qmail

ezmlm-web

ezmlm-web is a web interface for the administration of ezmlm mailing lists.

Howto avoid being "cut off" by spamhaus.org

As you probably know spamhaus limits your smtp and DNS traffic (http://www.spamhaus.org/organization/dnsblusage/ for more info) and in case of big servers this can be a serious problem.

Luckily, Costel Balta sent me a solution to the problem that I'm going to paste below. In short, he suggests to dinamically create firewall rules via iptables (or better shorewall) to avoid connections from suspicious IPs in order to decrease the number of requests to the RBL lists of about 80%.

ipsets and swatch are also needed to manage iptables rules and scan your logs respectively.

A big thanks to Costel Balta for the following tutorial; this is not the first time that he posts an original idea.

qmail, spf and IPv6

Today Erwin Hoffmann has released his ucspi-tcp6 v. 0.99. The current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you use his fix to the qmail-spf patch (my combined patch already has this adjustment to spf).

Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also substancial modifications which get SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from http://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/

Adjusting the tcprules files for qmail

This is my tcprules file:

> more /home/vpopmail/etc/tcp.smtp

0.0.0.0:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
10.0.0.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
127.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
:allow

As you can see, the localhost, the internal subnet 10.0.0., and the external server's IP are allowed to use the MTA as a relay (RELAYCLIENT=""), and does not face a GREETDELAY.

All other clients are allowed to send us emails (allow:), will face a GREETDELAY specified in the qmail-smtpd run script, and are not allowed to use our MTA as a relay.

Testing ESMTP-SIZE patch for qmail

The patch allows the qmail-smtpd to reject the message if it's too big according to its accepted databytes before it has been received.

Setting up rblsmtpd

NB: you can skip this page if you decided to use qmail-dnsbl instead


 

A Realtime Blackhole List (RBL) is a list of addresses that an RBL list supplier believes are a source of Spam.
rblsmtpd blocks mail from RBL-listed sites. It works with any SMTP server that can run under tcpserver.

qmail-smtpd's run script is already set to run rblsmtpd before qmail-smtpd. The following lines are related to rblsmtpd (others are omitted):

# This enables greetdelay anti-spam functionality on rblsmtpd
export GREETDELAY=15

# This disables rblsmtpd reject
#export RBLSMTPD=""

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \
    /usr/local/bin/tcpserver -v -H -R -l 0 \
    -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
    /usr/local/bin/rblsmtpd -W \
        -b -r zen.spamhaus.org \
        -b -r bl.spamcop.org \
    /var/qmail/bin/qmail-smtpd 2>&1

Configuring qmail

Defining alias and control files

echo 3 > /var/qmail/control/spfbehavior
echo "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" > /var/qmail/control/defaultdelivery
echo 20 > /var/qmail/control/concurrencyincoming
echo postmaster@yourdomain.net > /var/qmail/control/bouncefrom

qmail-taps-extended

The qmail-taps-extended patch by Inter7 (extension by Michai Secasiu) provides the ability to save each email which flows through the system. You could decide to log only the messages which have the From or To address set to a local account.

You just have to create a new control file /var/qmail/control/taps which contains a regex style list of addresses to tap and the email address of where you want the copy sent to.

Examples:

Realtime Blackhole List (RBL) - qmail-dnsbl

Pages