Qmqpd

From QmailToaster
Revision as of 00:01, 4 April 2024 by Ebroch (talk | contribs)
Jump to navigation Jump to search

Back -- Offsite Doc

QMQP is a protocol designed to be used by clients for queuing messages to a smart host that handles the delivery. This relieves clients of the burden of maintaining a queue and retrying temporarily undeliverable messages. The protocol is defined at http://cr.yp.to/proto/qmqp.html. QMQP is similar to QMTP in that it minimizes the round trips necessary for handing messages to servers, but it doesn't implement relay control—so access to QMQP servers must be restricted to trusted clients. QMQP usually uses port 628.

qmail includes both a QMQP server, qmail-qmqpd, and a QMQP client, qmail-qmqpc.

A client system using qmail-qmqpc is known as a mini-qmail installation.

Setting Up a QMQP Service
Setting up a QMQP service is straightforward once you've installed qmail, daemon-tools, and ucspi-tcp as in Chapter 2, "Installing qmail." First, select a qmail server to be the QMQP smart host. All of the following actions must be taken on this host.

Create the service's directory:

 # umask 022
 # cd /var/qmail/supervise
 # mkdir qmail-qmqpd
 # cd qmail-qmqpd
 # chmod +t .
 # 

Using a text editor, create a new file called run containing:

 #!/bin/sh
 QMAILDUID='id -u qmaild'
 NOFILESGID='id -g qmaild'
 MAXQMQPD='head -1 /var/qmail/control/concurrencyqmqp'
 if [ -z "$MAXQMQPD" ];
 then
     echo MAXQMQPD is unset in
     echo /var/qmail/supervise/qmail-qmqpd/run
     exit 1
 fi
 exec /usr/local/bin/softlimit -m 2000000 \
      /usr/local/bin/tcpserver -v -p -x /etc/tcp.qmqp.cdb -c "$MAXQMQPD" \
          -u "$QMAILDUID" -g "$NOFILESGID" 0 628 /var/qmail/bin/qmail-qmqpd 2>&1 

Note 	
Under Solaris, use /usr/xpg4/bin/id instead of id.

Make the run script executable and set up the log directory:

 # chmod 755 run
 # mkdir log
 # cd log
 # 

Using a text editor, create a new file called run in the log directory containing:

 #!/bin/sh
 exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog \
   t /var/log/qmail/qmqpd
 
Make the log/run script executable and create the logging directory:

 # chmod 755 run
 # mkdir /var/log/qmail/qmqpd
 # chown qmaill /var/log/qmail/qmqpd
 # 

Using a text editor, create the /etc/tcp.qmqp access control file. Allow access only from trusted hosts, and explicitly deny access to all other hosts. For example, if you want to allow all hosts on the local network to queue messages, and the local network is 192.168.1.x, the file would contain this:

 192.168.1.:allow :deny 

Build the machine-readable version of the access control database,

/etc/tcp.qmqp.cdb:

 # tcprules /etc/tcp.qmqp.cdb /etc/tcp.qmqp.tmp </etc/tcp.qmqp
 # 

Create the concurrencyqmqp non-standard control file to limit simultaneous QMQP connections. For example, to set the limit to 40:

 # echo 40 > /var/qmail/control/concurrencyqmqp
 # 

Link the service directory to /service to activate it:

 # ln -s /var/qmail/supervise/qmail-qmqpd /service
 # 

The qmailctl could also be modified to control the QMQP service.

Setting Up a QMQP Client (Mini-qmail)
QMQP can be enabled on a system running qmail simply by replacing qmail-queue with a symbolic link to qmail-qmqpc and listing the QMQP servers in control/qmqpservers. However, a true mini-qmail installation is much simpler and smaller than a full qmail installation: There's no queue, so there's no need to run any daemons.

A mini-qmail installation requires only

qmail-qmqpc, forward, qmail-inject, sendmail, predate, datemail, mailsubj, qmail-showctl, maildirmake, maildir2mbox, maildirwatch, qail, elq, and pinq in /var/mini-qmail/bin

A symbolic link to qmail-qmqpc from /var/mini-qmail/bin/qmail-queue

Symbolic links to /var/mini-qmail/bin/sendmail from /usr/sbin/sendmail and /usr/lib/sendmail

All of the man pages in /var/qmail/man

A list of the IP addresses of the QMQP servers, one per line, in /var/mini-qmail/control/qmqpservers

A copy of /var/qmail/control/me, /var/qmail/control/defaultdomain, and /var/qmail/control/plusdomain from your smart host, so qmail-inject will use appropriate host names in outgoing mail

The local host's name in /var/mini-qmail/control/idhost, so qmail-inject will generate Message-ID's unique to the host

A mini-qmail kit (http://www.din.or.jp/~ushijima/mini-qmail-kit.html) is available, which, combined with the full qmail-1.03 tarball, will install only the pieces that mini-qmail requires.

