Posts Tagged ‘QmailRocks’

How to speed up qmail qmail-smtpd response time on QmailRocks Thibs based install

Saturday, October 6th, 2012

I have recently installed Qmail following the Updated Debian QmailRocks Thibs Install

The qmail is configured just like Thibs points out the server was configured to a run qmail-smtpd script together with DJB’s Daemontools

I’ve figured out today connecting to the newly install Qmail host with telnet, using:

qmail:~# telnet 25
Connected to
Escape character is '^]'.
220 This is Mail ESMTP

Does a few seconds delay until my configured qmail greeting shows up. This is not a a deadly problem, but the delay itself might have a negative influence and make the host look like a spammer host to someone, hence I took few seconds to find a way to reduce this SMTP port connection delay.

The mail server responds on port 25, using qmail-smtpd so it was logical delay is caused somewhere by /service/qmail-smtpd/run (which actually links to /var/qmail/supervise/qmail-smtpd/run).

I did a quick review of /var/qmail/supervise/qmail-smtpd/run and found two lines that possibly create unnecessery delay, cause on each and every Port 25 connection request from repote SMTP server /usr/bin/head and /usr/bin/which are executed.
Here are two lines in /service/qmail-smtpd/run, I refer to:

LOCAL=`head -1 $VQ/control/me

(located on line 34)


TRUE=`which true`

located on line 116

The script was smartly written as planned to run on multiple Linux distributions. However since QmailRocks Thibs guide and my particular case needs to run on Debian Linux I think this is totally waste of system CPU time.

Therefore I substituted above two lines with:



I checked in /var/qmail/control/me I have only my primary mail server host defined, cause otherwise this changed could pose random mail server errors:

qmail:~# wc -l /var/qmail/control/me
1 /var/qmail/control/me
qmail:~# cat /var/qmail/control/me

An updated version of /service/qmail-smtpd/run script you can download from here

If you don’t want to temper manually edit the script the quickest way is to overwrite old script with changed one, i.e.:

qmail:~# cd /var/qmail/supervise/qmail-smtpd
qmail:/var/qmail/supervise/qmail-smtpd# wget -q
qmail:/var/qmail/supervise/qmail-smtpd# mv qmail-smtpd-daemontools-run run

To test connection time delay afterwards, you can use:

# time (echo HELO localhost | telnet 25)
Connected to
Escape character is '^]'.
Connection closed by foreign host.
real 0m0.070s
user 0m0.004s
sys 0m0.000s

Well still there is a connection delay – it is not so quick as, but now connection response delay is better. For sake of comparison here is same test with Google’s SMTP:

$ time (echo HELO localhost | telnet 25)
Connected to
Escape character is '^]'.
Connection closed by foreign host.
real 0m0.017s
user 0m0.004s
sys 0m0.000s

BTW a bit of time delay sometimes, can have a positive impact against spammers, as it can reduce a bit the amount of spammer mail servers connecting to the host. So i’m not sure if being 4 times slower in connection than Gmail is necessery bad 🙂

How to fix “sslserver: fatal: unable to load certificate” Qmail error on GNU / Linux

Friday, October 14th, 2011

After setupping a brand new Qmail installation following the QmailRocks Thibs Qmail Debian install guide , I’ve come across unexpected re-occuring error message in /var/log/qmail/qmail-smtpdssl/ , here is the message:

@400000004e9807b10d8bdb7c command-line: exec sslserver -e -vR -l -c 30 -u 89 -g 89
-x /etc/tcp.smtp.cdb 0 465 rblsmtpd -r -r -r -r qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1
@400000004e9807b10dae2ca4 sslserver: fatal: unable to load certificate

I was completely puzzled initially by the error as the sertificate file /var/qmail/control/servercert.pem was an existing and properly self generated one. Besides that qmail daemontools init script /service/qmail-smtpd/run was loading the file just fine, where the same file failed to get loaded when sslserver command with the cert argument was invoked via /service/qmail-smtpdssl/run

It took me quite a while to thoroughfully investigate on what’s wrong with the new qmail install. Thanksfully after almost an hour of puzzling I found it out and I was feeling as a complete moron to find that the all issues was caused by incorrect permissions of the /var/qmail/control/servercert.pem file.
Here are the incorrect permissions the file possessed:

linux:~# ls -al /var/qmail/control/servercert.pem
-rw------- 1 qmaild qmail 2311 2011-10-12 13:21 /var/qmail/control/servercert.pem

To fix up the error I had to allow all users to have reading permissions over servercert.pem , e.g.:

linux:~# chmod a+r /var/qmail/control/servercert.pem

After adding all users readable bit on servercert.pem the file permissions are like so:

linux:~# ls -al /var/qmail/control/servercert.pem
-rw-r--r-- 1 qmaild qmail 2311 2011-10-12 13:21 /var/qmail/control/servercert.pem

Consequently I did a qmail restart to make sure the new readable servercert.pem will get loaded from the respective init script:

linux:~# qmailctl restart
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.

Now the annoying sslserver: fatal: unable to load certificate message is no more and all works fine, Hooray! 😉