dot-qmail - control the delivery of mail messages

dot-qmail - control the delivery of mail messages. Normally the qmail-local
program delivers each incoming message to your system mailbox, 
homedir/Mailbox, where homedir is your home directory. It can instead
write the mail to a different file or directory, forward it to another address,
distribute it to a mailing list, or even execute programs, all under your control.

To change qmail-local's behavior, set up a .qmail file in
your home directory.

.qmail contains one or more lines.  Each line is a delivery
instruction.  qmail-local follows each instruction in turn.
There are five types of delivery instructions:  (1) comment;
(2) program; (3) forward; (4) mbox; (5) maildir.

(1)  A comment line begins with a number sign:

          # this is a comment

     qmail-local ignores the line.

(2)  A program line begins with a vertical bar:

          |preline /usr/ucb/vacation djb

     qmail-local takes the rest of the line as a command to
     supply to sh.  See qmail-command(8) for further
     information.

(3)  A forward line begins with an ampersand:

          &me@new.job.com

     qmail-local takes the rest of the line as a mail
     address; it uses qmail-queue to forward the message to
     that address.  The address must contain a fully
     qualified domain name; it must not contain extra
     spaces, angle brackets, or comments:

          # the following examples are WRONG
          &me@new
          &
          & me@new.job.com
          &me@new.job.com (New Address)

     If the address begins with a letter or number, you may
     leave out the ampersand:

          me@new.job.com

     Note that qmail-local omits its new Return-Path line
     when forwarding messages.

(4)  An mbox line begins with a slash or dot, and does not
     end with a slash:

          /home/djb/Mailbox.sos

     qmail-local takes the entire line as a filename.  It
     appends the mail message to that file, using flock-
     style file locking if possible.  qmail-local stores the
     mail message in mbox format, as described in mbox(5).

     WARNING: On many systems, anyone who can read a file
     can flock it, and thus hold up qmail-local's delivery
     forever.  Do not deliver mail to a publicly accessible
     file!

     If qmail-local is able to lock the file, but has
     trouble writing to it (because, for example, the disk
     is full), it will truncate the file back to its
     original length.  However, it cannot prevent mailbox
     corruption if the system crashes during delivery.

(5)  A maildir line begins with a slash or dot, and ends
     with a slash:

          /home/djb/Maildir/

     qmail-local takes the entire line as the name of a
     directory in maildir format.  It reliably stores the
     incoming message in that directory.  See maildir(5) for
     more details.

If .qmail has the execute bit set, it must not contain any
program lines, mbox lines, or maildir lines.  If qmail-local
sees any such lines, it will stop and indicate a temporary
failure.

If .qmail is completely empty (0 bytes long), or does not
exist, qmail-local follows the defaultdelivery instructions
set by your system administrator; normally defaultdelivery
is ./Mailbox, so qmail-local appends the mail message to
Mailbox in mbox format.

.qmail may contain extra spaces and tabs at the end of a
line.  Blank lines are allowed, but not for the first line
of .qmail.

If .qmail is world-writable or group-writable, qmail-local
stops and indicates a temporary failure.

SAFE QMAIL EDITING
Incoming messages can arrive at any moment.  If you want to
safely edit your .qmail file, first set the sticky bit on
your home directory:

     chmod +t $HOME

qmail-local will temporarily defer delivery of any message
to you if your home directory is sticky (or group-writable
or other-writable, which should never happen).  Make sure to

     chmod -t $HOME

when you are done!  It's a good idea to test your new .qmail
file as follows:

     qmail-local -n $USER ~ $USER '' '' '' '' ./Mailbox

EXTENSION ADDRESSES
In the qmail system, you control all local addresses of the
form user-anything, as well as the address user itself,
where user is your account name.  Delivery to user-anything
is controlled by the file homedir/.qmail-anything.  (These
rules may be changed by the system administrator; see
qmail-users(5).)

The alias user controls all other addresses.  Delivery to
local is controlled by the file homedir/.qmail-local, where
homedir is alias's home directory.

