Filtering e-mails between users using qmail
Created on 10 April 1999
Last updated on 19 April
1999
Development stage: ver
1.0
This guide was written to be part of Josh's
Linux Guide.
Introduction and objective
A number of commercial ISPs offer their customers
several email aliases to their one mailbox. Many e-mail programs
can filter incoming mails into seperate folders for each alias, but as
Linux provides individual users with a fully seperate login and working
environment, the question is: can incoming mails be seperated and delivered
to users? The answer is yes, but it is not entirely straightforward,
and you need to use some of Linux's most sophisticated programs to achieve
it, hence configuration is a challenge.
This "howto" looks at the specific example
of forwarding incoming mail for simon.hampton@tvd.be
to linux account sim (home directory: /home/sim), and mail for liesbeth.devriendt@tvd.be
to linux account lies (home directory: /home/lies). To collect my
e-mails I need to access the so-called "multidrop" mailbox offered by my
ISP, called mb10099.
Mails will be collected using fetchmail
(section 1), and passed to qmail (a sendmail replacement, section
2) for delivery locally.
fetchmail has probably already been installed
on your system. There appears to be little competition for fetchmail,
but it is clearly the pride of the OSS community (its author, Eric S. Raymond,
wrote the Chathederal and the Bazar). Fetchmail specialises in on-demand
links, especially for temporary connections. Even though I have a
permanent cable TV connection, I have to demand my e-mails as my ISP does
not forward them automatically to customers.
fetchmail is fairly straightforward to
get running, see for example:
A simple ~/.fetchmailrc file should look something
like the following:
set daemon 300
defaults
forcecr
poll hostname.ISP.country with proto POP3
user mb10099 there with password "XXXXXXX"
is * there options keep
The words in bold are read and acted upon
by fetchmail, while the normal text is noise that can added as required
and is ignored (more details are in /usr/doc/fetchmail-*/sample.rcfile).
Don't forget to set it to chmod 0600.
set daemon 300 |
Fetchmail runs in the background and checks
for emails every 5 minutes. You may want run fetchmail by hand if
you have a dial-up connection. |
poll hostname.ISP.country |
The poll commands tells fetchmail to check
the following site for emails. When poll is replaced by "skip", this
entry would be ignored. |
proto POP3 |
Use the POP3 protocol - still probably
the most common, but fetchmail appears to support all others. |
user username |
This is the username needed to login. |
password "XXXXXX" |
The password to login. This is stored
as plain text in the .fetchmailrc file and is the reason why this file
is required to be set as read/write for the user only. |
is user-name (or "to user-name") |
Normally, fetchmail would pass mails to
the MTA with a fully qualified RCPT TO address of type hostname@localhost.
The "is" makes fetchmail feed mails with RCPT TO address user-name@localhost.
For our purposes, however, we use "is *", which makes fetchmail pass mails
without modifying the text before the @. |
keep |
Especially useful for testing, this command
tells fetchmail to leave all mails on the server. |
forcecr |
Just
something that must be added |
local domains |
Depends whether ISP leaves mail headers
alone. If so, fetchmail only has to know its local domain names |
Fetchmail gets the e-mails and forwards
them using SMTP to port 25 on localhost where your "mail transport agent"
(MTA) needs to be waiting/running in order to receive them.
qmail is a MTA replacement for the more ubiquitous
sendmail. Sendmail is reputed to be less secure than qmail and, in
my brief experience, is certainly more complicated to configure (not that
qmail is simple).
qmail comprises severall small programs
which pass incoming and outgoing mails between themselves seemlessly -
as a result, most of this text refers to qmail generically instead of the
individual components. qmail listens at port 25 for incoming SMTP
traffic (in this case from fetchmail) and then arranges its delivery.
It can also handle outgoing mail too, instead of the mailing components
in email software.
Installation
Installation is not difficult, but is also
not simple. Read the INSTALL and the INSTALL.* files carefully; these
take you in detail through the key stages:
-
Setup the necessary qmail usernames on your
system
-
Compile and install the software and documentation
-
Teach qmail your full host
name
-
Setup up key non-user routing instructions
-
Start qmail and test delivery between users
and to the outside
-
Setup initd.conf to ensure approopriate listening
on port 25
-
Restart initd
-
Make hooks for programs that call sendmail
-
Test receipt of incoming SMTP mail traffic
-
Where appropriate, create a SysV script (see
Mail-HOWTO,
download my script)
The following sites provide further discussion
of the steps involved if INSTALL is insufficiently clear:
Basic configuration
Although there is much help for installation
available on the net, there is rather less on configuration.
