Chris Hardie <[EMAIL PROTECTED]> wrote:
>I've been observing what seems to be a lack of clear and concise
>documentation about anti-spam/security options for the novice and/or
>average qmail user.
LWQ doesn't cover anti-spam options in depth because I've personally
never felt the need to implement MTA-level spam control and nobody who
does use them has contributed such coverage.
qmail's anti-spam options are limited because there's simply no
reliable way to differentiate spam and legitimate mail. DJB refuses to
engage in an arms race with spammers.
There are few security options in qmail: security was designed into
it. Exceptions are relaying control via rcphosts and RELAYCLIENT, and
process limits such as those provided by
concurrencyremote/concurrencylocal, tcpserver, and softlimit. These
are, I think, adequately covered by LWQ.
LWQ doesn't cover relay control via STARTTLS and AUTH patches, but it
will eventually since I've recently done this.
>Only after scouring the mailing list archive was I able to determine that
>that "DENYMAIL" patch is the apparently recommended way of doing this, and
>of course everyone says "get it from the qmail website".
I'm not sure, but I don't think that patch was ever updated for 1.03.
>Whether or not this particular example is valid, it definitely seems like
>one has to do a lot of work to figure out the best way to set up a secure
>(but not draconian) and spam-unfriendly (but not malicious) qmail system.
A standard LWQ install is reasonably secure and, at least, not an open
relay.
-Dave
