Filtering e-mails between users using qmail

Created on 10 April 1999
Last updated on 19 April 1999
Development stage: ver 1.0

This guide was written to be part of Josh's Linux Guide.

Introduction and objective

A number of commercial ISPs offer their customers several email aliases to their one mailbox.  Many e-mail programs can filter incoming mails into seperate folders for each alias, but as Linux provides individual users with a fully seperate login and working environment, the question is: can incoming mails be seperated and delivered to users?  The answer is yes, but it is not entirely straightforward, and you need to use some of Linux's most sophisticated programs to achieve it, hence configuration is a challenge.

This "howto" looks at the specific example of forwarding incoming mail for simon.hampton@tvd.be to linux account sim (home directory: /home/sim), and mail for liesbeth.devriendt@tvd.be to linux account lies (home directory: /home/lies).  To collect my e-mails I need to access the so-called "multidrop" mailbox offered by my ISP, called mb10099.

Mails will be collected using fetchmail (section 1), and passed to qmail (a sendmail replacement, section 2) for delivery locally.

1. fetchmail (4.5.8)

fetchmail has probably already been installed on your system.  There appears to be little competition for fetchmail, but it is clearly the pride of the OSS community (its author, Eric S. Raymond, wrote the Chathederal and the Bazar).  Fetchmail specialises in on-demand links, especially for temporary connections.  Even though I have a permanent cable TV connection, I have to demand my e-mails as my ISP does not forward them automatically to customers.

fetchmail is fairly straightforward to get running, see for example:

A simple ~/.fetchmailrc file should look something like the following:
set daemon 300
defaults
    forcecr
poll hostname.ISP.country with proto POP3
    user mb10099 there with password "XXXXXXX" is * there options keep
The words in bold are read and acted upon by fetchmail, while the normal text is noise that can added as required and is ignored (more details are in /usr/doc/fetchmail-*/sample.rcfile).  Don't forget to set it to chmod 0600.
 
set daemon 300 Fetchmail runs in the background and checks for emails every 5 minutes.  You may want run fetchmail by hand if you have a dial-up connection.
poll hostname.ISP.country The poll commands tells fetchmail to check the following site for emails.  When poll is replaced by "skip", this entry would be ignored.
proto POP3 Use the POP3 protocol - still probably the most common, but fetchmail appears to support all others.
user username This is the username needed to login.
password "XXXXXX" The password to login.  This is stored as plain text in the .fetchmailrc file and is the reason why this file is required to be set as read/write for the user only.

is user-name (or "to user-name")
Normally, fetchmail would pass mails to the MTA with a fully qualified RCPT TO address of type hostname@localhost.  The "is" makes fetchmail feed mails with RCPT TO address user-name@localhost.  For our purposes, however, we use "is *", which makes fetchmail pass mails without modifying the text before the @.
keep Especially useful for testing, this command tells fetchmail to leave all mails on the server.
forcecr Just something that must be added
local domains Depends whether ISP leaves mail headers alone.  If so, fetchmail only has to know its local domain names

Fetchmail gets the e-mails and forwards them using SMTP to port 25 on localhost where your "mail transport agent" (MTA) needs to be waiting/running in order to receive them.

2. qmail

qmail is a MTA replacement for the more ubiquitous sendmail.  Sendmail is reputed to be less secure than qmail and, in my brief experience, is certainly more complicated to configure (not that qmail is simple).

qmail comprises severall small programs which pass incoming and outgoing mails between themselves seemlessly - as a result, most of this text refers to qmail generically instead of the individual components.  qmail listens at port 25 for incoming SMTP traffic (in this case from fetchmail) and then arranges its delivery.  It can also handle outgoing mail too, instead of the mailing components in email software.

Installation

Installation is not difficult, but is also not simple.  Read the INSTALL and the INSTALL.* files carefully; these take you in detail through the key stages:
  1. Setup the necessary qmail usernames on your system
  2. Compile and install the software and documentation
  3. Teach qmail your full host name
  4. Setup up key non-user routing instructions
  5. Start qmail and test delivery between users and to the outside
  6. Setup initd.conf to ensure approopriate listening on port 25
  7. Restart initd
  8. Make hooks for programs that call sendmail
  9. Test receipt of incoming SMTP mail traffic
  10. Where appropriate, create a SysV script (see Mail-HOWTO, download my script)
The following sites provide further discussion of the steps involved if INSTALL is insufficiently clear:

Basic configuration

Although there is much help for installation available on the net, there is rather less on configuration.

