Using qmail with Mandrakelinux

Vincent Danen

March 25, 2008

Due to the license of the qmail MTA (Mail Transport Agent), Mandrakelinux is unable to include binary packages of qmail in the distribution proper. The license does permit binary redistribution of qmail provided that it follows the precompiled var-qmail packages rules as set forth by the author, D. J. Bernstein. Packages for Mandrake Linux, that follow these redistribution terms, have been available for some time. A brief discussion with Mr. Bernstein indicated that he did not want these packages included with Mandrakelinux, however he indicated having no problem with the packages themselves, or their availability via FTP.

Since July 17th, 2000, I have been maintaining qmail and associated packages for Mandrakelinux, and they are available for Mandrakelinux 7.2 and higher. Please note that 7.2 packages are no longer being built or supported. The packages themselves are available via rpmhelp.net and by installing the djbsupport RPM from contribs, one can use urpmi to install qmail and associated packages very easily. NOTE: The qmail packages are no longer being maintained; this document is for reference only and while the packages are still available, you will likely need to recompile them and/or make modifications to make them work with recent versions of Mandrakelinux.

Installing qmail

The qmail installation process couldn't be simpler for Mandrakelinux users. You may install the djbsupport package from contribs or use the following command to add the qmail source to urpmi:

# urpmi.addmedia qmail ftp://ftp.ibiblio.org/pub/packages/rpmhelp/Mandrake/djbware/9.0/RPMS \
with ../base/hdlist.cz

Obviously, replace the versioned sub-directory with the version of Mandrakelinux you are using; in this instance, the command would be executed on a Mandrakelinux 9.0 system.

Now that urpmi is setup, decide what components of qmail you wish to install. There are three basic components: qmail itself (the SMTP server), qmail-pop3d (the POP3 server), and qmail-qmqpd (the QMQP and QMTP servers). If all you want is the SMTP server, whether this is because you plan on using another POP3 server such as Courier-IMAP, or you don't plan on using POP3 at all, you can simply execute:

# urpmi qmail

This will install the qmail, daemontools, dot-forward, fastforward, and ucspi-tcp packages; all of which are required by qmail. If this is done with another MTA installed on the system (such as postfix), urpmi will first ask you if you wish to remove the existing MTA prior to installing qmail. Select "yes", as you should not have more than one MTA on a system at any given time.

If you wish to install the POP3 package, you can use:

# urpmi qmail-pop3d

This will install the qmail-pop3d package. The same command can be used to install qmail-qmqpd (substitute the package names accordingly). If you are installing qmail for the first time and want the POP3 server, you can simply use this last command to install the POP3 server and all the other dependencies, to install the entire package.

The installer attempts to configure qmail during installation so it will work on the local system, in the same manner as one would use postfix installed out of the box. It will accept mail to and from the localhost, allowing it to be used with email clients such as pine and mutt. It will work with procmail so you can filter incoming email, and likewise works with fetchmail. Both pine and mutt have support for the Maildir format, so with a little re-configuration you can have both clients working immediately. Most other mail clients also support Maildir.

Configuring qmail

At this point, qmail is almost ready to run. Before starting qmail, you should execute the following two commands:

# service qmail cdb
# /etc/cron.hourly/qmail

This will initialize the tcpserver cdb database. tcpserver is a program similar to xinetd with facilities similar to tcp_wrappers. tcpserver is the program that listens to a specified port and follows rules indicated in cdb database files in the /etc/tcprules.d/ directory. By default, qmail is configured as a non-relaying server so in many cases, the defaults should be fine. In the /etc/tcprules.d/ directory are a few files: qmail-smtp, qmail-pop3, and qmail-qmqp, depending on which packages are installed. These are the flat-text files that may be modified to change your tcp rules. The corresponding .cdb files are the files that tcpserver actually reads. Any change made to the text files must be compiled prior to being made available to tcpserver. To compile these rules, use the qmail initscript as shown above ("service qmail cdb").

The second command builds the user database in /var/qmail/users/. The assign file in this directory is used to map mail aliases to usernames.

Finally, qmail can be started just like any other service:

# service qmail start

This will start any qmail services installed; if only the qmail package is installed, only the SMTP server is started. If the POP3 and QMQP/QMTP servers are installed, they will be started as well. At this point, qmail will receive and send email to and from the local computer. To configure qmail to receive mail for specific domains or to become something more than a personal MTA, you can refer to the manpages installed in /var/qmail/man or visit the excellent Life with qmail website which will give you all the information you could want on configuring qmail. The configuration information and style used on LWQ was used to create these packages, so finding information and configuring qmail to your needs should be extremely straightforward.

Patching qmail

According to the author's distribution agreement, qmail must be installed a certain way, in a certain location, and contain no extra patches or changes to the pristine source. However, a good number of patches exist for qmail to extend the functionality of the software. Due to the license, these cannot be applied to the binary distribution, but there is nothing prohibiting the distribution of these patches in the source packages.

To this end, patches have been included in the qmail source RPM (SRPM) which can be applied very easily. Instead of downloading the tarball and applying patches by hand, one can easily apply the patches and provide a custom RPM package, with the patches applied. This is, of course, only valid for personal use or within an organization; the patched binary RPM packages should never be distributed.

The following is a list of patches that are included in the packages:

  • qmailqueue: A patch that can be used to add other programs to the qmail-smtpd->qmail-queue pipeline for filtering, virus scanning, etc.
  • tls: A patch to add TLS and SSL support to qmail
  • linksync: A patch to sync metadata for ReiserFS-based queues
  • smtpauth: A patch to provide SMTP AUTH to qmail (use nocrammd5 to disable CRAM-MD5 support in SMTP AUTH)
  • ldap: A patch to provide LDAP support to qmail

The keywords in bold above are the rebuild switches to use when building the qmail package with a particular patch. For instance, if you wanted to build a qmail package with LDAP support, you would use:

# rpm --rebuild --with ldap qmail-1.03-20rph.src.rpm

The resulting binary RPM packages will look no different, in terms of version numbering, etc. as the packages provided on rpmhelp.net. It will have the LDAP patch applied, however. Multiple patches can be "stacked" in this manner. The only patches that can currently not be used together are the LDAP and SMTP-AUTH patches. So, for instance, if you wanted to build a qmail packages with SMTP-AUTH support, but without CRAM-MD5, and also use the qmailqueue patch, you would use:

# rpm --rebuild --with smtpauth --with nocrammd5 --with qmailqueue \
qmail-1.03-20rph.src.rpm

The installed RPM packages will contain two special files in the /usr/share/doc/qmail-1.03/ directory: README.RPM and README.patches. The README.RPM file contains build options and environment information for that particular package build. The README.patches file contains information on the available patches, including links to the author's pages for more information, and some information on the patches themselves. While care was taken to ensure the patches apply and build properly, not all of them have been tested to ensure they work properly. As the patches system has been in place for a while, and users have been using them, one can assume that they are most likely fine, but I cannot guarantee it. Building qmail with patches is completely unsupported, by both the author and myself.

As you can see, qmail is a very easy SMTP server to install. The configuration is also extremely straightforward, as perusing LWQ should indicate. The security provided by qmail is exceptional, but this comes at some cost of extraneous features. The fact that qmail doesn't provide SMTP-AUTH without patching is a turn-off for many people. However, if you are looking for a powerful and secure MTA, and don't require these features, qmail is hard to beat.

References