We'll go through a mini-qmail installation using this kit:

Download the mini-qmail kit using a Web browser or command-line tool. At the time of this writing, the current version is 0.63:

 $ wget http://www.din.or.jp/~ushijima/mini-qmail-kit/mini-qmail-kit-0.52.tar.gz
 —08:32:32—  http://www.din.or.jp/%7Eushijima/mini-qmail-kit/mini-qmail-kit-0.52 .tar.gz => 'mini-qmail-kit-0.52.tar.gz' Connecting to www.din.or.jp:80. . .connected
 HTTP request sent, awaiting response. . . 200 OK Length: 6,174 [application/x-tar]
 0K -> . . .. . .[100%] 08:32:36 (3.51 KB/s) - 'mini-qmail-kit-0.52.tar.gz' saved[6174/6174]
 $ 

Unpack the kit and change to its directory:

 $ zcat mini-qmail-kit-0.52.tar.gz | tar xf - $ cd mini-qmail-kit-0.52
 $ 

Unpack the qmail tarball under the current directory:

 $ zcat /tmp/qmail-1.03.tar.gz | tar xf -
 $ 

Build the mini-qmail Makefile:

 $ make -f Makefile.mini sed '/^auto_uids\.c:/,/^$/d' qmail-1.03/Makefile > Makefile cat Makefile.mini > Makefile while read file; \
   do \
     echo ''; \
     echo "$file: qmail-1.03/$file"; \
     echo "cat qmail-1.03/$file > $file"; \
   done < FILES.qmail > Makefile
 $ 

Build the mini-qmail binaries and man pages:

 $ make mini cat qmail-1.03/warn-auto.sh > warn-auto.sh cat warn-auto.sh config-mini.sh \
 | sed s}QMAIL}"'sed 1q conf-qmail'"}g \
 ... nroff -man envelopes.5 > envelopes.0 cat qmail-1.03/forgeries.7 > forgeries.7 nroff -man forgeries.7 > forgeries.0
 $ 
Install the binaries and man pages:

 $ su Password: rootpassword # make setup-mini ./install-mini # 
Configure the mini-qmail installation:

 # ./config-mini smarthost domain plusdomain localhostname\
 > smarthostip
 #
 Putting smarthost into control/me. . .
 Putting domain into control/defaultdomain. . .
 Putting plusdomain into control/plusdomain. . .
 Putting localhostname into control/idhost. . .
 Putting smarthostip into control/qmqpservers. . .
 # 

For example, if the smart host is mail.example.com, with an IP address of 192.168.1.4, and the mini-qmail host is null.example.com, you might use something like this:

 # ./config-mini mail.example.com example.com example.com null.example.com \
 > 192.168.1.4
 Putting mail.example.com into control/me. . .
 Putting example.com into control/defaultdomain. . .
 Putting example.com into control/plusdomain. . .
 Putting null.example.com into control/idhost. . .
 Putting 192.168.1.4 into control/qmqpservers. . .
 # 

Test the mini-qmail installation. If your username on the smarthost is carolyn, do this:

 # echo to: carolyn | /var/mini-qmail/bin/qmail-inject
 # 

Verify that the message was delivered to your mailbox on the smarthost.

Finally, set up links to mini-qmail's sendmail program:

 # rm -f /usr/lib/sendmail /usr/sbin/sendmail
 # ln -s /var/mini-qmail/bin/sendmail /usr/lib/sendmail
 # ln -s /var/mini-qmail/bin/sendmail /usr/sbin/sendmail
 # 

nullmailer
nullmailer (http://www.untroubled.org/nullmailer/) is a simple MTA for null clients. It can use either SMTP or QMQP. It's similar to mini-qmail, except it implements a queue. If mini-qmail can't reach a server when a message is injected, it returns an error and the sending user or process is responsible for retrying the delivery later. nullmailer queues the message locally and automatically retries to send it to a server.