关于Qmail问题集

* Q: On my FreeBSD server, when I run the test_installation script that comes with qmail-scanner, I get the following error:

      Sending eicar test virus - should be caught by perlscanner module...
      qmail-inject: fatal: qq temporary problem (#4.3.0)
      Bad error. qmail-inject died

      What's wrong?
    * Q: When compiling qmail, I get the following error:

      qmail-remote.c:36: openssl/ssl.h: No such file or directory

      what's wrong?
    * Q: I keep on getting tons of "double bounce" messages that say "I tried to deliver a bounce message to this address, but the bounce bounced!". What causes this and how can I stop it?
    * Q: When I try to send e-mail with Outlook or any other mail client, I get an error stating "sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)". What is causing this error?
    * Q: How can I disable qmail from conducting reverse DNS lookups on SMTP connections?
    * Q: Is there a way to customize my qmail server's pop greeting?
    * Q: How can I change the length of time that a given message will sit in the qmail queue before being dropped?
    * Q: I am running qmail-scanner with Spamassassin and ClamAV. When I run the qmail-scanner test script or when I view my logs, I see the following error:
      qmail-inject: fatal: qq temporary problem Bad error. qmail-inject died
    * Q: I've got my qmail server up and running, but the smtp server is running extremely slow. What's wrong?
    * Q: Is there a way in which I can limit the size of messages that my qmail server will accept?
    * Q: I am unable successfully login to my qmail server on port 110 (POP). When I view the qmail-pop3d logs, I see this error message:

      bind: address already used @40000000402764171035c1e4 tcpserver: fatal: unable to bind: address already in use

    * Q: What functions are possible with the "qmailctl" tool?
    * Q: How can I block a certain sender or an entire domain from sending mail to my Qmail server?
    * Q: I've only got one domain on my server. Can I install Qmail without Vpopmail since I don't plan on having multiple domains?
    * Q: When my Qmail server bounces messages, it comes from "mailer-daemon@mydomain.com". Can I change that?
    * Q: What is the purpose of each of the Qmail control files within the /var/qmail/control directory?
    * Q: How do I set my Qmail server up to allow authenticated users to remotely send mail through my server?
    * Q: My Internet Server Provider (ISP) blocks 3rd party connections to port 25, so I cannot send mail. What can I do?
    * Q: What is "smtp authentication", what is "pop before smtp" and which is better?
    * Q: When I test my Qmail server for an open relay at http://www.abuse.net/relay.html, it says "Hmmn, at first glance, host appeared to accept a message for relay..." Does this mean my Qmail server is an open relay???
    * Q: Does the Qmailrocks.org Qmail installation prevent open relaying and/or how do I prevent Qmail from being an open relay?
    * Q: I want to be able to backup my mail data. How can I do this?

 
Q:
 On my FreeBSD server, when I run the test_installation script that comes with qmail-scanner, I get the following error:

Sending eicar test virus - should be caught by perlscanner module...
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

What's wrong?
A:
 This error is typically encounted after the latest version of Perl is installed from the FreeBSD ports collection with the "ENABLE_SUIDPERL" option disabled. The solution is to reinstall Perl with the "ENABLE_SUIDPERL" feature enabled. Please see this page: http://freebsd.qmailrocks.org/suidperl.htm
   
   return to top
 
Q:
 When compiling qmail, I get the following error:

qmail-remote.c:36: openssl/ssl.h: No such file or directory

what's wrong?
A:
 You need to install both openssl and openssl-devel. On Redhat related products, you can find rpm's of both openssl and openssl-devel. The up2date package manager is usually the best way to go on Redhat products. On Debian, you will want to installed openssl and libssl-dev like so:

apt-get install openssl
apt-get install libssl-dev
   
   return to top
 
Q:
 I keep on getting tons of "double bounce" messages that say "I tried to deliver a bounce message to this address, but the bounce bounced!". What causes this and how can I stop it?
A:
 Double bounces are typically caused when a spammer sends an email to an email address that does not exist on your server. By default, the server will try to bounce the message because that mailbox could not be found. However, if the return address that the spammer uses is fake, then the bounced message will also bounce and be returned to your server. Thus a "double bounce".

