It has a few mild security options by default as evident in the settings file example below. It will only accept connections from certain marked IP addressess, on a certain port. By default this will be the localhost on the normal http port. It is a setuid program, i.e. the program needs to be installed 4755 permissions and owned by the user who controls qmail. This makes it a big security risk, you have been warned. It would be best if using over an insecure channel to use a tunnel with password protection (Tunnel the Qmail Control session through a secure connection). It does however make a couple of checks. i.e.
- checks valid IP addressess
- qmailctl.conf access writes and ownership
- port number checking
This is created on first use. e.g.
# qmailctl.cgi <ver> # qmaildir=/var/qmail/ qmaillockdir=/var/lock/subsys/ servicedir=/service/ relayfile=/etc/tcp.smtp relaydb=/etc/tcp.cmtp.cdb user=root ip=127.0.0.1 port=80 # optional # email=root@localhost theme=green spleen fontsize=85The user line must be set to the user who can control qmail. /etc/qmailctl.conf must also be owned by this user and set to 644 permissions. e.g. if the user to control is root as above.
chown root /etc/qmailctl.conf chown root /usr/lib/cgi-bin/qmailctl.cgi chmod 644 /etc/qmailctl.confIf these conditions are not met, qmailctl.cgi will just display an ACCESS DENIED message and email the web servers administrator or the email address in the configuration file with an appropriate message.
Features:
Color schemes for those that appreciate whimsy with fontsizing.
Display qmail man files in the page
Uses version 1.30.0 of jwCGI http://sourceforge.net/projects/jwcgi/
To install jwCGI
tar -xvzf jwcgi-<version> cd jwcgi-<version> ./configure make make installdownload Qmail Control
To unpack/compile/install:
tar -xvzf qmailctl-<version> cd qmailctl-<version> ./configure --bindir=path to cgi-bin e.g. ./configure --bindir=/usr/lib/cgi-binIf you do not use qmail-pop3d comment out the usePOP3D define near the top of the qmailctl.cpp file with a double slash "//"
i.e. // #define usePOP3D
Now compile the program.make make install make suidIf you wish the qmailctl.cgi program to actually control qmail the last make suid will have to be run. Now use your web browser to browse to http://<yourserver>/<your cgi-bin>/qmailctl.cgi
On first use qmailctl.cgi will 'try and write the file' /etc/qmailctl.conf. If this is not where you want the file just change the qmailctlconf variable in globals.h before compilation. If there is an error, e.g. the permissions are wrong on qmailctl.conf, qmailctl.cgi will report an error and try and mail the web servers admin (or the user placed in the email= setting in qmailctl.conf) an appropriate message using qmail-inject.
I set up my qmail mail server following the excellent LifeWithQmail.org website or try my instructions based on this website.
To download the awesome qmail server and its supporting programs visit D.J Bernstein's site http://cr.yp.to/qmail.html.
Why am I using qmail rather than sendmail. The configuration makes more sense (please note, not the setup of the qmail server as this is way more difficult than sendmail). What goes in the configuration files is intuative, nothing like sendmail.cf which is an 'insert expletive here'. Note for flamers (email to send flames to: [email protected] grin), I am not saying sendmail sucks I am saying that changing its settings using its command line & configuration file is nothing like as easy as qmail even with m4. Oh, did I forget to mention D.J Bernstein's security guarantee.