Preparing an OpenBSD install for qmail.


This article will not go into the details of installing qmail on OpenBSD simply because there is nothing OpenBSD specific about the qmail install. Just read the install guide.

What about ports and packages?... No. not for qmail. qmail is magic. It requires it's own treatment and if you do it that way you will have a very powerful and reliable mailserver. And it's good you know something about the inner details that you will miss if you use a package.

At the moment of speaking my install is from 2.8. My first OpenBSD install, more than three years old and in all that time I never had to do anything with qmail except a recompile twice, once for a major libc update and once for the a.out -> elf update. No exploits and no updates and no patches no problems with queues and no security breaches. nothing, nada niente niets nichts. So you better make something that is worthwile. Because you may regret it in three years.

This document is also not intended to tell you how to install OpenBSD. In my humble opinion the OpenBSD install is the most sane and simple install available in the Unix^H^H^H^Hworld. And the installation procedure is very well documented.

This document is about the big picture. So zoom out and lets talk strategy here.

Both qmail and OpenBSD have a common goal and that is reliability. To maximize that reliability both go in absurd details about security from power-failures to cracking attempts.

The difference between qmail and OpenBSD is that qmail works with very unconventional methods and OpenBSD uses very conventional methods. That's why both main authors, Dan J. Bernstein and Theo de Raadt probably hate each others guts. Silly fanatics.

The main issue will be partitioning. I will assume you are using one dedicated 10GB harddisk.

Here is what the partitions will look like

device            mountpoint        size
/dev/wd0a         /                 100 Mb
/dev/wd0b         swap              100 Mb
/dev/wd0c         *whole disk*
/dev/wd0d         /tmp              100 Mb
/dev/wd0e         /usr                1 Gb
/dev/wd0f         /var              200 Mb
/dev/wd0g         /var/qmail         20 Mb
/dev/wd0h         /var/qmail/queue  500 Mb
/dev/wd0i         queue backup      500 Mb
/dev/wd0j         /home             rest of hd

And here is the matching /etc/fstab

# device          mount point      fs      fs options                      dump    fsck
/dev/wd0a         /                ffs     rw,softdep                      1       1
/dev/wd0d         /tmp             ffs     rw,nodev,nosuid,softdep         1       2
/dev/wd0e         /usr             ffs     rw,softdep,nodev                1       2
/dev/wd0f         /var             ffs     rw,nodev,nosuid,softdep         1       2
/dev/wd0g         /var/qmail       ffs     rw,nodev,softdep                1       2
/dev/wd0h         /var/qmail/queue ffs     rw,nodev,nosuid                 1       2
# /dev/wd0i       /var/qmail/queue ffs     rw,nodev,nosuid                 1       2
/dev/wd0j         /home            ffs     rw,softdep,nodev,nosuid         1       2

And now for some explanations to this rather bizar partition layout: First we have our default layout of /, swap, /tmp, /usr, /home and /var. But then the fun begins with the three partitions for qmail.

Why not just one partition in /var? Well quite simple, here is where the biggest conflict in opinions of Bernstein and de Raadt lies. And this is the way to make sure they both are right.

Traditionally /var is the partition with, quoting man hier:

 ``Multi-purpose log, temporary, transient, and spool files.''

Of course this excludes binaries and especially suid stuff. But Bernstein wanted to make qmail portable and supportable on any *nix system. To solve various problems he choose to install qmail in /var.

Luckily we mortal users can mend all this by making two extra partitions. As you can see in the fstab ``fs options'' everything is being thought off.

And now the two partitions for the queue on which softdep, the pride and joy of OpenBSD, is not enabled.

The queue is where all undelivered mail is stored. You should consider the queue as sacred. softdep is a great method to increase hd-performance at the cost of a minor decrease in reliability. Check the mailinglist-archives for details.

But for our sacred queue reliability is more important than anything in the world. Thats why I suggest you also make an extra empty partition you can use as a backup in case something evil happens to the first. Yes, that sacred.

Valid HTML 4.01!