qmailctl.cgi

Please note that I have not touched this code in years as I no longer use qmail. This was a fun project at the time. I have moved on to contain my sanity. Postfix is where I am at now.

I got fed up with editing qmail configuration files by hand (using ssh and a text editor, i.e. vim). So I decided to write a cgi that controlled the qmail email server for me. So as I find it useful I am hoping it will make someone else’s life a little easier too. It is released under the GNU GPL license. It also needs the jwCGI library (version 1.30.0).

It has a few mild security options by default as evident in the settings file example below. It will only accept connections from certain marked IP addressess, on a certain port. By default this will be the localhost on the normal http port. It is a setuid program, i.e. the program needs to be installed 4755 permissions and owned by the user who controls qmail. This makes it a big security risk, you have been warned. It would be best if using over an insecure channel to use a tunnel with password protection (Tunnel the Qmail Control session through a secure connection). It does however make a couple of checks. i.e.

  • checks valid IP addressess
  • qmailctl.conf access writes and ownership
  • port number checking

There is one configuration file for the program, which by default is /etc/qmailctl.conf. This is a simple file with few settings of the form setting=value<newline> comments start with # on a line.
This is created on first use. e.g.

# qmailctl.cgi <ver>
#
qmaildir=/var/qmail/
qmaillockdir=/var/lock/subsys/
servicedir=/service/
relayfile=/etc/tcp.smtp
relaydb=/etc/tcp.cmtp.cdb
user=root
ip=127.0.0.1
port=80
# optional
# email=root@localhost
theme=green spleen
fontsize=85

The user line must be set to the user who can control qmail. /etc/qmailctl.conf must also be owned by this user and set to 644 permissions. e.g. if the user to control is root as above.

chown root /etc/qmailctl.conf
chown root /usr/lib/cgi-bin/qmailctl.cgi
chmod 644 /etc/qmailctl.conf

If these conditions are not met, qmailctl.cgi will just display an ACCESS DENIED message and email the web servers administrator or the email address in the configuration file with an appropriate message.

Features:
Color schemes for those that appreciate whimsy with fontsizing.

theme1

theme3

Display qmail man files in the page

man

Uses version 1.30.0 of jwCGI http://sourceforge.net/projects/jwcgi/
To install jwCGI

tar -xvzf jwcgi-<version>
cd jwcgi-<version>
./configure
make
make install

download Qmail Control
To unpack/compile/install:

tar -xvzf qmailctl-<version>
 cd qmailctl-<version>
 ./configure --bindir=path to cgi-bin
 e.g.
 ./configure --bindir=/usr/lib/cgi-bin

If you do not use qmail-pop3d comment out the usePOP3D define near the top of the qmailctl.cpp file with a double slash “//”

i.e. // #define usePOP3D

Now compile the program.

make
make install
make suid

If you wish the qmailctl.cgi program to actually control qmail the last make suid will have to be run. Now use your web browser to browse to http://<yourserver>/<your cgi-bin>/qmailctl.cgi
On first use qmailctl.cgi will ‘try and write the file’ /etc/qmailctl.conf. If this is not where you want the file just change the qmailctlconf variable in globals.h before compilation. If there is an error, e.g. the permissions are wrong on qmailctl.conf, qmailctl.cgi will report an error and try and mail the web servers admin (or the user placed in the email= setting in qmailctl.conf) an appropriate message using qmail-inject.

I set up my qmail mail server following the excellent LifeWithQmail.org website or try my instructions based on this website.
To download the awesome qmail server and its supporting programs visit D.J Bernstein’s site http://cr.yp.to/qmail.html.

Why am I using qmail rather than sendmail. The configuration makes more sense (please note, not the setup of the qmail server as this is way more difficult than sendmail). What goes in the configuration files is intuative, nothing like sendmail.cf which is an ‘insert expletive here’. Note for flamers (email to send flames to: cantpossiblyexistat@turnleftateuropa.comnet grin), I am not saying sendmail sucks I am saying that changing its settings using its command line & configuration file is nothing like as easy as qmail even with m4. Oh, did I forget to mention D.J Bernstein’s security guarantee.