Apress the qmail handbook 2nd edition sep 2003 ISBN 1893115402
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.52 MB, 724 trang )
TheqmailHandbook
ISBN:1893115402
byDaveSill
Apress2002(492pages)
Thisguidebeginswitha
discussionofqmail’shistory,
architectureandfeatures,
andthengoesintoa
thoroughinvestigationofthe
installationandconfiguration
process.
TableofContents
TheqmailHandbook
Introduction
Chapter1 - Introducingqmail
Chapter2 - Installingqmail
Configuringqmail:The
Chapter3 Basics
Chapter4 - Usingqmail
Chapter5 - Managingqmail
Chapter6 - Troubleshootingqmail
Configuringqmail:
Chapter7 AdvancedOptions
Chapter8 - ControllingJunkMail
Chapter9 - ManagingMailingLists
Chapter10 - ServingMailboxes
Chapter11 - HostingVirtualDomain
andUsers
UnderstandingAdvanced
Chapter12 Topics
AppendixA - HowqmailWorks
AppendixB - RelatedPackages
AppendixC - HowInternetMailWorks
AppendixD - qmailFeatures
AppendixE - ErrorMessages
AppendixF - Gotchas
Index
ListofFigures
ListofTables
ListofListings
BackCover
Providesthoroughinstructionforinstalling,
configuring,andoptimizingqmail
Includescoverageofsecurenetworking,
troubleshootingissues,andmailinglist
administration
Coverswhatsystemadministratorswanttoknow
byconcentratingonqmailissuesrelevanttodaily
operation
Includesinstructionsonhowtofilterspambeforeit
reachestheclient
TheqmailHandbookwillguidesystemandmail
administratorsofallskilllevelsthroughinstalling,
configuring,andmaintainingtheqmailserver.Author
DaveSill,along-timeqmailuserandsystem
administrator,aswellastheauthorofthepopular
onlinetutorial“Lifewithqmail,”exposesreaderstoall
practicalaspectsofworkingwiththispopularmail
server.
Thisdefinitiveguidebeginswithadiscussionofqmail’s
history,architecture,andfeaturesandthengoesintoa
throughinvestigationoftheinstallationand
configurationprocess.Readerswilllearnhowtoinstall
qmailonseveraloperatingsystemsandgainvaluable
insightintoproperconfiguration,testingprocedures,
andperformancetuning,allofwhichareintegraltoa
properlyfunctioningproductionenvironmentmail
server.Readerswillalsolearnhowtoadministerusers
andmail,installfilters,andoverseedailyqmail
operationandmaintenance.Throughout,Sillfocuses
ontopicsessentialtoallmailadministrators,
elaboratinguponsuchsubjectsasconfiguringmailing
listmanagers,controllingspam,securenetworking,
scanningforviruses,hostingvirtualdomainsand
users,andcreatingdial-upclients.
TheqmailHandbookistheultimateresourcefor
administratorsanddevelopersneedingtomasterthe
functionalityofthepowerfulqmailsoftware.
AbouttheAuthor
DaveSillisaprofessionalsystemadministratorand
technicalsupportengineerwithmorethan15years
experience.He’sbeenusingqmailservicesinceitsfirst
publicreleasein1996andistheauthorofthepopular
onlineqmailguide“Lifewithqmail.”He’salsoanactive
contributortoonlineqmailsupportgroups,including
theqmailmailinglistandUsenetnewsgroup.
TheqmailHandbook
DAVESILL
Copyright©2002byDaveSill
Allrightsreserved.Nopartofthisworkmaybereproducedortransmitted
inanyformorbyanymeans,electronicormechanical,including
photocopying,recording,orbyanyinformationstorageorretrieval
system,withoutthepriorwrittenpermissionofthecopyrightownerand
thepublisher.
ISBN(pbk):1-893115-40-2
PrintedandboundintheUnitedStatesofAmerica12345678910
Trademarkednamesmayappearinthisbook.Ratherthanusea
trademarksymbolwitheveryoccurrenceofatrademarkedname,weuse
thenamesonlyinaneditorialfashionandtothebenefitofthetrademark
owner,withnointentionofinfringementofthetrademark.
EditorialDirectors:DanAppleman,GaryCornell,JasonGilmore,Karen
Watterson
TechnicalReviewer:CharlesCabazon
ProjectManager:GraceWong
CopyEditor:KimWimpsett
ProductionEditor:SofiaMarchant
Compositor:ImpressionsBookandJournalServices,Inc.
