# QMail - SPF-Patch

## Becks

Due to spam several bigger companies are working on a solution of this. One meight be spf - sender permitted from (more info: google).

On heise.de someone posted a link of a patch for qmail smtpd:

http://www.saout.de/misc/qmail-spf-latest.patch

Alex

----------

## chtephan

I've set up a web page:

http://www.saout.de/misc/spf/

If anyone needs a patch for gentoo qmail, feel free to ask.

(actually, I've go one here that combines spf + mfcheck on top of qmail-1.03-r15 *and* fixes the broken TLS_BEFORE_AUTH #ifdefs...)

The patch is fully functional and can be configured to do nothing or to just add headers. So it's safe for integration into an official package.

It's mentioned as one of the "official" qmail patches on the SPF download site.

Probably interesting with logging and statistics.

Please look at http://spf.pobox.com/ and the spf-discuss@v2.listbox.com list archive.

Meng Weng Wong wants to start the experimental phase where as much feedback should be gathered as possible.

----------

## chtephan

Ok, I rediffed the patch:

http://www.saout.de/misc/spf/qmail-1.03-r15-spf-pre2.patch

applies on top of qmail-1.03-r15

and

http://www.saout.de/assets/qmail-1.03-r15-tlsbefore-fix.patch

makes USE=notlsbeforeauth actually work

(#ifdef TLS && TLS_BEFORE_AUTH doesn't work, but this does: #if defined(TLS) && defined(TLS_BEFORE_AUTH))

: It's the one that works now.Last edited by chtephan on Thu Feb 05, 2004 9:59 pm; edited 1 time in total

----------

## robbat2

thanks guys. I'm the qmail maintainer, and these will definetly go in, i just traced the TLS_BEFORE_AUTH problem today, as I've been quite busy with schoolwork etc. lately.

does that qmail-1.03-r15-spf-pre1.patch you posted only have SPF and _not_ mfcheck or does it include the mfcheck that you mentioned?

also, would you mind if your URLs for the patches is placed directly into the SRC_URI (it will be mirrored on the gentoo mirrors, but we're trying to make sure things have clean external sources in case of data loss somewhere.)?

the #ifdef thing comes from a much older GCC, where it got treated as an expression and evaluted before the define check kicked in, so it worked there.

----------

## chtephan

I rediffed it without mfcheck, it's only SPF.

And sure, you can use the URL, I can let the files stay around.

: In case you want to have the patch elsewhere in the patch chain, just tell me so I can rediff it.

----------

## robbat2

thanks.

it will probably go into -r16 on sunday or monday evening (got a few exams and assignments due before then).

----------

## chtephan

Can I ask two more questions?

diff -Nur /var/qmail/supervise/qmail-pop3d/run supervise/qmail-pop3d/run

--- /var/qmail/supervise/qmail-pop3d/run        2004-01-31 22:57:14.000000000 +0100

+++ supervise/qmail-pop3d/run   2004-02-02 19:55:54.000000000 +0100

@@ -9,6 +9,7 @@

 SERVICE=pop3

 source /var/qmail/bin/qmail-config-system && \

 exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \

+    ${QMAIL_TCPSERVER_PRE} \

     /usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \

     -c ${MAXCONN} \

     ${TCPSERVER_HOST} ${TCPSERVER_PORT} \

Forgot this one?

diff -Nur /var/qmail/supervise/qmail-smtpd/run supervise/qmail-smtpd/run

--- /var/qmail/supervise/qmail-smtpd/run        2004-01-31 22:57:14.000000000 +0100

+++ supervise/qmail-smtpd/run   2004-02-02 19:55:54.000000000 +0100

@@ -8,7 +8,7 @@

 # modification can be make possible via the configuration files

 SERVICE=smtp

 source /var/qmail/bin/qmail-config-system && \

-exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \

+eval exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \

     ${QMAIL_TCPSERVER_PRE} \

     /usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \

     -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \

I need this so that I can use brackets around arguments in QMAIL_SMTP_PRE, because I do this:

QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd \

        -a rbl.intern \

        -b -r 'bl.spamcop.net:Spam blocked see: http://spamcop.net/bl.shtml?%IP%' \

        -b -r 'relays.ordb.org:Blackholed by ORDB -- see http://ordb.org/lookup/?host=%IP%' \

"

Is there something that can be done about it?

