explanation of all qmail patches

maxrcpt - limits a message's number of recipients to 100

mfcheck (which is very handy when combined with dns poisoning, see
http://www.jms1.net/djbdns/blocking.html for info on this)

- quotas (turns "over quota" into a HARD error, not a SOFT error. many
ISP users who go over quota do so because they haven't checked their
mailboxes in months, because they don't use it. i started using this
patch because i started seeing the same twelve users over and over in
the error logs, and got tired of having to deal with them.)

- date-localtime causes qmail to use the local timezone in any headers it generates.

- qmailqueue - the classic patch that allows qmail-smtpd to call other programs to process messages. Through qmailqueue, we will later tie in Clam Antivirus and Spamassassin. However, many ofther programs can also be tied in if you so desire.

- jms1-antispam (if a QMAILQUEUE program returns 1, qmail-smtpd says
"200 your spam has been ignored" without the message ever going into a
queue- the sending server thinks the message was accepted and therefore
won't try it over and over for the next week. i did this back when open
relays were the big spammer tool, and the relay owners weren't cleaning
their boxes' queues.)

- errno.patch - patches error.h to work correctly with libc-2.3, which is used by RedHat 9 and a few other Linux distributions

- smtp-auth (with my own modifications to not advertise or support the
AUTH command unless the required elements were present on the command
line. this prevented the open relays caused by people upgrading from an
old patch... although why krysztof(sp?) didn't just use "control/me"
for the hostname instead of requiring it on the command line is beyond
me...)

- the combined STARTTLS/AUTH patch from qmail.org (again with my own
modifications to not advertise AUTH unless the command line elements
are there, AND adding a check to not advertise or support AUTH unless
the connection is secure- either STARTTLS is active, or it sees SSL=1
in the environment, which should only be there if the service is
running inside an SSL tunnel- which my run script does.)

- the SPF patch (i'm using spfbehavior 2 at the moment, it does the
check and adds a header, and does a softfail if there's a DNS problem,
but nothing else. once SPF becomes more widely accepted, i'll change to
3- reject on SPF failure.)