LinuxQuestions.org - qmail or sendmail

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - qmail or sendmail (https://www.linuxquestions.org/questions/linux-newbie-8/qmail-or-sendmail-23081/)

qmail or sendmail

which is the best mta
i read on a few sites that sendmail is difficult to config

I have often found the "harder" it is to configure somthing in Linux the better it runs once you get it going, just my personal experience ;] lol

I've read that sendmail has been prone to security flaws over the years. When configured correctly, qmail is supposedly very secure.

I needed to set up a test machine so I could prototype a majordomo server before putting the stuff "live", so I set up a Slackware 8.0 system, upgraded to the 2.4.18 kernel and then set about investigating qmail, smail and sendmail.

"smail" failed at the first hurdle because after I grabbed the tar archive and tried to install it, the makefile reported a bucketload of error mesages and I decided that was that.

qmail was very easy to install and I found the documentation excellent. It ran like a dream, until I tried to integrate it with majordomo. It was a complete nightmare. I know there are numerous documents that try to guide you through how to get the aliasing system working, but I am sorry to say that I failed miserably in my attempts to successfully integrate majordomo and qmail. Mind you, the qmail documentation *DOES* urge people intending to use qmail with a mailing list to consider an alternative product. I could not take that path because the live server system was already using majordomo.

I therefore fell back to sendmail. Slackware 8 comes with several "pre-set" sendmail configuration setups and I used the simplest one. It works, well, sort-of (!) and the majordomo and majorcool packages slide into place alongside it almost without effort. However, if I ever wanted to change anything in that sendmail config, I fear the learning curve is nearer a vertical climb than a curve.

If you aren't on the road johnvoisey is, I would suggest qmail. Not only is it easy to install, small and easy to configure. I also found it was very easy to make secure, like setting different rules on ip's, say you have an internal lan, those people are allowed to relay anything (as they are sending mail) and from the outside you are only allowed to deliver. Unfortunately it is not so easy to configure on user-names as far as I know. But I would discourage this in any case since being able to relay from any ip using a valid username (from address) would open up your server to spamming.

What I did to prevent continual changing of configuration for some of my users (those with laptops) I set up the gateway machine to redirect any outgoing connections on port 25 (smtp) to the mail server - which happens to be the same machine.

THANKS
for the response
and i will give qmail a try
are there any trouble points in the installation?

I installed it about 3 times now. Twice using the INSTALL files as guides and once using a .deb file.

To be honest, even though the deb file initially installed easier, they changed some of the locations of things (ok, they did simlink it so that you can access it as normal) and did some automatic things to the configuration which I did not want.

Unless you have some specific reason to use rpm or deb or whatever else, I would suggest downloading it in source form (http://cr.yp.to/qmail.html IIRC but deffinately at http://www.qmail.org). Also check out http://cr.yp.to/ucspi-tcp.html, it has a utility there called tcpserver which is *very* nice to use instead of inetd (much more stable and reliable - in fact I would almost recommend putting all your tcp stuff in inetd under tcpserver rather).

You might also want daemontools (http://cr.yp.to/daemontools.html) which contains multilog which can be used by qmail for it's logging. Also for setuidgid which when run as root (as the /etc/init.d/* scripts) will revert to the specified user before executing the given command. Usefull for starting qmail as a different user than root (which *is* a good thing).

I would suggest using Maildir format instead of mailbox (reasons are many, mainly stability and ease of locating a specific message file). You will need to correctly configure your mail client though.

Good luck, and if you need something, more info or advice, don't hessitate to ask, but I'm sure you will find that the INSTALL and README files are quite good and well written.

The only thing I have not yet gotten to work was virtual domains, but most people don't need this. Also, if you use pop3, I would suggest using a password authenticator that does *not* authenticate against the system passwords - that would be a *major* security flaw as pop3 passwords can be sniffed (it's sent clear text).

Enoy.

thank you agaon for your reply
i've been reading life with qmail
i think i understand most of the installation
but do i reay need a dns for qmail(and how )
for password authenticator do you that
i have to install PAM or something like it
ans i tried qmail once but got a error when
i started it
and got :
Hat: No such file or directory

Could perhaps elaborate a bit more? You need a password authenticator (Which you can find at www.qmail.org IIRC) and there are a few that will authenticate against PAM. As for dns, just use bind for local testing, or send mail to user@localhost and make sure control/me is localhost, control/accept is localhost and basically everything else as well.

thx for the reply again but i don't get what you mean by your explenation of the dns piece

qmail uses dns to determine where to deliver mail to. More specifically, the mx entry. Well, if you are only going to act as an mx host and not as a relay, do not worry too much about this. Just make sure all the hosts you are accepting mail for is listed in control/accept iirc. You are probably only accepting for localhost and one other domain.

What I did is set up my dns as follows:

debiansys.lan MX mail.debiansys.lan
debiansys.lan PTR 192.168.0.5
mail.debiansys.lan CNAME debiansys.lan

This will cause any mail delivery agent to deliver mail addressed to user@debiansys.lan to mail.debiansys.lan, which in this case is the same machine (but it could be a different machine).

