This page describes a generic set up for the qmail-smtpd program.
It can be used for ?MTA, ?MSA, localhost Email dispatchers by adjusting the values for IP, PORT, ?instruct and other configurations.
Notes:
- SOFTLIMIT for qmail-ldaps’
qmail-smtpdis 50000000.
SMTP server
Overview
- Create service directory
- Create log directory
- Create instructions directory
- Create Makefile for maintenance
- Activate service
Create smtp and log service
sudo true
SV=qmail-smtpd
# Service directory
cd /var/qmail/control || cat >&2
mkdir $SV
cd $SV || cat >&2
cat > run <<'EOF'
#!/bin/sh
# leg20190115
[ -f ./env/MAXSMTPD ] && MAXSMTPD=`head -1 ./env/MAXSMTPD`
[ -f ./env/IP ] && IP=`head -1 ./env/IP`
[ -f ./env/PORT ] && PORT=`head -1 ./env/PORT`
[ -f ./env/SOFTLIMIT ] && SOFTLIMIT=`head -1 ./env/SOFTLIMIT`
ME=`head -1 /var/qmail/control/me`
if [ -z `head -1 /var/qmail/control/rcpthosts` ]; then
echo "Refusing to run as open relay"
exit 1
fi
exec chpst -m ${SOFTLIMIT:-3000000} \
tcpsvd -v -l "${ME:-0}" -x cdb -c "${MAXSMTPD:-20}" \
-u qmaild:qmail ${IP:-0} ${PORT:-25} /var/qmail/bin/qmail-smtpd 2>&1
EOF
chmod +x run
sudo install -d -m 2775 -o root -g staff /var/lib/supervise/$SV
ln -s /var/lib/supervise/$SV supervise
# Log directory
mkdir log
cd log || cat >&2
cat > run <<EOF
#!/bin/sh
exec chpst -u qmaill svlogd -t main
EOF
chmod +x run
sudo install -d -m 2775 -o root -g staff /var/lib/supervise/$SV.log
ln -s /var/lib/supervise/$SV.log supervise
sudo install -d -m 2750 -o qmaill -g qmail /var/log/$SV
ln -s /var/log/$SV main
Create instruction directory and activate service
Note: the instructions are valid for a qmail-ldap installation, but should not do harm in other qmails.
SV=qmail-smtpd
# Instruction directory
cd /var/qmail/control/$SV
mkdir instruct
cat > instruct/0 <<'EOF'
+LOGLEVEL=0
+MAXRCPTCOUNT=48
+RCPTCHECK=
+RETURNMXCHECK=
+SANITYCHECK=
+SENDERCHECK=LOOSE
+LDAPSOFTOK=
# SMTP server rules.
# Default rule is to accept mails but not to relay. Do not even think of setting
# RELAYCLIENT on the default rule.
# Other useful stuff:
# AUTHPREPEND: String that is prepended to the login in the received line
# AUTHREQUIRED: Allow sending of messages only from authenticated senders.
# BLOCKRELAYPROBE: reject recipients with and "!", "%" or double-"@"
# LDAPSOFTOK: Ignore ldap soft errors in RCPTCHECK and SENDERCHECK
# LOGLEVEL: Level of log verbosity
# MAXRCPTCOUNT: maximum number of RCPT TOs you accept
# NOBOUNCE: Rejects null sender bounces, use only in extreme cases
# NOPBS: Disable pop-befor-smtp feature (pbscheck).
# QMAILQUEUE: alternate mail queueing program
# RBL: If set turns on rbl checking.
# RBLONLYHEADER: only tag messages filtered by rbl checking.
# RCPTCHECK: Check if the recipient of a message really exists.
# REJECTEXEC: Reject DOS/Windows executables in mail attachements.
# RETURNMXCHECK: Rejects senders if they don't have a valid return MX.
# SANITYCHECK: Rejects senders without an @, no . or too long/short TLD
# SENDERCHECK: Check if the sender of a message really exists.
# SMTPAUTH: Enables SMTP-AUTH for remote clients.
# 550GREETING: Rejects a connection right away with an 550 error
# SMTP550DISCONNECT: Disconnect the SMTP session if a 5xx error happens
# TARPITCOUNT: number of RCPT TOs you accept before you start tarpitting.
# TARPITDELAY: number of seconds of delay to introduce while tarpitting
EOF
# Maintenance
sed -n 's/^ */\t/;wMakefile' <<EOF
# leg20170501
#
# update ipsvd connection instractions
update:
rm -f instruct/*~
ipsvd-cdb cdb cdb.tmp instruct
.PHONY: update
EOF
# Initialize cdb
make
# Activate service
tail -F log/main/current&
ln -s `pwd` /service
# Wait max 5s for the log to appear
# Make service controllable by staff
sudo true
sudo chmod g+rw {.,log}/supervise/{ok,control}