Valued Member
Well, as somewhat newbie when it comes to Qmail my general SOP is to walk through lwq (lifewithqmail.org) for my installation, and then find guides on all the extraneous features such as webmail, smtp-auth etc. I've been working via this method once or twice a year for the last several, and until recently have never had a problem.

Most recently I needed another Qmail with all the trimmings: webmail, smtp-auth, spam assassin, word filtering, log rotation etc. I did my usual lwq install and the went searching. I had come across qmailrocks.org previously, however had yet to actually use it, its far more complete then I had really needed.

I quickly stepped myself through the entire install ignoring or redoing steps I had previously done, and after about a day's work had a fully functioning and complete Qmail. After about a month the server took a nose dive, and it was rebooted, nobody really bothered to look too carefully as to why (it was only in semi-production -> that is to say late testing cycle). About a week ago, we suddenly noticed some pix logs 5 and 20 times their normal size, and we needed to take the problem a little more seriously. We found my little mail server was sending a boatload of spam. Since then with outside assistance we have discovered a huge number of vulnerabilities. Ranging from being an open relay, to accepting all types of other methods of sending spam.

Bottom line, Qmailrocks.org seems like it is a great idea, its very well documented. It contains simple step by step instructions and great explanations on what each step is doing. When you're complete it seems to functioning very well. Just keep an eye on it, or you'll be doing what I'm doing . . . a few later blowing the whole damned thing up and starting over with a plain-jane LWQ install.