(cache) s/qmail Development

s/qmail

s/qmail (pronounced skew-mail) is a Mail Transfer Agent (MTA) based on Qmail suited for high-speed and confidential email transport over IPv4 and IPv6 networks.

s/qmail preserves the Qmail ecosystem and ought to be a drop-in replacement for most sites.
s/qmail's mascot is the phoenix (SQRP).

Looking for ...

my old qmail support page,
Spamcontrol's page,
my Authentication page,
my TLS page page,
my Newanalyse page,
my QMVC page,
my Qmail book page?

Scope and History

While Qmail provides the framework for a distributed MTA, my own developments for Qmail (e.g. SMTP Authentication, Spamcontrol) are considered necessary protocol extensions, s/qmail is a complete refactoring of the source code according to current demands for 64-bit systems and including IPv6 capabilities.

After almost 20 years of Qmail's superior and uncompromised email delivery, s/qmail posses most of the 'future' Qmail features Dan Bernstein was heading for (see also: Qmail TODO).

s/qmail is available in Dan Bernstein's /package format, usually invoked by Daemontools.
s/qmail provides TLS support based on the ucspi-ssl package.
SMTP Authentication, Anti-Spam, and Anti-Virus features are supported out-of-the-box.
Recipient and MAV capabilities in addition with powerful filters for SMTP envelope addresses.
Scalable and reliable mail delivery is guaranteed by means of QMQ.
Native IPv6 support for all communication modules.

The s/qmail 'universe' can be depict from here:

Figure: The s/qmail 'Big Picture' (available as PDF)

Communication and security features:

s/qmail uses D. J. Bernstein's 'C' coding principles entirely.
Full IPv6 compliance: Allow specific IPv6 bindings to any IPv6 address (even LLU) for all servers and clients (qmail-remote, qmail-smtpam, qmail-qmqpc).
TLS enabling of most servers and particular clients for SMTP and QMTP as well as POP3.
Distributed queueing: n:1, 1:n n:m with qualified authentication and authorization (enhanced 'QMQ').
s/qmail supports 'opportunistic' as well as mandatory TLS encryption together with easy X.509 certificate pinning.
Compliance with John Levin's RFC 7505.

Note: s/qmail provides a SPF hook, but does not support it directly. DKIM is still under investigation.

Protocol extension: QMTPS

The Quick Mail Transport Protocol QMTP is an invention of Dan Bernstein and is a simple but fast host-to-host transparent email transport protocol, with very little protocol overhead. It has been adopted by Postfix as well. Also a Net-QMTP Perl module is available.

s/qmail provides additionally the TLS-secured protocol QMTPS to couple several s/qmail instances and distributed queues among different nodes.
IANA has now assigned port 6209 for QMTPS.

s/qmail's implementation of QMTPS supports together with sslserver X.509 client certificates enables qmail-qmtpd to relay email based on valid certificates used by qmail-remote.

Distributed Queueing:

Based on SMTP but rather preferably QMTP(S) or QMQP, s/qmail can be instructed to work in a distributed queue environment, typically given in case of a Cloud service. Authentication among the nodes and encryption on the links can be guaranteed using QMTPS. This feature is called enhanced 'Qmail Multiple Queues' (QMQ).

Figure: The s/qmail 'channels' and distributed queueing

It's light-weight design allows to deploy s/qmail nodes rapidly in a Cloud based service domain.

Included packages:

The basic s/qmail installation includes the following packages (adapted mostly from Dan Bernstein):

A versatile, CRAM enabled checkpassword compatible authentication PAM called qmail-authuser.
The fastforward package is part of s/qmail.
Including the qmailanalog package suited for s/qmail together with tai64nfrac.
Additional qmail-mrtg frontend evaluating TAI64N timestamps in s/qmail's logs (and replacing my previous version of qmail-mrtg) for Tobias Oetiker's MRTG.
A working sample can be found for this site.

Supported Qmail packages:

s/qmail provides support for the following vanilla Qmail add-ons unaltered:

Inter7's vpopmail
Bruce Guenter's VMailmMgr
Dan Bernstein's ezmlm
Fred Lindbergs' and Bruce Guenter's's ezmlm-idx
procmail
IMAP server BINC
Dovecot (LDA)

Note 1: For those packages TLS encryption and IPv6 capabilities for any data-in-flight is possible with s/qmail.
Note 2: s/qmail Recipients extension is capable to understand ezmlm's VERP addresses.

Of course, my Qmail extensions will work natively with s/qmail:

Dependencies and installation of s/qmail

The installation of s/qmail tries to conform to existing Qmail systems as well as to provide a pre-configured and working MTA together with an easy update scheme:

Easy installation and maintenance by means of slashpackage.
Compliance with AMD64 architecture and current 'C' standards.
Drop-in replacement for Qmail (same interface; same API), same user accounts; same module names.
Ready-to-use integration into Daemontools.
systemd support should be possible without headache (except for logging).

Dependencies:

For installation, s/qmail requires a development environment and additionally the OpenSSL development libraries (in particular on Linux).

