Re: netqmail-1.05 question

[John Levine <johnl@xxxxxxxx>]

>That said, perhaps it's time to incorporate JohnL's ofmipd + SMTPAUTH
>patch?

Maybe, although it's kind of a mess and I need to redo it now that I'm
moving off BSD/OS with its antique toolchain onto FreeBSD which has
the ones that everyone else uses.

I agree that it makes sense to have a base version of netqmail which
is essentially qmail with minimal twiddles.  But I think it would be a
good idea also to do a netqmailplus that includes all the stuff that
someone doing a realistic netqmail would be likely to want.  As it
stands now, a lot of people give up on qmail because it's too hard to
figure out what patches to use, but far too many end up using crappy
overpatched versions because they don't know what patches are good and
they throw in everything that they think they might want.  Look at the
version of qmail in the FreeBSD ports tree for an example.

If I were doing a jumbo patch, here's what I think I'd want.  The
starred ones would be under an #ifdef since they require third party
SSL libraries.

- SMTP AUTH for qmail-smtpd
- TLS inbound and outbound*
- rblsmtpd with the patch to handle missing TXT records
- more comprehensive SMTP time logging (I know it's all in the received
  headers, but you don't always have a copy of the message to look at)
- SMTP AUTH for ofmipd
- TLS for ofmipd*
- better SMTP time rejections

For that last one, accept and bounce made sense in 1998, but it's a
disaster on today's Internet.  I realize you can't do SMTP time
rejections perfectly without moving the entire delivery process into
the SMTP daemon, but there are some 90% solutions that are pretty
cheap, particularly if you have virtual domains handled in consistent
ways.

R's,
John