Well, I figured out how to run qmail as a non-root user. I am posting my
experiences here in the hopes that it will help someone in the future.
Thanks to those who helped point me in the right direction, and also those
who said it couldn't be done, which sort of encouraged me to do it. :)
WHY NON-ROOT?
=============
If you need a high performance send-only MTA for sending mail to a large
mailing list, but are using a shell account on a system on which you have
no root access.
I don't think qmail could be used to *receive* mail in this case (except
that it can send postmaster bounces to you), since it would be running on
a non-standard port.
MY SITUATION
============
I have a shell account with a webhosting company that allows daemons to be
run in the background. I need to host a mailing list here, but the
sendmail MTA that they provide me with delivers the messages too slowly
(it's a discussion list with 3000 subscribers).
Solution: Run qmail on port 2525. Listar (my mailing list software) still
receives mail from sendmail on port 25, but uses qmail to distribute the
messages to the list members.
CONCISE SUMMARY
===============
For those already familiar with running qmail (as root), I'll just give a
quick terse description of what you need to do:
* Edit conf-qmail and specify a writable directory to install in.
* Replace the usernames in conf-users with your username.
* Replace the group names in conf-groups with your group name.
* Edit prot.c, putting "return 0;" at the beginning of the prot_gid and
prot_uid functions so it doesn't call setuid and setgid.
* Install ucspi-tcp and daemontools. You'll need multilog (since you can't
write to the syslog), and tcpserver (to have qmail listen on a port).
* Install qmail as normal, but set it up to work with multilog and
tcpserver.
THE SOLUTION
============
Anyway, here's how to compile qmail when you're not root:
Untar the qmail tarball. cd into the directory where it untarred.
Edit conf-qmail and change /var/qmail to a directory that you can write
to. I used /usr/home/pmak/var/qmail (/usr/home/pmak is my home directory).
I will assume that you used $HOME/var/qmail for the rest of these
instructions.
Edit conf-users and replace all the usernames (the first 8 lines) with
your username.
Edit conf-groups and replace all the group names (the first 2 lines) with
the name of the group that your username is in.
mkdir $HOME/var/qmail
Edit prot.c, inserting "return 0;" at the beginning of the prot_gid and
prot_uid functions. This will prevent qmail from trying to change the
userid/groupid (which would fail because you're not root).
Now compile and run the configuration:
make setup check
./config
Setup your alias files (normally you'd do this in the home directory of
the "alias" user; in this case you ARE the alias user):
cd ~
touch .qmail-postmaster
touch .qmail-mailer-daemon
touch .qmail-root
chmod 644 .qmail*
cd $HOME/var/qmail
cp boot/home rc
Edit the "rc" file so that the last line says:
qmail-start ./Mailbox multilog /usr/home/pmak/var/log
replacing /usr/home/pmak/var/log with a directory you want to write your
logs to.
Install ucspi-tcp and daemontools
(see http://www.lifewithqmail.org/lwq.html#download). Read their README
files to find out how to install them in a non-standard directory (since
you're not root).
Now just start the qmail daemon:
csh -cf '$HOME/var/qmail/rc &'
Configure tcpserver so that it can relay mail for the IP address that you
need to (see http://www.palomine.net/qmail/selectiverelay.html). Specify
the IP address, not the hostname of the host.
Start tcpserver to listen to a port for receiving mail from:
$HOME/usr/local/bin/tcpserver -H -P -R -l 0 -x$HOME/etc/tcp.smtp.cdb
localhost 2525 $HOME/var/qmail/bin/qmail-smtpd &
-H -P -R -l 0 tells qmail not to perform DNS lookup on remote connections,
which speeds things up quite a bit.
2525 is the port which tcpserver will listen on; you can change that.
If everything went well, you now have a functional SMTP server running on
port 2525. Any host that's listed in $HOME/etc/tcp.smtp can queue mail to
that SMTP server and have it delivered for it.
-Philip Mak ([EMAIL PROTECTED])