In particular, the following packages are recommended:

Mandatory: ucspi-ssl: Additional TLS libraries.
Optional: ucspi-tcp6: cdb generation, module rblsmtpd.
Optional: daemontools: providing supervise and TAI64N timestamps by multilog.

Quick installation of s/qmail (and perhaps upgrade from Qmail):

s/qmail uses D.J.B's slashpackage convention for installing while trying to keep the standard Qmail installation essentially unaltered:

Daemontools is installed and /service is working.
ucspi-ssl is installed in default location.
ucspi-tcp6 is installed.
Untar the s/qmail tar file under '/package'
Move to /package/mail/sqmail/sqmail-V.R.F and
do an initial: package/install.

Note: The package/install step respects your current Qmail settings.

Configuration:

The basic s/qmail configuration is done by means of conf-XX files (in alphabetic order):

conf-break -- usually the character '-' for VERP addresses
conf-cc -- compiler (no change required)
conf-delivery -- qmail-start default-delivery
conf-djbdns -- DJBNDS libs (not supported yet)
conf-groups*) -- s/qmail groups
conf-home -- home dir of s/qmail [/var/qmail]
conf-ids*) -- Unix ids for s/qmail
conf-instances -- QMQ instances to be raised
conf-ld -- loader options to be adjusted (for i386; AMD64 default
conf-log -- target dir of s/qmail logs [/var/log]
conf-man -- target dir of man pages, usually automatically recognized
conf-patrn -- s/qmail paternalism [002]
conf-qmq -- QMQ environment settings
conf-spawn -- silent concurrency limit [120]
conf-split -- depth of s/qmail dirs [23]
conf-svcdir -- supervise's 'service' directory
conf-ucspissl -- path to UCSPI-SSL dirs
conf-users*) -- user names

*) These files are coupled and need to be adjusted as one entity!

Step-by-step installation:

For an individual step-by-step installation the following commands can be executed:

package/dir -- sets up the directories
package/ids -- sets up the s/qmail users
package/ucspissl -- hooks up the required sources and libs with package ucspi-ssl
package/compile -- compiles the sources
package/upgrade -- potentially does the upgrade
package/legacy -- installs the binaries in the qmail directory
package/man -- installes the man pages
package/control -- populates the mininmal required control files for running
package/sslenv -- sets up the SSL/TLS environments together with X.509 certs and key files (from ucspi-ssl)
package/service -- sets up the run script for daemontools' /service and additionally the logging
package/scripts setup optional, undocumented and unmaintained scripts
package/run -- touches qmail/alias/ files and sets default-delivery

Documentation

A concise documentation for s/qmail is under construction. However, some survival information can be found here:

A 's/qmail Big Picture' is now available providing the default settings (run scripts) for most services.
The 'official' s/qmail documentation is in progress.
The set of man-pages coming along with s/qmail have been converted into HTML and are accessible here.
The standard LWQ documentation for Qmail is mostly still valid; except for the installation procedure of s/qmail (and it's extensions of course).
My SMTP Authentication tutorial.
My introduction into TLS.

s/qmail current release and download

Once you checked the s/qmail requirements and complied to those, you are ready to go for download and installation.

Download:

The current release of s/qmail can be downloaded here:

[Version 3.0.2] The third fully integrated release is sqmail-3.0.2 (MD5: 4045d0a85fe4857fcf9c118fcfa13d1f).
The code can be viewed in the doxygen archive.

I also recommend to use

Michel Bertram's qmHandle.

Newanalyse which allows long-haul logging and easy finding of delivered mails from the logs.

Defects:

Naming conventions:

Error: Implementation does not conform to reqs, e.g. something is missing.
Bug: Coding mistake in source file(s).
Flaw: Wrong/missing description in man-file or any attached documentation.

Open defects:

Closed defects:

[20160131#1/3.0.1] Error in qmail-smtpd's RSET behaviour (RFC 5321).
~~[20160112#1/3.0.1] Flaw in /usr/local/bin/ linked modules since they reference all available.~~
[20160110#1/3.0.0]: Bug in some package/XX scripts due to missing 'eval' statement (i.e. sslenv).
[20160108#1/3.0.0]: Error in qmail-remote not recognizing 'fast' 5xy rejection issued upon SMTP greeting.
[20160106#1/3.0.0]: Bug in skeleton script run_qmqpd. Wrong binary referenced.
[Since last public beta/2.6.06] Bug in qmail-tcpto displaying wrong information.
Bug in qmail-mrtg -2 shows only one output value (while MRTG expects two).

Release plan:

s/qmail will be maintained and my release plan includes the following topics:

Version 3.0 is the first complete release.
Version 3.1 will be used for additional enhancements.
Version 3.2 is forseen for integrating DJBDNSCurve6 libs.
Version 3.3 ... let's see: DANE support?
Version 4.0 UUID identifier for files in the queue.

Tickets, Change Requests, communication:

An EZMLM mailing list working together with s/qmail keeps you updated with current developments, bug fixes, and features discussed. This list also can be used to file

Defects (bug reports) and
Change Requests (enhancements).

To inscribe use: s/qmail mailing list

I can't guarantee a certain response level; but reasonable issues will be answered.