Indexer:RonStrauss
CoverDesigner:TomDebolski
MarketingManager:StephanieRodriguez
DistributedtothebooktradeintheUnitedStatesbySpringer-VerlagNew
York,Inc.,175FifthAvenue,NewYork,NY,10010
andoutsidetheUnitedStatesbySpringer-VerlagGmbH&Co.KG,
Tiergartenstr.17,69112Heidelberg,Germany
IntheUnitedStates,phone1-800-SPRINGER,email
<>,orvisit.
OutsidetheUnitedStates,fax+496221345229,email
<>,orvisit.
Forinformationontranslations,pleasecontactApressdirectlyat901
GraysonStreet,Suite204,Berkeley,CA94710.
Phone510-549-5938,fax:510-549-5939,email<>,
orvisit.
Theinformationinthisbookisdistributedonan"asis"basis,without
warranty.Althougheveryprecautionhasbeentakeninthepreparationof
thiswork,neithertheauthornorApressshallhaveanyliabilitytoany
personorentitywithrespecttoanylossordamagecausedorallegedto
becauseddirectlyorindirectlybytheinformationcontainedinthiswork.
Thesourcecodeforthisbookisavailabletoreadersat
intheDownloadssection.Youwillneedto
answerquestionspertainingtothisbookinordertosuccessfully
downloadthecode.
Formymother
Acknowledgments
Thankstodanbernsteinforgivingusqmailandmanyotherpackages
includingthedaemontoolsanducspi-tcpsupportutilities.Thanksalsoto
themanypeoplewhohelpedmakemyonlineguide"Lifewithqmail"what
itistodayandtothemembersoftheqmailmailinglistwhohavehelped
melearnagreatdealaboutqmailovertheyears.
ThanksalsotothefinefolksatApress:JasonGilmoreandGaryCornell,
fornotonlytakingachanceonafirst-timeauthorbutactivelyrecruiting
him;GraceWong,formanagingtheproject;KimWimpsett,forturningmy
crudewritingsintoclearandconsistenttext;ToryMcLearnandSofia
Marchant,forlayingoutthebook;StephanieRodriguez,forher
marketingefforts;andthemanyothersbehindthesceneswhoIdidn't
dealwithdirectly.WorkingwithApresswasajoy:Theyweresupportive
andcommittedtoproducingahigh-qualitybook.
ThankstoCharlesCazabon,thetechnicalreviewer.Hissuggestions
werevaluableanddramaticallyimprovedthequalityofthefinished
product.Thiswillcomeasnosurprisetoanyonewhohasseenhis
contributionstotheqmaillist.
Finally,specialthankstomyfamilyandfriendswhoencouraged,
supported,andtoleratedmethroughouttheproject.Mywife,MaryJane,
convincedmetowritethisbookeventhoughsheknewitwouldbepainful
forthefamilyattimes.MychildrenAndy,Rachel,andErica
enthusiasticallysupportedmeandhelpedoutinmanyways.Andytested
theinstallationinstructionsinChapter2onfourLinuxdistributionsand
threeBSDdistributions.Myfathertookovermostofmychoresaround
thehouseandfarmforsixmonthsinadditiontohisusualcookingand
house/dog/kid-sittingduties.Mymotherhassupportedmethroughoutmy
life.Herstrengthisinspiring.Manyotherfriendsandfamilymembers
supportedthiseffort.Someareacknowledgedthroughoutthebookinthe
namesusedinexamples,butI'msureIleftsomeout.
—DaveSill,September2001
AbouttheAuthor
Davesillisaprofessionalsystemadministratorandtechnicalsupport
engineerwithmorethan15yearsofexperience.He'sbeenusingqmail
sinceitsfirstpublicreleasein1996andistheauthorofthepopular
onlineqmailguide,"Lifewithqmail."He'salsoanactivecontributorto
onlineqmailsupportgroupsincludingtheqmailmailinglistandUsenet
newsgroup.Heliveswithhiswife,children,andanassortmentofdogs,
cats,cows,chickens,andturkeysona31-acrefarmineastTennessee.
Whenhehassparetime,hebrewshisownbeerandtrainsinIsshinryu
karate.
