
Qmail is a reliable email server that's been around since the 1990s. It's a free and open-source alternative to commercial email servers.
Qmail's design is based on a unique architecture that separates the mail transport agent from the mail delivery agent. This separation allows for greater flexibility and customization.
Qmail is known for its high performance and scalability, making it a popular choice for large email services. It can handle a high volume of emails with ease.
Qmail's architecture is also highly configurable, allowing users to customize its behavior to suit their needs. This flexibility has made Qmail a favorite among system administrators.
For more insights, see: List of Email Archive Software
What Is It?
Qmail is a reliable email system that guarantees messages won't be lost once accepted into the system.
It supports maildir, a user mailbox format that won't be corrupted even if the system crashes during delivery.
This is a big deal, especially for users who need to read their mail over NFS or have multiple NFS clients delivering mail to them at the same time.
Curious to learn more? Check out: Mercury Mail Transport System
Qmail can sustain 200,000 local messages per day on a Pentium under BSD/OS, making it a highly efficient email system.
It can even zoom quickly through mailing lists by overlapping 20 simultaneous deliveries by default.
Qmail is also incredibly simple, with a vastly smaller codebase than other Internet MTAs.
This is because it has a single forwarding mechanism that lets users handle their own mailing lists, unlike other MTAs that have separate mechanisms for forwarding, aliasing, and mailing lists.
Qmail Features
Qmail is incredibly versatile and can run on a wide variety of UNIX variants, including AIX, BSD/OS, FreeBSD, HP/UX, Irix, Linux, OSF/1, SunOS, Solaris, and many more.
Qmail's automatic per-host configuration makes it easy to set up and use, with no need to worry about complicated settings or porting issues.
One of the key benefits of Qmail is its clear separation between addresses, files, and programs, which minimizes the risk of errors and makes it easier to troubleshoot issues.
Qmail also features a five-way trust partitioning system, which provides an additional layer of security and helps to prevent unauthorized access.
Here are some of the key features of Qmail's SMTP server:
- Support for RFC 822, RFC 1123, and other email protocols
- Full support for address groups
- Automatic conversion of old-style address lists to RFC 822 format
- Sendmail hook for compatibility with current user agents
- Header line length limited only by memory
- Host masquerading and user masquerading
- Automatic Mail-Followup-To creation
Qmail's SMTP server also includes features such as 8-bit clean support, relay control, and per-buffer timeouts, making it a reliable and efficient choice for email delivery.
Qmail's queue handling system is designed to be fast and efficient, with features such as instant handling of messages added to the queue, parallelism limits, and split queue directories.
Qmail's bounce handling system is also highly advanced, with features such as QSBMF bounce messages, HCMSSC support, and double bounces sent to the postmaster.
Qmail's virtual hosting features are also worth noting, with support for any number of names for the local host, any number of virtual domains, and domain wildcards.
Qmail's POP3 server is also highly capable, with features such as RFC 1939 support, UIDL support, TOP support, and APOP hook support.
Security and Compliance
Qmail's security features are a major selling point, and for good reason. It was the first security-aware mail transport agent when it was first published.
One of the key reasons qmail is more secure than its predecessor, Sendmail, is its modular architecture. This means that different components of qmail run with different credentials, making it harder for attackers to exploit vulnerabilities.
In 1997, qmail's creator, D. J. Bernstein, offered a $500 reward for anyone who could find a verifiable security hole in the latest software version. This shows his commitment to security and his willingness to put his money where his mouth is.
In 2005, security researcher Georgi Guninski found an integer overflow in qmail. However, Bernstein disputed that this was a practical attack, arguing that no real-world deployment of qmail would be susceptible.
qmail's security features also include full IPv6 compliance, allowing for secure communication with IPv6 addresses. Additionally, it has a distributed queueing system with qualified authentication and authorization, making it harder for attackers to inject malicious code.
