[CentOS] qmail on CentOS 4.4

Tue Feb 6 08:35:19 UTC 2007
Will McDonald <wmcdonald at gmail.com>

On 06/02/07, Les Mikesell <lesmikesell at gmail.com> wrote:
> Will McDonald wrote:
>
> >> <flame war>
> >> So... the patch upgrades qmail to postfix?
> >>
> >> /runs
> >
> > Meeeoow! :)
> >
> > I HAVE to run Qmail because it's a legacy requirement. If I could find
> > something with similar virtual domain and Maildir support (and for all
> > I know Postfix or Exim may provide these) and a nice transition path
> > I'm stuck with it.
>
> Doesn't everything do virtual domains these days?  Sendmail has had them
> for ages, although perhaps not quite the same way.  And everything that
> can use procmail for delivery (the default for sendmail in Centos) can
> deliver to maildirs.
>
>
> > And let me throw in to the ring, there's a nicely RPM packaged Qmail
> > package conglomerate at http://www.qmailtoaster.com/ And we all know
> > that packages are the way ahead, right? :)
> >
> > Complete with CentOS instructions
> > http://www.qmailtoaster.com/centos/cnt40/EZ-QmailToaster-CentOS-4.3.txt
> >
> > Personally, I hack around with the SPECs before building to strip out
> > the MySQL and other features and just use Qmail listening on localhost
> > only for the very final Maildir delivery after messages have been
> > dealt with by MailScanner and Sendmail, then Courier and VPOPMail for
> > POP3 and IMAP.
>
> It's a very bad idea to let an unmodified qmail accept mail directly
> since it accepts all addresses, then later generates bounces to the ones
> that it can't deliver.  A dictionary attack will bury your outbound queue.

This doesn't run unmodified Qmail, it's the Qmail patchset from
Qmailtoaster built into packages but I mangle the SPEC a little to
remove the MySQL requirement and customise a few bits and bobs.

And, as I said this is "Qmail listening on localhost only for the very
final Maildir delivery after messages have been dealt with by
MailScanner and Sendmail".

Incoming Sendmail is configured to use a list of valid RCPT TO
addresses via LDAPROUTE_DOMAIN_FILE and the ldap_routing FEATURE. This
is for mail traffic from the internet so anything attempting to
deliver to an invalid RCPT TO gets dropped sharpish.

Outgoing Sendmail (which delivers to Qmail for local deliveries) is
configured using relay_mail_from and a list of valid addresses in the
access map which isn't ideal but I have a lot of legacy reasons for
having things the way they are. It's open to some abuse but only from
a  very limited set of internal users and the alternatives, SMTP-AUTH
isn't feasible under the restrictions we're under. :o\

I will have a look at using Procmail or Postfix as you and Feizhou
have mentioned as we're rebuilding a couple of these servers
currently.

Will.