This document describes how I use my RCPTCHECK patch in my qmail configuration. NOTE: this is a bit nonconventional. I cannot guarantee it will work for you.
To start with, my qmail has been patched with the aforementioned patch. In addition, I have installed a version of fastforward that has been patched with fastforward-idx (mirrored here). This is not needed to make use of my RCPTCHECK patch, but in my setup it adds functionality I desire.
Next, I've written a script which I invoke from daemontools. e.g.
127.0.0.1:allow,RELAYCLIENT="" 192.168.1.:allow,RELAYCLIENT="" 10.11.12.8:allow,RELAYCLIENT="" :allow,RCPTCHECK="/var/qmail/libexec/rcptcheck"
And here's the rcptcheck script:
#!/bin/sh set -e IFS="@" set -- $RECIPIENT EXT="$1" HOST="${2:-soffian.org}" export EXT HOST echo "rcptcheck: from <SENDER> to <RECIPIENT> >&2 /var/qmail/bin/fastforward -nd /var/qmail/etc/virtualaliases.cdb 2>&1 | \ while read line; do case $line in "Sorry,"*) echo "rcptcheck: $line" >&2 exit 100 ;; "to <REJECT> echo "Sorry, no mailbox here by that name (rejected). (#5.1.1)" >&2 exit 100 ;; "to <RELAY> echo "rcptcheck: relaying" >&2 exit 0 ;; "from"*) continue ;; esac echo "rcptcheck: $line" >&2 done
More about this script in a moment. In order to route all my messages through fastforward, both my /var/qmail/alias/.qmail and /var/qmail/alias/.qmail-default contain:
|(echo "Delivered-To: $EXT@$HOST"; cat) | fastforward -d /var/qmail/etc/virtualaliases.cdb
Note:This strange invocation of fastforward adds an extra Delivered-To header for my procmail recipies to key off of.
Because I accept mail for multiple domains, I choose to have no control/locals file (recall that this is identical to control/locals having only one line that is the same as control/me). Rather, my control/virtualdomains file looks like this:
example.org:alias example.net:alias
Now that everything routes through the alias user, and then onto fastforward-idx, I can construct a virtualaliases like so:
# spam blockage jay-bogus1@example.org: REJECT; jay-bogus2@example.org: REJECT; # local accounts jay@example.org: jay; jay-default@example.org: jay; # domain defaults @example.com: RELAY;
Back to the rcptcheck script. Addresses tagged in the virtualaliases file with targets of REJECT and RELAY don't actually get delivered locally. fastforward never even sees those addresses except when it is invoked by the rcptcheck script in test mode. The rcptcheck script then keys off of either tag for the desired behavior.
One last point: since I'm relaying for example.com, normally that domain would need to appear in my control/rcpthosts file. But because I'm using my RCPTCHECK patch that isn't needed here. That means I can control all of my address delivery from control/virtualdomains and my virtualaliases file. And in fact, it even gives me more granularity since I can relay only certain addresses within a domain if desired.