[Treachery Unlimited Logo] Treachery Unlimited: A Computer & Network Security Information Clearinghouse Site

Advisory Agencies
Articles and Tutorials
Security Tools
Site Search
Feedback to Webmaster
Back to Articles and Papers > Tutorials

Newbie's Guide to Qmail
A guide to downloading, compiling and installing Qmail and related utils.
by Jay D. Dyson


I'm often asked why I prefer Qmail over Berkeley Sendmail. My reasons for staying with Qmail are many and varied, but my original attraction to Qmail was simple: I needed a Mail Transport Agent (MTA) that was closed to third-party relay by default. I'd seen far too many systems fall prey to unscrupulous spammers who would jump on any open relay as a written invitation to use up their cycles to spew their unsolicited bulk email. At that time, Qmail was the only solid MTA I could find that fit the bill. Sun Microsystem's default Sendmail (SMI-8.6) was ridiculously open to third-party relay, and Berkeley Sendmail required far too many esoteric tweaks to do the job in even a remotely failsafe manner. So I looked further into Qmail. What I found was far beyond what I had originally sought.

While Qmail's default anti-relaying features caught my eye, what really sold me was the speed and security under which Qmail operated. For the uninitiated, Qmail is a vastly more secure MTA than Berkeley Sendmail (see the Qmail Security Guarantee). It doesn't require root to do its daily operations, and users can retain their individual mail spools in their own directories, thus sparing everyone a lot of headaches. Qmail is also much faster than the Berkeley Sendmail (see the Qmail Big Picture and the comparisons at LinuxCare Products: Mail Transfer Agents). Even those who may be skittish about re-learning such a commonly-used service can feel at ease: Qmail can be configured to behave just like Berkeley Sendmail in that it can support the .forward convention, /etc/aliases use, and -- if the admin wishes -- it also can configured to use /var/mail just like Berkeley Sendmail. With respect to mailing lists, Qmail will work with both Majordomo and its own Easy Mailing List Manager (EZMLM).

As if all that weren't enough, Qmail also has a lot of user-based support with programs that utilize the Realtime Blackhole List (RBL); support the Post Office Protocol (POP3) without using system accounts provide virus protection, and more. Commercial support for Qmail is also available.

With all that said, there are many reasons why Qmail is a viable alternative to Sendmail. Even so, many people with whom I've worked are reluctant to make the switch. They find the initial installation procedures either too complicated or too foreign to fathom. It's with those people in mind that I wrote this guide and its accompanying scripts.

This article will almost exclusively address the what's and how's of Qmail source acquisition, compilation, configuration and installation. For the why's and wherefore's of Qmail, the reader is encouraged to visit Dan Bernstein's Qmail Page, or the Qmail Site. For additional comprehensive information, I also recommend David Sill's excellent resource entitled "Life With Qmail."

At the time of this writing, all versions listed in this document are the latest iterations of the various software packages. Even so, I highly recommend the reader visit the above-listed URLs to see if there are more current versions available.

This document covers the downloading, compilation and installation of:



The Mail Transport Agent (MTA) itself.
For .forward support. (optional)
For /etc/aliases support. (optional)
A robust mailing list manager. (optional)


In order to download, compile and install these packages, the user MUST have access to the following:


Before attempting to compile Qmail or its related packages, perform the following commands:

which cc
which ar
which ld
which nroff

If your system cannot locate these files, check to make sure they are installed. If they are installed, then be sure to add the directories in which they reside to your PATH statement. If you are unsure as to how to add these directories to your PATH statement, do a 'man' on the shell version you use. For example, if you use bash, do a 'man bash'. (If you aren't even sure what shell you're using, finger your login ID and you'll see it listed by "Shell:".)

*** Special note for Solaris 7 (and earlier) users:
All releases prior to Solaris 8 do NOT have a working C compiler by default. The 'cc' in /usr/ucb is just a placeholder. You'll need to install the GCC package (http://www.sunfreeware.com/) if you haven't already. Once GCC is installed, rename /usr/ucb/cc to /usr/ucb/cc.sol and make a symbolic link from /usr/local/bin/gcc to /usr/ucb/cc. Failure to do this will cause the Qmail install to abort since it only looks for a 'cc' compiler.

