qmail is a mail transfer agent that runs on Unix. It was written by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program. The author offered a $500 prize for the first person to publish a verifiable security hole in the latest version of the software. Despite a handful of minor bugs, there has been only one possible contender for the prize, a potential remote root exploit, only theoretically reproducable using machines with over 8GB of memory on a 64 bit architecture.

Qmail encourages the use of several innovations in mail (some originated by Bernstein, others not), including maildir format mailboxes for storing messages (mbox files are also supported, and encouragement to migrate is given along with a tool to convert mbox mailboxes to maildir mailboxes) and the QMTP and QMQP protocols.

Qmail's major competitors are Exim and Postfix. Unlike qmail's competitors, qmail has not been updated by the author for several years and users have instead come to rely on third party patches to support new functionality.

Copyright status

---

Qmail is licence-free software, although permission is granted for distribution in source form or in pre-compiled form (a "var-qmail package") if certain restrictions are met. As a consequence, some Linux distributions will not install, and possibly not even include, qmail because by their rules they classify such software as "non-free"^{1 2}. Since other MTAs are commonly included in distributions, with their installation enforced by those distributions' package management systems, this may have negatively affected qmail's popularity. Nonetheless, qmail users point out that it is "free enough" for anyone to use; the source code is publicly available and open for inspection and modification by users; and the licensing issues haven't stopped a large number of feature-enhancing augmentations or several modified versions of qmail (namely netqmail, dqd, and Debian's qmail-src package) from being published.

Controversy

---

There is some controversy among mail system operators over whether qmail is as standards-compliant as its author claims. Critics allege a number of variations from the SMTP standards, some of which they claim make qmail more vulnerable to certain kinds of abuse than other MTAs ^*. Others counter many of these claims by pointing out that the standards are ambiguous, and in some cases are at variance with subsequent established best practice and thus unreasonable to be adopted by any mail software.

For example, critics comment on qmail's adoption of a different standard for bounce messages, QSBMF, to the one in RFC 1894. Others counter by pointing out that RFC 1894 has only been adopted by some mail systems, with other systems (just as qmail) employing different bounce message standards; and by asserting that the problem of widespread forgery of envelope senders and the trend in recent years towards single-hop transport have actually undermined the foundations of RFC 1894 and rendered many of its convolutions moot.

Another example of this controversy is that of the behaviour of the SMTP Relay server in qmail when it comes to mail addressed to non-existent mailboxes. Because of qmail's strong security partitioning between its SMTP Relay server and its local delivery agent (One consequence of this is that a spammer cannot enumerate user accounts by a dictionary attack, but this is not the sole reason for the strong security partitioning that runs the SMTP Relay server as a user without any special privileges and without the means to affect other user files and processes.), and because its local delivery agent allows users and administrators to employ "catch-all" wildcards and thus extend the range of valid mailbox name arbitrarily, qmail's SMTP Relay server has no direct knowledge of what local mailbox names are actually valid, and moreover not necessarily enough permissions to find out. As such, mail to non-existent mailboxes (whose domain parts are correct, of course) is accepted by qmail's SMTP Relay server, and qmail generates and sends bounce messages when the non-existent mailbox name is later detected, at the point of actual mailbox delivery.

Critics point out that qmail thus sends far more bounce messages than some other MTAs, which in contrast give their SMTP Relay servers direct access to and knowledge of local mailbox names and thus allow them to refuse mail addressed to non-existent mailboxes; and that spam or worm mail messages often employ the technique of sending messages to non-existent mailboxes on intermediary systems placing the actual target mailbox in envelope sender addresses, relying upon the ensuing bounce message from the intermediary to deliver the payload to the real target.

Others counter this criticism by pointing out

• that as long they support a user-specifiable "address extension" mechanism with wildcarding of some kind, even those other MTAs still have the same problem of mail that cannot be discovered to be undeliverable until after the SMTP Relay server has accepted it, and that thus this merely papers over the problem;
• that there is a fundamental conflict between preventing this sort of spam and a secure flexible design, that one has no choice but to trade the one for the other, and that the range of six different patches available for modifying qmail's SMTP Relay server and their concomitant effects upon flexibility and security exemplify very well the different tradeoffs;

and

• that critics don't support the abandonment of other advances in the state of the art where the same problem occurs (Just as running the SMTP Relay server without privileges was an advance in the state of the art driven by security holes that allowed attackers to compromise local user accounts, the "Delivered-To:" is an advance in the state of the art driven by the problem of mail loops amongst mailing lists resulting in explosions of mail. Yet spammers and worms can employ "Delivered-To:" headers to cause mail to be bounced at the point of actual delivery, and thus to send their payloads to targets as bounce messages sent by intermediaries.).

References

---

See also

---

• qpsmtpd
• djbdns

External links

---

• Official qmail website, maintained by the author
• Unofficial qmail website, maintained by Russ Nelson
• Life with qmail - a popular qmail manual
• QmailToaster - a popular rpm based qmail distribution
• qmail rocks, a qmail guide with additional addons
• pkgsrc qmail and qmail-run, a pair of easy-to-install cross-platform qmail source packages included in pkgsrc
• The qmail section of FAQTS, an extensive knowledgebase built by qmail users
• QmailWiki is a relatively new wiki about qmail, hosted by Inter7
• qmail-ldap patch build a high volume mailserver with qmail based on ldap-directories - and addresses serveral of the "problems" stated above ...
• Unofficial Qmail Bug and Wishlist
• Jonathan de Boyne Pollard's debunking of several myths relating to qmail
• Jonathan de Boyne Pollard's list of the several known problems in qmail

Mail transport agents

Qmail | Qmail | Qmail | Qmail | Qmail | Qmail