Consulting djbware Publications

s/qmail

s/qmail (pronounced skew-mail) is a Mail Transfer Agent (MTA) based on Qmail suited for high-speed and confidential email transport over IPv4 and IPv6 networks.

s/qmail preserves the Qmail ecosystem and ought to be a drop-in replacement for most sites.
s/qmail's mascot is the phoenix (SQRP).

Phoenix

Scope and History

While Qmail provides the framework for a distributed MTA, my own developments and extensions for Qmail (e.g. SMTP Authentication, Spamcontrol) are considered necessary protocol extensions. s/qmail is a complete refactoring of the source code according to current demands for 64-bit systems and including IPv6 capabilities.

After now 20 years of Qmail's superior and uncompromised email delivery (since Qmail 1.01 launch in April 1997), s/qmail posses most of the 'future' Qmail features Dan Bernstein was heading for (see also: Qmail TODO).

The s/qmail 'universe' can be depict from here:

Figure: The s/qmail 'Big Picture' (available as PDF)

Communication and security features

Note: DKIM is still under investigation.

Protocol extension: QMTPS

The Quick Mail Transport Protocol QMTP is an invention of Dan Bernstein and is a simple but fast host-to-host transparent email transport protocol, with very little protocol overhead. It has been adopted by Postfix as well. Also a Net-QMTP Perl module is available.

s/qmail provides additionally the TLS-secured protocol QMTPS to couple several s/qmail instances and distributed queues among different nodes.
IANA has now assigned port 6209 for QMTPS.

s/qmail's implementation of QMTPS supports together with sslserver X.509 client certificates enables qmail-qmtpd to relay email based on valid certificates used by qmail-remote.

Distributed Queueing

Based on SMTP but rather preferably QMTP(S) or QMQP, s/qmail can be instructed to work in a distributed queue environment, typically given in case of a Cloud service. Authentication among the nodes and encryption on the links can be guaranteed using QMTPS. This feature is called enhanced 'Qmail Multiple Queues' (QMQ).

Figure: The s/qmail 'channels' and distributed queueing

It's light-weight design allows to deploy s/qmail nodes rapidly in a Cloud based service domain.

Included packages

The basic s/qmail installation includes the following packages (adapted mostly from Dan Bernstein):

Supported Qmail packages

s/qmail provides full support for the following vanilla Qmail add-ons unaltered:

Note 1: For those packages TLS encryption and IPv6 capabilities for any data-in-flight is possible with s/qmail.
Note 2: s/qmail Recipients extension is capable to understand ezmlm's VERP addresses.
Note 3: Authentication and recipient verification for virtual users is provided out-of-the-box for vpopmail and VMailMgr as well.
Note 4: Dovecot can be used as Identity Provider proxy even for qmail-smtpd by means of the enhanced qmail-authuser calling doveadm to test a specific socket connection.

My s/qmail extensions will work natively with Qmail:

Dependencies and installation of s/qmail

The installation of s/qmail tries to conform to existing Qmail systems as well as to provide a pre-configured and working MTA together with an easy update scheme:

 

https://xkcd.com/1654/

Dependencies

For installation, s/qmail requires a development environment and additionally the OpenSSL development libraries (in particular on Linux).

In particular, the following packages are recommended:

Quick installation of s/qmail

s/qmail uses D.J.B's slashpackage convention for installing while trying to keep the standard Qmail installation essentially unaltered:

Note: The package/install step respects your current Qmail settings.

Upgrade to s/qmail from qmail (+ perhaps Spamcontrol)

s/qmail will preserve your current qmail installation entirely under the following circumstances:

Configuration

The basic s/qmail configuration is done by means of conf-XX files (in alphabetic order):

*) These files are coupled and need to be adjusted as one entity!

 

https://xkcd.com/1770/

The basic s/qmail configuration is done by means of conf-XX

Step-by-step installation

For an individual step-by-step installation the following commands can be executed:

  1. package/dir -- sets up the directories
  2. package/ids -- sets up the s/qmail users
  3. package/ucspissl -- hooks up the required sources and libs with package ucspi-ssl
  4. package/compile -- compiles the sources
  5. package/upgrade -- potentially does the upgrade
  6. package/legacy -- installs the binaries in the qmail directory
  7. packag/sqmail/man -- installes the man pages
  8. package/control -- populates the mininmal required control files for running
  9. package/sslenv -- sets up the SSL/TLS environments together with X.509 certs and key files (from ucspi-ssl)
  10. package/service -- sets up the run script for daemontools' /service and additionally the logging
  11. package/scripts setup optional, undocumented and unmaintained scripts
  12. package/run -- touches qmail/alias/ files, sets default-delivery, and enables s/qmail's sendmail module

Documentation

 

https://xkcd.com/1513/

A concise documentation for s/qmail is close to be final:

s/qmail current release and download

Once you've checked the s/qmail requirements and complied to those, you are ready to go for download and installation.

Download

The current release(s) of s/qmail can be downloaded here:

Version & Download Description Verification
sqmail-3.3.23 (new build) The twelfth 3.3 (and final) release including A. Oppermann's EXTTODO extension together with (optional) SMTPUTF8/EAI/IDN2 support while featuring the new qmail-vmailuser and the enhanced qmail-authuser PAM; providing better compatibility with current versions of OpenSSL 1.1. MD5: 9ae099203c539d8ca28fad5133cadc87
Build: 20190112211539
sqmail-3.2.19 The sixth (official) 'SPF' release; covering OpenBSD (6.0) and Debian 9 (Stretch) while providing additional Recipient PAMs for VMailMgr and vpopmail (together with ucspi-ssl-0.99). MD5: 8a4fd942c1a1271619b0696d934c401a
Build: 220170408184513
sqmail-3.1.9 This is the fourth update. This 'π5+' release enhances the qmail-authuser capabilities for virtual domain handlers. MD5: cb4da2ca52a05fda6668850c1d41359f
Build: 20160724111506
sqmail-3.0.2 The third fully integrated release; don't use it/just for reference. MD5: 4045d0a85fe4857fcf9c118fcfa13d1f

The code of the current release can be viewed in a doxygen archive.

Addendum

Additional packages

I also recommend to use

Release Management & Defects

Naming conventions:

Open defects:

ReferenceType DescriptionState
[20170427#1]Rfc Add SRS capability to cope with certain SPF deficiencies for qmail-smtpd. Confirmed, in progress
[20170630#1] Rfc Add flexible uid configuration. Confirmed, pending
[20190116#1] Error qmail-remote fails to authenticate to some servers. Confirmed, fix available
[20190801#1] Bug Cipher setting for qmail-remote does not work. Confirmed, fix available
 

https://xkcd.com/1700/

Closed defects:

Note: The given release number following the defect number tells, in which version of s/qmail this change was applied.

Release plan

s/qmail will be maintained and my release plan includes the following topics:

Tickets, Change Requests, communication

An EZMLM mailing list working together with s/qmail keeps you updated with current developments, bug fixes, and features discussed. This list also can be used to file

To inscribe use: s/qmail mailing list

I can't guarantee a certain response level; but reasonable issues will be answered.