JHill

We use Qmail pretty heavily for both internal and external mail projects. About a year ago, in an attempt to stem the flow of SPAM, we installed Qmail-Scanner. It’s an add-on to Qmail that scans incoming mail for viruses and SPAM. The two programs working together are great.

Over the last month, we’ve seen a dramatic increase in the volume of email. This has happened for a couple of reasons. We finally purchased weblink.com domain, it just points to weblinc.com. Weblink evidently use to host a lot of people’s email, which we were receiving, and the amount of email-delivered viruses has increased significantly.

Our Qmail configuration would previously accept email for any username at any of the domains that we own. Qmail Scanner would then scan the email to see if it was SPAM or contained a virus and pass it back to Qmail. Qmail would then attempt to deliver it, see that the account didn’t exist and bounce the message. This lead to the mail server being tremendously overworked, scanning every message, and complained loudly on weekends or any other time that I happened to not be at the office.

After some digging, we settled on Qpsmtpd. It’s a replacement for the piece of Qmail that handles the SMTP process and is written in Perl. Qpsmtpd has a pretty nice plug-in architecture that allows for different functionality to be inserted at various events in the SMTP transaction. check_delivery caught my interest pretty quickly. It checks, among other ways via .qmail files, whether the intended user can receive mail. If not, it refuses the message. The message never gets to Qmail Scanner. It took me a bit of time to get it configured to work with our setup, but we put it live this morning around 10:00.

Here are the results after 12 hours:

Total Messages:  5673

89.9% percent of the mail was blocked! Qmail, SpamAssassin and ClamAV never see the blocked 90% percent of the mail that would most likely be blocked later in the process.

A big thanks to all of the developers of these great applications!