When (r)emerging ucspi-tcp,qmail,netqmail and running etc-update, etc-update will overwrite any file in /service (like /service/qmail-smtpd/run) as a "trivial" change even if this will completely ruin the installation. I know there has been changes lately, and that you are "supposed" to alter qmail/tcpserver parameters in /var/qmail/control/conf-smtpd et al, but that simply dont cut it. If you for instance use Chris Hardi's "bad reverse DNS"-checker, you must edit the runfile: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec softlimit -m 3000000 \ tcpserver -v -p -x /etc/qmail/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ sh -c 'test -z "$TCPREMOTEHOST" \ && echo "451 bad reverse DNS" \ || exec /var/qmail/bin/qmail-smtpd' 2>&1 Due to the single-quotation-characters ( ' ), the suggested /var/qmail/bin/qmail-${SERVICE}d will simply be replaced by /var/qmail/bin/qmail-d and smtpd will fail. Reproducible: Always Steps to Reproduce: 1.emerge qmail 2.run etc-update Actual Results: 3.watch all your locally configured run files being overwritten as "trivial" changes Expected Results: It should prompt you with the "merge", "keep", "overwrite" options. Extremely simple to fix, and will not harm anyone. just append "/service" to CONFIG_PROTECT in /etc/make.globals
This is even a bit creepier than I first realised: --- .. >>> No outdated packages were found on your system. * GNU info directory index is up-to-date. * IMPORTANT: 1 config files in /etc need updating. * IMPORTANT: 2 config files in /var/qmail/control need updating. * Type emerge --help config to learn how to update config files. # etc-update Scanning Configuration files... Automerging trivial changes in: conf-qmqpd Automerging trivial changes in: conf-qmtpd The following is the list of files which need updating, each configuration file is followed by a list of possible replacement files. 1) /etc/cron.hourly/qmail-genrsacert.sh /etc/cron.hourly/._cfg0000_qmail-genrsacert.sh Please select a file to edit by entering the corresponding number. (don't use -3 or -5 if you're unsure what to do) (-1 to exit) (-3 to auto merge all remaining files) (-5 to auto-merge AND not use 'mv -i'): -5 Replacing /etc/cron.hourly/qmail-genrsacert.sh with /etc/cron.hourly/._cfg0000_qmail-genrsacert.sh Exiting: Nothing left to do; exiting. :) # ---- The above is _with_ the CONFIG_PROTECT="/service", and etc-update still overwrites the /service/ qmail-<service>d/run files without any notification, warning, or asking me if I want to.
It's not /service you should protect but /var/qmail/supervise is you want to prevent your run files to be overwritten.
Nothing should directly exist in /service. You should only have symlinks in there. If you customize things in /var/qmail/service, then use customize your CONFIG_PROTECT as well. The average user of qmail will NOT be changing the service scripts himself, so having then in CONFIG_PROTECT is counter-productive. And FYI, reverse DNS not matching is extremely unreliable - there are plenty of spammers with perfectly valid reverse DNS, and real users with no reverse DNS (due to ISP policies).
