eQmail 1.09 introduces some βnewβ functionalities. This article describes how to use them. Version 1.09 is another step of preventing users to patch (net)qmail by themselves.
The installation routine conforms with the traditional one by doing make and make setup [check] . To create the necessary configuration files run ./config . If you do an upgrade make a backup of your control directory before, because some configuration files will be overwritten (this will be changed/improved in the next major release).
Important: The default delimiter for address extension is now β+β (plus sign). Edit conf-break to change this - this will may be important if you upgrading from a prior version of eQmail or (net)qmail. An upgrade can be done over a (net)qmail installation in general too - nevertheless depending on the applied patches of a former installation some functionality will be lost or needs to be configured different.
I assume that eQmail will be run under daemontools in the examples below.
The IPv6 functionality will be enabled/disabled at compilation time. As IPv6 is enabled by default, edit conf-cc to change this:
cc -O2 -DINET6 -DTLS=20151215 -I/usr/local/openssl/include
Remove -DINET6 from the line above to disable it.
To allow authentication over a secured connection only you can enable that TLS is required before. To enable this (default: off) set an environment variable in your run file:
export TLSREQUIRED=1 exec tcpserver ....
By using AUTH CRAM-MD5, TLS can be bypassed.
This feature requires that TLS is enabled (default). To disable TLS remove -DTLS=20151215 -I/usr/local/openssl/include from conf-cc like do it with IPv6.
Connections on the submission port (default: 587) usually requires authentication always. Create a second instance of qmail-smtpd with the submission port number. Give it a different name, e.g. qmail-submission . To change the port number set an environment variable in the run file of the second instance:
export TLSREQUIRED=1 SUBMISSIONPORT=10025 exec tcpcerver ...
It is recommended to set TLS required on the submission port instance.
This allows to manipulate outgoing mails, e.g. to do DKIM signing. Edit the file control/beforemote to call programs before qmail-remote . This feature is kind of fault tolerant - means that qmail-remote
will be executed if something goes wrong. A more complete documentation can be found here.