[jlgaddis]

Damn, it's been nearly 20 years since qmail 1.03 was released (June 1998)? It sure doesn't seem like that long!

I recall setting up qmail "toasters" on FreeBSD to do virtual hosting. Maybe I was just too much of a "n00b" but I remember it being a big PITA to get all the services to play well together. There was this hip new outfit named Yahoo! that was using it for their new webmail service, though -- as opposed to sendmail, which pretty much every MTA on the Internet used at the time (and I was proficient enough with sendmail that I would edit my sendmail.cf by hand; pffft, who needs m4!?) -- so I assumed it was certainly capable of handling my volume of mail. (I wasn't running authoritative DNS servers at the time or I probably would've used djbdns over BIND as well.)

qmail, unfortunately, never did become too popular (relatively speaking, of course) and that's really a shame, because, as the quote in the article says:

> "We need invulnerable software systems, and we need them today, ..."

While that was certainly true then, it's even more true now.

On a side note, I'm surprised that the "qmail security guarantee" [0,1] wasn't mentioned in the article:

> "In March 1997, I took the unusual step of publicly offering $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. I hereby increase the offer to $1000."

[0]: https://cr.yp.to/qmail/guarantee.html

[1]: https://cr.yp.to/qmail/qmailsec-20071101.pdf (PDF)

[geocar]

> qmail, unfortunately, never did become too popular

At one point, it was the second most popular MTA on the Internet. What pray tell would "too popular" look like?

> I remember it being a big PITA to get all the services to play well together.

When you were thinking about qmail correctly, it was an absolute pleasure to get everything to work together. Promise. Yet whilst the documentation was correct, it probably wasn't very good from the perspective of helping people think about it correctly. André Oppermann[1] (and perhaps Dave Sill[2]) did a much better job of this, so when they came available I would usually have pointed people there and see what kinds of questions they still had.

[1]: http://www.nrg4u.com/

[2]: http://www.lifewithqmail.org/lwq.html

[zakki]

qmailtoaster.org maintained by Eric Broch remains updated regularly. The installation process is easy and you get current email server ‘requirements’ installed as well, i.e. spam filter, dkim, active sync, etc.

[SwellJoe]

While qmail has faded in popularity as it has been sporadically maintained by a random bunch of folks over the years, there has been at least one other MTA written by someone with excellent security cred, and that has been continually maintained and has an excellent security record. We don't really need to mourn what could have been with qmail; we have Postfix, and it's really very good.

[JdeBP]

Making a world-readable, world-searchable, and world-writable drop directory because of a decision to have no set-UID and set-GID executables in Postfix, even appropriate ones; failing to learn the even then well-known lessons of the batch job (at), UUCP, and printing (lpr) subsystems when it comes to world-accessible input directories; was a fairly large blot.

* https://cr.yp.to/maildisasters/postfix.19981221

* https://cr.yp.to/maildisasters/postfix.html

* https://groups.google.com/forum/#!msg/mailing.postfix.users/...

[jlgaddis]

Yep. With a few exceptions, Postfix is the MTA I've used pretty much everywhere for the last 10 years or so.

[djsumdog]

I remember qmail being the first MTA to really push Maildirs. I ran qmail personally back then on my Linux fom Scratch, but I also was a student lab admin and I think on our student e-mail server, we still ran sendmail at the time, on good old Redhat (back before it was split into RHEL and Fedora).

Software like qmail and the dev file system at the time really rubbed a lot of people the wrong way because of the drastic design changes they push. I'm glad that particular dev file system died as it had a lot of weirdly named nodes and a devfs daemon that had to run to create symbolic links to all the known names.

[zAy0LfpBZLC8mAC]

Well, Maildir was invented by djb ;-)

[arca_vorago]

DJB is probably one of my favorite people in the tech world. Ever since I read about the court case he won against the US government while representing himself, he's been a sort of hero of mine.

[oblio]

That's quite impressive, but Wikipedia says that case was dismissed: https://en.wikipedia.org/wiki/Bernstein_v._United_States

[tinus_hn]

The rules he was challenging had changed so what he wanted to do was no longer against the rules. His case was that the rules did not allow him to do something that was allowed by the constitution. As that situation no longer existed the case was dismissed.