Part III in an apparently ongoing series, “Nifty and Minimally Invasive qmail Tricks.”

Thanks to its author's “Unix-to-its-logical-conclusions” software design principles, qmail presents some challenging system integration problems for the conscientious sysadmin. At one extreme, DJB's daemontools are adapted to replace init(8). More commonly, admins leave the system's native infrastructure in place, and focus their efforts on converting their key services to supervise(8)-able run scripts. My solutions lie at the other extreme: make qmail fit into my existing system. The details are quite interesting and I'll go into them later; for now, let's look at integrating some basic qmail reports into NetBSD's nightly maintenance scripts.

I use a few anti-spam techniques on my mail server. greetdelay rejects certain ill-behaved connections, realrcptto and my badrcptto clone reject certain ill-destined messages, and viruscan rejects certain ill-boding messages. To keep an eye on what's getting blocked, I created a directory /etc/qmail/rejections containing four empty files, one for each anti-spam measure. Then I added the following to /etc/security.local:

LOGS='/var/log/maillog /var/log/maillog.0.gz'
REJDIR=/etc/qmail/rejections
zgrep greetdelay $LOGS | awk '{print $7}' \
        | cat - $REJDIR/greetdelay | sort -u > $REJDIR/greetdelay.tmp \
        && mv $REJDIR/greetdelay.tmp $REJDIR/greetdelay
zgrep realrcptto $LOGS | awk '{print $9}' \
        | sort -u | sed -e 's/\(.*\)@schmonz\.com/schmonz.com \1/g' \
        | cat - $REJDIR/realrcptto | sort -u > $REJDIR/realrcptto.tmp \
        && mv $REJDIR/realrcptto.tmp $REJDIR/realrcptto
zgrep badrcptto $LOGS | awk '{print $7}' \
        | cat - $REJDIR/badrcptto | sort -u > $REJDIR/badrcptto.tmp \
        && mv $REJDIR/badrcptto.tmp $REJDIR/badrcptto
zgrep 'unacceptable content' $LOGS | sed -e 's/.*rejected from //g' \
        | cat - $REJDIR/viruscan | sort -u > $REJDIR/viruscan.tmp \
        && mv $REJDIR/viruscan.tmp $REJDIR/viruscan

The following morning my four files weren't empty anymore: they listed all the offenders from the previous two days' logs.

As part of its nightly scripts, NetBSD mails diffs of important files in /etc to the sysadmin. Getting diffs of my spam-fighting results turned out to be remarkably easy. I simply added four lines to /etc/changelist:

/etc/qmail/rejections/greetdelay
/etc/qmail/rejections/realrcptto
/etc/qmail/rejections/badrcptto
/etc/qmail/rejections/viruscan

While I was at it, I listed my qmail control files there too.