----------

## robbat2

yeah, i missed the first item there. my bad.

for the second item however, i'll look up a better solution than eval exec as that's not very clean.

----------

## teilo

Thank you, gentlemen.

USE=notlsbeforeauth now works for me.

This would be the first gentoo bug (40010) in which I had active, albeit minor, participation. Here's to many more.

----------

## chtephan

Three minor updates:

http://www.saout.de/misc/spf/qmail-1.03-r15-spf-pre2.patch

----------

## Q

I apologise for tacking this on to the end of a different subject but I seem to be in distinguished company.

I have qmail r13 running with courier-imap 2.12-r1. I only use the SSL service

I have had no success in setting up relay-ctrl.I have done as specified in the conf-smtpd. When I do I can no longer login to imap-ssl.

Any help greatly appreciated

----------

## chtephan

I need to apologize.

My first rediff for gentoo was broken... the -pre2 actually compiles.

----------

## chtephan

Minor cleanups: http://www.saout.de/misc/spf/qmail-1.03-r15-spf-rc1.patch

----------

## BassHombre

What's the status of the -r16 qmail ebuild? Is this SPF patch still going in? I'd love to start checking SPF records on my mail server.  :Very Happy: 

----------

## Hollow

i changed the qmail ebuild to fit my needs, also includes the rc2 patch (i'm not able to rediff the rc3, cause i can't get failed hunks in qmail-smtp.c to work, you're welcome to help), and 3 new use flags for checkpassword, cmd5checkpw and dot-forward, for those who don't need this (virtual mail hosting etc)

```
# Copyright 1999-2004 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/qmail-1.03-r15.ebuild,v 1.6 2004/07/20 14:24:11 tomk Exp $

inherit gcc eutils fixheadtails

IUSE="chkpw md5 dotforward ssl noauthcram notlsbeforeauth"

DESCRIPTION="A modern replacement for sendmail which uses maildirs and includes SSL/TLS, AUTH SMTP, and queue optimization"

HOMEPAGE="http://www.qmail.org/

        http://members.elysium.pl/brush/qmail-smtpd-auth/

        http://www.jedi.claranet.fr/qmail-tuning.html"

SRC_URI="mirror://qmail/${P}.tar.gz

        mirror://qmail/qmailqueue-patch

        http://qmail.null.dk/big-todo.103.patch

        http://www.jedi.claranet.fr/qmail-link-sync.patch

        mirror://qmail/big-concurrency.patch

        http://www.suspectclass.com/~sgifford/qmail/qmail-1.03-0.0.0.0-0.2.patch

        http://david.acz.org/software/sendmail-flagf.patch

        mirror://qmail/qmail-1.03-qmtpc.patch

        mirror://qmail/qmail-smtpd-relay-reject

        mirror://gentoo/qmail-local-tabs.patch

        http://www.shupp.org/patches/qmail-maildir++.patch

        ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-date-localtime.patch.txt

        ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-limit-bounce-size.patch.txt

        http://www.ckdhr.com/ckd/qmail-103.patch

        http://www.arda.homeunix.net/store/qmail/qregex-starttls-2way-auth.patch

        http://www.soffian.org/downloads/qmail/qmail-remote-auth-patch-doc.txt

        mirror://gentoo/qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2

        http://www.dataloss.nl/software/patches/qmail-popupnofd2close.patch

        http://js.hu/package/qmail/qmail-1.03-reread-concurrency.2.patch

        http://www.mcmilk.de/qmail/dl/djb-qmail/patches/08-capa.diff

        http://www.leverton.org/qmail-hold-1.03.pat.gz

        mirror://qmail/netscape-progress.patch

        http://www-dt.e-technik.uni-dortmund.de/~ma/djb/qmail/sendmail-ignore-N.patch

        http://www.saout.de/misc/spf/qmail-1.03-r15-spf-rc2.patch

        "

# broken stuffs

#http://www.qcc.ca/~charlesc/software/misc/nullenvsender-recipcount.patch

LICENSE="as-is"

SLOT="0"

KEYWORDS="~x86 ~ppc ~sparc mips alpha arm hppa amd64 ia64"

DEPEND="virtual/libc

        sys-apps/groff

        ssl? ( >=dev-libs/openssl-0.9.6g )

        >=net-mail/queue-fix-1.4-r1"

RDEPEND="!virtual/mta

        virtual/libc

        >=sys-apps/ucspi-tcp-0.88

        >=sys-apps/daemontools-0.76-r1

        chkpw? >=net-mail/checkpassword-0.90

        md5? >=net-mail/cmd5checkpw-0.22

        forward? >=net-mail/dot-forward-0.71

        >=net-mail/queue-fix-1.4-r1"

PROVIDE="virtual/mta

         virtual/mda"

#MY_PVR=${PVR}

MY_PVR=${PV}-r14

TCPRULES_DIR=/etc/tcprules.d

src_unpack() {

        # unpack the initial stuff

        unpack ${P}.tar.gz

