept messages for users at indimail.org.
Seventh, set up an MX record in DNS to deliver indimail.org messages to mailhost:
indimail.org IN MX 10 mailhost.indimail.org
Eighth, on all your machines, put indimail.org into /etc/indimail/control/defaulthost.
You can't.
One difficulty is that you can't get a consistent snapshot of the queue while qmail-send is running. Another difficulty is that messages in the queue must have filenames that match their inode numbers.
However, the big problem is that backups---even twice-daily backups--- are far too unreliable for mail. If your disk dies, there will be very little overlap between the messages saved in the last backup and the messages that were lost.
There are several ways to add real reliability to a mail server. Battery backups will keep your server alive, letting you park the disk to avoid a head crash, when the power goes out. Solid-state disks have their own battery backups. RAID boxes let you replace dead disks without losing any data.
i=0
while true
do
sudo find $QUEUEDIR/queue"$i"/info -type f -exec touch {} \;
i=`expr $i + 1`
if [$i -eq $QUEUE_COUNT] ; then
break
fi
done
sudo /usr/sbin/qmail-tcpok
sudo svc -a /service/*-send.*
Where QUEUEDIR is the directory where IndiMail's queue has been created by queue-fix
You can't just delete a file, no. Each message is represented in the queue by several files in the various queue/subdirectories.
The entry in the 'info/' directory is key, since it identifies the sender and qmail uses the last-modified timestamp of that file to determine when to expire a message.
The following example expires and bounces all mails in the IndiMail queue
i=0
while true
do
find $QUEUEDIR/queue"$i"/info -type f -exec \
sudo touch -c --date '10 days ago' {} \;
i=`expr $i + 1`
if [$i -eq $QUEUE_COUNT] ; then
break
fi
done
You can force a particular message to expire, then, by using "touch" like this:
sudo touch -c --date '10 days ago' /var/indimail/queue/queue1/info/15/40288
At the next failed delivery attempt, the message will bounce. This is about the only half-way safe "live" queue modification you can do.
(There's a small possibility of expiring a new message if the one you intended is delivered/expired and then replaced by a new message with the same id by the time you type the command.)
For anything more advanced, you have to stop qmail. There are various queue manipulation tools on the qmail.org website that I expect can do the job (since you may want to just kill the message, not bounce it), like
The number of concurrent connections allowed by tcpserver is determined by the value of MAXPERIP environment variable. This can be set globally in the variables directory or individually for hosts in the tcprules cdb file.
e.g. the following rules file gives a default per-IP-concurrency limit of 5 except for the host 192.9.200.1 which has 20
192.9.200.1:allow,MAXPERIP=”20”
:allow,MAXPERIP=”5”
Don't forget to run tcprules after modifying the rules file.
-
How do I tell qmail to do more deliveries at once? It's running only 20 parallel qmail-remote processes.
Decide how many deliveries you want to allow at once. Put that number into /etc/indimail/control/concurrencyremote. Restart qmail-send as in question 55.1. If your system has resource limits, make sure you set the descriptors limit to at least double the concurrency plus 5; otherwise you'll get lots of unnecessary deferrals whenever a big burst of mail shows up. Note that qmail also imposes a compile-time concurrency limit, 120 by default; this is set in conf-spawn.
-
How do I keep a copy of all incoming and outgoing mail messages?
Set EXTRAQUEUE environment variable to log.
echo log > /service/qmail-send.25/variables/EXTRAQUEUE
Put ./msg-log into ~alias/.qmail-log.
You can also use EXTRAQUEUE to, e.g., record the Message-ID of every message: run
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'
You can also forward all mails to [email protected]
| awk '/^$/{exit}/^X-Queue-Extra: yes$/{exit 99}' |(echo 'X-Qmail-Extra: yes'; cat ) |forward [email protected] ./Maildir/
from ~alias/.qmail-log.
-
How do I switch slowly from sendmail to qmail? I'm thinking of moving the heaven.indimail.org network over to qmail, but first I'd like to give my users a chance to try out qmail without affecting current sendmail deliveries. We're using NFS.
Find a host in your network, say pc.heaven.indimail.org, that isn't running an SMTP server. (If addresses at pc.heaven.indimail.org are used, you should already have an MX pointing pc.heaven.indimail.org to your mail hub.)
