Why this patch

I wanted to selectively reject SMTP incoming messages without patching qmail-smtpd(8). Reasons:

  1. Not all patches apply cleanly with each other, and one of my goals in life is to spend as little time as possible hand-merging patches.
  2. More rejection criteria -> more patches -> more likely conflicts.

Without this patch

To SMTP-reject recipients that qmail’s own delivery rules would later determine to be undeliverable, apply Paul Jarc’s realrcptto patch.

To SMTP-reject recipients listed in control/badrcptto, apply Ward Vandewege’s badrcptto patch.

To SMTP-reject recipients and senders that match regular expressions in control/badmailto and control/badmailfrom, apply Andrew St. Jean’s qregex patch.

To SMTP-reject messages containing MIME attachments whose first line is found in control/signatures, apply Russ Nelson’s viruscan patch.

To apply more than one of these patches, or to apply one of these patches along with others that modify qmail-smtpd, expect to get comfortable with C and maintain your own hand-merged patchset.

With this patch

To SMTP-reject messages, compose the following programs into your configuration as needed:

  • qmail-qfilter-smtpd-queue is a QMAILQUEUE wrapper that runs qmail-qfilter with the sequence of programs in control/smtpfilters, rejecting if any of them reject.
  • qmail-qfilter-ofmipd-queue is a QMAILQUEUE wrapper that runs qmail-qfilter with the sequence of programs in control/ofmipfilters, rejecting if any of them reject.
  • qmail-qfilter-viruscan is the viruscan patch repackaged as a qmail-qfilter-compatible program.
  • qmail-rcptcheck is a RCPTCHECK-compatible program that runs the sequence of programs in control/rcptchecks, rejecting if any of them reject.
  • qmail-rcptcheck-realrcptto is the realrcptto patch repackaged as a RCPTCHECK-compatible program.
  • qmail-rcptcheck-badrcptto is the badrcptto patch repackaged as a RCPTCHECK-compatible program.
  • qmail-rcptcheck-qregex is (most of) the qregex patch repackaged as a RCPTCHECK-compatible program.

Install

  1. Extract a fresh copy of netqmail into “qmail-rejectutils”.
  2. Apply netqmail-1.06-rejectutils-20170720.patch there.
  3. Copy over conf-* from your main qmail source tree.

Then simply:

# make rejectutils
# cp qmail-qfilter-* qmail-rcptcheck* /var/qmail/bin

(You can also try merging this patch into your main qmail source tree. But since it only adds new programs, why bother?)

Example: realrcptto

To check recipients with realrcptto (requires the RCPTCHECK patch):

# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck-realrcptto"' >> /etc/tcp.smtp
# qmailctl cdb

(If you already have an :allow line, don’t add another, just extend it to define RCPTCHECK as above.)

Example: badrcptto

To also check recipients with badrcptto (unless realrcptto rejects them first):

# echo '/var/qmail/bin/qmail-rcptcheck-realrcptto' > /var/qmail/control/rcptchecks
# echo '/var/qmail/bin/qmail-rcptcheck-badrcptto' >> /var/qmail/control/rcptchecks
# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck"' >> /etc/tcp.smtp
# qmailctl cdb

(If you have RCPTCHECK defined from before, just change it to this.)

Example: qregex

To also check senders and/or recipients (but not HELO hostnames) with qregex if they make it this far:

# echo '/var/qmail/bin/qmail-rcptcheck-qregex' >> /var/qmail/control/rcptchecks

Example: custom RCPTCHECK program

To also run your own sender or recipient checker:

# echo '/path/to/your/rcptcheck' >> /var/qmail/control/rcptchecks

Example: prepare to filter incoming SMTP messages

To make it easy to add filters for incoming SMTP messages (requires the QMAILQUEUE patch, included in netqmail):

# echo ':allow,QMAILQUEUE="/var/qmail/bin/qmail-qfilter-smtpd-queue"' >> /etc/tcp.smtp
# qmailctl cdb

(As before, if you already have an :allow line, just extend it to also define QMAILQUEUE.)

Example: viruscan

To add the viruscan filter:

# cp signatures /var/qmail/control
# echo '/var/qmail/bin/qmail-qfilter-viruscan' > /var/qmail/control/smtpfilters

Example: custom qmail-qfilter program

To run your own filter over messages that pass viruscan:

# echo '/path/to/your/filter' >> /var/qmail/control/smtpfilters

Possible future directions

Here are some ideas for the future of rejectutils.

Improve this patch

If you see a simpler way to do it, I’d love to know.