Here are some of qmail's key security features:
- Distributed queueing: n:1, 1:nn:m with qualified authentication and authorization (enhanced 'QMQ')
- TLS enabling of most servers and particular clients for SMTP and QMTP as well as POP3
- Support for opportunistic and mandatory TLS encryption
- Support for SPF, SRS, and DKIM signing and verification
- Support for ESMTP pipelining command injection prevention and Guninski's large alloc bug prevention
Security
qmail's security design is a key feature that sets it apart from other mail transport agents. It was the first security-aware MTA when first published, and its modular architecture is composed of mutually untrusting components.
The SMTP listener component of qmail runs with different credentials from the queue manager or the SMTP sender, making it a more secure option. This design helps prevent attacks that could compromise the entire system.
In 1997, Bernstein offered a US$500 reward for the first person to publish a verifiable security hole in the latest software version. This reward was increased to US$1000 in 2007.
Despite its security features, qmail has had its share of vulnerabilities. In 2005, security researcher Georgi Guninski found an integer overflow in qmail, which could allow remote code execution on 64-bit platforms.
However, configuration of resource limits for qmail components mitigates the vulnerability. Bernstein disputes that this is a practical attack, arguing that no real-world deployment of qmail would be susceptible.

In 2020, a working exploit for Guninski's vulnerability was published, but the exploit authors were denied the reward because it contained additional environmental restrictions.
qmail's security features include:
- IPv6 compliance, allowing specific IPv6 bindings to any IPv6 address
- Support for different domains and senders with particular sending attributes
- Distributed queueing with qualified authentication and authorization
- TLS enabling of most servers and particular clients for SMTP and QMTP
- 'Opportunistic' as well as mandatory TLS encryption
- X.509 certificate pinning
- TLSA/DANE and RFC 1870 enabled
- SPF capabilities using Jana Saout's development
- Native support for SRS
- SMPTUTF8 and International Domain Names (EAI) support
- Compliance with RFC 8314 ('Cleartext Considered Obsolete')
- Immunity against ESMTP pipelining command injection
- Greylisting using qmail-postgrey
- DKIM signing and verification with RSA or Ed25519 signatures
- Hybrid DKIM signing and verification with both RSA SHA-256 and Ed25519 private and public keys
Upgrade to S/ from (+ Spamcontrol)
Upgrading to s/qmail from qmail can be a bit tricky, but it's definitely doable with the right approach.
You'll need to install ucspi-ssl-XX and ucspi-tcp6-XX under /package, and untar s/qmail under /package as well.
To ensure a smooth transition, you'll need to check and adjust the following conf-XX files to match your existing qmail installation: conf-break, conf-cc, conf-ld, conf-home, and conf-split.
The rest of your configuration can likely stay the same, but you'll need to take care of the new IPv6 addresses and your SSL environment+settings.
Here are the specific files you'll need to check and adjust:
- conf-break
- conf-cc
- conf-ld
- conf-home
- conf-split
Once you've made these adjustments, you can execute the package/install step, which will respect your current Qmail settings.
After the upgrade, be sure to verify your settings to ensure everything is working as expected.
Performance and Updates
Qmail's performance is impressive, particularly for bulk mail tasks. It can handle over 9 million deliveries a day, as demonstrated by the author's test on their 16MB Pentium-100 machine.
qmail's efficiency is due in part to its ability to physically write messages to disk before announcing success, reducing the risk of lost mail if the power goes out. This is particularly evident when delivering messages to local mailboxes, where qmail can handle over 3.4 million deliveries a day.
The author also notes that qmail's small size is a key advantage, allowing it to run 60 simultaneous connections without swapping on a machine with just 16MB of memory. This is in contrast to other packages, which may bog down as the queue fills up.
Here are some key performance metrics for qmail:
- Up to 9 million deliveries per day
- Over 3.4 million local deliveries per day
- Up to 200,000 individual messages per day
Overall, qmail's performance is well-suited for large mailing lists and high-volume mail servers.
Performance
qmail was significantly faster than Sendmail, particularly for bulk mail tasks such as mailing list servers. It was originally designed as a way to manage large mailing lists.