        # This makes life easy

        EPATCH_OPTS="-d ${S}"

        # this patch merges a few others already

        EPATCH_SINGLE_MSG="Adding SMTP AUTH (2 way), Qregex and STARTTLS support" \

        epatch ${DISTDIR}/qregex-starttls-2way-auth.patch

        # bug #30570

        EPATCH_SINGLE_MSG="Fixing a memory leak in Qregex support" \

        epatch ${FILESDIR}/${MY_PVR}/qmail-1.03-qregex-memleak-fix.patch

        # Fixes a problem when utilizing "morercpthosts"

        epatch ${FILESDIR}/${MY_PVR}/smtp-auth-close3.patch

        # patch so an alternate queue processor can be used

        # i.e. - qmail-scanner

        EPATCH_SINGLE_MSG="Adding QMAILQUEUE support" \

        epatch ${DISTDIR}/qmailqueue-patch

        EPATCH_SINGLE_MSG="Adding QMAILQUEUE info to documentation" \

        epatch ${FILESDIR}/${MY_PVR}/qmail-qmailqueue-docs.patch

        # a patch for faster queue processing

        EPATCH_SINGLE_MSG="Patching for large queues" \

        epatch ${DISTDIR}/big-todo.103.patch

        # Support for remote hosts that have QMTP

        EPATCH_SINGLE_MSG="Adding support for remote QMTP hosts" \

        epatch ${DISTDIR}/qmail-1.03-qmtpc.patch

        # Large TCP DNS replies confuse it sometimes

        EPATCH_SINGLE_MSG="Adding support for oversize DNS" \

        epatch ${DISTDIR}/qmail-103.patch

        # Fix for tabs in .qmail bug noted at

        # http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/10/msg00696.html

        # gentoo bug #24293

        epatch ${DISTDIR}/qmail-local-tabs.patch

        # Account for Linux filesystems lack of a synchronus link()

        epatch ${DISTDIR}/qmail-link-sync.patch

        # Increase limits for large mail systems

        epatch ${DISTDIR}/big-concurrency.patch

        # Treat 0.0.0.0 as a local address

        epatch ${DISTDIR}/qmail-1.03-0.0.0.0-0.2.patch

        # Let the system decide how to define errno

        epatch ${FILESDIR}/errno.patch

        # holdremote support

        # pre-process to remove the header added upstream

        zcat ${DISTDIR}/qmail-hold-1.03.pat.gz | sed '123,150d' >${T}/qmail-hold-1.03.patch

        epatch ${T}/qmail-hold-1.03.patch

        # make the qmail 'sendmail' binary behave like sendmail's for -f

        epatch ${DISTDIR}/sendmail-flagf.patch

        # Apply patch to make qmail-local and qmail-pop3d compatible with the

        # maildir++ quota system that is used by vpopmail and courier-imap

        epatch ${DISTDIR}/qmail-maildir++.patch

        # fix a typo in the patch

        # upstream has changed the patch and this isn't needed anymore

        #epatch ${FILESDIR}/${MY_PVR}/maildir-quota-fix.patch

        # Apply patch for local timestamps.

        # This will make the emails headers be written in localtime rather than GMT

        # If you really want, uncomment it yourself, as mail really should be in GMT

        epatch ${DISTDIR}/qmail-date-localtime.patch.txt

        # Apply patch to trim large bouncing messages down greatly reduces traffic

        # when multiple bounces occur (As in with spam)

        epatch ${DISTDIR}/qmail-limit-bounce-size.patch.txt

        # Apply patch to add ESMTP SIZE support to qmail-smtpd

        # This helps your server to be able to reject excessively large messages

        # "up front", rather than waiting the whole message to arrive and then

        # bouncing it because it exceeded your databytes setting

        epatch ${FILESDIR}/${MY_PVR}/qmail-smtpd-esmtp-size-gentoo.patch

        #TODO TEST

        # Reject some bad relaying attempts

        # gentoo bug #18064

        epatch ${FILESDIR}/${MY_PVR}/qmail-smtpd-relay-reject.gentoo.patch

        #TODO TEST HEAVILY AS THIS PATCH WAS CUSTOM FIXED

        # provide badrcptto support

        # as per bug #17283

        # patch re-diffed from original at http://sys.pro.br/files/badrcptto-morebadrcptto-accdias.diff.bz2

        epatch ${DISTDIR}/qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2

        # bug #31426

        # original submission by shadow@ines.ro, cleaned up by robbat2@gentoo.org

        # only allows AUTH after STARTTLS, if compiled TLS && TLS_BEFORE_AUTH defines

        epatch ${FILESDIR}/${MY_PVR}/auth-after-tls-only.patch

        EPATCH_SINGLE_MSG="Enable stderr logging from checkpassword programs" \

        epatch ${DISTDIR}/qmail-popupnofd2close.patch

