It has a few mild security options by default as evident in the settings file example below. It will only accept connections from certain marked IP addressess, on a certain port. By default this will be the localhost on the normal http port. It is a setuid program, i.e. the program needs to be installed 4755 permissions and owned by the user who controls qmail. This makes it a big security risk, you have been warned. It would be best if using over an insecure channel to use a tunnel with password protection (Tunnel the Qmail Control session through a secure connection). It does however make a couple of checks. i.e.
- checks valid IP addressess
- qmailctl.conf access writes and ownership
- port number checking
This is created on first use. e.g.
# qmailctl.cgi <ver>The user line must be set to the user who can control qmail. /etc/qmailctl.conf must also be owned by this user and set to 644 permissions. e.g. if the user to control is root as above.
#
qmaildir=/var/qmail/
qmaillockdir=/var/lock/subsys/
servicedir=/service/
relayfile=/etc/tcp.smtp
relaydb=/etc/tcp.cmtp.cdb
user=root
ip=127.0.0.1
port=80
# optional
# email=root@localhost
theme=green spleen
fontsize=85
chown root /etc/qmailctl.confIf these conditions are not met, qmailctl.cgi will just display an ACCESS DENIED message and email the web servers administrator or the email address in the configuration file with an appropriate message.
chown root /usr/lib/cgi-bin/qmailctl.cgi
chmod 644 /etc/qmailctl.conf
Features:
Color schemes for those that appreciate whimsy with fontsizing.
Display qmail man files in the page
Uses version 1.30.0 of jwCGI http://sourceforge.net/projects/jwcgi/
To install jwCGI
tar -xvzf jwcgi-<version>download Qmail Control
cd jwcgi-<version>
./configure
make
make install
To unpack/compile/install:
tar -xvzf qmailctl-<version>If you do not use qmail-pop3d comment out the usePOP3D define near the top of the qmailctl.cpp file with a double slash "//"
cd qmailctl-<version>
./configure --bindir=path to cgi-bin e.g. ./configure --bindir=/usr/lib/cgi-bin
i.e. // #define usePOP3D
Now compile the program.makeIf you wish the qmailctl.cgi program to actually control qmail the last make suid will have to be run. Now use your web browser to browse to http://<yourserver>/<your cgi-bin>/qmailctl.cgi
make install
make suid
On first use qmailctl.cgi will 'try and write the file' /etc/qmailctl.conf. If this is not where you want the file just change the qmailctlconf variable in globals.h before compilation. If there is an error, e.g. the permissions are wrong on qmailctl.conf, qmailctl.cgi will report an error and try and mail the web servers admin (or the user placed in the email= setting in qmailctl.conf) an appropriate message using qmail-inject.
I set up my qmail mail server following the excellent LifeWithQmail.org website or try my instructions based on this website.
To download the awesome qmail server and its supporting programs visit D.J Bernstein's site http://cr.yp.to/qmail.html.
Why am I using qmail rather than sendmail. The configuration makes more sense (please note, not the setup of the qmail server as this is way more difficult than sendmail). What goes in the configuration files is intuative, nothing like sendmail.cf which is an 'insert expletive here'. Note for flamers (email to send flames to: cantpossiblyexistat@turnleftateuropa.comnet grin), I am not saying sendmail sucks I am saying that changing its settings using its command line & configuration file is nothing like as easy as qmail even with m4. Oh, did I forget to mention D.J Bernstein's security guarantee.