AbouttheTechnicalReviewer
CharlesCazabonisasoftwaresystemsdeveloperwith15yearsof
experienceincomputingandinformationtechnology.Hehasbeenusing
andconfiguringqmailsince1998andistheauthorofseveralfree
softwareprograms,includinggetmail,queue-repair,andmemtester.Heis
alsoanactiveparticipantintheqmailmailinglist.HelivesinSaskatoon,
Canada,withhissignificantother,twosalamanders,sixhamsters,and
twomice.
Introduction
Thisbookdocumentshowtoinstall,configure,anduseqmail.Itwillbe
mostbeneficialtosystem,network,andmailadministrators,butitwill
alsobehelpfultouserswhowanttoreadandsende-mailmore
effectively.
WhatCanYouExpecttoLearnfromThisBook?
Youcanexpecttolearnthefollowing:
Whatqmailis,whatitcando,andwhatitcan'tdo
Howtoinstallandconfigureabasicqmailserver,including
varioussupportutilities
Howtouseqmailasaregularuser:controllingthedispositionof
incomingmessages,formattingoutgoingmessages,andworking
withmailboxesinmultipleformats
Howtomanageaqmailserver:settingupaliases,users,virtual
domains,andmailinglists;troubleshooting;performancetuning;
andcontrollingjunkmailandotherabuse
Howqmailworks:notjustwhatitdoes,buthowitdoesit
Organization
Chapter1,"Introducingqmail,"describesqmailanditsfeatures.Readitif
you'renotsureexactlywhatqmailisorwhatitcandoforyou.Italso
describestheoverallorganizationoftheqmailsuite,comparesqmailto
otherUnixmailers,andlistsothersourcesofqmailinformationand
support.
Chapter2,"Installingqmail,"describesstep-by-steptheinstallationof
qmailonawiderangeofoperatingsystemdistributions,including
commercialUnixvariants,Linux,andvariousBerkeleySoftware
Distributions(BSDs).
Chapter3,"Configuringqmail:TheBasics,"showshowtoconfigure
qmailforavarietyofbasicfunctions.
Chapter4,"Usingqmail,"covershowusersreadandsendmessages.
Chapter5,"Managingqmail,"coverstheqmailctlscript,queue
management,andadministrativecommands.
Chapter6,"Troubleshootingqmail,"showshowtomonitortheqmail
processes,understandthelogfiles,analyzemessageheaders,conduct
tests,anddiagnosecommonproblems.
Chapter7,"Configuringqmail:AdvancedOptions,"showshowto
configureqmailforavarietyoftypicalconfigurations,migrateSendmail
systemstoqmail,andusesource-codemodifications.Italsoshowshow
tousetheQMTPandQMQPprotocols,enablesecurenetworking,and
improvetheperformanceofyourqmailsystem.
Chapter8,"ControllingJunkMail,"coversmethodsfordealingwith
unwantedmailatboththesystemanduserlevels.
Chapter9,"ManagingMailingLists,"detailsinstallingandusingthree
popularmailinglistmanagerswithqmail:ezmlm,Majordomo,and
Mailman.
Chapter10,"ServingMailboxes,"showshowtoprovideremoteaccessto
users'mailboxesviathePOP3andIMAPprotocols.
Chapter11,"HostingVirtualDomainsandUsers,"coverstwopopular
qmailadd-onsformanagingvirtualdomainsandvirtualusers:VmailMgr
andVpopmail.
Chapter12,"UnderstandingAdvancedTopics,"explainsfromaqmail
perspectivesomeadvancedtopicssuchasscalableserver"farms,"
accessinguserinformationviaLDAPorSQL,andtheVariableEnvelope
ReturnPath(VERP)mechanismthatqmailusesforreliableautomatic
bouncehandling.
Theappendicescover:
Howqmailworks
Relatedpackages
HowInternetmailworks
qmail'sfeatures
Errormessages
Gotchas
Audience
Thisbookisaimedatanyoneinterestedinrunningqmail,fromtherank
amateur(newbie)whojustinstalledLinuxonasparecomputerallthe
wayuptotheexperiencedsystemadministratorormailadministrator.
However,installing,configuring,andmaintainingamailerisacomplex
task.Ifyou'renotanexperiencedsystemadministrator,youprobably
shouldn'tattempttoswitchanexistingmailsystemwiththousandsof
userstoqmailuntilyou'recomfortablewithusingandmanagingUnix
systems.
Ifyou'reacompleteUnix/Linuxnewbie,youshouldstartwithagood
introductiontoUnixforuserssuchasTheUnixOperatingSystemby
KaareChristian.Whileyou'rereadingthatbook,experimentonyourown
system.Untilyouactuallydothetasksyou'vereadabout,youwon't
reallyunderstandwhatyou'redoingandyou'llprobablyforgetmostofit
beforeyoureallyneedit.
