1) Qmail. Hmmmm. Personally I wouldn't touch qmail these days, unless sendmail was the only other option, but even then it'd be a tight call. It's been way too long since qmail's had an official update from what I can tell, and due to the licence restrictions imposed by djb getting modern functionality can be a pain (although this is second hand info from a work-mates previous pains with qmail).

Essentially the more uptodate options and probably the best supported hereabouts are exim (the debian default, and my personal favorite), and postfix (which also has alot of fans here).

2) One BIG precaution -- make sure it's not an OPEN relay server -- in other words, only accept mail from or for your users, do not let external users send mail to other external users. One of the really nice things about exim are all the different testing modes that it has (commandline options, but well worth learning about); these enable you to firewall off your mail ports, build the mail configuration the way you want it, test it thoroughly, and only then open it up for use. Other mailservers have similar abilities, but exim just makes it really easy.

3) See the beginning of 2) re. being an OPEN relay. Also, use SpamAssassin (or something similar like DSPAM). Again, exim is really useful here, as its SMTP time acls can do inline scanning for spam (and malware if you use something like clamav), and these tools can go a long way to defeding you from spammers.

4) Reject as much as possible at SMTP time, that way you're doing much of the scanning you would anyway, but without the effort of actually accepting the message, and then bouncing it later.

5) I know that you didn't even ask a 5), but here it is: Once you've chosen which mail server you're going to use, take the docs home for the weekend, and read cover to cover before you configure it -- it's much easier to organise your thoughts once you've got a bird's eye view of how it all fits together.

Cheers.

relaying in qmail is very simple. Just add the domainname into the /var/control/rcpthosts file, reload qmail-send. That's it. Just don't include the domain into the locals or vitualdomains files.

Emails for domains not listed in rcpthosts or morercpthosts are rejected (relay not allowed). Domains in (more)rcpthosts and not listed in locals or virtualdomains are relayed.

If you need to relay to a special (e.g. not listed as an MX record) server on a non-smtp port you also need to add an entry to smtproutes. If the file doesn't exist, just create it.
Each entry has the following syntax:
domain:new domain or ip[:port]
example.org:example.com
example.org:example.net:26

Development of Qmail self is finished. It receives, sends and deliver emails. According to Dan Bernstein that's what a mail server is supposed to do. No extra whissles means less code equals minor changes of bugs (exploits). But the qmail community (www.qmail.com) have developed a lot of addon's for it. Basicly all of them are some kind of filter.

Have fun!

