Why this patch

This patch adds several programs for selectively rejecting messages:

qmail-queue(8) wrappers

  • qmail-qfilter-smtpd-queue runs the sequence of programs in control/smtpfilters via qmail-qfilter.
  • qmail-qfilter-ofmipd-queue runs the sequence of programs in control/ofmipfilters via qmail-qfilter.

qmail-qfilter(1) filters


  • qmail-rcptcheck runs the sequence of programs in control/rcptchecks, rejecting if any of them reject.

RCPTCHECK checkers

If you’re looking to SMTP-reject messages according to multiple criteria, and/or are dealing with qmail-smtpd(8) patch conflicts, this patch may be useful to you.

Without this patch

To SMTP-reject recipients that qmail’s own delivery rules would later determine to be undeliverable, apply the realrcptto patch.

To SMTP-reject recipients listed in control/badrcptto, apply the badrcptto patch.

To SMTP-reject recipients and senders that match regular expressions in control/badmailto and control/badmailfrom, apply the qregex patch.

To SMTP-reject messages containing MIME attachments whose first line is found in control/signatures, apply the viruscan patch.

To apply more than one of these patches, or to apply one of these patches along with others that modify qmail-smtpd, expect to get comfortable with C and maintain your own hand-merged patchset.

With this patch

To check recipients with realrcptto (requires the RCPTCHECK patch):

# make qmail-rcptcheck-realrcptto
# cp qmail-rcptcheck-realrcptto /var/qmail/bin
# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck-realrcptto"' >> /etc/tcp.smtp
# qmailctl cdb

(If you already have an :allow line, don’t add another, just extend it to define RCPTCHECK as above.)

To check recipients with badrcptto, unless realrcptto rejects them first:

# make qmail-rcptcheck qmail-rcptcheck-badrcptto
# cp qmail-rcptcheck qmail-rcptcheck-badrcptto /var/qmail/bin
# echo '/var/qmail/bin/qmail-rcptcheck-realrcptto' > /var/qmail/control/rcptchecks
# echo '/var/qmail/bin/qmail-rcptcheck-badrcptto' >> /var/qmail/control/rcptchecks
# echo ':allow,RCPTCHECK="/var/qmail/bin/qmail-rcptcheck"' >> /etc/tcp.smtp
# qmailctl cdb

(If you have RCPTCHECK defined from before, just change it to this.)

To check senders and/or recipients (but not HELO hostnames) with qregex if they make it this far:

# make qmail-rcptcheck-qregex
# cp qmail-rcptcheck-qregex /var/qmail/bin
# echo '/var/qmail/bin/qmail-rcptcheck-qregex' >> /var/qmail/control/rcptchecks

To run your own sender or recipient checker:

# echo '/path/to/your/rcptcheck' >> /var/qmail/control/rcptchecks

To make it easy to add filters for incoming SMTP messages (requires the QMAILQUEUE patch, included in netqmail):

# make qmail-qfilter-smtpd-queue
# cp qmail-qfilter-smtpd-queue /var/qmail/bin
# echo ':allow,QMAILQUEUE="/var/qmail/bin/qmail-qfilter-smtpd-queue"' >> /etc/tcp.smtp
# qmailctl cdb

(As before, if you already have an :allow line, just extend it to also define QMAILQUEUE.)

To add the viruscan filter:

# make qmail-qfilter-viruscan
# cp qmail-qfilter-viruscan /var/qmail/bin
# cp signatures /var/qmail/control
# echo '/var/qmail/bin/qmail-qfilter-viruscan' > /var/qmail/control/smtpfilters

To run your own filter over messages that pass viruscan:

# echo '/path/to/your/filter' >> /var/qmail/control/smtpfilters

Get this patch

Download and apply netqmail-1.06-rejectutils-20170720.patch.

(Generated with git diff netqmail-1.06 netqmail-1.06-rejectutils-20170720.)

Improve this patch

If you see a simpler way to do it, I’d love to know.