Once you've confirmed that you have the necessary tools and access and have downloaded the source distributions, the first step is to unpack the source files. In your home directory, issue the following commands:

mkdir qmailstuff
mv qmail-1.03.tar.gz qmailstuff/.
mv dot-forward-0.71.tar.gz qmailstuff/.
mv fastforward-0.51.tar.gz qmailstuff/.
mv ezmlm-0.53.tar.gz qmailstuff/.
cd qmailstuff
cat qmail-1.03.tar.gz |gunzip |tar xvf -
cat dot-forward-0.71.tar.gz |gunzip |tar xvf -
cat fastforward-0.51.tar.gz |gunzip |tar xvf -
cat ezmlm-0.53.tar.gz |gunzip |tar xvf -
chmod 700 *.sh
cp qmail_install.sh qmail-1.03/.
cp df_install.sh dot-forward-0.71/.
cp ff_install.sh fastforward-0.51/. (optional)
cp ezmlm_install.sh ezmlm-0.53/. (optional)
cd qmail-1.03/


Rather than simply reiterate the steps already contained within the Qmail installation documentation (qmail-1.03/INSTALL*), I've written a few shell scripts that should greatly streamline the installation process for the Qmail newbie. You will want to look over these shell scripts to make sure the PATH and utilities called are appropriate for your OS.

The shell scripts provided perform the following functions:

  1. qmail_install.sh: For installing Qmail itself.

    Copy the 'qmail_install.sh' script into qmailstuff/qmail-1.03/. This script will perform the following steps:

    1. Check to see that you are root (required to install).
    2. Make sure all compile-related utilities are available.
    3. Check your OS type and confirm it with you.
    4. Create the Qmail home directory (/var/qmail).
    5. Create the non-privileged groups and accounts by which Qmail will operate.
    6. Compile and install Qmail.
    7. Confirm successful compile and install of Qmail with you.
    8. Modify system start-up scripts so Qmail will be started whenever you re-start the system.
    9. Confirm the changes with you.
    10. Confirm your hostname and domain for anti-relay configuration.
    11. Configure the 'alias' user directory by which postmaster, bounces and root mail will be handled.
    12. Stop the currently-running sendmail.
    13. Rename the old sendmail binary to sendmail.old and strip the suid bits from it (so it will no longer be a possible threat to system security).
    14. Create a symlink to point to the Qmail sendmail, so your programs that rely on the old sendmail's location won't break.
    15. Configure your mail delivery to arrive in ~user/Mailbox. (You may change this by using the runtime control script of your choice from /var/qmail/boot/ and overwriting the /var/qmail/rc file if you want to continue using /var/mail.)
    16. Update your inetd.conf smtp entry.
      (Please note: If your system uses xinetd, you'll need to update your configuration file manually via these instructions.)
    17. Restart your inetd.
    18. Start Qmail.

    Those who do not wish to use qmail_install.sh are invited to follow the directions provided in the qmail-1.03/INSTALL* files. (They're really not that difficult!) :)

  2. df_install.sh: For installing dot-forward. (.forward support)

    1. Check to see that you are root (required to install).
    2. Make sure all compile-related utilities are available.
    3. Compile and install the dot-forward package.
    4. Confirm successful compile and install of dot-foward with you.
    5. Direct you to what manual changes you will need to make with respect to /var/qmail/rc.
  3. ff_install.sh: For installing fastforward. (/etc/aliases support)

    1. Check to see that you are root (required to install).
    2. Make sure all compile-related utilities are available.
    3. Compile and install the fastforward package.
    4. Confirm successful compile and install of fastfoward with you.
    5. Creates symlinks to the fastforward 'newaliases' binary.
    6. Direct you to what manual changes you will need to make with respect to /etc/aliases.

  4. ezmlm_install.sh: For installing EZMLM. (Mailing list support)

    1. Check to see that you are root (required to install).
    2. Make sure all compile-related utilities are available.
    3. Compile and install the EZMLM package.
    4. Confirm successful compile and install of EZMLM with you.
    5. Introduce you to three supporting shell scripts:
      1. maillist.sh - for creating new mailing lists.
      2. sub.sh - for manually adding users to a mail list.
      3. list.sh - for listing subscribers to a mail list.
    6. Direct you to review the test procedures in EZMLM's INSTALL file to confirm correct EZMLM configuration.

Upon successfully running all of these scripts, you will have a fully-functional copy of the Qmail MTA in place that will have all the familiar amenities of Berkeley Sendmail as well as a full-fledged mailing list manager. What would take hours with most MTAs has now been reduced to a matter of minutes. In fact, it's probably taken most folks longer to read through this article than it will take to install all of the Qmail components described herein.


This concludes this Newbie's Guide to Qmail. Please direct any feedback regarding this document to Jay D. Dyson. Please direct any questions regarding Qmail, dot-forward, fastforward, and/or EZMLM to Dan Bernstein. For further information, you can consult with other Qmail users by joining the Qmail list. Simply send a blank message to qmail-subscribe@list.cr.yp.to and follow the automated EZMLM instructions.

About the author
Jay D. Dyson is an independent security consultant specializing in network and host security services and serves as a Senior Security Engineer for the National Aeronautics and Space Administration (NASA) in Pasadena, California. He has been involved with computers for over 20 years and has been a system administrator for over 15 years on various platforms.

Copyright © 1999 - 2011 • Treachery Unlimited.
Last updated on Sunday, 11-Apr-2004 01:48:47 MST Privacy Policy