hi i have a error with compile ucspi-tcp in debian :((





root@myserver:/usr/src/qmail/ucspi-tcp-0.88# make && make setup check
( cat warn-auto.sh; \
echo 'main="$1"; shift'; \
echo exec "`head -1 conf-ld`" \
'-o "$main" "$main".o ${1+"$@"}' \
) > load
chmod 755 load
( cat warn-auto.sh; \
echo exec "`head -1 conf-cc`" '-c ${1+"$@"}' \
) > compile
chmod 755 compile
cat warn-auto.sh choose.sh \
| sed s}HOME}"`head -1 conf-home`"}g \
> choose
chmod 755 choose
./choose clr trypoll iopause.h1 iopause.h2 > iopause.h
./choose clr tryulong64 uint64.h1 uint64.h2 > uint64.h
./compile tcpserver.c
( ( ./compile tryulong32.c && ./load tryulong32 && \
./tryulong32 ) >/dev/null 2>&1 \
&& cat uint32.h2 || cat uint32.h1 ) > uint32.h
rm -f tryulong32.o tryulong32
./compile rules.c
./compile remoteinfo.c
./compile timeoutconn.c
( cat warn-auto.sh; \
echo CC=\'`head -1 conf-cc`\'; \
echo LD=\'`head -1 conf-ld`\'; \
cat find-systype.sh; \
) | sh > systype
( cat warn-auto.sh; \
echo 'main="$1"; shift'; \
echo 'rm -f "$main"'; \
echo 'ar cr "$main" ${1+"$@"}'; \
case "`cat systype`" in \
sunos-5.*) ;; \
unix_sv*) ;; \
irix64-*) ;; \
irix-*) ;; \
dgux-*) ;; \
hp-ux-*) ;; \
sco*) ;; \
*) echo 'ranlib "$main"' ;; \
esac \
) > makelib
chmod 755 makelib
./compile cdb.c
./compile cdb_hash.c
./compile cdb_make.c
./makelib cdb.a cdb.o cdb_hash.o cdb_make.o
./compile dns_dfd.c
./compile dns_domain.c
./compile dns_dtda.c
./compile dns_ip.c
./compile dns_ipq.c
./compile dns_name.c
./compile dns_nd.c
./compile dns_packet.c
./compile dns_random.c
./compile dns_rcip.c
./compile dns_rcrw.c
./compile dns_resolve.c
./compile dns_sortip.c
./compile dns_transmit.c
./compile dns_txt.c
./makelib dns.a dns_dfd.o dns_domain.o dns_dtda.o dns_ip.o \
dns_ipq.o dns_name.o dns_nd.o dns_packet.o dns_random.o \
dns_rcip.o dns_rcrw.o dns_resolve.o dns_sortip.o \
dns_transmit.o dns_txt.o
./choose c trysysel select.h1 select.h2 > select.h
./compile iopause.c
./compile tai_pack.c
./compile taia_add.c
./compile taia_approx.c
./compile taia_frac.c
./compile taia_less.c
./compile taia_now.c
./compile taia_pack.c
./compile taia_sub.c
./compile taia_uint.c
./makelib time.a iopause.o tai_pack.o taia_add.o \
taia_approx.o taia_frac.o taia_less.o taia_now.o \
taia_pack.o taia_sub.o taia_uint.o
./compile alloc.c
alloc.c:3: warning: conflicting types for built-in function قmallocق
./compile alloc_re.c
./compile buffer.c
./compile buffer_0.c
./compile buffer_1.c
./compile buffer_2.c
./compile buffer_copy.c
./compile buffer_get.c
./compile buffer_put.c
./compile env.c
./compile error.c
./compile error_str.c
./compile fd_copy.c
./compile fd_move.c
./compile getln.c
./compile getln2.c
./compile ndelay_off.c
./compile ndelay_on.c
./compile open_read.c
./compile open_trunc.c
./compile open_write.c
./compile openreadclose.c
./compile pathexec_env.c
./compile pathexec_run.c
./compile chkshsgr.c
./load chkshsgr
./chkshsgr || ( cat warn-shsgr; exit 1 )
./choose clr tryshsgr hasshsgr.h1 hasshsgr.h2 > hasshsgr.h
./compile prot.c
./compile readclose.c
./compile seek_set.c
./compile sgetopt.c
./compile sig.c
./choose cl trysgprm hassgprm.h1 hassgprm.h2 > hassgprm.h
./compile sig_block.c
./choose cl trysgact hassgact.h1 hassgact.h2 > hassgact.h
./compile sig_catch.c
./compile sig_pause.c
./compile socket_accept.c
./compile socket_bind.c
./compile socket_conn.c
./compile socket_delay.c
./compile socket_listen.c
./compile socket_local.c
./compile socket_opts.c
./compile socket_remote.c
./compile socket_tcp.c
./compile socket_udp.c
./compile stralloc_cat.c
./compile stralloc_catb.c
./compile stralloc_cats.c
./compile stralloc_copy.c
./compile stralloc_eady.c
./compile stralloc_opyb.c
./compile stralloc_opys.c
./compile stralloc_pend.c
./compile strerr_die.c
./compile strerr_sys.c
./compile subgetopt.c
./choose cl trywaitp haswaitp.h1 haswaitp.h2 > haswaitp.h
./compile wait_nohang.c
./compile wait_pid.c
./makelib unix.a alloc.o alloc_re.o buffer.o buffer_0.o \
buffer_1.o buffer_2.o buffer_copy.o buffer_get.o \
buffer_put.o env.o error.o error_str.o fd_copy.o fd_move.o \
getln.o getln2.o ndelay_off.o ndelay_on.o open_read.o \
open_trunc.o open_write.o openreadclose.o pathexec_env.o \
pathexec_run.o prot.o readclose.o seek_set.o sgetopt.o \
sig.o sig_block.o sig_catch.o sig_pause.o socket_accept.o \
socket_bind.o socket_conn.o socket_delay.o socket_listen.o \
socket_local.o socket_opts.o socket_remote.o socket_tcp.o \
socket_udp.o stralloc_cat.o stralloc_catb.o stralloc_cats.o \
stralloc_copy.o stralloc_eady.o stralloc_opyb.o \
stralloc_opys.o stralloc_pend.o strerr_die.o strerr_sys.o \
subgetopt.o wait_nohang.o wait_pid.o
./compile byte_chr.c
./compile byte_copy.c
./compile byte_cr.c
./compile byte_diff.c
./compile byte_rchr.c
./compile byte_zero.c
./compile case_diffb.c
./compile case_diffs.c
./compile fmt_ulong.c
./compile ip4_fmt.c
./compile ip4_scan.c
./compile scan_ulong.c
./compile str_chr.c
./compile str_diff.c
./compile str_len.c
./compile str_start.c
./compile uint16_pack.c
./compile uint16_unpack.c
./compile uint32_pack.c
./compile uint32_unpack.c
./makelib byte.a byte_chr.o byte_copy.o byte_cr.o \
byte_diff.o byte_rchr.o byte_zero.o case_diffb.o \
case_diffs.o fmt_ulong.o ip4_fmt.o ip4_scan.o scan_ulong.o \
str_chr.o str_diff.o str_len.o str_start.o uint16_pack.o \
uint16_unpack.o uint32_pack.o uint32_unpack.o
( ( ./compile trylsock.c && \
./load trylsock -lsocket -lnsl ) >/dev/null 2>&1 \
&& echo -lsocket -lnsl || exit 0 ) > socket.lib
rm -f trylsock.o trylsock
./load tcpserver rules.o remoteinfo.o timeoutconn.o cdb.a \
dns.a time.a unix.a byte.a `cat socket.lib`
/usr/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in tcpserver.o
/lib/libc.so.6: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [tcpserver] Error 1

:(( any body can help me ?