To greatly reduce the numbers of double bounce messages, you can instruct vpopmail to delete these emails that are being sent to invalid addresses on your server instead of attempting to bounce them. On a QMR install, you can do this by logging into the qmailadmin interface as the postmaster user for each domain. Click on "email accounts" and then click "Set catchall to delete". This will set your domain's cathcall function to "delete", thus deleting any an all emails send to invalid addresses and avoiding the potential double bounce. These days, acutally using a catchall is a pretty dumb idea. In this day and age, all a catchall does is catch all the SPAM. Disable the catchall function by setting it to delete and your inbox and mail server will both thank you.
   
   return to top
 
Q:
 When I try to send e-mail with Outlook or any other mail client, I get an error stating "sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)". What is causing this error?
A:
 This error can be annoying, but it's actually a good thing. Your qmail server is rejecting your attempt to relay through it because you aren't authenticated properly. Usually, this is caused by one of these 2 mistakes:

1 The SMTP mail server address that you are using is not listed in the /var/qmail/control/rcpthosts file and is therefore not allowed to remotely relay through the server. Check your mail client setting and take note of the SMTP mail server address that you are using. Then check the /var/qmail/control/rcpthosts file and make sure that domain is listed there. If it isn't, stick it in there and then restart qmail to make sure the setting takes.

2. You haven't set up your mail client for SMTP authentication. The qmailrocks installation requires SMTP authentication in order to send. In Outlook, for example, this is activated in the advanced settings by checking the box that states "my server requires authentication".
   
   return to top
 
Q:
 How can I disable qmail from conducting reverse DNS lookups on SMTP connections?
A:
 This can be done by adding a "-H" flag to the tcpserver call within the qmail-smtpd supervise script. That file is located at /var/qmail/supervise/qmail-smtpd/run and you would do the following:

< Find the line that starts with the tcpserver call:

/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \

and add the "-H" flag:

/usr/local/bin/tcpserver -v -R -H -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
   
   return to top
 
Q:
 Is there a way to customize my qmail server's pop greeting?
A:
 Sure. You can edit the greeting verbage in /usr/src/qmail/qmail-1.03/qmail-popup.c
You will need to recompile qmail after making any changes. You can do this with the command "make setup check".

Note: All qmail processes must be stopped before you can recompile. Have fun.
   
   return to top
 
Q:
 How can I change the length of time that a given message will sit in the qmail queue before being dropped?
A:
 You can change the length of time messages will stay in the queue by creating a file /var/qmail/control/queuelifetime. In this file you will have a single line containing the time, in seconds, that you wish the queue to keep any given message queued for.

For example:

3600 - 1 hour
86400 - 1 day
604800 - 1 week
   
   return to top
 
Q:
 I am running qmail-scanner with Spamassassin and ClamAV. When I run the qmail-scanner test script or when I view my logs, I see the following error:
qmail-inject: fatal: qq temporary problem Bad error. qmail-inject died
A:
 Usually this can be fixed by raising the "softlimit" setting within the /var/qmail/supervise/qmail-smtpd file. Try raising it to around 35MB, or 35000000 bytes and that should fix it.
   
   return to top
 
Q:
 I've got my qmail server up and running, but the smtp server is running extremely slow. What's wrong?
A:
 This can result from a lot of things, but most often it's the result of a DNS error of some kind. Check to make sure your mail server's hostname has a proper DNS setup. You may want to try www.dnsreport.com. to test your server's DNS configuration. Also, make sure that your server's IP address has a reverse PTR record associated with it. Additionally, I would recommend installing djbdns and running a local caching nameserver to which your qmail server can make fast queries. You can find help on djbdns at www.djbdnsrocks.org.
   
   return to top
 
Q:
 Is there a way in which I can limit the size of messages that my qmail server will accept?
A:
 Yes. You can create the file /var/qmail/control/databytes. Within this file you specify the maximum message size, in bytes, that your server will accept. For example, an entry of 10000000 would limit messages to 10MB. Anything over that size will be rejected by the server and the sender should get a bounce message stating that the message is over the allowed message size. The syntax of the file is easy. You simply put in the maximum number and nothing else. So for a limit of 10MB, you would create a file called /var/qmail/control/databytes and on the first line you would enter the number 10000000 and nothing else. Save the file and you're all done. You may want to restart qmail just to be sure it kicks in.
   
   return to top
 
Q:
 I am unable successfully login to my qmail server on port 110 (POP). When I view the qmail-pop3d logs, I see this error message:

bind: address already used @40000000402764171035c1e4 tcpserver: fatal: unable to bind: address already in use

