Consulting djbware Publications

1. s/qmail ids and limitations

s/qmail's tasks are separated to different users and groups in the Unix system.

1.1 s/qmail Unix default users

Default uid Name Usage Group
7790 alias Alias user; alias names; ezmlml nofiles
7791 qmaild Daemon user (e.g. qmail-smtpd/qmail-pop3d) nofiles
7792 qmaill Logging user nofiles
7793 qmailp Password user (qmail-user) nofiles
7794 qmailq Queue user (qmail-queue) sqmail
7795 qmailr Client user (qmail-remote) sqmail
7796 qmails Mail-generating user (qmail-send) sqmail
7797 sqmtls TLS certificate user nofiles

1.2 s/qmail Unix default groups

sqmail makes use of following Unix groups:

Default gid Name Usage
2108 nofiles s/qmail group for auxiliar files
2109 sqmail s/qmail group for binary and man files

1.3 s/qmail ids configuration files

The s/qmail ids in the Unix system follow the idea of Generalized ids (GUID and GGID).
However, with some care, you can adjust the names as well as the ids to your local conventions:

1.3.1 conf-users

alias qmaild qmaill root qmailp qmailq qmailr qmails The s/qmail system is heavily partitioned for security; it does almost nothing as root.

Note: The user accounts will be by default created with no valid shell, thus can not be used for login. I recommend to use a dedicated Unix user for administrative purpose, eg. sqmaster and with assigned secondary group sqmail.

1.3.2 conf-groups

sqmail nofiles The s/qmail groups: sqmail is used for binary and man files; nofiles for auxiliary files.

1.3.3 conf-ids

# sqmail Unix group-ids and user-ids # Change ids on your own behalf; # sqmail user names require change of conf-users in addition # 2108:nofiles:sqmail group for auxiliar files: 2109:sqmail:sqmail group for binary files: # 7790:alias:sqmail Alias user:nofiles:alias 7791:qmaild:sqmail Daemon user:nofiles 7792:qmaill:sqmail Log user:nofiles 7793:qmailp:sqmail Password user:nofiles 7794:qmailq:sqmail Queue user:sqmail:queue 7795:qmailr:sqmail Remote user:sqmail 7796:qmails:sqmail Send user:sqmail 7797:sqmtls:sqmail TLS user:nofiles

Note: For the alias and the queue user, the last token denotes the (relative) directory path.

1.4 s/qmail ids setup-script

In order to make changes effective, you need to run the script:

which will raise the respective user and groups automatically for *BSD or Linux systems. Other Unix OS may require to set up those accounts manually. Once they exist, the script respects your settings and will leave them untouched.

Now changes in the conf-XX become effective for the s/qmail sources in case you recompile the binaries.

1.5 s/qmail limitations

s/qmail behaves as several users in the Unix OS. Thus, it posses a set of limitions originating from the OS default user settings:

The resources of the s/qmail daemons might be restricted by means of the softlimit program as part of Daemontools. By aware, that memory settings might cause an abend (signal 11) of the respective daemons, once the daemon requests more memory.

1.5.1 Performance improvements

s/qmail is limited by

The configuration files

provide the basic settings for improvements. Given the number of directories in conf-split their population at any time should be less then 1000 files which corresponds roughly to √N where N is the number of emails per day.

Most OS provide the possibility to put transient though persistent data on a RAM disk. Use this for log data and AV scanner artifacts.
Use SSD disks to improve the throughput of the s/qmail queue. In case s/qmail In addition, the filesystem can be mounted 'noatime'. Regarding network resources you can attach several IPv4/IPv6 addresses to qmail-smtpd and in addition binding qmail-remote to different IP addresses per domain; in particular setting up a particular Bounce IP address.

1.5.2 BigToDo and Ext-ToDo

s/sqmail comes by default with two none-vanilla standard extensions:

  1. The queue directory todo is now splitted in serveral directories given by conf-spltt allowing very many files in state 'todo' to stat more efficient.
  2. An additional process called qmail-todo pioneered by Andre Oppermann for his qmail-ldap fork. This makes s/qmail responsive even under high load and avoids what is called the 'Silly Qmail Syndrom'.

The interaction between the qmail daemon processes while running has been drawn by Andre in the following diagram (which I shamelessly stole):

Figure: The interrelationship among qmail-queue, qmail-todo, qmail-send, and qmail-clean.