qmail is a free email server software programmed in C, and it's public-domain software with source code. This means it's free to use and distribute.
qmail is designed to be efficient, and its performance is impressive. On a 16MB Pentium-100 under BSD/OS, qmail delivered 8192 messages to "trash" recipients in just 78 seconds.
To put this into perspective, that's over 9 million deliveries a day. Compare this to Zmailer's scheduling, which can only handle 1.1 million deliveries a day on a SparcStation-10/50.
qmail's delivery strategy is also noteworthy. When delivering a message to a mailbox, it physically writes the message to disk before announcing success, ensuring that mail doesn't get lost if the power goes out.
This is particularly important for local mailing lists, as qmail can deliver 1024 messages to the same disk on a single machine in just 25.5 seconds. That's more than 3.4 million deliveries a day!
Here are some key performance figures for qmail:
- 9 million deliveries per day on a 16MB Pentium-100 under BSD/OS
- 3.4 million deliveries per day for local mailing lists on the same disk
- 200,000 individual messages per day with separate local messages
- 70000 messages per day on a 48MB Pentium running Sendmail 8.7
qmail's small size is also a major advantage, allowing it to run 60 simultaneous connections on a machine with just 16MB of memory without swapping. This makes it an excellent choice for managing large mailing lists.
Frequency Of Updates

The core qmail package has not been updated for many years. This lack of updates can make it difficult to keep up with the latest security patches and features.
New features were initially provided by third-party patches. These patches were often brought together in a single meta-patch called netqmail.
This meta-patch was a collection of the most important patches at the time. It was a way for users to easily install and manage new features without having to apply each patch individually.
Installation and Configuration
Installation and configuration of Qmail can be a bit tricky, but don't worry, I've got you covered. The installation of s/qmail, a popular Qmail variant, is designed to be easy and straightforward.
s/qmail uses D.J.B's slashpackage convention for installing, which keeps the standard Qmail installation essentially unaltered. This means you can easily switch between Qmail and s/qmail without worrying about compatibility issues.
To install s/qmail, you'll need to untar the package under '/package', then move to the s/qmail directory and run the 'package/install' command. This will respect your current Qmail settings.
s/qmail allows you to split the main program and queue at different locations in the file system. This gives you more flexibility when configuring your email server.
Here are the basic s/qmail configuration files and their purposes:
- conf-home: home directory of s/qmail
- conf-queue: high-level location of the queue
- conf-break: VERP address character
- conf-cc: compiler settings
- conf-delivery: qmail-start default-delivery
- conf-groups: s/qmail groups
- conf-idn2: customization path for IDN2 libraries
- conf-ids: Unix ids for s/qmail
- conf-instances: QMQ instances to be raised
- conf-ld: loader options
- conf-log: target directory of s/qmail logs
- conf-man: target directory of man pages
- conf-patrn: s/qmail paternalism
- conf-qmq: QMQ environment settings
- conf-spawn: silent concurrency limit
- conf-split: depth of s/qmail dirs
- conf-svcdir: supervise's directory
- conf-ucspissl: path to UCSPI-SSL dirs
- conf-users: user names
Make sure to adjust the 'conf-users' file as an entity, as it's coupled with other files. Also, be aware that some files, like 'conf-ld', may require specific settings for certain architectures.
Packages and Utilities
The basic s/qmail installation includes a versatile authentication PAM called qmail-authuser, which is CRAM enabled and checkpassword compatible.
You can also expect to find the fastforward package, qmailanalog, and tai64nfrac as part of the installation.
For advanced users, s/qmail provides full support for several vanilla Qmail add-ons, including vpopmail, VMailMgr, ezmlm, and Dovecot.
These add-ons offer features like TLS encryption, IPv6 capabilities, and support for VERP addresses.
Some of the most useful utilities for managing your Qmail installation include Qmail Remove, Qmail Delivery Monitor, and Qmail Destroy.
