Dec 24 2008
Qpsmtpd FAQ
Life is easier since we use qpsmtpd. So we want to write some little tips about it.
- How to queue messages ?
The easiest way to queue messages is use qmail-queue, but if you don’t have qmail, use your actual mail server in localhost and plugin smtp-forward:
queue/smtp-forward 127.0.0.1 25
Don’t forget to accept all mail from localhost and remove spam and antivirii from your mail server. Now your mail server is acting as MDA. Let qpsmtpd do all filters (antispam, antivirii, …).
- Auth plugins
Try to use standard method like smtpd or imap. It will allow you to change any piece of software whenever without affect your qpsmtpd setup.
auth/auth_imap 127.0.0.1 993
auth/auth_smtpd 127.0.0.1 25
- Check valid rcptto
Maybe the most important plugin to avoid dictionary attacks. There are scripts to extract valid users from qmail installation: John M. Simpson has some scripts to dump all users to a cdb file. Link
But if you don’t have qmail you have to do two things in order to have qpsmtpd workproperly:
- Dump all domains into config/rcpthosts file. Use shell or perl scripts.
- Dump all valid users into validrcptto.cdb file. Don’t forget this file is a cdb. There are tools (like cdbmake) to help you to build a cdb file. Send the valid list to a pipe like this :
E.g.: perl getValidUsers.pl |/usr/local/bin/cdbmake-12 /opt/qpsmtpd/config/validrcptto.cdb /opt/qpsmtpd/validrcptto.tmp
And you will have a validrcptto.cdb file. Be careful and don’t forget mailing lists!!!.
When you have the file generated add this line:
check_validrcptto_cdb /opt/qpsmtpd/config/validrcptto.cdb -
before rcpt_ok plugin
- How to stop mails from an address to a valid users.
Use this plugin: check_badmailfromto
Create a file (config/badmailfromto) with two columns: from to (separated with ab)
That’s all. Easy as qpsmtpd.
- How to accept mails from a relay client.
First of all be sure the relay client is a trust client. To accept all mail from the ip, include the ip in config/relayclients file. But the best way to do it is authenticate the client via standard method.
- How to accepts mails from servers that don’t use rfc.
Strange?, not at all. We are in Spain where an official mail server (Seguridad Social) doesn’t respect rfc. So we had to remove rhsbl plugin from our config.
- How to avoid spamassassin for relay clients.
Just add this lines in hook_data_post method, after this line:
return (DECLINED) if $transaction->data_size > 500_000;
The code:
…
if ( $self->qp->connection->relay_client ) {
# failsafe
$self->log(LOGALERT, “Allowing relay client past spamassassin”);
return (DECLINED);
}
…
So, if it is a relayed client it doesn’t send the message to spamassassin daemon. Continue Reading »