Ifyou'reanexperiencedUnix/Linuxuser,butyou'renotfamiliarwith
systemadministration,manygoodbooksareavailable.Thebestis
probablyUnixSystemAdministrationHandbookbyNemeth,etal.,which
coversmostofthecommonUnixvariants,includingSolaris,HP-UX,Red
HatLinux,andFreeBSD.Ifpossible,selectonespecifictothevariantof
UnixorLinuxthatyou'llbeusing.AlthoughallflavorsofUnixlookpretty
similartousers,theydiffersubstantiallyinthedetailsofsystem
administration.
Conventions
Thisbookusescertaintypographicalconventionstohelpconvey
informationclearlyandconcisely.
Doublequotes("")areusedtoindicateanunusualmeaningfora
commonword,suchas"bounce."
Italicsareusedtointroducenewterms,likeinjection,orsimplyfor
emphasis.Italicsarealsousedtoindicatevariables,like/user/forauser
nameor/concurrencylocal/foraconfigurationsetting.
Textthatappearsinafixed-widthtypeface,suchasqmail-sendor
<>,representsafilename,commandname,
username,e-mailaddress,domainname,codesample,orUniform
ResourceLocator(URL).
Adirectivetorunasinglecommandthatshouldnotproduceanyoutput
lookslike:
touch.qmail
Ifacommandmustbeperformedbythesuperuser(UID0),thehash(#)
shellpromptisused:
#touch/var/qmail/alias/.qmail-root
Ifacommandshouldbeperformedbyanon-privilegeduser,thedollar
sign($)shellpromptisused:
$touch.qmail
Ifanexamplemixesuserinputandcommandoutput,userinputisprinted
inbold:
$date
SatMay507:06:49EDT2001
$
Note Examplesthatincludeoutputendwithalineconsistingsolely
oftheshellprompt($)toshowthattheoutputincludedis
complete.
WebSite
Forthelatestinformationonerrataortodownloadthescriptsusedin
Chapter2,visitthebook'sWebsiteat
Chapter1:Introducingqmail
Highlights
Andywantstosendane-mailmessagetohisfriendJosh.Heopenshis
mailclient,clicksonNewMail,entersJosh'saddressintheTofield,fills
intheSubjectfieldwithashortdescriptionofthemessage,andtypesthe
messageintothelargeeditingareaoftheform.Whenhe'sdone,he
clicksontheSendbutton.Asfarashe'sconcerned,themessageissent,
butbehindthescenes,complicatedmachinerywhirstolife.Athousand
tinystepswillbeexecutedonAndy'sbehalfbyprocessesonvarious
systemsbetweenAndyandJosh—whocouldbeinthesameroomor
halfaworldaway.
TheInternetMessageTransferAgent(MTA)isthekeyplayerinthe
behind-the-scenese-mailinfrastructure—it'sthemachinerythatmovesemailfromthesender'ssystemtotherecipient'ssystem.
BeforetheInternetexplosionintheearly1990s,oneMTA,Sendmail,
wasresponsiblefordeliveringalmostallofthemail.ButSendmailwas
designedforanInternetunlikethemodernInternet.AtthetimeSendmail
wascreated,therewereonlyahandfulofsystemsontheentireInternet,
andmostofthepeopleonlinekneweachother.Itwasafriendly,
cooperativecommunitythatconsistedmostlyofthepeoplewhowrotethe
softwarethatmadetheInternetworkormanagedthehardwarethatit
connected.Securitywasnotamajorconcern:Therewasnotmuchthat
neededprotection,andtherewerefewpotential"badguys"fromwhichto
beprotected.
ThemodernInternetisverydifferent.It'smillionsoftimeslarger,so
knowingalltheotheradministratorsandusersisimpossible.Infact,it's
accessiblebyanyonewithaccesstoapubliclibrary.Billionsofdollarsin
businessandconsumercommercetakesplaceannuallyoverthe
Internet.Largecorporationsexistwhoseentirebusinessmodelrelieson
theirInternetpresence.Assuch,thestakesarehigh,andit'snolonger
possibletotreatsecuritycasually.Ontopofallthis,serversarebeing
subjectedtostaggeringloads—atypicalmailservertodaymightsend
moremessagesinonedaythanamailservertenyearsagosentinone
year.