A:
 Most likely, your server is already running a POP service. Since there is already a POP service running, qmail-pop3d cannot bind itself to port 110. To fix this, check your server's setup to make sure that any other POP services are killed and then disabled. Often times, the other POP service will be running out of either xinetd or inetd, so check the /etc/xinetd.d scripts or the /etc/inetd.conf script and make sure that any POP services are disabled. Also check your init scripts and make sure that no POP servers, such as Qpopper, are running and/or configured to start on server boot.
   
   return to top
 
Q:
 What functions are possible with the "qmailctl" tool?
A:
 You can get a nice printout of all the possible qmailctl functions and their purposes by running:

qmailctl help

You'll get something like this:

stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
   
   return to top
 
Q:
 How can I block a certain sender or an entire domain from sending mail to my Qmail server?
A:
 You can block an individual address or entire domain from sending mail to your server by creating the following file:

/var/qmail/control/badmailfrom

Inside the " badmailfrom " file, the syntax might look something like this:

john@somedomain.com
@otherdomain.com

What do the above lines do?

The entry for "john@somedomain.com" would block all mail coming from "john@somedomain.com".

The entry for "@otherdomain.com" would block any and all mail coming from the domain "otherdomain.com".

Easy enough?
   
   return to top
 
Q:
 I've only got one domain on my server. Can I install Qmail without Vpopmail since I don't plan on having multiple domains?
A:
 Absolutely. Qmail was designed first and Vpopmail was designed later on as an after-market add-on by Inter7, so Qmail will function perfectly fine without Vpopmail. However, I don't cover that on this site. My advise, even if you're only hosting 1 domain, is to install Vpopmail anyway. Vpopmail makes management of mail a lot easier, in my opinion, but the main reason I like to use Vpopmail is because it allows you to keep your e-mail users, passwords and other settings in completely seperate arena than your system users and other system settings. I make a habit of keeping all server functions isolated and independent of other server functions. Additionally, if you install Vpopmail, it will make the rest of the Qmailrocks install go more smoothly. I've never tried my installation without Vpopmail, so if you choose to go that route, you're on your own.
   
   return to top
 
Q:
 When my Qmail server bounces messages, it comes from "mailer-daemon@mydomain.com". Can I change that?
A:
 Yes. There are 2 files you will need in oder to accomplish this. The first is /var/qmail/control/defaultdomain. The second is /var/qmail/control/bouncefrom. The /var/qmail/control/defaultdomain should already be there. It will contain the domain from which those bounce message will come. You will need to create the other file, /var/qmail/control/bouncefrom, yourself. This file will contain the mailname that will be attached to the default domain. For example, if you have "mydomain.com" in the defaultdomain file and you put "mailmonster" in the bouncefrom file, the bounced messages would appear to come from "mailmonster@mydomain.com". Make sense? This is by no means a crucial item, but it can add a little personality to your mail server.
   
   return to top
 
Q:
 What is the purpose of each of the Qmail control files within the /var/qmail/control directory?
A:
 Why reinvent the wheel? Dave Sill has a nice table that tells all. http://lifewithqmail.org/lwq.html#config-files
   
   return to top
 
Q:
 How do I set my Qmail server up to allow authenticated users to remotely send mail through my server?
A:
 The Qmailrocks installation comes with SMTP authentication built in. This is what makes remote selective relaying possible. Mail users can authenticate against the Qmail server and then send mail from a remote mail client, such as Outlook or Eudora. If you've installed Qmail according to this site, you don't need to do anything extra. All you need to do is (1) Get Qmail running properly and then (2) configure your mail client properly. If you need help configuring your mail client, click here.
   
   return to top
 
Q:
 My Internet Server Provider (ISP) blocks 3rd party connections to port 25, so I cannot send mail. What can I do?
A:
 These days, most ISP's will block any attempt to send mail out on any SMTP server besides their own. This is a security measure to prevent their customers from spamming over their network. The classic example of this is if you are hosting your domain and e-mail for that domain at some hosting company apart from your Internet service company account. When you try to configure Outlook to use "mail.yourdomain.com" as the SMTP server, you get a big far error when you try to send mail. That's because your ISP is blocking your attempt to connect to port 25 (SMTP) on a server that is not theirs. The solution is to use your ISP's outgoing SMTP server instead of your domain's mail server. For example, I use Earthlink DSL service. Therefore, in my Outlook cofiguration, I have "mail.earthlink.net" as the SMTP server address. Since I have already authenticated by connecting via DSL, Earthlink allows me to use their SMTP server.

