I recommend replacing qmail-smtpd with qpsmtpd. qpsmtpd is
also written in Perl, but it is fast and a number of high
volume sites utilize it. (Apache.com and perl.com IIRC)
http://smtpd.develooper.com/
qpsmtpd has a plugin for greylisting, and a number of other
useful plugins for antispam. earlytalker, spamassassin
and my personal favorite, p0f (passive OS fingerprint) support.
The plugin system is so well written that even Perl novices
(like me) can create plugins.
You will need the rcpt_ldap plugin so you can reject mail to
invalid recipients. http://wiki.qpsmtpd.org/plugins
I noticed a lot of our spam was arriving with "Delivered-To"
headers already set to my user and server. qmail-local will
then bounce the message as a message loop, usually to a forged
From address. I wrote a short plugin that rejects incoming
messages with my delivered to header, essentially forcing the
other server (usually the spammer) to bounce the looping message.
Adding qpsmtpd, and spamassassin during smtp means I am now
rejecting 95% of incoming mail during the SMTP transaction. My
mail server has essentially no load processing 10,000 messages
per day. (A light workload, I admit)
Mark Farver
|