Set up a new MX record pointing lists.heaven.indimail.org to pc.heaven.indimail.org.
Install qmail on pc.heaven.indimail.org. Replace pc with lists in the control files. Make the qmail man pages available on all your machines.
Now tell your users about qmail. A user can forward [email protected] to [email protected] to get ~/Mailbox delivery; he can set up .qmail files; he can start running his own mailing lists @lists.heaven.indimail.org.
When you're ready to turn sendmail off, you can set up pc.heaven.indimail.org as your new mail hub. Add heaven.indimail.org to /etc/indimail/control/locals, and change the heaven.indimail.org MX to point to pc.heaven.indimail.org. Make sure you leave lists.heaven.indimail.org in /etc/indimail/control/locals so that transition addresses will continue to work.
-
How do I send mails from a Maildir
Learn how to use maildirsmtp. It will use the Delivered-To header for the prefix. e.g. Assuming all mails for indimail.org have been delivered to the directory /mail/tempMaildir, the following will deliver all mails to the host mx.indimail.org
maildirsmtp /mail/tmpMaildir indimail.org mx.indimail.org
hostname
There is a clever way to test your checkpassword with a bit of command line re-direction.
For example, with username manny, password ssh-1.5-,
printf "manny\0ssh-1.5-\0\0" | /usr/sbin/vchkpass /bin/false 3<&0
You can set the environment variable DEBUG, PASSWD_CACHE to change the behavior of vchkpass.
-
Using badext, badextpatterns control filename
You can have extensions listed in the badext control file to block them (use badextpatterns for wildcards). Set VIRUSCHECK to one of the four values - 3,4,5 or 7
-
Using bodycheck control file
Have the following in the bodycheck control file to block 54 attachments (please note the line wrap)
^Content-Disposition:.filename=.(document|readme|doc|text|file|data|test|message|body).(pif|scr|exe|cmd|bat|zip).*:Bad Attachments-header
-
Using Custom Scripts
You can check the Content-Type: header, especially with a helper program like 822field, from the mess822 package. Have the following in user's .qmail
|bouncesaying "Only plain text, please." check-text
check-text is something like:
#!/bin/sh
ct=`822field content-type`
# If there's no Content-Type: header, it's plaintext
if [ -z "$ct" ] ; then exit 1 ; fi
# Otherwise, check that it includes "text/plain"
echo "$ct" | grep -q 'text/plain' && exit 1
If you want to accept mime messages but only keep the plain text part of them (or failing that to have their html or rich text and html alternatives rendered as plain text), these are some options ("demime" seems to be still maintained - not sure about the others):
emime: http://scifi.squawk.com/demime.html
mimefilter: http://ftp.br.debian.org/debian/pool/main/m/mimefilter/
stripmime: http://www.phred.org/~alex/stripmime.html
stripmime: http://www.clarity.net/~adam/stripmime/
Note: There are two different tools called "stripmime".
In principle you could use them in conjunction through procmail. There is also the "no-alternative" package of Russell Nelson, which has only basic functionality (no attempt at transforminh other formats to plain text):
http://www.qmail.org/no-alternative
Use either of the two methods described below. Please note that however the second method requires your outgoing SMTP server to be different from your incoming (MX) SMTP server
1. Set the environment variable CHECKSENDER in qmail-smtpd run file or the variables directory (if using envdir). This will force authenticated SMTP or POP/IMAP before SMTP for my own domains before accepting mails.
2. Set up badmailfrom control file containing my local domain on the qmail-smtpd server serving as MX
To prevent the possibility of qmail-local running commands as a privileged user, qmail ignores all users whose UID is 0. This is documented in the qmail-getpw man page.
That doesn't mean qmail won't deliver to root, it just means that such a delivery will have to be handled by a non-privileged user. Typically, one creates an alias for root by populating
~alias/.qmail-root.
Another security feature, and just good general practice. This is documented in the qmail-getpw man page.
qmail converts the entire "local part"--everything left of the "@" in an address, to lowercase. The man page doesn't come out and say that, but the code does. The fact that it ignores users with uppercase characters is documented in the qmail-getpw man page.
Another security feature. The purpose is prevent extension addresses from backing up the file tree using "..". By replacing them with colons, qmail ensures that all .qmail files for a user are under their home directory. Documented in the dot-qmail man page.
