Please note that I have not touched this code in years as I no longer use qmail. This was a fun project at the time. I have moved on to contain my sanity. Postfix is where I am at now.
I got fed up with editing qmail configuration files by hand (using ssh and a text editor, i.e. vim). So I decided to write a cgi that controlled the qmail email server for me. So as I find it useful I am hoping it will make someone else’s life a little easier too. It is released under the GNU GPL license. It also needs the jwCGI library (version 1.30.0).
It has a few mild security options by default as evident in the settings file example below. It will only accept connections from certain marked IP addressess, on a certain port. By default this will be the localhost on the normal http port. It is a setuid program, i.e. the program needs to be installed 4755 permissions and owned by the user who controls qmail. This makes it a big security risk, you have been warned. It would be best if using over an insecure channel to use a tunnel with password protection (Tunnel the Qmail Control session through a secure connection). It does however make a couple of checks. i.e.
- checks valid IP addressess
- qmailctl.conf access writes and ownership
- port number checking
There is one configuration file for the program, which by default is /etc/qmailctl.conf. This is a simple file with few settings of the form setting=value<newline> comments start with # on a line.
This is created on first use. e.g.
# qmailctl.cgi <ver> # qmaildir=/var/qmail/ qmaillockdir=/var/lock/subsys/ servicedir=/service/ relayfile=/etc/tcp.smtp relaydb=/etc/tcp.cmtp.cdb user=root ip=127.0.0.1 port=80 # optional # email=root@localhost theme=green spleen fontsize=85
The user line must be set to the user who can control qmail. /etc/qmailctl.conf must also be owned by this user and set to 644 permissions. e.g. if the user to control is root as above.
chown root /etc/qmailctl.conf
chown root /usr/lib/cgi-bin/qmailctl.cgi
chmod 644 /etc/qmailctl.conf
If these conditions are not met, qmailctl.cgi will just display an ACCESS DENIED message and email the web servers administrator or the email address in the configuration file with an appropriate message.
Color schemes for those that appreciate whimsy with fontsizing.
Display qmail man files in the page
Uses version 1.30.0 of jwCGI http://sourceforge.net/projects/jwcgi/
To install jwCGI
tar -xvzf jwcgi-<version>
download Qmail Control
tar -xvzf qmailctl-<version> cd qmailctl-<version> ./configure --bindir=path to cgi-bin e.g. ./configure --bindir=/usr/lib/cgi-bin
If you do not use qmail-pop3d comment out the usePOP3D define near the top of the qmailctl.cpp file with a double slash “//”
i.e. // #define usePOP3D
Now compile the program.
If you wish the qmailctl.cgi program to actually control qmail the last make suid will have to be run. Now use your web browser to browse to http://<yourserver>/<your cgi-bin>/qmailctl.cgi
On first use qmailctl.cgi will ‘try and write the file’ /etc/qmailctl.conf. If this is not where you want the file just change the qmailctlconf variable in globals.h before compilation. If there is an error, e.g. the permissions are wrong on qmailctl.conf, qmailctl.cgi will report an error and try and mail the web servers admin (or the user placed in the email= setting in qmailctl.conf) an appropriate message using qmail-inject.
I set up my qmail mail server following the excellent LifeWithQmail.org website or try my instructions based on this website.
To download the awesome qmail server and its supporting programs visit D.J Bernstein’s site http://cr.yp.to/qmail.html.
Why am I using qmail rather than sendmail. The configuration makes more sense (please note, not the setup of the qmail server as this is way more difficult than sendmail). What goes in the configuration files is intuative, nothing like sendmail.cf which is an ‘insert expletive here’. Note for flamers (email to send flames to: email@example.com grin), I am not saying sendmail sucks I am saying that changing its settings using its command line & configuration file is nothing like as easy as qmail even with m4. Oh, did I forget to mention D.J Bernstein’s security guarantee.