Will McDonald wrote:
This doesn't run unmodified Qmail, it's the Qmail patchset from Qmailtoaster built into packages but I mangle the SPEC a little to remove the MySQL requirement and customise a few bits and bobs.
And, as I said this is "Qmail listening on localhost only for the very final Maildir delivery after messages have been dealt with by MailScanner and Sendmail".
Incoming Sendmail is configured to use a list of valid RCPT TO addresses via LDAPROUTE_DOMAIN_FILE and the ldap_routing FEATURE. This is for mail traffic from the internet so anything attempting to deliver to an invalid RCPT TO gets dropped sharpish.
Outgoing Sendmail (which delivers to Qmail for local deliveries) is configured using relay_mail_from and a list of valid addresses in the access map which isn't ideal but I have a lot of legacy reasons for having things the way they are. It's open to some abuse but only from a very limited set of internal users and the alternatives, SMTP-AUTH isn't feasible under the restrictions we're under. :o\
I will have a look at using Procmail or Postfix as you and Feizhou have mentioned as we're rebuilding a couple of these servers currently.
Will.
I personally still don't see any need to drop qmail per se, but everything you're doing should be completely functional under one MTA.
That whole sendmail --> qmail --> sendmail sounds like bandaids upon bandaids, piled on top of bandaids to me. I mean, yeah, it works, but rebuilding that application from functional spec is fairly trivial, fairly easy to implement, and will greatly reduce the complexity of your architecture.
In our case, we use qmail because:
A) It satisfies all of our particular requirements.
B) We have a custom MySQL authentication/delivery process that was written in house. Although at this point, there's no cat left there, either.
C) We do more than just email with our setup. Our MySQL authentication drives a bunch of other applications, so unless we want to build everything back out from scratch, we're do it like so.
That being said, while there's things I'd replace in the application infrastructure, qmail's probably not one of them. Everything I know about mail and SMTP pretty much, I learned from qmail, qmail-related documentation, or pointers to more complete documentation I probably wouldn't have looked at had I not been referred to them in a roundabout way from qmail.
Peter