In the following description, qmail-local is handling a
message addressed to local@domain, where local is controlled
by .qmail-ext.  Here is what it does.

If .qmail-ext is completely empty, qmail-local follows the
defaultdelivery instructions set by your system
administrator.

If .qmail-ext doesn't exist, qmail-local will try some
default .qmail files.  For example, if ext is foo-bar,
qmail-local will try first .qmail-foo-bar, then .qmail-foo-
default, and finally .qmail-default.  If none of these
exist, qmail-local will bounce the message.  (Exception: for
the basic user address, qmail-local treats a nonexistent
.qmail the same as an empty .qmail.)

WARNING: For security, qmail-local replaces any dots in ext
with colons before checking .qmail-ext.  For convenience,
qmail-local converts any uppercase letters in ext to
lowercase.

When qmail-local forwards a message as instructed in
.qmail-ext (or .qmail-default), it checks whether
.qmail-ext-owner exists.  If so, it uses local-owner@domain
as the envelope sender for the forwarded message.  Otherwise
it retains the envelope sender of the original message.
Exception:  qmail-local always retains the original envelope
sender if it is the empty address or #@[], i.e., if this is
a bounce message.

qmail-local also supports variable envelope return paths
(VERPs):  if .qmail-ext-owner and .qmail-ext-owner-default
both exist, it uses local-owner-@domain-@[] as the envelope
sender.  This will cause a recipient recip@reciphost to see
an envelope sender of local-owner-recip=reciphost@domain.

ERROR HANDLING
If a delivery instruction fails, qmail-local stops
immediately and reports failure.  qmail-local handles
forwarding after all other instructions, so any error in
another type of delivery will prevent all forwarding.

If a program returns exit code 99, qmail-local ignores all
succeeding lines in .qmail, but it still pays attention to
previous forward lines.

To set up independent instructions, where a temporary or
permanent failure in one instruction does not affect the
others, move each instruction into a separate .qmail-ext
file, and set up a central .qmail file that forwards to all
of the .qmail-exts.  Note that qmail-local can handle any
number of forward lines simultaneously.

qmailctl - built-in utility to control Qmail

There is a built-in utility to control Qmail called qmailctl. LifeWithQmail will put the file in /usr/bin/qmailctl.

Usage:
# /usr/bin/qmailctl { start | stop | restart | doqueue | flush | reload | stat | pause | cont | cdb | queue | help }

where
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload

To manually shutdown the qmail processes.  Kill qmail-send first.  (qmail-send is the parent qmail process) (check for
and kill any qmail-lspawn processes that remain after a while). This stops outbound email, and stops the queue being processed.

Kill the tcpserver process providing qmail-smtpd access.  This stops incoming email from being queued.

===================================================================
If you are using Debian you might try shutting down qmail via the
standard debian method (as root):

/etc/init.d/qmail stop
===================================================================

Generate timestamps in local timezone using patch

If you find timestamps in GMT too annoying apply following patch.

http://www.jms1.net/qmail/qmail-date-localtime.patch

Works with qmail 1.01 to 1.03 and netqmail-1.05

Patch is reproduced here because mentioned site is not accessible
sometimes:

