Getting started =============== Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... Local and outbound delivery: - Run "@RCD_SCRIPTS_DIR@/postfix stop" and set postfix=NO in /etc/rc.conf. - Replace /etc/mailer.conf with @PREFIX@/share/examples/qmail-run/mailer.conf. - Check configuration in @PKG_SYSCONFDIR@ (especially alias/.qmail-*). - Set qmailsend=YES and qmailqread=YES in /etc/rc.conf. - Run "@RCD_SCRIPTS_DIR@/qmail start". Incoming SMTP on port 25: - Add any qmail-rcptcheck programs to control/rcptchecks. - Add any qmail-qfilter programs to control/smtpfilters. - Add any qmail-spp programs (such as greylisting) to control/smtpplugins. - Set qmailsmtpd=YES in /etc/rc.conf. - Run "@RCD_SCRIPTS_DIR@/qmailsmtpd start". Authenticated message submission on port 587: - Add any qmail-qfilter programs to control/ofmipfilters. - Set qmailofmipd=YES in /etc/rc.conf. - Run "@RCD_SCRIPTS_DIR@/qmailofmipd start". POP3 (for Maildirs only) on port 110: - Set qmailpop3d=YES in /etc/rc.conf. - Run "@RCD_SCRIPTS_DIR@/qmailpop3d start". TLS encryption for SMTP, submission, POP3, and remote delivery: - Create cert and DH params (see @PREFIX@/share/doc/qmail/README.tls). - Run "@RCD_SCRIPTS_DIR@/qmail restart". Greylisting: - Add any exempt recipient addresses to control/greylist/exemptrcpts. - Add any exempt recipient domains to control/greylist/exemptrcpthosts. - Tuples are (IP,sender,recipient). To effectively omit IP, add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp, then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb". - Uncomment "greylisting-spp-wrapper" in control/smtpplugins. SPF (Sender Policy Framework) outbound: - If you auto-forward any messages originating from other domains, configure SRS (Sender Rewriting Scheme, see @PREFIX@/share/doc/qmail/README.srs) so that servers which enforce the forwarded domains' SPF policies will accept these messages from you. - Publish your domain's SPF policy as a DNS TXT record. SPF incoming: - To greylist SPF-passing incoming messages (assuming greylisting is enabled), remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from control/tcprules/smtp, then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb". (By default, such messages are accepted.) - To reject SPF-failing incoming messages -- including auto-forwards from servers that forgot to configure SRS -- when the domain's policy is explicit-fail, add SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to control/tcprules/smtp, then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb". (By default, such messages are accepted.) DKIM (DomainKeys Identified Mail) outbound: - Generate a DKIM keypair for yourdom.ain: mkdir control/domainkeys && chown @QMAIL_REMOTE_USER@ control/domainkeys cd control/domainkeys && mkdir yourdom.ain && cd yourdom.ain openssl genrsa -out default 1024 && chmod 640 default openssl rsa -in default -pubout -out default.pub - Publish your domain's "default" DKIM policy and public key as a DNS TXT record. - To stop signing outbound messages from domains with DKIM keys present, set qmailsend_postenv="QMAILREMOTE=@PREFIX@/bin/qmail-remote" in /etc/rc.conf, then run "@RCD_SCRIPTS_DIR@/qmailsend restart". (By default, such messages are signed.) DKIM incoming: - The package maintainer has not tested this yet. Be prepared to figure out what's not working, and please report your findings. - To verify DKIM signatures on incoming messages, add QMAILQUEUE="@PREFIX@/bin/qmail-dkimverify-queue" to control/tcprules/smtp. Set DKVERIFY in that script's environment, perhaps in the same tcprules. Then run "@RCD_SCRIPTS_DIR@/qmailsmtpd cdb". (By default, no verification is performed.) - To get useful headers prepended, it's likely you'll need this custom dkimverify.pl: Getting help ============ You've installed an automated and customized qmail-run package. If you're having trouble getting the qmail daemons to run, ask the package's maintainer: Many members of the qmail mailing list recommend following the install instructions in Dave Sill's "Life with qmail" document: A "Life with qmail" installation is done by hand, so any qmail package necessarily deviates from LWQ in at least this respect. Therefore, if you need to ask for help on the qmail list, please mention that you're using the qmail-run package from pkgsrc. If you can first reproduce your problem on a manual LWQ-style installation, your request for help is likely to be better received. It is highly recommended that you read Charles Cazabon's "12 Steps to qmail List Bliss" before posting to the list: Deviations from LWQ =================== LWQ suggests doing some things that the qmail-run package doesn't do: * Copying a script from /var/qmail/boot to /var/qmail/rc. * Configuring svscan(8) to run at boot. * Creating and/or populating /service. * Using supervise(8) and multilog(8). * Using the qmailctl script to control qmail. * Using the inst_check script to verify the installation. * Storing tcp.smtp{,cdb} in /etc. * Renaming the system sendmail(8) and marking it non-executable. Instead, the qmail-run package: * Provides NetBSD-style rc.d scripts, including one very similar to qmailctl. * Sends log messages to syslog(3) by default. * Stores tcprules in @PKG_SYSCONFDIR@/control/tcprules. * Uses mailwrapper(8) and mailer.conf(5).