#SenderRewritingScheme with #notqmail via #pkgsrc:

echo srs.dom.ain > control/srs_domain
echo "$SECRET" > control/srs_secrets
echo srs.dom.ain >> control/rcpthosts
echo srs.dom.ain:srs >> control/virtualdomains
echo "| srsfilter" > alias/.qmail-srs-default

+ MX for srs.dom.ain

#qmail lacks #TLS. #notqmail doesn't include it either (yet!). But if you install from #pkgsrc…

# chown qmaild:nofiles control/servercert.pem
# chmod 640 control/servercert.pem
# ln -s control/servercert.pem control/clientcert.pem
# update_tmprsadh
# /etc/rc.d/qmail restart

🔐

For our next trick with #notqmail from #pkgsrc:

Want to SMTP-reject SPF failures when the source domain specifies explicit-fail?

1. Add SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to
control/tcprules/smtp
2. Run "/etc/rc.d/qmailsmtpd cdb"
3. There is no 3rd thing, is that clear?

Another neat trick with #notqmail from #pkgsrc:

The default SMTP configuration rejects nonexistent recipients.

(qmail famously accepts all recipients for its domains even when those recipients don't exist, and then has to queue totally avoidable bounce messages. But you won't.)

Another #notqmail from #pkgsrc trick:

To enable #greylisting, simply uncomment "greylisting-spp-wrapper" in control/smtpplugins. That’s it.

(Add any exempt recipient addresses to control/greylist/exemptrcpts, or entire recipient domains to control/greylist/exemptrcpthosts.)

# mkdir -p control/domainkeys/dom.ain # chown -R qmailr control/domainkeys # cd control/domainkeys/dom.ain # openssl genrsa -out default 1024 # chmod 640 default # openssl rsa -in default \ -pubout -out default.pub

Running #notqmail via qmail-run from #pkgsrc? Cool. Add #DKIM signing like so, then publish a TXT record with your `default` policy. Done!

“notqmail remains a uniquely challenging #LegacyCode rehabilitation project, and 1.09 is merely a solid, long-overdue release that includes the work of a couple dozen new contributors.”

notqmail 1.09 is here: schmonz.com/2024/05/07/n...

#qmail #notqmail #smtp #OpenSource