To apply this patch, cd into the qmail source directory and type...
    patch -s -p1 <>
#include "datetime.h"
#include "fmt.h"
#include "date822fmt.h"
@@ -12,18 +13,51 @@
{
unsigned int i;
unsigned int len;
+  time_t now;
+  datetime_sec utc;
+  datetime_sec local;
+  struct tm *tm;
+  struct datetime new_dt;
+  int minutes;
+
+  utc = datetime_untai(dt);
+  now = (time_t)utc;
+  tm = localtime(&now);
+  new_dt.year = tm->tm_year;
+  new_dt.mon = tm->tm_mon;
+  new_dt.mday = tm->tm_mday;
+  new_dt.hour = tm->tm_hour;
+  new_dt.min = tm->tm_min;
+  new_dt.sec = tm->tm_sec;
+  local = datetime_untai(&new_dt);
+
len = 0;
-  i = fmt_uint(s,dt->mday); len += i; if (s) s += i;
+  i = fmt_uint(s,new_dt.mday); len += i; if (s) s += i;
i = fmt_str(s," "); len += i; if (s) s += i;
-  i = fmt_str(s,montab[dt->mon]); len += i; if (s) s += i;
+  i = fmt_str(s,montab[new_dt.mon]); len += i; if (s) s += i;
i = fmt_str(s," "); len += i; if (s) s += i;
-  i = fmt_uint(s,dt->year + 1900); len += i; if (s) s += i;
+  i = fmt_uint(s,new_dt.year + 1900); len += i; if (s) s += i;
i = fmt_str(s," "); len += i; if (s) s += i;
-  i = fmt_uint0(s,dt->hour,2); len += i; if (s) s += i;
+  i = fmt_uint0(s,new_dt.hour,2); len += i; if (s) s += i;
i = fmt_str(s,":"); len += i; if (s) s += i;
-  i = fmt_uint0(s,dt->min,2); len += i; if (s) s += i;
+  i = fmt_uint0(s,new_dt.min,2); len += i; if (s) s += i;
i = fmt_str(s,":"); len += i; if (s) s += i;
-  i = fmt_uint0(s,dt->sec,2); len += i; if (s) s += i;
-  i = fmt_str(s," -0000\n"); len += i; if (s) s += i;
+  i = fmt_uint0(s,new_dt.sec,2); len += i; if (s) s += i;
+
+  if (local < minutes =" (utc" i =" fmt_str(s," i =" fmt_uint0(s,minutes" i =" fmt_uint0(s,minutes" minutes =" (local" i =" fmt_str(s," i =" fmt_uint0(s,minutes" i =" fmt_uint0(s,minutes" i =" fmt_str(s,">

What timezone does qmail use for timestamping messages?

qmail logs using Greenwich Mean Time (GMT), not the local timezone. This is a feature. There's no "fix".

Also See:

• Generate timestamps in local timezone
• qmail log files with correct timestamps
  

What is mail relay

What is mail relay?

You've set up your qmail server. It's hosting a few domains (i.e. they're listed in your locals file or your virtualdomains file). You've set things up so that qmail-smtpd can take connections on port 25 to receive mail from other hosts.

Another host on the Internet connects to your server on port 25. This might be another mail server running qmail, sendmail, or some other mail transfer agent, or it might be an end user, who wants to send mail from his desktop mail client. The SMTP conversation starts off with the remote host identifying itself:

    HELO somehost.somewhere.net

Your server responds:

    250 mail.yourdomain.net

The remote host sends the "From" part of the envelope:

    MAIL FROM:

Your host responds with:

    250 ok

The remote host now sends one or more RCPT TO commands, which specify the recipients of the message:

    RCPT TO:

Just a minute! elsewhere.com is not one of the domains that your server hosts. What does your server do? It can agree to accept the message and attempt to deliver it:

    250 ok

Or it can reject it:

    553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

In the first case, your server is acting as a relay: it's accepting and agreeing to try to deliver a message that's not destined for a domain that your server hosts. In the second case, it's refusing to act as a relay.

qmail's rcpthosts file, which gets its name from the RCPT TO command, determines whether the recipient will be accepted: it will be accepted if and only if the domain of the address given in the RCPT TO command is listed in rcpthosts. (I'll talk about exceptions to this rule later on.) If the rcpthosts file does not exist, then any recipient will be accepted.

An SMTP server is an "open relay" if it agrees to relay mail no matter who's sending it--if another host connects to port 25 with some mail, an open relay will accept and try to deliver it no matter what its destination is and no matter who is sending it. A qmail server without a rcpthosts file will act as an open relay.

So why shouldn't I have an open relay? My customers need to send mail to other domains. And why would anyone but my customers want to use my server as a relay, anyway?

This was a safe attitude several years ago; people generally used the relay provided by their ISP, employer, or university.

