########### ### WHO ### ########### This patch was written by Scott Gifford . The design and much of the code for supporting "notipme" was contributed by Charles Cazabon . ############ ### WHAT ### ############ This patch may be necessary in some configurations that involve network address translation or port forwarding. It prevents a problem caused by an MX or other mail routing directive instructing qmail to connect to itself without realizing it's connecting to itself. When this happens, it accepts the message, finds out where to deliver it to (itself), and promptly reconnects to itself to deliver the message. Eventually, when it has done this 20 or 30 times, it will give up and bounce the message, but not before sucking up all of your CPU while it's happening. It may also be useful in some configurations that have multiple qmail servers configured on different interfaces of the same system. qmail will normally refuse to deliver mail by SMTP to the machine it's running on, but with multiple copies of qmail, you may want to prevent this behavior. Normally, qmail can detect what IP addresses refer to itself by getting a list of all network interfaces with IP addresses from the operating system. It uses this list to determine whether connecting to an address will cause it to connect to itself, and avoid the situation (it calls the perm_ambigmx() function, which prints the message: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) But in situations where the OS is not aware of all IP addresses that connect back to itself, this detection fails, causing the CPU-sucking phenomenon described above. This can happen if there is a network address translation device in front of the qmail server, such as a load-balancer or a router which allows you to share one IP address among several machines; if there is a port forwarder forwarding connections from some other machine to the SMTP server on the qmail server; or in configurations where a "dumb" mailserver is configured to use your qmail server as a "smarthost", delivering all mail to it without inspection. To solve this, other IP addresses which will ultimately connect back to your machine can be added to the file "control/moreipme", one per line. qmail will treat all addresses in this file exactly as if they were local, and if it finds an MX record or other mail routing information which would cause it to connect to any of these addresses, it will call perm_ambigmx(), and print the above error message. Additionally, IP addresses which the system detects but which should *not* be treated as local can be removed from qmail's ipme list by adding them to the file "control/notipme". IP addresses can be specified as individual addresses in the usual dotted-quad format, or as entire networks using a slash followed by the full dotted-quad netmask: 127.0.0.1 127.0.0.1/255.255.255.255 127.0.0.0/255.0.0.0 10.0.0.0/255.255.255.0 An individual address is treated exactly like a network with a mask of 255.255.255.255. Addresses of interfaces found on the system are added with their individual addresses. In addition, these addresses are implicitly added: 0.0.0.0 127.0.0.0/255.0.0.0 So the list of system addresses (the "ipme" list) is, in order, 127.0.0.0/255.0.0.0, 0.0.0.0, then all actual interfaces on the system in the order they are reported, then the contents of the "moreipme" file. The list of excluded addresses (the "notipme" list) is just the contents of the "notipme" file. If an address appears in both the ipme list and the notipme list, the entry with the longest netmask wins. If the netmask lengths are the same, notipme wins. For example, if the ipme list has 127.0.0.0/255.0.0.0 and notipme has 127.0.0.2, then 127.0.0.2 will not be considered me because the entry in notipme has a 32-bit mask. If the notipme list has 127.0.0.0/255.0.0.0, all of 127.* will not be considered me. You can run the program "ipmeprint" from the source directory to see what interfaces qmail is detecting or finds in moreipme. You can run the program "ipmetest" from the source directory to test your configuration. It takes as its first and only parameter an IP address to test, and prints either "me" or "not me". ########### ### HOW ### ########### To apply the patch, download and save it somewhere, then cd into your qmail source directory. For stock qmail, download qmail-1.03-moreipme-0.6.patch then run: cd qmail-1.03 patch -p1