Tech Notes/System/Qmail and Friends/Running TMDA We install as per documentation, building and running RPM's (as root): {code:none} rpmbuild -tb --nodeps tmda-1.0.tgz rpm -Uvh /usr/src/RPM/RPMS/noarch/tmda-1.0-1.noarch.rpm {code} (With appropriate version number and source RPM path). Run ~~tmda-keygen~~ (as the user requiring the TMDA service), create and protect ~~\~/.tmda/crypt_key~~ (perms 600). Create ~/.qmail-tmda, containing {code:none} |preline /usr/bin/tmda-filter ./Maildir/ {code} and symlink ~~.qmail-tmda-default~~ to this. So: we accept (and process) any mail to an address ~~<user>-tmda~~ and ~~<user>-tmda-*~~. (Modify the second line to taste, if delivery is to other than a maildir.) Mail to be challenged (from procmailrc) should be routed to the address ~~<user>-tmda~~. In our procmailrc, we replace ~~Reply-To~~ with the (old) 'From ' before forwarding (otherwise the forwarding causes us to receive our own challenges!). Note: the "CHALLENGE ?? 1" part is the test for suspect (spam) mail. {code:none} :0 * CHALLENGE ?? 1 { # SpamAssassin seems to lose Return-Path:, so we use envelope: SENDER=`formail -x 'From ' | sed -e 's/ .*//'` # Since we're about to forward, make sure challenges go the # the original (envelope) sender, not me! :0 f | formail -i "Return-Path: <$SENDER>" # Forward: :0 !nick-tmda } {code} Auto-whitelisting: ~~\~/.tmdarc~~ contains {code:none} CONFIRM_APPEND = os.path.expanduser("..../auto-whitelist") {code} ~~\~/.tmda/filters/incoming~~ contains {code:none} from-file ..../auto-whitelist accept to *@cassiel.com hold {code} (We are holding, rather than challenging.) Daily interrogation of the pending list: our crontab looks like {code:none} 0 4 * * * tmda-pending -C -b -s {code} 2005-12-19 21:20:47.0 2005-12-19 21:20:47.0