Umbrellix Left politics, programming, and self-hosted Internet services: experiences, lessons and hope

So I dove into the manpages, and they delivered!

Initially written starting 04:51 UTC on the 17th of October, 2022 a.d. by Amelia Bjornsdottir.

This blog post attempts to describe, in circa chronological order, the process of trying to get Postfix and qmail to play together on the same machine, with qmail serving as mail acceptance from outside sites and Postfix serving to accept mail, by fiat of Dovecot, from inside users.

Necessary prep

I had already turned down Postfix' smtpd service on port 25 and turned up Nightmare Mail’s in its place, and that was already working and checking DKIM and all.

Dovecot broke

On my system, no fault of the developers of Dovecot, /usr/local/libexec/dovecot/submission-login crashes with a segfault. It is not, thus, capable of being used along with an open relay on 127.0.0.1:25.

Scrap that.

Back to Postfix. Act 1 - 4.3.0 mail loops to myself!

After Ducking around trying to find the way to set up a smarthost, I went to /usr/local/etc/postfix/main.cf and set relayhost = [127.0.0.1]:25 after deleting all mydomains and virtualdomains. I thought this would work, but I rehashed Postfix and when I tried to mail myself a letter through the submission service, it never arrived. All this time, mail was coming in successfully from remote hosts, being delivered through NightmareMail’s qmail-smtpd and imail-dkim (Indimail’s qmail-dkim) in verify mode to our dovecot-lda.

Back to Postfix Act 2 - 5.3.0 mail loops to myself!

So I set default_transport to smtp:[127.0.0.1]:25 instead, hoping that’d be it. Nah, this time mail was permanently refused, with no warning.

Scrap that.

Back to Postfix Act 3 - ceci est un pipe

After a bit more frustrated Ducking which I don’t fully remember, I was directed to the manpage 8/pipe. There, I found an old friend. pipe? I’d used xyr to deliver to uucp before.

There’s no reason you can’t use this to inject into a local queue manager.

I finally created my custom qmail transport using that, in master.cf:

# this is an ugly hack…
qmail unix - n n - - pipe
\ user=nmaild argv=/var/net.umbrellix.mail.mxf/bin/qmail-inject -a -f ${sender} ${recipient}

h/t alex tax1a for the tip that qmail-inject will need -a for multiple recipients!

I then set default_transport = qmail in main.cf.

I also commented the guff in main.cf that connected to OpenDKIM, now not necessary because of the above hack and the fact that I have DKIM appropriately set up on my system using imail-dkim.

You don’t need any flags= because qmail-inject and qmail-queue will add the lines that flags= are used to ask pipe to add. Because I used the qmaild user (nmaild in my installation), Nightmare Mail’s qmail-inject will believe it is being invoked from the network, which is what I want, but imail-dkim will also sign, rather than verify, because I have the default qmail-queue on my system set to qdkimsign-queue, a shell script I wrote that execs imail-dkim in signing mode. In turn, I have set QMAILQUEUE in the environment for my qmail-smtpds to qdkimvrfy-queue, which puts it in verifying mode instead.

I am now using Postfix as a submission server for my qmail/Dovecot installation.

So that’s the case study. It’s not very well thought-out, but like… You gotta give it to me for the ingenuity, right?