Port 25

smtp

Unencrypted, unauthenticated service for normal mail from the Internet.

Because spammers occasionally max out the number of SMTP connections (default 30), I usually call this service smtp and use it strictly for external SMTP connections. By running a separate SMTP service for the internal users, a spike in spammer activity doesn't cause connection issues for your internal users.

Set up the service directory, download John Simpson's SMTP run script, and set it's permissions:

cd /var/service
mkdir -m 1755 smtp
cd smtp
wget http://qmail.jms1.net/scripts/service-qmail-smtpd-run 
mv service-qmail-smtpd-run run
chmod 700 run

Edit /var/service/smtp/run and set the appropriate options. Most of the defaults should be correct, however you will definitely need to set the IP address (perhaps using a virtual interface if you want multiple SMTP servers but don't have multiple NICs installed).

IP=<IP ADDRESS TO LISTEN ON>

We can allow our internal users to authenticate themselves and relay mail through this service as long as their mail client has TLS encryption:

SSL=0
FORCE_TLS=0
DENY_TLS=0
AUTH=1
REQUIRE_AUTH=0
ALLOW_INSECURE_AUTH=0
CHECKPW="/home/vpopmail/bin/vchkpw"

Enabling some public RBLs is a very good way to prevent a lot of spam. Uncomment RBLSMTPD_PROG="rblsmtpd", then uncomment and modify the RBL_BAD with your preferred RBLs. If you created your own private RBL white and blacklists, add them as well. Currently, I'm using:

RBLSMTPD_PROG="rblsmtpd"
RBL_GOOD=""
RBL_BAD="zen.spamhaus.org bl.spamcop.net"

Enabling GREETDELAY is a good way to stifle impatient spammers. Simply uncomment:

GREETDELAY=30
DROP_PRE_GREET=1

Uncomment the appropriate QMAILQUEUE line depending on whether you are using Simscan or Qmailscanner. i.e:

QMAILQUEUE="$VQ/bin/simscan"

Set up the "log" directory, download its "run" script, and set its permissions:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/run.log 
mv run.log run
chmod 700 run

At this point, you should configure validrcptto on your external service. In fact, the service as it is configured by the run script, will not properly accept mail until you do so - given how spammers operate, you should be using it.
Start the SMTP service
Once you have configured validrcptto and other options, create the symbolic link in /service to start the service:

ln -s /var/service/smtp /service/

CentOS 7 Firewall

firewall-cmd --permanent --zone=public --add-service=smtp
firewall-cmd --reload

Credits

Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.

Recent Updates

Apache

1 year 12 months ago
Apache

1 year 12 months ago
lighttpd

1 year 12 months ago

php 8.x
MariaDB

2 years 5 hours ago

10.6.7
CentOS

2 years 1 day ago

Drop Centos 5/6 stuff

Recent Links

SquidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
NCurses Disk Usage

A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don't have an entire gaphical setup, but have to do with a simple SSH connection. ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
WPKG

WPKG is an automated software deployment, upgrade and removal program for Windows.

It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.

It can run as a service to install software in the background (silent install), without user interaction.

It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.

WPKG is open source software.
opsi

opsi (Open PC Server Integration) the Open Source client management system
Vagrant

Vagrant is a tool for building complete development environments. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases development/production parity, and makes the "works on my machine" excuse a relic of the past.

Main menu

You are here

Port 25

Credits

Recent Updates

Recent Links