        EPATCH_SINGLE_MSG="Allow qmail to re-read concurrency limits on HUP" \

        epatch ${DISTDIR}/qmail-1.03-reread-concurrency.2.patch

        EPATCH_SINGLE_MSG="Add support for CAPA in POP3d" \

        epatch ${DISTDIR}/08-capa.diff

        EPATCH_SINGLE_MSG="Fixing output bug in CAPA-enabled POP3d" \

        epatch ${FILESDIR}/${MY_PVR}/qmail-pop3d-capa-outputfix.patch

        EPATCH_SINGLE_MSG="Fixing netscape progress bar bug with POP3d" \

        epatch ${DISTDIR}/netscape-progress.patch

        EPATCH_SINGLE_MSG="Making the sendmail binary ignore -N options for compatibility" \

        epatch ${DISTDIR}/sendmail-ignore-N.patch

        # rediff of original at http://www.qmail.org/accept-5xx.patch

        epatch ${FILESDIR}/${MY_PVR}/qmail-1.03-accept-5xx.tls.patch

        # rediffed from original at http://www.qcc.ca/~charlesc/software/misc/nullenvsender-recipcount.patch

        # because of TLS

        EPATCH_SINGLE_MSG="Refuse messages from the null envelope sender if they have more than one envelope recipient" \

        epatch ${FILESDIR}/${MY_PVR}/nullenvsender-recipcount.tls.patch

        # rediffed from original at http://www.dataloss.nl/software/patches/qmail-pop3d-stat.patch

        # because of TLS

        EPATCH_SINGLE_MSG="qmail-pop3d reports erroneous figures on STAT after a DELE" \

        epatch ${FILESDIR}/${MY_PVR}/qmail-pop3d-stat.tls.patch

        EPATCH_SINGLE_MSG="Branding qmail with Gentoo identifier 'Gentoo Linux ${PF}'" \

        epatch ${FILESDIR}/${MY_PVR}/qmail-gentoo-branding.patch

        sed -e "s/__PF__/${PF}/" -i ${S}/qmail-smtpd.c

        EPATCH_SINGLE_MSG="qmail-pop3d fix for top output so Evolution doesn't barf" \

        epatch ${FILESDIR}/${PVR}/qmail-pop3d-top-outputfix.patch

        EPATCH_SINGLE_MSG="Adding SPF support" \

        epatch ${DISTDIR}/qmail-1.03-r15-spf-rc2.patch

        echo -n "$(gcc-getCC) ${CFLAGS}" >${S}/conf-cc

        if use ssl; then

                einfo "Enabling SSL/TLS functionality"

                echo -n ' -DTLS ' >>${S}/conf-cc

                # from bug #31426

                if ! use notlsbeforeauth; then

                        einfo "Enabling STARTTLS before SMTP AUTH"

                        echo -n '-DTLS_BEFORE_AUTH ' >>${S}/conf-cc

                else

                        einfo "Disabling STARTTLS before SMTP AUTH"

                fi

        fi

        # fix bug #33818

        if use noauthcram; then

                einfo "Disabling AUTHCRAM support"

                sed -e 's,^#define AUTHCRAM$,//&,' -i ${S}/qmail-smtpd.c

        else

                einfo "Enabling AUTHCRAM support"

        fi

        echo -n "$(gcc-getCC) ${LDFLAGS}" > ${S}/conf-ld

        echo -n "500" > ${S}/conf-spawn

        # fix coreutils messup

        ht_fix_file ${S}/Makefile

}

src_compile() {

        emake it man || die

}

src_install() {

        einfo "Setting up directory hierarchy ..."

        diropts -m 755 -o root -g qmail

        dodir /var/qmail

        for i in bin boot control

        do

                dodir /var/qmail/${i}

        done

        keepdir /var/qmail/users

        diropts -m 755 -o alias -g qmail

        dodir /var/qmail/alias

        einfo "Installing the qmail software ..."

        insopts -o root -g qmail -m 755

        insinto /var/qmail/boot

        doins home home+df proc proc+df binm1 binm1+df binm2 \

                binm2+df binm3 binm3+df

        dodoc FAQ UPGRADE SENDMAIL INSTALL* TEST* REMOVE* PIC* SECURITY

        dodoc SYSDEPS TARGETS THANKS THOUGHTS TODO VERSION README* \

                ${DISTDIR}/qmail-remote-auth-patch-doc.txt

        insinto /var/qmail/bin

        insopts -o qmailq -g qmail -m 4711

        doins qmail-queue

        insopts -o root -g qmail -m 700

        doins qmail-lspawn qmail-start qmail-newu qmail-newmrh

        insopts -o root -g qmail -m 711

        doins qmail-getpw qmail-local qmail-remote qmail-rspawn \

        qmail-clean qmail-send splogger qmail-pw2u

        insopts -o root -g qmail -m 755

        doins qmail-inject predate datemail mailsubj qmail-showctl \

        qmail-qread qmail-qstat qmail-tcpto qmail-tcpok qmail-pop3d \

        qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd qmail-smtpd \

        sendmail tcp-env qreceipt qsmhook qbiff forward preline \

        condredirect bouncesaying except maildirmake maildir2mbox \