Then came the spammers, the mass-mailers of unsolicited commercial e-mail. Rather than use their own bandwidth and server resources, they seek open relays that will accept a single message with, say, 100,000 recipients, and distribute it for them. This consumes the bandwidth and server resources of an unwitting third party, and the administrators of the relaying server will likely be flooded with complaints from the spam's recipients. The relaying server may even find itself blacklisted, so that other hosts on the Internet will refuse to receive mail from it (see http://www.ordb.org, for example). Leaving your mail relay open these days is considered to be irresponsible.

I'm convinced--I don't want to have an open relay. How do I fix it?

Simply list in your rcpthosts file all the domains that your server is hosting (and for which it's acting as secondary mail exchanger, if any). Now you're safe.

But now my own customers get the message "Sorry, that domain isn't in my list of allowed rcpthosts." I'd like for my own customers to be able to use my server as a relay, but I can't possibly list every domain in my rcpthosts file to which they might want to send mail.

Nor should you try to! Fortunately, there's a way to get qmail-smtpd selectively to ignore the rcpthosts file. If the variable RELAYCLIENT is set in qmail-smtpd's environment, rcpthosts will be ignored and relaying will be allowed. What you need is a way to set RELAYCLIENT for your customers, but not for anyone else. (I'll refer to your users as "customers" here; substitute "employees," "students at my university," or whatever is appropriate in your case.)

First, you need a way to identify them. There's no sort of user name/password authentication in the SMTP protocol, so how do you identify whether a particular SMTP connection is from one of your customers? The surest way to distinguish a customer of yours from the rest of the world is by the fact that he's connecting to your server from a host on your network, i.e. a host with an IP address that's in your address space.

Once you know he's connecting from one of your IP addresses, you need a way to set RELAYCLIENT so that he can relay. It's pretty easy to set up qmail to do this. Read about What is qmail RELAYCLIENT to find out how.

What is qmail RELAYCLIENT

If you need to allow mail relaying from a selected group of IP addresses only, then environment variable RELAYCLIENT can be used.

If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address.

A standard ucspi-tcp package is being used for TCP connection for qmail. You can read about all of the programs in the package at http://cr.yp.to/ucspi-tcp.html. The particular program we'll be using here is tcpserver, which accepts incoming network connections, sets various environment variables, and then runs a program of your choice.

Now we'll set up the rules file that tcpserver will use to determine whether to set RELAYCLIENT.

Create a file in /etc called tcp.smtp. The file should read as follows:

192.168.10.:allow,RELAYCLIENT=""
172.16.:allow,RELAYCLIENT=""
10.10.:allow,RELAYCLIENT=""
:allow

Now we'll compile this rules file into a qmail daatabase cdb file:

# tcprules tcp.smtp.cdb tcp.smtp.temp < /etc/tcp.smtp

Now rebulid the tcoserver cdb file for SMTP

# qmailctl cdb

Thats it. :)
Now qmail will accept incoming SMTP connection from 192.168.10.0, 172.16.0.0 and 10.10.0.0 range network. In above tcp.smtp file you can add your clients IP address for which you want to allo relay.

What is qmail rcpthosts

rcpthosts is file that contains list of all domains (i.e. those listed in control/locals and control/virtualdomains) one per line for which your server will accept mail for. Using the VqAdmin interface or the command line tools will automatically add the domains you create to this file.

This is where you want to put domain names that you want to be a secondary mail server for.

If you add a domain here that does not reside on your server, the machine will accept the emails for that domain and attempt to deliver them to the main mail server (main MX record) every 5 minutes until the value in queuelifetime is met or they are successfully delivered. Once the queuelifetime has been exceeded, the messages will be bounced to the originating sender.

man qmail-smtpd excerpt:
Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts.

Exception: If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address.

rcpthosts is located in
/var/qmail/control/rcpthosts

Here is what it contain for mycompany.com domain...
# cat /var/qmail/control/rcpthosts
mycompany.com
mail.mycompany.com
localhost

Envelope recipient addresses without @ signs are always allowed through.