On 06/02/07, Les Mikesell <lesmikesell at gmail.com> wrote: > Will McDonald wrote: > > >> <flame war> > >> So... the patch upgrades qmail to postfix? > >> > >> /runs > > > > Meeeoow! :) > > > > I HAVE to run Qmail because it's a legacy requirement. If I could find > > something with similar virtual domain and Maildir support (and for all > > I know Postfix or Exim may provide these) and a nice transition path > > I'm stuck with it. > > Doesn't everything do virtual domains these days? Sendmail has had them > for ages, although perhaps not quite the same way. And everything that > can use procmail for delivery (the default for sendmail in Centos) can > deliver to maildirs. > > > > And let me throw in to the ring, there's a nicely RPM packaged Qmail > > package conglomerate at http://www.qmailtoaster.com/ And we all know > > that packages are the way ahead, right? :) > > > > Complete with CentOS instructions > > http://www.qmailtoaster.com/centos/cnt40/EZ-QmailToaster-CentOS-4.3.txt > > > > Personally, I hack around with the SPECs before building to strip out > > the MySQL and other features and just use Qmail listening on localhost > > only for the very final Maildir delivery after messages have been > > dealt with by MailScanner and Sendmail, then Courier and VPOPMail for > > POP3 and IMAP. > > It's a very bad idea to let an unmodified qmail accept mail directly > since it accepts all addresses, then later generates bounces to the ones > that it can't deliver. A dictionary attack will bury your outbound queue. This doesn't run unmodified Qmail, it's the Qmail patchset from Qmailtoaster built into packages but I mangle the SPEC a little to remove the MySQL requirement and customise a few bits and bobs. And, as I said this is "Qmail listening on localhost only for the very final Maildir delivery after messages have been dealt with by MailScanner and Sendmail". Incoming Sendmail is configured to use a list of valid RCPT TO addresses via LDAPROUTE_DOMAIN_FILE and the ldap_routing FEATURE. This is for mail traffic from the internet so anything attempting to deliver to an invalid RCPT TO gets dropped sharpish. Outgoing Sendmail (which delivers to Qmail for local deliveries) is configured using relay_mail_from and a list of valid addresses in the access map which isn't ideal but I have a lot of legacy reasons for having things the way they are. It's open to some abuse but only from a very limited set of internal users and the alternatives, SMTP-AUTH isn't feasible under the restrictions we're under. :o\ I will have a look at using Procmail or Postfix as you and Feizhou have mentioned as we're rebuilding a couple of these servers currently. Will.