TheSendmaildevelopershaveworkedhardovertheyearstoenhance
itssecurityandperformance,butthere'sonlysomuchthatcanbedone
withoutafundamentalredesign.In1995,DanielJ.Bernstein,thena
mathematicsgraduatestudentattheUniversityofCalifornia,Berkeley,
begandesigningandimplementinganMTAforthemodernInternet:
qmail.
WhileSendmailisonehuge,complexprogramthatperformsitsvarious
functionsasthesuperuser(theall-powerfulUnixrootaccount),qmailis
asuiteofsmall,focusedprogramsthatrununderdifferentaccountsand
don'ttrusteachother'sinputtobecorrect.
WhileSendmailplodsthroughalistofrecipientsdeliveringonemessage
atatime,qmailspawnstwentyormoredeliveriesatatime.Andbecause
qmail'sprocessesaremuchsmallerthanSendmail's,itcandomorework
faster,withfewersystemresources.Further,Sendmailcanlose
messagesinsomeofitsdeliverymodesifthesystemcrashesatthe
wrongtime.Forreliability,speed,andsimplicity,qmailhasonecrashproofdeliverymode.
Overview
ThischapterintroducestheconceptoftheMTAanddiscussesone
particularMTA,qmail:
First,we'llexaminetheroleoftheMTAintheInternete-mail
infrastructure.
Next,we'lllookatqmail—whatitdoesandwhyyoumightwantto
useit.
qmail'smaindesigngoalsweresecurity,reliability,performance,
andsimplicity.We'llseehowqmail'screatorwasabletoachieve
thesegoals.
We'llalsocompareqmailtootherpopularUnixMTAssuchas
Sendmail,Postfix,Courier,andExim.
Next,we'lllookatqmail'sfeatures,history,architecture,and
distributionlicense.
Finally,we'lllistvarioussourcesofinformationonqmailsuchas
documentation,Websites,andmailing-listarchives.We'llalso
coverqmailsupportchannels:mailinglistsandhiredconsultants.
WhatIsqmail?
qmailisanInternetMTAforUnixandUnix-likeoperatingsystems.An
MTA'sfunctionistwofold:toacceptnewmessagesfromusersand
deliverthemtotherecipient'ssystems,andtoacceptmessagesfrom
othersystems,usuallyintendedforlocalusers.
Usersdon'tusuallyinteractdirectlywithMTAs;theyuseMailUserAgents
(MUAs)—thefamiliarmailprogramssuchasOutlookExpress,Eudora,
Pine,orMuttthatusersrunontheirdesktopsystems.Figure1-1shows
howalloftheseagentsinteractwitheachother.
Figure1-1:Howthesender,recipient,MUA,andMTA
interact
qmailisadrop-inreplacementfortheSendmailsystemprovidedwith
mostUnixoperatingsystems.Whatthatmeansisthattheuserofa
systemwillnotnecessarilynoticeaswitchfromSendmail,orsomeother
MTA,toqmail.Thisdoesnotmeanthatthesystemadministratorwon't
seeadifference.AlthoughallMTAsperformthesamefunctions,they
differwidelyininstallation,configuration,andfunctionality.Don'tassume
thatyourabilitytomanageSendmailwillletyougetuptospeedquickly
withqmail:Itwon't.Infact,detailedknowledgeofanotherMTAmight
evenslowyoudownbecauseyou'llbeunlearningthatsysteminaddition
tolearningqmail.
WhyUseqmail?
YouroperatingsystemincludedanMTA,probablySendmail,soifyou're
readingthisbookyou'reprobablylookingforsomethingbetter.Someof
theadvantagesofqmailoverbundledMTAsincludesecurity,
performance,reliability,andsimplicity.
Security
qmailwasdesignedwithhighsecurityasagoal.Sendmailhasalong
historyofserioussecurityproblems.WhenSendmailwaswritten,the
Internetwasamuchfriendlierplace.Everyonekneweveryoneelse,and
therewaslittleneedtodesignandcodeforhighsecurity.Today'sInternet
isamuchmorehostileenvironmentfornetworkservers.
qmailcreatorBernsteinissoconfidentthatqmailissecurethathe
guaranteesit.Inhisguarantee
(heevenoffers$500
tothefirstpersonwhocanfindasecuritybuginqmail.Hefirstmadethis
offerinMarchof1997,andthemoneyremainsunclaimed.
qmail'ssecuredesignstemsfromsevenrules,discussedinthefollowing
sections.