This is another result of the fact that qmail lowercases the entire local part of addresses. Documented in the dot-qmail man page.
qmail never uses /etc/hosts to determine the IP address associated with a host name. If you use names in control files, qmail must have access to a name server.
It is possible to run qmail on systems without access to a name server, though. Hosts in control files can be specified by IP address by enclosing them in square brackets ([]), e.g.:
[10.1.2.219]
Actually, the square brackets aren't always necessary--but it's a good idea to use them anyway.
If Sendmail is unable to deliver a message within a few hours, typically four, it sends a deferral notice to the originator. These notices look like bounce messages, but don't indicate that the delivery has failed permanently, yet.
qmail doesn't send such warnings. An undeliverable message will only be returned to the originator after it spends queuelifetime in the queue.
qmail-queue and qmail-send communicate via a named pipe called /var/indimail/queue/queue1/lock/trigger. If this pipe gets messed up, qmail-send doesn't notice new messages for a half hour or so.
The best way to ensure that it's set up right is to run "make check" from the source directory. If that's not possible, make sure it looks like:
# ls -l /var/indimail/queue/queue1/lock/trigger
prw--w--w- 1 qmails qmail 0 Jul 5 21:25 /var/indimail/queue/queue1/lock/trigger
Pay particular attention to the "p" at the beginning of the line (says it's a named pipe), the mode (especially world writable), and the owner/group.
If qmail-smtpd is slow to respond to connections, the problem is probably due to DNS reverse lookups or IDENT lookups. If you're starting qmail-smtpd with tcpserver, remove the "-h", "-p", and "-r" options and add "-H", "-P", "-R", and "-l hostname".
qmail-inject and other local injection mechanisms like sendmail don't work right when messages are injected with DOS-style carriage return/linefeed (CRLF) line breaks. Unlike Sendmail, qmail requires locally-injected messages to use Unix newlines (LF only). This is a common problem with PHP scripts.
If you're logging to a supervised log service, and the log service fails for any reason: disk full, typo in the run script, log directory configuration error, etc., the pipeline will eventually fill up, causing the service to block, or hang. Fix the problem (see Troubleshooting) and everything will return to normal. Run the svps -a
command to see if any service has a very small uptime.
If a message sent via qmail-inject doesn't contain a From field, qmail-inject looks for environment variables to tell it which user is sending the message. The variables it looks for, in order, are: QMAILUSER, MAILUSER, USER, and LOGNAME,
Normal user login sessions usually set one or both of USER and LOGNAME, but some batch jobs, such as those started by cron might not have either of these set.
To cause your cron jobs to have a valid From field, set one these environment variables before sending any mail messages.
Set the following in your tcp.smtp file
1.2.3.4:allow,HIDE_IP=1
There are four Mailing Lists for IndiMail
- indimail-support - You can subscribe for Support here. You can mail indimail-support for support Old discussions can be seen here
- indimail-devel - You can subscribe here. You can mail indimail-devel for development activities. Old discussions can be seen here
- indimail-announce - This is only meant for announcement of New Releases or patches. You can subscribe here
- Archive at Google Groups. This groups acts as a remote archive for indimail-support and indimail-devel.
There is also a Project Tracker for IndiMail (Bugs, Feature Requests, Patches, Support Requests)
Read the documentation! Most questions are answered by
- this list of frequently answered questions
- the IndiMail Wiki
- the other README pages in /usr/share/indimail/doc; and
- the man pages in your system man directory and Online Man Pages.
Your system includes a wide variety of monitoring tools to show you what IndiMail is doing
- The IndiMail logs as configured in supervise. These logs are in /var/log/svc directory
- svps -a command
- svctool --check-install command
- qmail-showctl -a command
- The top command
- dot-forward -n (if you have installed dot-forward), which lets you see how a .forward file will be interpreted
- fastforwrad -n (if you have installed fast-forward), which lets you see how a forwarding table will be interpreted
- ps command, which lets you see what processes are running
- systemctl status svscan.service command
- recordio and tcpdump commands , which lets you see what data is flowing over a TCP connection.
- MRTG graphs in /var/www/html/mailmrtg
- a syscall tracing tool, trace or truss or strace or ktrace, which lets you see how a program is interacting with the operating system