In order to limit the connections made from a certain IP address, one needs to patch tcpserver, the process which receives all incoming connections and passes them through to QMail. These steps describe how to patch tcpserver on a FreeBSD system, where the QMail SMTP and POP servers are executed with the supervise (svc) daemon.

chkuser is a patch for QMail 1.03 which checks if the recipient address is a valid user on the system. If not, it will block the mail right away. This is nice, because usually this is checked after scanning a mail for virusses and spam. Now this is checked beforehand, which saves you a lot of CPU cycles.

At some point, an local SMTP server (QMail) responded really slow on connection attempts. There was no traffic between the client and server so it was a bit unclear why it was locked for about 30 seconds until the so-called '220' response.

Google suggested me (indirectly) to disable reverse DNS lookups on the tcpserver (with the -R, -P, -l 'hostname') flags. But that didn't help.

After setting up a QMail SMTP server, it seems some spammers found a way to relay through our host. Of course, I installed the rcpthosts file with a list of allowed domains, but somehow they got through.

After installing simscan I was no longer able to send any message. The following message was being spitted out upon sending an e-mail through this SMTP-server: