Why this patch

I wanted to selectively reject SMTP incoming messages without patching qmail-smtpd(8). Reasons:

  1. Not all patches apply cleanly with each other, and one of my goals in life is to spend as little time as possible hand-merging patches.
  2. More rejection criteria -> more patches -> more likely conflicts.

Without this patch

To SMTP-reject recipients that qmail’s own delivery rules would later determine to be undeliverable, apply Paul Jarc’s realrcptto patch.

To SMTP-reject recipients listed in control/badrcptto, apply Ward Vandewege’s badrcptto patch.

To SMTP-reject recipients and senders that match regular expressions in control/badmailto and control/badmailfrom, apply Andrew St. Jean’s qregex patch.

To SMTP-reject messages containing MIME attachments whose first line is found in control/signatures, apply Russ Nelson’s viruscan patch.

To apply more than one of these patches, or to apply one of these patches along with others that modify qmail-smtpd, expect to get comfortable with C and maintain your own hand-merged patchset.

With this patch

To SMTP-reject messages, compose the following programs into your configuration as needed:

  • qmail-qfilter-queue is a QMAILQUEUE wrapper that runs qmail-qfilter with the sequence of programs listed in the control file defined in QMAILQUEUEFILTERS, rejecting if any of them reject.
  • qmail-qfilter-viruscan is the viruscan patch repackaged as a qmail-qfilter-compatible program.
  • qmail-rcptcheck runs the sequence of RCPTCHECK-compatible programs in control/rcptchecks, rejecting if any of them reject. It runs under qmail-smtpd with either the RCPTCHECK patch or the qmail-spp patch.
  • qmail-rcptcheck-realrcptto is the realrcptto patch repackaged as a RCPTCHECK-compatible program.
  • qmail-rcptcheck-badrcptto is the badrcptto patch repackaged as a RCPTCHECK-compatible program.
  • qmail-rcptcheck-qregex is (most of) the qregex patch repackaged as a RCPTCHECK-compatible program.

Example: realrcptto

Assuming you have the RCPTCHECK patch, to check recipients with realrcptto:

# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck-realrcptto"' >> /etc/tcp.smtp
# qmailctl cdb

(If you already have an :allow line, don’t add another, just extend it to define RCPTCHECK as above.)

Example: badrcptto

To also check recipients with badrcptto (unless realrcptto rejects them first):

# echo '/var/qmail/bin/qmail-rcptcheck-realrcptto' > /var/qmail/control/rcptchecks
# echo '/var/qmail/bin/qmail-rcptcheck-badrcptto' >> /var/qmail/control/rcptchecks
# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck"' >> /etc/tcp.smtp
# qmailctl cdb

(If you have RCPTCHECK defined from before, just change it to this.)

Example: qregex

To also check senders and/or recipients (but not HELO hostnames) with qregex if they make it this far:

# echo '/var/qmail/bin/qmail-rcptcheck-qregex' >> /var/qmail/control/rcptchecks

Example: custom RCPTCHECK program

To also run your own sender or recipient checker:

# echo '/path/to/your/rcptcheck' >> /var/qmail/control/rcptchecks

Example: as above, but with qmail-spp

Assuming you have the SPP patch, to run all of the checks in control/rcptchecks, add /var/qmail/bin/qmail-rcptcheck to the [rcpt] section of control/smtpplugins.

Example: prepare to filter incoming SMTP messages

To make it easy to add filters for incoming SMTP messages (requires the QMAILQUEUE patch, included in netqmail):

# echo ':allow,QMAILQUEUE="/var/qmail/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"' >> /etc/tcp.smtp
# qmailctl cdb

(As before, if you already have an :allow line, just extend it to also define QMAILQUEUE and QMAILQUEUEFILTERS.)

Example: viruscan

To add the viruscan filter:

# cp signatures /var/qmail/control
# echo '/var/qmail/bin/qmail-qfilter-viruscan' > /var/qmail/control/smtpfilters

Example: custom qmail-qfilter program

To run your own filter over messages that pass viruscan:

# echo '/path/to/your/filter' >> /var/qmail/control/smtpfilters

Get this patch

(Generated with git diff netqmail-1.06 netqmail-1.06-rejectutils-20181128.)

This patch only adds new programs. You can merge it into your main qmail source tree if you feel the need, or (my recommendation) into a fresh, previously unpatched tree:

  1. Extract netqmail into qmail-rejectutils.
  2. Apply netqmail-1.06-rejectutils-20181128.patch there.
  3. Copy over conf-* from your main qmail source tree.

Then simply:

# make rejectutils
# cp qmail-qfilter-* qmail-rcptcheck* /var/qmail/bin

Possible future directions

Here are some ideas for the future of rejectutils.

Improve this patch

If you see a simpler way to do it, I’d love to know.