qmail
| Original author(s) | Daniel J. Bernstein |
|---|---|
| Final release | 1.03
/ June 15, 1998 |
Mail transfer agent | |
| License | public domain[1] |
| Website | cr |
| Final release | 1.06
/ November 30, 2007 |
|---|---|
| Repository | netqmail |
| Website | netqmail |
| Stable release | 4.2.29a
/ February 26, 2024 |
|---|---|
| Website | fehcom |
| Stable release | 1.08
/ May 20, 2020 |
|---|---|
| Repository | github |
| Website | notqmail |
qmail is a
Features
 |
Security
When first published, qmail was the first security-aware mail transport agent; since then, other security-aware
Performance
When it was released, qmail was significantly faster than Sendmail, particularly for bulk mail tasks such as mailing list servers. qmail was originally designed as a way to manage large mailing lists.
Simplicity
At the time of qmail's introduction, Sendmail configuration was notoriously complex, while qmail was simple to configure and deploy.
Innovations
qmail encourages the use of several innovations in mail (some originated by Bernstein, others not):
- Maildir
- Bernstein invented the NFS. qmail also delivers to mbox mailboxes.
- Wildcard mailboxes
- qmail introduced the concept of user-controlled wildcards. Out of the box, mail addressed to "user-wildcard" on qmail hosts is delivered to separate mailboxes, allowing users to publish multiple mail addresses for mailing lists and spam management.
qmail also introduces the Quick Mail Transport Protocol (QMTP), an e-mail transmission protocol that is designed to have better performance than Simple Mail Transfer Protocol (SMTP), the de facto standard;[4] and Quick Mail Queuing Protocol (QMQP), a network protocol designed to share e-mail queues between several hosts.[5]
Modularity
qmail is nearly a completely modular system in which each major function is separated from the other major functions. It is easy to replace any part of the qmail system with a different module as long as the new module retains the same interface as the original.
Controversy
Security reward and Georgi Guninski's vulnerability
In 1997, Bernstein offered a US$500 reward for the first person to publish a verifiable
In 2005, security researcher Georgi Guninski found an integer overflow in qmail. On 64-bit platforms, in default configurations with sufficient virtual memory, the delivery of huge amounts of data to certain qmail components may allow remote code execution. Bernstein disputes that this is a practical attack, arguing that no real-world deployment of qmail would be susceptible. Configuration of resource limits for qmail components mitigates the vulnerability.[7]
On November 1, 2007, Bernstein raised the reward to US$1000.[1] At a slide presentation the following day, Bernstein stated that there were 4 "known bugs" in the ten-year-old qmail-1.03, none of which were "security holes". He characterized the bug found by Guninski as a "potential overflow of an unchecked counter". "Fortunately, counter growth was limited by memory and thus by configuration, but this was pure luck."[8]
On May 19, 2020, a working exploit for Guninski's vulnerability was published by Qualys[9] but exploit authors' state they were denied the reward because it contains additional environmental restrictions.
Frequency of updates
The core qmail package has not been updated for many years.[10] New features were initially provided by third-party patches, from which the most important at the time were brought together in a single meta-patch called netqmail.[11]
Standards compliance
qmail was not designed as a drop-in replacement for
specification.Furthermore, some qmail features have been criticized for introducing mail forwarding complications; for instance, qmail's "wildcard" delivery mechanism and security design prevents it from rejecting messages from forged or nonexistent senders during SMTP transactions.[14] In the past, these differences may have made qmail behave differently when abused as a spam relay, though modern spam delivery techniques are less influenced by bounce behavior.
Copyright status
qmail was released to the
qmail is the only broadly deployed
See also
- qpsmtpd
- djbdns
- List of mail servers
- Comparison of mail servers
References
- ^ a b "Some thoughts on security after ten years of qmail 1.0" (PDF). Retrieved 2007-12-01.
- ^ Announcing notqmail
- ^ "Information for distributors".
I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc.
- ^ "Quick Mail Transfer Protocol (QMTP)". February 1, 1997. Retrieved 6 May 2023.
- ^ "QMQP: Quick Mail Queueing Protocol". Retrieved 6 May 2023.
- ^ "The qmail security guarantee". Retrieved 2007-10-05.
- ^ Georgi Guninski. "Georgi Guninski security advisory #74, 2005". Retrieved 2007-10-05.
- ^ "Some thoughts on security after ten years of qmail 1.0 [Slide presentation]" (PDF). Retrieved 2008-01-17.
- ^ "'[oss-security] Remote Code Execution in qmail (CVE-2005-1513)' - MARC". marc.info. Retrieved 2021-03-03.
- ^ "Life with qmail; History". Retrieved 2007-12-01.
- ^ "netqmail". netqmail.org. Retrieved 2021-03-03.
- doi:10.17487/RFC1894. Retrieved 2021-03-03.
- doi:10.17487/RFC3464. Retrieved 2021-03-03.
- ^ Moen, Rick (October 2006). "On Qmail, Forged Mail, and SPF Records". Linux Gazette (131).
- ^ "Bernstein releases code into the public domain". Retrieved 2007-11-30.
External links
- Official website
, maintained by the author. - qmail.org, maintained by Russ Nelson
- qmail-LDAP-UI – qmail-LDAP-UI is a Web-based User Administration tool
- Qmailtoaster – Distributes RPM files for appropriate distros to install qmail quickly and easily. Has a wiki and mailing list.
- pkgsrc qmail and qmail-run, a pair of easy-to-install cross-platform qmail source packages included in pkgsrc
- The qmail section of FAQTS, an extensive knowledgebase built by qmail users
- qmailWiki is a relatively new wiki about qmail, hosted by Inter7
- J.M.Simpson qmail site Useful Information about qmail, including explanations and patches, by John M. Simpson (Updated regularly)
- Unofficial qmail Bug and Wishlist
- qmail queue messages deliver (PHP)
- qmail-distributions – qmail patches combined into easy-to-use distributions
- Roberto's qmail notes – An English/Italian howto on qmail and related software. A big patch is included and is updated regularly.
| Open source |
|  | ||||
|---|---|---|---|---|---|---|
| Proprietary | ||||||
| Related technologies | ||||||
| Related articles | ||||||
| International | |
|---|---|
| National | |