I did the same for a few more hosts (like anothersys.lan etc, all pointing to the same ip). The reason I did this was because I have to accept mail for various hosts, but I do not want to create a user for each mail acount and thus needed to get virtual hosts going (still not 100 %) and had to be able to test it. DNS just made that easier since I could actually use mutt to send mail instead of telnetting the whole place over.

So no, you probably don't need dns, but it *might* make your life easier. If you do not know how dns works, I suggest you rather finish of your qmail setup before delving into dns.

thx for your thx, it's a pleasure to help.

btw, I'm not sure how PAM works but I'm almost sure it authenticates against the system database. THIS IS A NO GO AREA. You do *not* want your pop accounts to authenticate against the system database. The reason is simple - pop passwords are sent as cleartext and can thus be sniffed, for example, a snippet from an actual pop transaction:

+200 pophost.myserver.lan
user koningshoed
+200 ok, user needs password
pass mypasswordincleartext
+200 ok, user logged in.
list
+200 ok, list:

and then we get a list of mail and we can read it etc. The lines with + is what the server returns, this is *excactly* how it is sent over the internet, just as readable for someone with the right software at the right place. Now imagine that password is also your system password ...

thx again for sharing your wisdom
i've been reading about dns in the how to
but i didn't get the same result (going to play further with that)
nao i'm going to install qmail and hopefully it will work

thanx for your time

first time)
now i have a few questions
i removed sendmail
!)do i need to reinstall procmail?and can i do it with rpm
or do i need to install the source file for making procmail clear that i'm using a maildir
2)when i have user's already made on my system who do i make qmail to see
also my other users?
3)and who do i configuer pop 3 in qmail
4)i read that the rc file must contain that i'm using a maildir but i have now
this in my rc file

exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"
can and must i replace the last line with
qmail-start ./Maildir/

1) Not afaik.
2) who = how? It should be automatic afaik. at least mine is. It does have a few aliases for post-master etc but the rest was pretty much automatic.
3) this is a little harder, try reading http://www.pgregg.com/projects/qmail...euid/index.php - I don't think this is quite what you have in mind but I suggest using this in any case to get away from using the system database for passwords. I myself still have to get pop3 to function 100 % like I would like it to :).
4) From /etc/init/qmail on my system:
Some general headers you might be interrested in:

# Configuration
#

# set default delivery method

#alias_empty="|/usr/sbin/qmail-procmail" # procmail delivery to /var/spool/mail
alias_empty="./Maildir/" # This uses qmail prefered ~/Maildir/ directory
# You may want to maildirmake /etc/skel/Maildir
#alias_empty="./Mailbox" # This uses Mailbox file in users $HOME

logger="splogger qmail"
#logger="|accustamp >>/var/log/qmail.log" # If you have accustamp installed.
#logger=">>/var/log/qmail.log" # Does not give timing info.

# If you uncommented one of the lines that appends to /var/log/qmail.log, you
# need to uncomment the following two lines.
#touch /var/log/qmail.log
#chown qmaill /var/log/qmail.log

#
# End of configuration

The startup code looks like this:
echo -n "Starting mail-transfer agent: qmail"
sh -c "start-stop-daemon --start --quiet --user qmails \
--exec /usr/sbin/qmail-send \
--startas /usr/sbin/qmail-start -- \"$alias_empty\" $logger &"
# prevent denial-of-service attacks, with ulimit
ulimit -v 8192
sh -c "start-stop-daemon --start --quiet --user qmaild \
--exec /usr/bin/tcpserver -- -R -H \
-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \
/usr/sbin/qmail-smtpd 2>&1 | $logger -t qmail -p mail.notice &"

# Uncomment the following lines to automatically start the pop3 server
#sh -c "start-stop-daemon --start --quiet --user root \
# --exec /usr/bin/tcpserver -- \
# 0 pop-3 /usr/sbin/qmail-popup `hostname`.`dnsdomainname` \
# /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir &"

echo "."

Shutdown code:

if [ "`pidof /usr/sbin/qmail-send`" ] ; then
start-stop-daemon --user qmails --stop --quiet --oknodo --exec /usr/sbin/qmail-send
start-stop-daemon --user qmaild --stop --quiet --oknodo --exec /usr/bin/tcpserver
# Uncomment the following line if you have enabled the pop3 server
#start-stop-daemon --user root --stop --quiet --oknodo --exec /usr/bin/tcpserver

# Wait until the timeout for qmail processes to die.
count=120
numdots=0
while ([ $count != 0 ]) do
let count=$count-1
if [ "`pidof /usr/sbin/qmail-send`" ] ; then
echo -n .
let numdots=$numdots+1
sleep 1
else
count=0
fi
done

# If it's not dead yet, kill it.
# if [ "`pidof /usr/sbin/qmail-send`" ] ; then
# echo -n " TIMEOUT!"
# kill -KILL `pidof /usr/sbin/qmail-send`
# else
case $numdots in
0) echo "." ;;
1) echo ;;
*) echo " done." ;;
esac
# fi
else
echo " not running.";
fi

btw, the files mentioned in the singleuid howto is available at http://www.pgregg.com/projects/qmail/ IIRC it is stated incorrectly in the article itself.

Hope this helps some more.

correction - you do need procmail. I don't think you need to recompile though, rpm should be ok. I'm actually wondering why they placed procmail as a dependancy for qmail, afaik qmail delivers the mail by itself.