pop3 110/tcpline in /etc/services. Third, put (all on one line, includingqmail-popup twice)   pop3 stream tcp nowait root   /var/qmail/bin/qmail-popup qmail-popup   YOURHOST /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildirinto /etc/inetd.conf, and give inetd a HUP; replace YOURHOST with yourhost's fully qualified domain name. Fourth, set up Maildir delivery forany user who wants to read mail via POP.If you have tcpserver installed, skip the inetd step, and set up (on twolines)   tcpserver 0 pop3 /var/qmail/bin/qmail-popup YOURHOST \   /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &replacing YOURHOST with your host's fully qualified domain name. Seequestion 5.1 for more details on tcpserver.Security note: pop3d should be used only within a secure network;otherwise an eavesdropper can steal passwords.5.4. How do I allow selected clients to use this host as a relay? I seethat qmail-smtpd rejects messages to any host not listed incontrol/rcpthosts.Answer: Three steps. First, install tcp-wrappers, available separately,including hosts_options. Second, change your qmail-smtpd line ininetd.conf to   smtp stream tcp nowait qmaild /usr/local/bin/tcpd   /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd(all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow,make a line setting the environment variable RELAYCLIENT to the emptystring for the selected clients:   tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENTHere 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpdignores control/rcpthosts when RELAYCLIENT is set. (It also appendsRELAYCLIENT to each envelope recipient address. See question 5.5 for anapplication.)Alternative procedure, if you are using tcpserver 0.80 or above: Create/etc/tcp.smtp containing   1.2.3.6:allow,RELAYCLIENT=""   127.:allow,RELAYCLIENT=""to allow clients with IP addresses 1.2.3.6 and 127.*. Run   tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtpFinally, insert   -x /etc/tcp.smtp.cdbafter tcpserver in your qmail-smtpd invocation.5.5. How do I fix up messages from broken SMTP clients?Answer: Three steps. First, put   | bouncesaying 'Permission denied' [ "@$HOST" != "@fixme" ]   | qmail-inject -f "$SENDER" -- "$DEFAULT"into ~alias/.qmail-fixup-default. Second, put   fixme:fixupinto /var/qmail/control/virtualdomains, and give qmail-send a HUP.Third, follow the procedure in question 5.4, but set RELAYCLIENT to thestring ``@fixme'':   tcp-env: 1.2.3.6, 1.2.3.7: setenv = RELAYCLIENT @fixmeHere 1.2.3.6 and 1.2.3.7 are the clients' IP addresses. If you are usingtcpserver instead of inetd and tcpd, put   1.2.3.6:allow,RELAYCLIENT="@fixme"   1.2.3.7:allow,RELAYCLIENT="@fixme"into /etc/tcp.smtp, and run tcprules as in question 5.4.5.6. How do I set up qmail-qmqpd? I'd like to allow fast queueing ofoutgoing mail from authorized clients.Answer: Make sure you have installed tcpserver 0.80 or above. Create/etc/qmqp.tcp in tcprules format to allow connections from authorizedhosts. For example, if queueing is allowed from 1.2.3.*:   1.2.3.:allow   :denyConvert /etc/qmqp.tcp to /etc/qmqp.cdb:   tcprules /etc/qmqp.cdb /etc/qmqp.tmp < /etc/qmqp.tcpFinally, set up   tcpserver -x /etc/qmqp.cdb -u 7770 -g 2108 0 628 /var/qmail/bin/qmail-qmqpd &replacing 7770 and 2108 with the qmaild uid and nofiles gid. Seequestion 5.1 for more details on tcpserver.6. Configuring MUAs to work with qmail6.1. How do I make BSD mail generate a Date with the local time zone?When I send mail, I'd rather use the local time zone than GMT, sincesome MUAs don't know how to display Date in the receiver's time zone.Answer: Put   set sendmail=/var/qmail/bin/datemailinto your .mailrc or your system-wide Mail.rc. Beware that BSD mail isneither secure nor reliable.6.2. How do I make pine work with qmail?Answer: Put   sendmail-path=/usr/lib/sendmail -oem -oi -tinto /usr/local/lib/pine.conf. (This will work with sendmail too.)Beware that pine is neither secure nor reliable.6.3. How do I make MH work with qmail?Answer: Put   postproc: /usr/mh/lib/spostinto each user's .mh_profile. (This will work with sendmail too.) Bewarethat MH is neither secure nor reliable.6.4. How do I stop Sun's dtcm from hanging?Answer: There is a novice programming error in dtcm, known as ``failureto close the output side of the pipe in the child.'' Sun has, at thetime of this writing, not yet provided a patch. Sorry.7. Managing the mail system7.1. How do I safely stop qmail-send? Back when we were runningsendmail, it was always tricky to kill sendmail without risking the lossof current deliveries; what should I do with qmail-send?Answer: Go ahead and kill the qmail-send process. It will shut downcleanly. Wait for ``exiting'' to show up in the log. To restart qmail,run /var/qmail/rc the same way it is run from your system boot scripts,with the proper PATH, resource limits, etc.Alternative, if qmail is supervised: svc -t /var/run/qmail. Thesupervise process will kill qmail, wait for it to stop, and restart it.Use -d instead of -t if you don't want qmail to restart automatically;to manually restart it, use -u.7.2. How do I manually run the queue? I'd like qmail to try deliveringall the remote messages right now.Answer: Give the qmail-send process an ALRM. (Do svc -a /var/run/qmailif qmail is supervised.)You may want to run qmail-tcpok first, to guarantee that qmail-remotewill try all addresses. Normally, if an address fails repeatedly,qmail-remote leaves it alone for an hour.7.3. How do I rejuvenate a message? Somebody broke into Eric's computeragain; it's going to be down for at least another two days. I know Erichas been expecting an important message---in fact, I see it sitting herein /var/qmail/queue/mess/15/26902. It's been in the queue for six days;how can I make sure it isn't bounced tomorrow?Answer: Just touch /var/qmail/queue/info/15/26902. (This is the onlyform of queue modification that's safe while qmail is running.)7.4. How do I organize a big network? I have a lot of machines, and Idon't know where to start.Answer: First, choose the domain name where your users will receivemail. This is normally the shortest domain name you control. If you arein charge of *.movie.edu, you can use addresses like joe@movie.edu.Second, choose the machine that will know what to do with differentusers at movie.edu. Set up a host name in DNS for this machine:   mailhost.movie.edu IN A 1.2.3.4   4.3.2.1.in-addr.arpa IN PTR mailhost.movie.eduHere 1.2.3.4 is the IP address of that machine.Third, make a list of machines where mail should end up. For example, ifmail for Bob should end up on Bob's workstation, put Bob's workstationonto the list. For each of these machines, set up a host name in DNS:   bobshost.movie.edu IN A 1.2.3.7   7.3.2.1.in-addr.arpa IN PTR bobshost.movie.eduFourth, install qmail on bobshost.movie.edu. qmail will automaticallyconfigure itself to accept messages for bob@bobshost.movie.edu anddeliver them to ~bob/Mailbox on bobshost. Do the same for the othermachines where mail should end up.Fifth, install qmail on mailhost.movie.edu. Put   movie.edu:alias-movieinto control/virtualdomains on mailhost. Then forward bob@movie.edu tobob@bobshost.movie.edu, by putting   bob@bobshost.movie.eduinto ~alias/.qmail-movie-bob. Do the same for other users.Sixth, put movie.edu into control/rcpthosts on mailhost.movie.edu, sothat mailhost.movie.edu will accept messages for users at movie.edu.Seventh, set up an MX record in DNS to deliver movie.edu messages tomailhost:   movie.edu IN MX 10 mailhost.movie.eduEighth, on all your machines, put movie.edu into control/defaulthost.7.5. How do I back up and restore the queue disk?Answer: You can't.One difficulty is that you can't get a consistent