As qmail will not be running as a permanently
connected SMTP server, it will not be able to find your domain address
in DNS (a 'virtual domain'). Recall also that fetchmail delivers
to the localhost domain. As a result, qmail needs to know that it
must accept mails destined for the localhost domain:
-
add localhost to /var/qmail/control/rcpthosts
Note: rcpthosts may include wildcards:
e.g. .heaven.af.mil
.qmail files
There are five types of line in a .qmail file:
#comment
|program to execute
[&]forwarding email address
# & need if username does not begin with an alphanumeric character
./mailbox deliver to a single mail file
(Mbox)
./maidir/ deliver to a mail directory
(Maildir)
Notes:
-
.qmail files cannot be group or world writable.
-
qmail-local is invoked with a set of command
line parameters that are then makes available to any programs invoked in
.qmail (e.g. $SENDER)
Handling aliases
There are basically two ways of handling the
incoming mail names and routing them to local user names.
Delivery by the alias user
qmail by default can only recognise and deliver
to system user names (sim & lies in this case). It does, however,
also postulate a set of related email addresses for each user of the form
user-ext. For any such address, qmail-local - which is the
qmail component responsible for final mail delivery - looks in ~/.qmail-ext
for delivery instructions. If no .qmail-ext file is found (or the
file exists but is empty), default delivery is to the file ~/Mailbox (unless
.qmail-default states otherwise??).
Addresses which do not map to a specific
user (ignoring the "-ext" as necessary) are handled by the special alias
user. Recall, how during the installation procedure, .qmail files
were put in ~alias for root, postmaster and ... When alias is invoked,
qmail-local looks for a .qmail-username file for details of how to forward
the mail to a local user.
It follows that the apparent solution to
our objective is an ~alias/.qmail-simon.hampton file with "sim" as the
only contents (without quotations). In practice, the file needs to
be called ~alias/.qmail-simon:hampton as
qmail requires "."s to be ":"s in such instances, but apart from that
it is done.
Configuring users/assign
Arbitrary addresses can be assigned to specific
users using qmail-users. This is necessary, for instance, for my
incoming mail to simon.hampton (if you do not have a . in the name, it
may work with the alias solution)
/var/qmail/users/assign (See http://qmail.digibel.be/man/man9/qmail-users.html
for format)
=simon.hampton:sim:1002:100:/home/sim:::
=liesbeth.devriendt:lies:1004:100:/home/lies:::
.
Do not forget to run /var/qmail/bin/qmail-newu
afterwards to convert assign to the necessary binary file, cdb.
As an alternative qmail-pw2u can build
a list for you from your /etc/password file.
Outgoing mails (qmail as a relay)
Mail headers
qmail is not great at rewriting headers on
outgoing mail, but these can probably be setup in mail client directly.
If however you leave the from address as sim (to facilitate correspondance
between users) in the mail client
-
add the default domain to be appended to outgoing
mail in /var/qmail/control/defaultdomain
-
Users can also modify their From: headers
by using environment variables in .bash-profile
export QMAILHOST=some.domain
export QMAILNAME=Peter Samuel
export QMAILUSER=Peter.Samuel
export QMAILINJECT=f
This becomes:
From: Peter Samuel <Peter.Samuel@some.domain>
Setting up a mailhost
A mailhost is a machine that will perform
all the local deliveries for a site. It accepts mail from users throughout
the local network and from external
sources. All mail for local delivery
(domain specified in control/locals) is directed to the relevant postbox,
while the rest is passed to the relevant gateway.
The main configuration files are therefore:
Seeting up a mailhost can expose you to security
concerns by creating an "open relay". The following provide guides
of the relatively complex process of howto to relay selectively:
Don't forget to set up mail client to pass
outgoing mails to sendmail,
Restarting qmail
Many parts of qmail do not reread their configuration
files once started (unlike, for example, the samba
server). Rebooting will lead the new configuration to be loaded,
but there are way of avoiding this time consuming activity.
Following changes to ..
From section 4.7 of the mail-HOWTO,
we have
killall [-HUP] inetd; init 1
Following changes to ....
qmail-send
Acknowledgements
In addition to the sources mentioned above,
I was helped through this complex process by the following excellent sources:
Hostname
qmail relies absolutely on thecomputers hostname
being setup correctly. hostname -f should report the fully qualified
domain name, and this can also be found in /etc/HOSTNAME. Some configuration
help can be found in the Networking-HOWTO, and for the record the 3 key
files should have the following basic elements.
/etc/hosts |
/etc/hosts.conf |
/etc/resolv.conf |
127.0.0.1 localhost
[other home LAN hosts] |
order hosts, bind
multi on |
domain maths.wu.edu.au
search maths.wu.edu.au wu.edu.au
nameserver 192.168.10.1
nameserver 192.168.12.1 |
Note: linuxconf is capable of editing
most of these files
Other programs
-
Sendmail:
the ubiquitous MTA, but difficult to configure,and reputedly not secure.
-
Procmail:
a powerful mail delivery agent capable of much finer analysis and distribution
of incoming mails.
Copyright © 1999
Simon
Hampton. All rights reserved. Permission to use, distribute, and copy
this document is hereby granted. You may modify this document as long as
credit to me is given and I am informed of the changes.