This message is being sent to the vpopmail mailing list and the qmail mailing list

I have been using qmail and vpopmail for a while now, but i am seeing some major things that should be addressed, to make the two work together better.

The first being that if a user does not exist for a domain that vpopmail has, that it should drop the message immediately SMTPD level, and not send a email message, as this can cause a lot of trouble. Consider the following:

Someone is sending you 100 messages an hour to a local domain that vpopmail handles, and it does not eexist. It will put the message in the queue, get vdelivermail to parse it, and then vdelivermail will create a bounce message and tell the sender that the account does not exist. The problem with this is though, that we have is that all those 100's of messages are messages with viruses. Now what we have is us bouncing back an email to an address that might not even exist, if it does exists its kinda bad for the person getting it as they will get 1000's of bounce messages, but if it does not exist, and is a qmail server as well, or Windows or whatever, it will sometimes also generate a bounce email instead of just a SMTP error code. Thus what happens now, is that we also get all the bounce messages back that the user does not exist. To the postmaster account. Making more unnecessary data transfer over the net. (Every bit counts).

What i think qmail should include, is a way to have an program (Thus we do not want it hard coded, to keep it modular) to check if a users account exist, so that way you can run a program for the stock qmail to check if the unix user exists, and vpopmail can include code so that we can check the domains structure for the domain and user, and if the program exits with an error code, we drop the email at smtpd lever, thus not generating bounce messages, as the users local mail server will do that, saying that they gave up cause it did not work out.

Another thing that would greatly be good to the qmail community and vpopmail, is support for auth. I know there are auth patches out there, but if it were included in the default release, it could include better support for it. Like with the qmail-pop3d its possible to choose what application to run to check the users email and account, on the stock this is check password, on the vpopmail install, this would be vchkpw.

Now the current problem is that qmail AUTH patches are available freely, but they limit you if you use it with vchkpw, as you have to run qmail-smtpd and qmail-pop3d as root, to be able to authenticate with the services, or you have a problem, and you can not login. What i suggest is that somehow we make it work together, either under the same uid, and gid, or some other way. I can currently not think of any other good ways. That way we can run qmail-smtpd more secure, as i personally do not like having stuff running as root.

Another feature i would like to see included with the stock qmail, but which is not really a major problem. Is qmail-imapd =). It would be great to have something like it, that works just like qmail-pop3d, and is just as fast, safe and modular.

Thats all folks.

Reply via email to