These tools allow you to remove messages from the queue, monitor deliveries, and delete messages without stopping Qmail.
Here's a list of some of the supported Qmail packages:
- vpopmail
- VMailMgr
- ezmlm
- ezmlm-idx
- procmail
- BINC (IMAP server)
- Dovecot (LDA)
These packages can be used to extend the functionality of your Qmail installation, and many of them offer advanced features like authentication and recipient verification.
Patches and Documentation
Documentation for s/qmail is available, but it's still a work in progress. You can find a 's/qmail Big Picture' that provides default settings for most services, and it's a good place to start.
The README and brief INSTALL documentation are also available, but keep in mind that the 'official' s/qmail documentation is still being written. If you're looking for more detailed information, the set of man-pages that come with s/qmail have been converted into HTML and are accessible online.
If the standard LWQ documentation for Qmail is mostly valid, except for the installation procedure of s/qmail and its extensions, you'll want to note that.
Patches
Patches are an essential part of maintaining a healthy and secure email system, and Qmail is no exception.
We've found that certain patches can make a big difference in the performance and reliability of Qmail. One such patch is the errno patch, which helps prevent common errors.
The QMAILQUEUE patch is another useful addition, enabling you to specify a custom program to handle mail delivery. This can be especially helpful for large mail servers.
SMTP Auth is a must-have for any mail server, allowing users to authenticate with their email providers.
The Outgoing IP Patch is also a valuable tool, allowing you to specify a custom IP address for outgoing mail.
Here are some of the most commonly used Qmail patches:
- errno patch
- QMAILQUEUE patch
- SMTP Auth
- Outgoing IP Patch
Documentation
Documentation is a crucial aspect of any software, and s/qmail is no exception. A 's/qmail Big Picture' is available, providing the default settings for most services.
If you're new to s/qmail, it's a good idea to check out the README and brief INSTALL documentation first. They'll give you a solid foundation to work from.
The 'official' s/qmail documentation is still in progress, but that shouldn't stop you from diving in. The set of man-pages coming along with s/qmail have been converted into HTML and are accessible here.
The standard LWQ documentation for Qmail is mostly still valid, except for the installation procedure of s/qmail (and its extensions of course).
Installation Process
The installation process for s/qmail can be a bit complex, but don't worry, I've got you covered.
First, you'll need to install s/qmail using the slashpackage convention, which is a drop-in replacement for Qmail. This means you can keep your existing Qmail installation largely intact.
s/qmail is designed to be easy to install and maintain, thanks to its use of slashpackage. This convention makes it simple to update and manage your MTA.
To get started, you'll need to install daemontools and make sure /service is working. You'll also need to install ucspi-ssl and ucspi-tcp6.
Here's a step-by-step guide to installing s/qmail:
- Install daemontools and make sure /service is working.
- Install ucspi-ssl and ucspi-tcp6.
- Untar the s/qmail tar file under '/package'
- Move to /package/mail/sqmail/sqmail-V.R.F and do an initial: package/install.
Keep in mind that the package/install step respects your current Qmail settings.
If you're using a Debian-like OS, you'll also need to install the libidn2 and pcre libraries. And if you're on FreeBSD, you'll need to leave the first line of the conf-lib file blank or delete it.
Finally, make sure to export SMTPAUTH in your run file if you want to do authentication, and export SURBL=1 if you want to enable SURBL. Also, ensure that /var/qmail/control/cache is owned by the user who runs qmail-smtpd, vpopmail:vchkpwd in your case.
Qmail History and Development
Qmail has a rich history, and its development has been shaped by the need for a distributed MTA framework. Qmail provides the foundation for this framework.
The author of Qmail has made significant contributions to its development, including the creation of necessary protocol extensions. These extensions include SMTP Authentication and Spamcontrol.
Qmail has undergone a major refactoring, resulting in a complete overhaul of the source code. This refactoring was done to make Qmail compatible with 64-bit systems and to include IPv6 capabilities.
Featured Images: pexels.com


