qmail and TMDA at BMERC



Table of Contents


I. qmail introduction

qmail is an Internet Mail Transfer Agent (MTA) for UNIX-like operating systems. It's a drop-in replacement for the Sendmail system provided with UNIX operating systems. qmail uses the Simple Mail Transfer Protocol (SMTP) to exchange messages with MTA's on other systems.

There are many good qmail Web resources: II. Why use qmail

Some of the advantages of qmail over vendor-provided MTA's include:
  1. Security. qmail doesn't let intruders into your machine. qmail was designed for high security. Sendmail has a long history of serious security problems. When Sendmail was written, the Net was a much friendlier place. Today's Internet is a much more hostile environment for network servers.
  2. Reliability. qmail never loses mail.
  3. Speed. qmail delivers your mail much more quickly than sendmail, without compromising reliability.
  4. Low memory use. qmail can handle dozens of simultaneous deliveries.
  5. User-controlled mailing lists. Users don't have to pester the system administrator to create new lists.
  6. Virtual hosts made easy. qmail pioneered multiple-domain support.
  7. Straightforward administration. qmail works with a minimum of fuss.
  8. Flexible program deliveries. qmail provides a powerful interface for external mail processors.
  9. Variable Envelope Return Paths. This feature(used by ezmlm) provides 100% automatic bounce handling for mailing lists of any size.
  10. The maildir format. This feature makes it easy to set up high-volume distributed POP toasters.
III. qmail-pop3d POP server

    qmail-pop3d is the POP server included with qmail.
    qmail-pop3d supports only maildir-format mailboxes.

    Read /source/local/src/qmail-1.03/INSTALL.maildir for instructions
    how to build "Maildir" structure in your $HOME.

    Here's how to set up qmail to use maildir for your incoming mail:

    Log into DELBRUECK and run the following commands:

    % /var/qmail/bin/maildirmake $HOME/Maildir
    % echo ./Maildir/ > ~/.qmail

    Make sure you include the trailing slash on Maildir/.
IV. qmail forwarding mail

    Sendmail uses .forward files, to allow users to control the delivery 
    of messages they receive. qmail uses a similar mechanism: .qmail files.

    Examples:

    % more .qmail
    The e-mail address where to forward   # Sends e-mail to a forward address
    ./Mailbox                             # and to you in the same time.

    % more .qmail
    The e-mail address where to forward   # Sends e-mail to a forward address
    ./Maildir/                            # and to you in the same time.

    % more .qmail
    The e-mail address where to forward   # Redirects your mail to a forward
                                          # address.
V. User-controlled mailing lists
    You can generate "~/.qmail-GROUPNAME" in your $HOME directory
    with a list of addresses, one e-mail address per line.
    Then incoming mail for $USER-GROUPNAME@darwin.bu.edu will be forwarded 
    to each of those addresses. You should also touch ~/.qmail-GROUPNAME-owner
    so that bounces come back to you rather than the original sender. 

    Alternative: ezmlm is an easy-to-use, high-speed modern mailing list 
    manager for qmail, supporting automatic subscriptions, confirmations, 
    archives, fully automatic bounce handling (including warnings to 
    subscribers saying which messages they've missed), and more. 

    ezmlm Home
    ezmlm by D.J. Bernstein

    ezmlm programs installed in delbrueck:/usr/local/bin/ directory.
    You can use "ezmlm-make" to instantly set up a professional-quality 
    mailing list, handling subscriptions and archives automatically.

    Read "ezmlm" & other man pages for details.
VI. qmail-vacation program
     You can read documentation on-line at:

     http://www.uni.edu/~prefect/devel/qmail-vacation/index.shtml

     or read "vacation" man pages on DELBRUECK.

     qmail "vacation" automatically replies to incoming mail.
     Run "vacation" on our qmail server DELBRUECK without any command 
     line arguments. The first time you run vacation,  a  default  reply  
     message will  be  created  in ~/.vacation.msg. Once you are satisfied 
     with the contents of the  reply  message,  you  will  be askned if you 
     would like to enable vacation. After your answer "yes", a default
     ~/.qmail file will be  created:
     
     -----------------------------------
     | /usr/local/bin/vacation $USER
     $HOME/Mailbox
     -----------------------------------

     The abobe environment variables - such as $USER & $HOME - will be  
     expanded to its correct value during vacation's setup phase.
     These instructions tell the qmail-local mail delivery  agent
     to  send an automatic reply to the sender of the message and
     to save a copy of the message in your default mailbox.

