-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.pkgsrc
129 lines (104 loc) · 5.37 KB
/
README.pkgsrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Getting started
===============
Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
Local and outbound delivery:
- Run "@RCD_SCRIPTS_DIR@/postfix stop" and set postfix=NO in /etc/rc.conf.
- Replace /etc/mailer.conf with @PREFIX@/share/examples/qmail-run/mailer.conf.
- Check configuration in @PKG_SYSCONFDIR@ (especially alias/.qmail-*).
- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
- Run "@RCD_SCRIPTS_DIR@/qmail start".
Incoming SMTP on port 25:
- Set qmailsmtpd=YES in /etc/rc.conf.
- Add any qmail-rcptcheck programs to control/rcptchecks.
- Add any qmail-qfilter programs to control/smtpfilters.
- Add any qmail-spp programs (such as greylisting) to control/smtpplugins.
- Run "@RCD_SCRIPTS_DIR@/qmailsmtpd start".
Authenticated message submission on port 587:
- Set qmailofmipd=YES in /etc/rc.conf.
- Add any qmail-qfilter programs to control/ofmipfilters.
- Run "@RCD_SCRIPTS_DIR@/qmailofmipd start".
POP3 (for Maildirs only) on port 110:
- Set qmailpop3d=YES in /etc/rc.conf.
- Run "@RCD_SCRIPTS_DIR@/qmailpop3d start".
TLS encryption for SMTP, submission, POP3, and remote delivery:
- Create cert and DH params (see @PREFIX@/share/doc/qmail/README.tls).
- Run "@RCD_SCRIPTS_DIR@/qmail restart".
Greylisting:
- Add any exempt recipient addresses to control/greylist/exemptrcpts.
- Add any exempt recipient domains to control/greylist/exemptrcpthosts.
- Tuples are (IP,sender,recipient). To effectively omit IP, add
GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp,
then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb".
- Uncomment "greylisting-spp-wrapper" in control/smtpplugins.
SPF (Sender Policy Framework) outbound:
- If you auto-forward any messages originating from other domains,
configure SRS (Sender Rewriting Scheme, see
@PREFIX@/share/doc/qmail/README.srs)
so that servers which enforce the forwarded domains' SPF policies will
accept these messages from you.
- Publish a DNS TXT record with your domain's SPF policy.
SPF incoming:
- To greylist SPF-passing incoming messages (assuming greylisting is
enabled), remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from
control/tcprules/smtp, then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb".
By default, such messages are accepted.
- To reject SPF-failing incoming messages (including auto-forwards from
servers that forgot to configure SRS) when the domain's policy is
explicit-fail, add SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to
control/tcprules/smtp, then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb".
By default, such messages are accepted.
DKIM (DomainKeys Identified Mail) outbound:
- Run "mkdir control/domainkeys && chown qmailr control/domainkeys".
- Run "cd control/domainkeys && mkdir yourdomain.com && cd yourdomain.com"
- Generate a DKIM keypair for yourdomain.com:
openssl genrsa -out default 1024 && chmod 640 default
openssl rsa -in default -pubout -out default.pub
- Publish a DNS TXT record for the "default" selector containing your
domain's DKIM policy and public key.
- To turn off signing entirely, set
qmailsend_postenv="QMAILREMOTE=@PREFIX@/bin/qmail-remote"
in /etc/rc.conf.
By default, messages from domains that have DKIM keys will be signed.
DKIM incoming:
- To verify DKIM signatures on incoming messages, read through
@PREFIX@/bin/qmail-dkimverify-queue, set QMAILQUEUE to invoke it, set
DKVERIFY in the environment to enable verification, be prepared to
figure out what's not working, and report your findings to this
package's maintainer. (It might just work; I haven't tried it yet.)
By default, messages are accepted without verifying.
- To get useful headers prepended, it's likely you'll need this custom
dkimverify.pl: <URL:https://www.memoryhole.net/qmail/dkimverify.pl>
Getting help
============
You've installed an automated and customized qmail-run package. If
you're having trouble getting the qmail daemons to run, ask the
package's maintainer:
<URL:mailto:schmonz-pkgsrc-qmail@schmonz.com>
Many members of the qmail mailing list recommend following the
install instructions in Dave Sill's "Life with qmail" document:
<URL:http://www.lifewithqmail.org/lwq.html>
A "Life with qmail" installation is done by hand, so any qmail
package necessarily deviates from LWQ in at least this respect.
Therefore, if you need to ask for help on the qmail list, please
mention that you're using the qmail-run package from pkgsrc.
If you can first reproduce your problem on a manual LWQ-style
installation, your request for help is likely to be better received.
It is highly recommended that you read Charles Cazabon's "12 Steps
to qmail List Bliss" before posting to the list:
<URL:http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html>
Deviations from LWQ
===================
LWQ suggests doing some things that the qmail-run package doesn't do:
* Copying a script from /var/qmail/boot to /var/qmail/rc.
* Configuring svscan(8) to run at boot.
* Creating and/or populating /service.
* Using supervise(8) and multilog(8).
* Using the qmailctl script to control qmail.
* Using the inst_check script to verify the installation.
* Storing tcp.smtp{,cdb} in /etc.
* Renaming the system sendmail(8) and marking it non-executable.
Instead, the qmail-run package:
* Provides NetBSD-style rc.d scripts, including one very similar to qmailctl.
* Sends log messages to syslog(3) by default.
* Stores tcprules in @PKG_SYSCONFDIR@/control/tcprules.
* Uses mailwrapper(8) and mailer.conf(5).