        maildirwatch qail elq pinq config-fast qmail-newbrt

        into /usr

        einfo "Installing manpages"

        doman *.[1-8]

        # use the correct maildirmake

        # the courier-imap one has some extensions that are nicer

        [ -e /usr/bin/maildirmake ] && \

                MAILDIRMAKE="/usr/bin/maildirmake" || \

                MAILDIRMAKE="${D}/var/qmail/bin/maildirmake"

        einfo "Adding env.d entry for qmail"

        dodir /etc/env.d

        insinto /etc/env.d

        doins ${FILESDIR}/99qmail

        einfo "Creating sendmail replacement ..."

        diropts -m 755

        dodir /usr/sbin /usr/lib

        dosym /var/qmail/bin/sendmail /usr/sbin/sendmail

        dosym /var/qmail/bin/sendmail /usr/lib/sendmail

        einfo "Setting up the default aliases ..."

        diropts -m 700 -o alias -g qmail

        ${MAILDIRMAKE} ${D}/var/qmail/alias/.maildir

        # for good measure

        keepdir /var/qmail/alias/.maildir/{cur,new,tmp}

        for i in mailer-daemon postmaster root

        do

                if [ ! -f ${ROOT}/var/qmail/alias/.qmail-${i} ]; then

                        touch ${D}/var/qmail/alias/.qmail-${i}

                        fowners alias:qmail /var/qmail/alias/.qmail-${i}

                fi

        done

        einfo "Setting up maildirs by default in the account skeleton ..."

        diropts -m 755 -o root -g root

        insinto /etc/skel

        newins ${FILESDIR}/dot_qmail .qmail.sample

        fperms 644 /etc/skel/.qmail.sample

        ${MAILDIRMAKE} ${D}/etc/skel/.maildir

        # for good measure

        keepdir /etc/skel/.maildir/{cur,new,tmp}

        einfo "Setting up all services (send, smtp, qmtp, qmqp, pop3) ..."

        insopts -o root -g root -m 755

        diropts -m 755 -o root -g root

        dodir /var/qmail/supervise

        for i in send smtpd qmtpd qmqpd pop3d; do

                insopts -o root -g root -m 755

                diropts -m 755 -o root -g root

                dodir /var/qmail/supervise/qmail-${i}{,/log}

                diropts -m 755 -o qmaill

                keepdir /var/log/qmail/qmail-${i}

                fperms +t /var/qmail/supervise/qmail-${i}{,/log}

                insinto /var/qmail/supervise/qmail-${i}

                newins ${FILESDIR}/run-qmail${i} run

                insinto /var/qmail/supervise/qmail-${i}/log

                newins ${FILESDIR}/run-qmail${i}log run

        done

        dodir ${TCPRULES_DIR}

        insinto ${TCPRULES_DIR}

        for i in smtp qmtp qmqp pop3; do

                newins ${FILESDIR}/tcp.${i}.sample tcp.qmail-${i}

        done

        einfo "Installing the qmail startup file ..."

        insinto /var/qmail

        insopts -o root -g root -m 755

        doins ${FILESDIR}/rc

        einfo "Insalling some stock configuration files"

        insinto /var/qmail/control

        insopts -o root -g root -m 644

        doins ${FILESDIR}/conf-*

        newins ${FILESDIR}/dot_qmail defaultdelivery

        use ssl && doins ${FILESDIR}/servercert.cnf

        einfo "Configuration sanity checker and launcher"

        into /var/qmail

        insopts -o root -g root -m 644

        dobin ${FILESDIR}/config-sanity-check

        dobin ${FILESDIR}/qmail-config-system

        if use ssl; then

                einfo "SSL Certificate creation script"

                dobin ${FILESDIR}/mkservercert

                einfo "RSA key generation cronjob"

                insinto /etc/cron.hourly

                doins ${FILESDIR}/qmail-genrsacert.sh

                chmod +x ${D}/etc/cron.hourly/qmail-genrsacert.sh

                # for some files

                keepdir /var/qmail/control/tlshosts/

        fi

}

rootmailfixup() {

        # so you can check mail as root easily

        local TMPCMD="ln -sf /var/qmail/alias/.maildir/ ${ROOT}/root/.maildir"

        if [ -d "${ROOT}/root/.maildir" ] && [ ! -L "${ROOT}/root/.maildir" ] ; then

                einfo "Previously the qmail ebuilds created /root/.maildir/ but not"

                einfo "mail was every delivered there. If the directory does not"

                einfo "contain any mail, please delete it and run:"

                einfo "${TMPCMD}"

        else

                ${TMPCMD}

        fi

        chown -R alias:qmail ${ROOT}/var/qmail/alias/.maildir 2>/dev/null

}

buildtcprules() {

        for i in smtp qmtp qmqp pop3; do