     For those of you, who already uses TMDA filter and wants to activate
     the "vacation" program, the additional steps are needed, which
     I'll describe a little later after the TMDA introduction.
VII. qmail duplicates elimination program
     eliminate-dups - eliminate duplicate mail messages

     A perl program "eliminate-dups" installed on our qmail server DELBRUECK.
     You need to create appropriate dot-qmail files in your home directory
     according to the /source/local/src/eliminate-dups-2.2/README file or
     man pages for "eliminate-dups":

       To enable eliminate-dups for the $USER, create a new dot-qmail file  
       called  $USER/.qmail-maildir.  The contents of this file should be

           ./Maildir/

     It should be owned by $USER and have 0644 permissions.

     Then add the following lines to your $USER/.qmail file

           | eliminate-dups [hashfile]
           &user-maildir

     hashfile is the name of the ndbm hash file that is used to store the
     message checksums. The default name is .maildups.

     It should be owned by $USER and have 0644 permissions.
VIII. Tagged Message Delivery Agent (TMDA)
      TMDA is an open source software application designed to significantly 
      reduce the amount of spam (Internet junk-mail) you receive.
      TMDA can also be used as a general purpose local mail delivery agent 
      to filter, sort, deliver and dispose of incoming mail.

Tagged Message Delivery Agent (TMDA)
TMDA Configuration Overview
TMDA Filter Specification
TMDA web interface


      TMDA installation is very simple and takes a few minutes:


        Open your session on our qmail server DELBRUECK
	cd $HOME
        cp /source/local/share/TMDA/tmda-example-kit.tar.gz .
	zcat tmda-example-kit.tar.gz | tar xvf -
	tmda-keygen
        .......................
	echo "the_above_new_key" > .tmda/crypt_key
	chmod 600 .tmda/crypt_key .tmda/config


Post installation steps:
------------------------

Manually modify the .tmda/config & ./tmda/filters/incoming
to replace $HOME & $USER with a real paths:

---------------------------------------------------------------------
delbrueck% cd ~/.tmda
delbrueck% more config
#
CONFIRM_APPEND = "/home/LOGINNAME/.tmda/lists/confirmed"
LOGFILE_DEBUG = "/home/LOGINNAME/.tmda/logs/tmda.debug"
LOGFILE_INCOMING = "/home/LOGINNAME/.tmda/logs/tmda.incoming"

delbrueck% cd ~/.tmda/filters
delbrueck% more incoming 

from-file /home/LOGINNAME/.tmda/lists/rejected drop
from-file /home/LOGINNAME/.tmda/lists/accepted accept
from-file /home/LOGINNAME/.tmda/lists/confirmed accept
---------------------------------------------------------------------

".qmail-tmda-default" and ".qmail-default" would have to be changed 
for Maildir users:

-----------------------------------------------------------------------
|preline /usr/local/tmda/bin/tmda-filter
./Maildir/
-----------------------------------------------------------------------

Then test by mailing to $USER-tmda@darwin.bu.edu and when satisfied,

	cd $HOME
	mv .qmail-tmda .qmail
        ln -s .qmail .qmail-default
-----------------------------------------------------------------------



TMDA's Whitelist-centric Strategy   ``Deny everything that is not explicitly 
                                      allowed''


      The way TMDA frustrates incoming junk-mail is simple yet extremely 
effective. You maintain a "whitelist" of trusted contacts which are allowed 
directly into your mailbox. In our configuration the accepted "whitelist" is
$HOME/.tmda/lists/accepted list.
Messages from unknown senders are held in a pending queue until they respond 
to a one-time confirmation request or "challenge" sent by TMDA. Once they 
respond to the confirmation, their original message is deemed legitimate and 
is delivered to you. TMDA then adds their address to your whitelist (In our
configuration the confirmed "whitelist" is $HOME/.tmda/lists/confirmed list) 
so they won't have to confirm future messages. 
      This methodology has the advantage of being very selective about what 
it allows in, while at the same time permitting legitimate, but previously 
unknown senders to reach you.




Esther Epstein