I run two instances of qmail-smtpd, /service/smtpd-a/
and /service/smtpd-b/
.
I offer virus and spam scanning for my clients, at an additional charge. For the clients who
subscribe to this service I set their mx record to a.mx.standblue.net (smtpd-a). Everyone
else has their mx record set to b.mx.standblue.net (smtpd-b). The /service/smtpd-a/run
file has QMAILQUEUE defined and passes all incoming mail through qmail-scanner. Mail destined for domains with an mx record
of b.mx.standblue.net gets passed straight through to the queue, no checking.
Of course, the customers who aren't paying for spam blocking are getting the benefits of what
I blacklist in /var/qmail/control/badmailfrom
. With the badmailfrom-env patch
I added a line to the /service/smtpd-b/run
file that specified a different
file to use for badmailfrom.
#!/bin/sh
PATH=/var/qmail/bin:$PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BADMAILFROM="/var/qmail/control/badmailfrom-b"
export BADMAILFROM
exec /usr/local/bin/softlimit -m 30000000 \
tcpserver -vR -l b.mx.standblue.net -x /service/smtpd-a/tcp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 66.216.97.211 smtp qmail-smtpd 2>&1
Now I can maintain completely separate badmailfrom lists for the two qmail-smtpd services.
Of course, thats just one way the patch can be used. Another would be to specify different badmailfrom files based on where the message is coming from. For example, I have noticed recently that users have been receiving lots of spam from the aol.com networks. Much of the spam has sender addresses from yahoo.com and hotmail, which is obviously not right. You want to still be able to receive mail from users at yahoo.com and hotmail, but not if its being sent from the aol.com network.
The following line can be added to your tcprules file to prevent this from happening:
=.aol.com:allow,BADMAILFROM="/var/qmail/control/badmailfrom-aol"
Then, create a /var/qmail/control/badmailfrom-aol
file with the following:
@yahoo.com
@hotmail.com
Don't forget to recompile your tcprules file.
Another way to approach this would be to list @yahoo.com and @hotmail.com in your
global badmailfrom file, then have a line in your tcprules file that changed the
badmailfrom file to one that doesn't list @yahoo.com or @hotmail.com:
shell$ cat /service/smtpd-a/tcp
=.yahoo.com:allow,BADMAILFROM="/var/qmail/control/badmailfrom-fromyahoo"
Using this method messages with a envelope sender from @yahoo.com can only come from an ip address that reverse resolves to *.yahoo.com . Note that anyone with control of their reverse dns can set an ip to reverse resolve to something under .yahoo.com. Read Russell Nelson's qmail list post about this.
This is not necessarily a recommendation, but rather an example of things that can be done.
Note: If you apply the badmailfrom-env-qregex patch then qmail-smtpd will also look for a BADMAILTO environment variable before it uses control/badmailto.
For the vanilla patch, badmailfrom-env,
simply copy the file to your qmail-1.03 source directory and run the following
command:
shell$ patch < badmailfrom-env.patch
The badmailfrom-env-qregex patch requires
that you have already applied the qregex
patch to your qmail sources. After that, apply the badmailfrom-env-qregex patch:
Finally, stop qmail,
shell$ patch < badmailfrom-env-qregex.patch
make setup check
, restart qmail.