                # please note that we don't check if it exists

                # as we want it to make the cdb files anyway!

                f=tcp.qmail-${i}

                src=${ROOT}${TCPRULES_DIR}/${f}

                cdb=${ROOT}${TCPRULES_DIR}/${f}.cdb

                tmp=${ROOT}${TCPRULES_DIR}/.${f}.tmp

                cat ${src} 2>/dev/null | tcprules ${cdb} ${tmp}

        done

}

pkg_postinst() {

        einfo "Setting up the message queue hierarchy ..."

        # queue-fix makes life easy!

        /var/qmail/bin/queue-fix ${ROOT}/var/qmail/queue >/dev/null

        rootmailfixup

        buildtcprules

        # for good measure

        env-update

        einfo "To setup qmail to run out-of-the-box on your system, run:"

        einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"

        echo

        einfo "To start qmail at boot you have to add svscan to your startup"

        einfo "and create the following links:"

        einfo "ln -s /var/qmail/supervise/qmail-send /service/qmail-send"

        einfo "ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd"

        echo

        einfo "To start the pop3 server as well, create the following link:"

        einfo "ln -s /var/qmail/supervise/qmail-pop3d /service/qmail-pop3d"

        echo

        einfo "Additionally, the QMTP and QMQP protocols are supported, "

        einfo "and can be started as:"

        einfo "ln -s /var/qmail/supervise/qmail-qmtpd /service/qmail-qmtpd"

        einfo "ln -s /var/qmail/supervise/qmail-qmqpd /service/qmail-qmqpd"

        echo

        einfo "Additionally, if you wish to run qmail right now, you should "

        einfo "run this before anything else:"

        einfo "source /etc/profile"

}

pkg_preinst() {

        mkdir -p ${TCPRULES_DIR}

        for proto in smtp qmtp qmqp pop3; do

                for ext in '' .cdb; do

                        old="/etc/tcp.${proto}${ext}"

                        new="${TCPRULES_DIR}/tcp.qmail-${proto}${ext}"

                        fail=0

                        if [ -f "$old" -a ! -f "$new" ]; then

                                einfo "Moving $old to $new"

                                cp $old $new || fail=1

                        else

                                fail=1

                        fi

                        if [ "${fail}" = "1" ]; then

                                eerror "Error moving $old to $new, be sure to check the"

                                eerror "configuration! You may have already moved the files,"

                                eerror "in which case you can delete $old"

                        fi

                done

        done

}

pkg_config() {

        # avoid some weird locale problems

        export LC_ALL="C"

        if [ ${ROOT} = "/" ] ; then

                if [ ! -f ${ROOT}var/qmail/control/me ] ; then

                        export qhost=`hostname --fqdn`

                        ${ROOT}var/qmail/bin/config-fast $qhost

                fi

        else

                ewarn "Skipping some configuration as it MUST be run on the final host"

        fi

        einfo "Accepting relaying by default from all ips configured on this machine."

        LOCALIPS=`/sbin/ifconfig  | grep inet | cut -d' ' -f 12 -s | cut -b 6-20`

        TCPSTRING=":allow,RELAYCLIENT=\"\",RBLSMTPD=\"\""

        for ip in $LOCALIPS; do

                myline="${ip}${TCPSTRING}"

                for proto in smtp qmtp qmqp; do

                        f="${ROOT}${TCPRULES_DIR}/tcp.qmail-${proto}"

                        egrep -q "${myline}" ${f} || echo "${myline}" >>${f}

                done

        done

        buildtcprules

        if use ssl; then

                ${ROOT}etc/cron.daily/qmail-genrsacert.sh

                einfo "Creating a self-signed ssl-certificate:"

                /var/qmail/bin/mkservercert

                einfo "If you want to have a properly signed certificate "

                einfo "instead, do the following:"

                einfo "openssl req -new -nodes -out req.pem \\"

                einfo "-config /var/qmail/control/servercert.cnf \\"

                einfo "-keyout /var/qmail/control/servercert.pem"

                einfo "Send req.pem to your CA to obtain signed_req.pem, and do:"

                einfo "cat signed_req.pem >> /var/qmail/control/servercert.pem"

        fi

}
```

