Discussion about the qmail mail transfer agent

Matt Simpson | 4 Mar 2012 16:01

Re: How to: qmail-smtpd for roaming users.

On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:

> Ok, I change the question. Should I make the second smtpd folder and run
> file, let's say /var/qmail/service/smtpd2/run and make another link to
> /service and then running another qmail-smtpd.rules/cdb files? 

Yes.  You'll need to change the port that it listens to.  In the script that you posted, it looks like the port is
assigned via environment variable ${PORT-25}, which must be set somewhere else because it's not in that
script.  You'll need to either change that line in the script or change the ${PORT-25} variable.  You
probably want to use port 587.

You need another tcprules cdb file that will allow connection from anywhere.

Then you need to look at the doc for whatever AUTH patch you have installed.  There are probably some
environment variables that need to be set to turn on authentication.

--

-- 
Matt Simpson
Tatertown, KY

headers

FC Mario Patty | 6 Mar 2012 07:23

Re: How to: qmail-smtpd for roaming users.

FYI, here what I do to make the second smtpd(2) service:

1. Stop qmail via
          # svc -d /service/qmail

2. Create the second smtpd directory with qmail-smtpd-conf
          # qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2

3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use qmail-smtpd2.rules under /var/qmail/control, so I make the second rules file via copy (of the first qmail-smtpd.rules) and edit its content
          :allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"

and then make some modification in /var/qmail/control/Makefile and add qmail-smtpd2.cdb into FILES (variable?).

4. Running make under /var/qmail/control directory to create qmail-smtpd2.cdb file.

         # cd /var/qmail/control/
         # make

5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially the last 3 lines (not to include the ` character).

         # vi run
            .......
            -x/var/qmail/control/qmail-smtpd2.cdb \
          -- "${IP-0}" "${PORT-587}" \
           /var/qmail/bin/qmail-smtpd auth_smtp

6. Replace the port env file content (from 25 to 587).
          # echo 587 > /var/qmail/service/smtpd2/env/PORT

7. Make symlink of smtpd2 in /service
          # ln -s /var/qmail/service/smtpd2 /service

The last one, I run qmail with `svc -u /service/qmail`.

The result is I can send email to gmail or viceversa, or send email from our production mail server to this trial server and succeed. Problem comes when the sender is android smart phone email client, that the server automatically throw the android emails and give them high SPAM score. I guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent email to our production qmail server (but it works with yahoo mail). What can I do with qmail to deal with android smart phone? Thank you in advance.

Regards,
Mario

On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist <at> news.jmatt.net> wrote:

On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:

> Ok, I change the question. Should I make the second smtpd folder and run
> file, let's say /var/qmail/service/smtpd2/run and make another link to
> /service and then running another qmail-smtpd.rules/cdb files?

Yes. You'll need to change the port that it listens to. In the script that you posted, it looks like the port is assigned via environment variable ${PORT-25}, which must be set somewhere else because it's not in that script. You'll need to either change that line in the script or change the ${PORT-25} variable. You probably want to use port 587.

You need another tcprules cdb file that will allow connection from anywhere.

Then you need to look at the doc for whatever AUTH patch you have installed. There are probably some environment variables that need to be set to turn on authentication.

--
Matt Simpson
Tatertown, KY

headers

Erwin Hoffmann | 6 Mar 2012 09:23

Re: How to: qmail-smtpd for roaming users.

Hi Mario,

though I don't know what Auth patch you are using (you find mine at http://fehcom.de/qmail.html)

On Tue, 6 Mar 2012 13:23:18 +0700, FC Mario Patty <fcmario76 <at> gmail.com> wrote :

> 
> FYI, here what I do to make the second smtpd(2) service:
> 
> 1. Stop qmail via
>           # svc -d /service/qmail
> 
> 2. Create the second smtpd directory with qmail-smtpd-conf
>           # qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2
> 
> 3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use
> qmail-smtpd2.rules under /var/qmail/control, so I make the second rules
> file via copy (of the first qmail-smtpd.rules) and edit its content

Actually, You DONT need a rules file (except for are cases) if you use Submission. 

> 
> :allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/
simscan"
>

No. No. Remove the RELAYCLIENT here. It is at best useless.

It is sufficient, if you include in your qmail-smtpd2 run script the following:

export SMTPAUTH=""
export AUTHREQUIRED=""
export QMAILQUEUE="/var/qmail/bin/simscan"

or put it into ./env

> and then make some modification in /var/qmail/control/Makefile and add
> qmail-smtpd2.cdb into FILES (variable?).
> 
> 4. Running make under /var/qmail/control directory to create
> qmail-smtpd2.cdb file.
> 
>          # cd /var/qmail/control/
>          # make
> 
> 5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially
> the last 3 lines (not to include the ` character).
> 
>          # vi run
>             .......
>             -x/var/qmail/control/qmail-smtpd2.cdb \
>             -- "${IP-0}" "${PORT-587}" \
>            /var/qmail/bin/qmail-smtpd auth_smtp
>

What is 'auth_smtp' ?

Typically you need a PAM suporting your Auth feature and having access to the user database (I 
discussed this at http://www.fehcom.de/qmail/smptauth.html). If -- in your case -- auth_smtp is 
not a PAM (using RELAYCLIENT="") EVERYBODY can use your Submission server to relay. This is 
the worst possible solution.

> 6. Replace the port env file content (from 25 to 587).
>           # echo 587 > /var/qmail/service/smtpd2/env/PORT
>

Do you have the endir setting in your run script ? You tend to make settings too complicated.

> 7. Make symlink of smtpd2 in /service
>           # ln -s /var/qmail/service/smtpd2 /service
> 
> The last one, I run qmail with `svc -u /service/qmail`.
> 
> The result is I can send email to gmail or viceversa, or send email from
> our production mail server to this trial server and succeed. Problem comes
> when the sender is android smart phone email client, that the server
> automatically throw the android emails and give them high SPAM score. I
> guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE
> out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent
> email to our production qmail server (but it works with yahoo mail). What
> can I do with qmail to deal with android smart phone? Thank you in advance.
>

You need to provide us the header statements your Auth package is including. 
Many anti-spam SW (including Spamassassin) evaluate this information. If this is missing or wrong, 
you may end up in your situation. The HELO statement being analyzed by the remote side is 
probably that of your qmail host; not the Android ones. 

> Regards,
> Mario
> 
> 
> On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist <at> news.jmatt.net> wrote:
> 
> >
> > On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:
> >
> > > Ok, I change the question. Should I make the second smtpd folder and run
> > > file, let's say /var/qmail/service/smtpd2/run and make another link to
> > > /service and then running another qmail-smtpd.rules/cdb files?
> >
> >
> > Yes.  You'll need to change the port that it listens to.  In the script
> > that you posted, it looks like the port is assigned via environment
> > variable ${PORT-25}, which must be set somewhere else because it's not in
> > that script.  You'll need to either change that line in the script or
> > change the ${PORT-25} variable.  You probably want to use port 587.
> >
> > You need another tcprules cdb file that will allow connection from
> > anywhere.
> >
> > Then you need to look at the doc for whatever AUTH patch you have
> > installed.  There are probably some environment variables that need to be
> > set to turn on authentication.
> >
> > --
> > Matt Simpson
> > Tatertown, KY
> >
> >
> >
> >
> 
> 

--

-- 
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/