The same logic applies if you are running a mail server off of your home computer or office computer. Qmail tries to send out on port 25, but the attempt gets blocked by your ISP. The solution is also the same. All you have to do is to tell Qmail to use your ISP's outgoing mail server. This is accomplished by creating a new file called "/var/qmail/control/smtproutes". You then edit this file and insert the address of your ISP's SMTP server, like so:

vi /var/qmail/control/smtproutes

:mail.your_isp.com (make sure that the SMTP server name is preceded by a colon ":" )

The address above WILL vary depending on your ISP. If you do not know your ISP's SMTP server address, call them up and ask them. They should be able to tell you what it is. That's it. Once you've created this file, simply restart Qmail with the "qmailctl restart" command and you should be golden!
   
   return to top
 
Q:
 What is "smtp authentication", what is "pop before smtp" and which is better?
A:
 Click Here to find out.
   
   return to top
 
Q:
 When I test my Qmail server for an open relay at http://www.abuse.net/relay.html, it says "Hmmn, at first glance, host appeared to accept a message for relay..." Does this mean my Qmail server is an open relay???
A:
 No, it doesn't. Abuse.net's open relay test will always give that result for a Qmail server. This is due to the way in which Qmail handles unauthorized relay attempts. The test at Abuse.net is geared for Sendmail type servers. Since Qmail rejects relay attempts in a totally different way than Sendmail, the test at Abuse.net will always answer as if it is unsure of the results. A more detailed explanation of this is as follows. Sendmail, if it's configured to block relay attempts, will immediately reject any such attempts without any thought or process. Qmail, on the other hand, will process the request but then reject the attempt once it determines that the sender is not allowed to relay. For this reason, Qmail "appears" to accept the relay attempt at first glance. It is only when the relayed message never makes it to it's intended destination that you realize the relay attempt failed. This is what causes the test at Abuse.net to give you a result that it is unsure whether or not your server is an open relay. Knowing Dan Bernstein, Sendmail's way of rejecting relay attempts is probably not "correct". Qmail probably does it in a more "by the book" way, but since the test at Abuse.net is geared toward Sendmail, that's why you get mixed results. In short, the test at Abuse.net is not optimal for testing Qmail for an open relay. A better way to test it would be to go to http://www.ordb.org/submit/. The test takes a bit longer, but it is more accurate.
   
   return to top
 
Q:
 Does the Qmailrocks.org Qmail installation prevent open relaying and/or how do I prevent Qmail from being an open relay?
A:
 This question comes up ALL THE TIME on the mailing list and in my mailbox, so I'd better address it. OK, the answer is incredibly simple: NO. That's 2 letters, N and O. Put then together and they spell NO! Qmail is VERY secure and, by default, it does NOT allow open relaying. As a matter of fact, you would have to make some intentional and deliberate modifications to Qmail in order to get it to be an open relay. Now the next question I get is "But does the Qmailrocks.org installation allow open relaying?" Again, a simple answer. NO. Qmailrocks.org's Qmail installation, while containing a lot of bells and whistles, is still at it's core Qmail. The Qmailrocks.org Qmail installation does not deviate from or tamper with Qmail's inherent instructions that open relaying is BAD and should never be allowed by default. In the end, the answer to these questions and other similar questions comes down to a questioning of Dan Bernstein himself. Raise your hand if you think Dan Bernstein would be idiotic enough to allow open relaying in Qmail by default. No hands? That's what I thought. Dan's no dummy, folks. By the way, if I sound like a smartass here, my apologies. I think I get this question at least 5 times a day.
   
   return to top
 
Q:
 I want to be able to backup my mail data. How can I do this?
A:
 It's actually easier than you think. When I back up my Qmail servers, I don't get fancy with it. I do it the old fashioned way and just copy the needed directories and files to a backup location, usually another server. I generally like to backup 2 folders: /var/qmail and /home/vpopmail (/usr/home/vpopmail on freebsd). If you back up everything in those 2 directories, you should be fine. A backup of the /var/qmail directory ensures that you can restore all of your mail server settings, including rcpthost domains, customized greetings, block lists and what have you. A backup of the entire /home/vpopmail directory saves all of your domain settings as well as all mailboxes and whatever mail happens to be in those boxes at the time of backup. I've restored the contents of both the /var/qmail folder and the /home/vpopmail folder after a server crash and it had me back up and running in almost no time. To save time and effort, I simply have a cron script that runs every night, tars up both the /var/qmail and /home/vpopmail directories and scp's them off to another server. Simple, yet effective.
   
   return to top