snapshot of the queuewhile qmail-send is running. Another difficulty is that messages in thequeue must have filenames that match their inode numbers.However, the big problem is that backups---even twice-daily backups---are far too unreliable for mail. If your disk dies, there will be verylittle overlap between the messages saved in the last backup and themessages that were lost.There are several ways to add real reliability to a mail server. Batterybackups will keep your server alive, letting you park the disk to avoida head crash, when the power goes out. Solid-state disks have their ownbattery backups. RAID boxes let you replace dead disks without losingany data.7.6. How do I run a supervised copy of qmail? svc sounds useful.Answer: Install daemontools (http://pobox.com/~djb/daemontools.html).Create a /var/run/qmail directory. Change   /var/qmail/rcto   supervise /var/run/qmail /var/qmail/rcin your boot scripts. Make sure that supervise is in the startup PATH.Now you can use svc to stop or restart qmail, and svstat to checkwhether qmail is running.7.7. How do I avoid syslog? It chews up a lot of CPU time and isn'treliable.Answer: Install daemontools (http://pobox.com/~djb/daemontools.html).Make a /var/log/qmail directory, owned by qmaill, mode 2700. Do   qmail-start ./Mailbox /usr/local/bin/accustamp \   | setuser qmaill /usr/local/bin/cyclog /var/log/qmail &in /var/qmail/rc.If you are logging tcpserver connections, make a /var/log/smtpddirectory, and use cyclog /var/log/smtpd for tcpserver. You shouldn'trun several copies of cyclog with the same log directory.By default, cyclog keeps 10 automatically rotated log files, eachcontaining up to 100KB of log data. To keep 20 files with 1MB each, usecyclog -s 1000000 -n 20.8. Miscellany8.1. How do I tell qmail to do more deliveries at once? It's runningonly 20 parallel qmail-remote processes.Answer: Decide how many deliveries you want to allow at once. Put thatnumber into control/concurrencyremote. Restart qmail-send as in question7.1. If your system has resource limits, make sure you set thedescriptors limit to at least double the concurrency plus 5; otherwiseyou'll get lots of unnecessary deferrals whenever a big burst of mailshows up. Note that qmail also imposes a compile-time concurrency limit,120 by default; this is set in conf-spawn.8.2. How do I keep a copy of all incoming and outgoing mail messages?Answer: Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h.Recompile qmail. Put ./msg-log into ~alias/.qmail-log.You can also use QUEUE_EXTRA to, e.g., record the Message-ID of everymessage: run   | awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'from ~alias/.qmail-log.8.3. How do I switch slowly from sendmail to qmail? I'm thinking ofmoving the heaven.af.mil network over to qmail, but first I'd like togive my users a chance to try out qmail without affecting currentsendmail deliveries. We're using NFS.Answer: Find a host in your network, say pc.heaven.af.mil, that isn'trunning an SMTP server. (If addresses at pc.heaven.af.mil are used, youshould already have an MX pointing pc.heaven.af.mil to your mail hub.)Set up a new MX record pointing lists.heaven.af.mil to pc.heaven.af.mil.Install qmail on pc.heaven.af.mil. Replace pc with lists in the controlfiles. Make the qmail man pages available on all your machines.Now tell your users about qmail. A user can forward joe@heaven.af.mil tojoe@lists.heaven.af.mil to get ~/Mailbox delivery; he can set up .qmailfiles; he can start running his own mailing lists @lists.heaven.af.mil.When you're ready to turn sendmail off, you can set up pc.heaven.af.milas your new mail hub. Add heaven.af.mil to control/locals, and changethe heaven.af.mil MX to point to pc.heaven.af.mil. Make sure you leavelists.heaven.af.mil in control/locals so that transition addresses willcontinue to work.