----------

## tecknojunky

This new paradigm is more tha welcome.

Setting up spf TXT was easy on zoneedit.com, so at least no one can forge mails on the bahalfs of my domains.

Thanks for the ebuild.  I will most certainly try it on a test box which currently is an old mirror of my current mail server.

I'll keep you posted of any woes.  No news = good news.

----------

## Gaspode

What's the current status of SPF for Gentoo's qmail? Last time I checked (earlier today  :Wink: ), it was still not in qmail-1.03-r15 or r16... are there any plans to implement it, or has that idea silently died?

----------

## radulucian

another 9 months have passed since the last question on this thread.

any news on being able to do sometime soon something like:

```
USE="spf" emerge qmail
```

??

any update at all ? is SPF an ideea that died in the meantime? if yes, any bright replacements?

----------

## ito

 *radulucian wrote:*   

> another 9 months have passed since the last question on this thread.
> 
> any news on being able to do sometime soon something like:
> 
> ```
> ...

 

Spamassassin can check spf

----------

## magic919

I think the News page on http://www.openspf.org/news.html says it all.  Nothing in 2005.

SPF has not died as an idea but suffers from a general lack of implementation.  I see more use of sender callout in my SMTP logs than i used to.

----------

## hegga

any news when the spf patch for qmail will be available in portage?

seems that this has taken some time...

----------

## puke

Has anyone looked at this opinion piece?  It recommends domainkeys over SPF.  I've tried to get domainkeys working but it seems like I can't get qmail-dk to compile properly.  Anyone had any success with this?

----------