ProgramsandFilesAreNotAddresses,SoDon'tTreat
ThemasAddresses
Sendmailblurredthedistinctionbetweenaddresses(usersoraliases)
andthedispositionofmessagessenttothoseaddresses—usually
mailboxfilesormail-processingprograms.Ofcourse,Sendmailtriesto
limitwhichfilesandprogramscanbewrittento,butseveralserious
securityvulnerabilitieshaveresultedfromfailuresinthismechanism.
Onesimpleexploitconsistedofsendingamessagetoanonexistentuser
onaSendmailsystemwithareturnaddressof:
"|/bin/mail
ThiswouldcauseSendmailtogenerateabouncemessageandattempt
tosendittothereturnaddress.Inthiscase,thereturnaddresswasa
commandthatmailedacopyofthevictim'spasswordfiletotheattacker.
Inqmail,addressesareclearlydistinguishedfromprogramsandfiles.It's
notpossibletospecifyacommandorfilenamewhereqmailexpectsan
addressandhaveqmaildelivertoit.
DoasLittleasPossibleinsetuidPrograms
TheUnixsetuid()mechanismiscleveranduseful.Itallowsaprogram
runbyoneusertotemporarilyassumetheidentityofanotheruser.It's
usuallyusedtoallowregularuserstogainhigherprivilegestoexecute
specifictasks.
Tip Checkoutthemanpagesformoreinformationaboutsetuid().
Thecommandmansetuidshoulddisplaythesetuid()
documentation.
That'sthegoodnewsaboutsetuid().Thebadnewsisthatit'shardto
writesecureandportablesetuid()programs.Whatmakesithardto
securesetuid()programsisthattheyrunanenvironmentspecifiedby
theuser.Theusercontrolsthesettingsofenvironmentvariables,
resourcelimits,command-linearguments,signals,filedescriptors,and
more.Infact,thelistisopen-endedbecausenewoperatingsystem
releasescanaddcontrolsthatdidn'texistbefore.Andit'sdifficultfor
programmerstodefendagainstfeaturesthatdon'tyetexist.
Inqmail,there'sonlyonemodulethatusessetuid():qmail-queue.
Itsfunctionistoacceptanewmailmessageandplaceitintothequeue
ofunsentmessages.Todothis,itassumestheidentityofthespecial
userID(UID)thatownsthequeue.
DoasLittleasPossibleasRoot
Thesuperuser,anyuseraccountwiththeUID0(zero),hasessentially
unlimitedaccesstothesystemonmostUnixoperatingsystems.By
limitingtheusageoftherootUIDtothesmallsetoftasksthatcanonly
bedoneasroot,qmailminimizesthepotentialforabuse.
Twoqmailmodulesrunasroot:qmail-startandqmail-lspawn.
qmail-startneedsrootaccesstostartqmail-lspawnasroot,and
qmail-lspawnneedstorunasrootsoitcanstartqmail-local
processesundertheUIDoflocalusersacceptingdeliveryofmessages.
(The"Architecture"sectionofthischaptercoverstheseinmoredetail.)
MoveSeparateFunctionsintoMutuallyUntrusting
Programs
MTAsperformarangeofrelativelyindependenttasks.SomeMTAssuch
asSendmailaremonolithic,meaningtheyconsistofasingleprogram
thatcontainsallthecodetoimplementallofthesetasks.Asecurity
problemsuchasabufferoverflowinoneofthesefunctionscanallowan
attackertotakecontroloftheentireprogram.
qmailusesseparateprogramsthatrununderasetofqmail-specific
UIDs,compartmentalizingtheiraccess.Theseprogramsaredesignedto
mistrustinputfromeachother.Inotherwords,theydon'tblindlydowhat
they'retold:Theyvalidatetheirinputsbeforeoperatingonthem.
Compromisingasinglecomponentofqmaildoesn'tgranttheintruder
controlovertheentiresystem.
Don'tParse
Parsingistheconversionofhuman-readablespecificationsintomachinereadableform.It'sacomplex,error-proneprocess,andattackerscan
sometimesexploitbugsinparsingcodetogainunauthorizedaccessor
control.
qmail'smodulescommunicatewitheachotherusingsimpledata
structuresthatdon'trequireparsing.Modulesthatdoparseareisolated
andrunwithuser-levelprivileges.
KeepItSimple,Stupid