As qmail will not be running as a permanently connected SMTP server, it will not be able to find your domain address in DNS (a 'virtual domain').  Recall also that fetchmail delivers to the localhost domain.  As a result, qmail needs to know that it must accept mails destined for the localhost domain:

.qmail files

There are five types of line in a .qmail file:
  • #comment
  •  |program to execute
  •  [&]forwarding email address  # & need if username does not begin with an alphanumeric character
  •  ./mailbox deliver to a single mail file (Mbox)
  •  ./maidir/ deliver to a mail directory (Maildir)
  • Notes:

    Handling aliases

    There are basically two ways of handling the incoming mail names and routing them to local user names.
    Delivery by the alias user
    qmail by default can only recognise and deliver to system user names (sim & lies in this case).  It does, however, also postulate a set of related email addresses for each user of the form user-ext.  For any such address, qmail-local - which is the qmail component responsible for final mail delivery - looks in ~/.qmail-ext for delivery instructions.  If no .qmail-ext file is found (or the file exists but is empty), default delivery is to the file ~/Mailbox (unless .qmail-default states otherwise??).

    Addresses which do not map to a specific user (ignoring the "-ext" as necessary) are handled by the special alias user.  Recall, how during the installation procedure, .qmail files were put in ~alias for root, postmaster and ...  When alias is invoked, qmail-local looks for a .qmail-username file for details of how to forward the mail to a local user.

    It follows that the apparent solution to our objective is an ~alias/.qmail-simon.hampton file with "sim" as the only contents (without quotations).  In practice, the file needs to be called ~alias/.qmail-simon:hampton  as qmail requires "."s to be ":"s in such instances, but apart from that it is done.

    Configuring users/assign
    Arbitrary addresses can be assigned to specific users using qmail-users.  This is necessary, for instance, for my incoming mail to simon.hampton (if you do not have a . in the name, it may work with the alias solution)

    /var/qmail/users/assign (See http://qmail.digibel.be/man/man9/qmail-users.html for format)

    =simon.hampton:sim:1002:100:/home/sim:::
    =liesbeth.devriendt:lies:1004:100:/home/lies:::
    .
    Do not forget to run /var/qmail/bin/qmail-newu afterwards to convert assign to the necessary binary file, cdb.

    As an alternative qmail-pw2u can build a list for you from your /etc/password file.

    Outgoing mails (qmail as a relay)

    Mail headers
    qmail is not great at rewriting headers on outgoing mail, but these can probably be setup in mail client directly.  If however you leave the from address as sim (to facilitate correspondance between users) in the mail client
    Setting up a mailhost
    A mailhost is a machine that will perform all the local deliveries for a site.  It accepts mail from users throughout the local network and from external
    sources.  All mail for local delivery (domain specified in control/locals) is directed to the relevant postbox, while the rest is passed to the relevant gateway.

    The main configuration files are therefore:

    Seeting up a mailhost can expose you to security concerns by creating an "open relay".  The following provide guides of the relatively complex process of howto to relay selectively: Don't forget to set up mail client to pass outgoing mails to sendmail,

    Restarting qmail

    Many parts of qmail do not reread their configuration files once started (unlike, for example, the samba server).  Rebooting will lead the new configuration to be loaded, but there are way of avoiding this time consuming activity.
    Following changes to ..
    From section 4.7 of the mail-HOWTO, we have
    killall [-HUP] inetd; init 1
    Following changes to ....
    qmail-send

    Acknowledgements

    In addition to the sources mentioned above, I was helped through this complex process by the following excellent sources:

    Hostname

    qmail relies absolutely on thecomputers hostname being setup correctly.  hostname -f should report the fully qualified domain name, and this can also be found in /etc/HOSTNAME.  Some configuration help can be found in the Networking-HOWTO, and for the record the 3 key files should have the following basic elements.
     
    /etc/hosts /etc/hosts.conf /etc/resolv.conf
    127.0.0.1   localhost
    [other home LAN hosts]
    order hosts, bind
    multi on
    domain maths.wu.edu.au 
    search maths.wu.edu.au wu.edu.au 
    nameserver 192.168.10.1 
    nameserver 192.168.12.1

    Note: linuxconf is capable of editing most of these files

    Other programs


    Copyright © 1999 Simon Hampton. All rights reserved. Permission to use, distribute, and copy this document is hereby granted. You may modify this document as long as credit to me is given and I am informed of the changes.