Welcome to NRG4U

André Oppermann

The big qmail picture
The big qmail picture Page [ 1 | 2 | 3 | 4 ]
(each 47K, GIF, 19980814 V1.03)

The big qmail picture
(271K, PowerPoint95, 980814 V1.03)

The big qmail picture in A4 paper size
(~100-180K, 980814 V1.03) in
color PS / PDF or
black&white PS / PDF (for printing)

The big qmail picture in US letter paper size
(~100-180K, 980814 V1.03) in
color PS / PDF or
black&white PS / PDF (for printing)
New: Fix Versign Breakage for standard qmail and for for qmail-ldap (Updated 20030916!). With this patch we treat wildcard responses (*.com) from the GTLD servers as NX_DOMAIN, like the DNS system did before Verisign broke it for us all. To the hell with these greedy bastards!

New: silly qmail syndrome patch (Updated 20030105!), See graphs without and with patch.

New: tcpserver SSL/TLS patch (Updated 20050405!), put SSL/TLS encryption directly into tcpserver.

New: The big qmail-ldap picture as pdf, five pages packed with information! See how all those things fit together.

What qmail-ldap is: (Updated 20120221)

An add-on to stock qmail-1.03 to get all user account information from an LDAP database. It primary target are mail servers POP toaster with huge numbers of users (from thousands up to millions) which are usually found at ISPs and Enterprises.
These millions users are actually true and confirmed! qmail-ldap is in full production use at many large ISPs and Enterprises.

Some of it's greatest features:

  • Users and virtual domains in an LDAP database
  • No local accounts needed
  • Perfect for ISP's to build POP toasters
  • Native mail server clustering
  • Supports size quotas on user maildirs
  • Automatic creation of home- and maildir's
  • Handles replies with new qmail-reply
  • Extensive logging in qmail-smtpd and qmail-pop3d
  • Supports tarpitting (based on a patch by Chris Johnson)
  • Supports OpenLDAP 2.x, Novell NDS
  • Includes extensive Antispam-Features
  • Supports automatic maildir creation when the first mail arrives
  • Support for SHA, SSHA, MD5, SMD5, MD4 and RIPE-MD160
  • Support for NS-MTA-MD5 encrypted passwords used by Netscape Mailserver up to version 2.xx (and later if you simply upgraded).
  • It also supports the password format used by Software.com's Post.Office
  • Support for TLS (SSL) encrytion of SMTP mail transport (based on a patch by Frederik Vermeulen)

The qmail-LDAP documentation is here.

This is the thirtynineths 'official' release of qmail-ldap, grab the diff here (release qmail-ldap-1.03-20120221) and please direct all questions to the qmail-ldap mailing-list qmail-ldap@qmail-ldap.org. This is my email address.
A mailing list for discussion of this patch is available, send mail to qmail-ldap-subscribe@qmail-ldap.org

An updated qmail-ldap release is now done on the first of every month.
These updates include bugfixes and feature enhancements (see QLDAPNEWS in the patch for more information).

If you need a previous patch you can get it here together with even more older stuff.

Note: This is NOT point-and-click-and-then-it-works ware!
You should have fairly good prior knowledge of qmail and LDAP.


Traditional AS-based server multi-homing is a burden to the global Internet routing system because of excessive AS number consumption and non-aggregated prefix growth. Many times AS-based multi-homing is not the right solution for the customer needs but the only one available.

This document describes a method and a protocol for doing AS-less and PI IP-less server multi-homing with multiple ISP’s by assigning multiple IP’s to the customers servers and using the topology information contained in the global BGP routing table to sort the multiple DNS resource records by nearest first relative to the requestor.

Here is the draft RFC as of 15. January 2002: draft-oppermann-BGPDNS-00.txt
(Note: this is still being worked on, contact me for comments and suggestions)

Presentation at RIPE41 meeting:

BGPDNS patch to DJBDNS tinydns (djbdns-1.05-bgpdns-20020115.diff)
BGPDNS patch to ZEBRA bgpd (zebra-0.92a-bgpdns-20020115.diff)
(Note: These implementations do fully work and are stable but do not yet fully implement the current RFC draft which is more advanced)