[CentOS] Ultra simple mail server config?

Tue Jan 23 22:38:43 UTC 2007
Peter Serwe <peter at infostreet.com>

John Summerfield wrote:
> Hmm, I note that while Qmailrocks points to the source of qmail, the 
> qmail pages recommends lifewithqmail but does not mention qmailrocks.
That would be correct, it doesn't for reasons discussed on the 
ever-controversial
(but not on the subject of qmail knowledge) qmail list.


> You may never have perceived a problem, but that's not the same as not 
> having a problem.
>
In fact, mail problems are somewhat tricky to perceive.  Starting with 
the fact that logging mail
properly is non-trivial, and following the instructions that do exist 
precisely can be semi-arduous.

I've found mail problems on servers that have been running mail for over 
8 years, and nobody
ever noticed it.  It's the whole one-to-many and many-to-one thing.  It 
gets overwhelming to
verify each and every one, and most people figure it if seems to work, 
f--- it.

> I note that qmail is not free software as defined by the FSF. I cannot 
> even ungzip the tarball and bzip2 it without Dan (the author's 
> approval) so as to save space when I distribute it. See 
> http://cr.yp.to/qmail/dist.html
True though that may be, it's an endearing quirk along with a few other 
endearing quirks DJB has
that make qmail all the more interesting. :D  And these days, with the 
price of storage and bandwidth
availability, who really needs to change out that .tar.gz for a 
.tar.bz2, anyway?

> If you don't want to build from source you should be using a different 
> package.
Seriously, qmail is a mandatory, unpack, patch, and build from source.  
I happen to
use an rpm, but pretty much just unpacks, patches, and builds from 
source in a nicely
repeatable fashion for any Linux I care to drop it on.  I decide I want 
other patches, I
just edit the .spec file and put them where they need to be.  Build it, 
take the new src.rpm,
and put that where it needs to go so I can push it wherever I need to.
 
> I have heard Bad Thing in the past about qmail, so googled for "the 
> problem with qmail." Some hits, not a lot. This is rather old, and the 
> author's fond of postfix (as am I) (but he was expert in qmail):
> It speaks of licence, the author's attitude, problemss working with 
> other software such as smartlist.
> http://lists.debian.org/debian-devel/1999/06/msg02053.html
Hey, I've heard postfix is a decent MTA, I just wouldn't know from 
personal experience.
I do have friends that run it though.  :D

> This is more recent:
> > The problem with qmail is that you need either a big patchset or
> > a once patched setup and reuse that. Plus qmail really has
> > some not-so-nice bugs.
> http://www.mail-archive.com/swinog@lists.swinog.ch/msg01601.html
Not so nice bugs?  Ahh, it's not so bad.  'patch -p0 blah blah blah'


> Oh, shhh sugar! This was written for RHL 6.x. I says,
> "PROCESS
>
> 1. download qmail 1.03 (or latest - but it hasn't changed in a *long* 
> time):"
> http://jason.mindsocket.com.au/articles/qmail/setup-README
>
> He's right. 1.03 is the latest listed at 
> http://cr.yp.to/qmail/dist.html and http://cr.yp.to/qmail.html
> Version 1.0, the first general release, was announced on February, 20, 
> 1997. The current version, 1.03, was released on June, 15, 1998.
> http://www.lifewithqmail.com/lwq.html#history
Funny thing is that, there hasn't been a reason to change qmail's source 
code.

Also, if you really want a prepatched version that takes care of a lot 
of the
major issues, netqmail-1.05 goes a long ways towards that.  Adding a couple
of mild feature enhancements by way of patching pretty much makes building
qmail a 4-minute process.  RTFM'ing the first time takes about 2 hours, 
if you
read slow.  The documentation is pretty terse and to the point.
 
> It looks to me that qmail is high-maintenance; www.qmail.org is one 
> site that attempts to make it usable, but if DJB ever releases a newer 
> version then what to do with all those patches?
Honestly?  For the trivial complexity of the initial setup, qmail is one 
of the most low
maintenance applications I have ever run on any platform.  Basically, if 
you don't screw
anything up, it just works.  People have not touched a qmail 
configuration for 8 years,
and never had a reason to.  Spending a few minutes to know what you're 
doing on the
front side pays dividends for years, even if for some reason, you end up 
choosing to
use another MTA.  I learned about the protocols from reading qmail 
documentation
or referenced documentation.
> It's like mixing and matching kernel patches.
What is?  Patching qmail is nothing like patching a kernel.  It's not
nearly as complicated, the scope is far narrower, and the net effect
of a success/fail is far easier to react to.  I'd recommend anybody
play with patching/building qmail, whereas, I can't even get a vanilla
CentOS 4.4 kernel to build when I run 'make menuconfig' and then
'make'.  I'm sure when I'm ready to find out why, I will though. :P

> I don't see any patches to fix security problems, but I am not 
> prepared to believe there are no security problems. There are patches 
> to fix standards non-compliance (eg RFC 1870 and RFC 2821) and nobody 
> can distribute source with them preapplied. Instead, they must 
> distribute patch alone or source-plus-patch.
Well, ya know it's kinda funny.  The author has had a cash prize for 
anybody to find a security
hole in qmail for the better part of a decade, and as much as a lot of 
people have gotten really
intimate with the qmail source code (as evidenced by the sheer number of 
patches), nobody
has EVER been able to find one and claim the prize.  I think that's as 
close to being able to
believe there aren't any issues as any software I've ever seen.  
Certainly Bill Gates would
be substantially poorer had he ever made that claim, and backed it with 
cash over the same
time period.

</rant> :D

Peter

-- 
Peter Serwe <peter at infostreet dot com>

http://www.infostreet.com

"The only true sports are bullfighting, mountain climbing and auto racing." -Earnest Hemingway

"Because everything else requires only one ball." -Unknown

"Do you wanna go fast or suck?" -Mike Kojima

"There are two things no man will admit he cannot do well: drive and make love." -Sir Stirling Moss