Running qpsmtpd with postfix on gentoo

Anybody trying to get qpsmtp working on Gentoo may need a runscript to live in the /etc/init.d/ directory which will start and stop qpsmtpd-forkserver for you.

Here's mine:

PROG=/home/smtpd/qpsmtpd-forkserver
OPTIONS="-u smtpd -l  -p 25 --detach --pid-file /var/run/qpsmtpd-forkserver.pid"

depend() {
   need postfix net dns
}

start() {
    ebegin "Starting the qpsmtp service..."
    start-stop-daemon --start \
        --exec $PROG -- $OPTIONS
    eend $?
}

stop() {
    ebegin "Stopping the qpsmtpd service"
    start-stop-daemon --stop \
        --pidfile /var/run/qpsmtpd-forkserver.pid
    eend $?
}

restart() {
    svc_stop
    svc_start
}

I'm following the guidelines from these articles:
setup,
MTA integration and
plugins and config

I was getting this error:

FATAL PLUGIN ERROR:  Couldn't open unix socket 
"/var/spool/postfix/public/cleanup": Connection refused 
at /usr/lib/perl5/site_perl/5.8.8/Qpsmtpd/Postfix.pm 
line 96,  line 29

Which turned out to be a permission problem. I had to add both the postfix and postdrop groups to the smtpd user to get it working. Seems that the /var/spool/postfix/public/ directory is in the postdrop group, but the /var/spool/postfix/public/cleanup file is in the postfix group.

The other key thing is to seperate postfix-smtp and qpsmtpd to ensure that they play nicely. Since qpsmtpd and postfix are both running on the same machine, I decided to use the postfix-queue plugin in qpsmtpd to deliver mail to postfix, rather than using another TCP socket. So, I've configured postfix to listen to port 25 only the localhost, and for qpsmtpd to listen to port 25 only on the internet interface.

To configure postfix to only listen to localhost:25, set the following in the /etc/postfix/main.cf file:

inet_interfaces = localhost

To set qpsmtpd to only listen to the internet address, set the -l parameter as part of the startup command (see my runscript above).

I have found that this way, when we send email from our webmail system, it goes through alot faster since it doean't have to connect to a bunch of RBL servers, nor does it perform tests that slow down the connection on purpose (like early-talker).

so far it seems to be going quite well. Testing was easy because I didn't have to wait long before someone tried to send spam. Quite incredible.

Leave a Reply

Your email address will not be published.