Qmail (1)
SMTP (no relay at all. period.)
SMTP-AUTH (2) (10)
 SMTP-AUTH only allows relay of specific allowed domains (optional)
SMTP-SSL (without auth, no access!)
SMTL-SSL-AUTH (2) (10)
POP3-SSL (10) (11)
IMAP (no SSL) only for webmail
IMAP-SSL for the world (10)
Allow relay from webmail (either by RELAYCLIENT (nasty) or by finding a 
  sendmail wrapper that understands SMTP AUTH)
Allow only local delivery by web CGI's. a sendmail wrapper that has some sort
  of ninja support for SMTP AUTH should do this by default. :)
Block emails coming from blatantly invalid senders (no real hostname) (3)
Single recipients on bounce messages (4)

*** TEST TO MAKE SURE THAT YOU STILL GET BOUNCES. This was a problem 
    last time we tried all this stuff.

(1) http://cr.yp.to/software/qmail-1.03.tar.gz
(2) http://students.imsa.edu/~ngroot/qmail-1.03-starttls-smtp-auth.patch
(3) http://www.qmail.org/qmail-1.03-mfcheck.3.patch 
    (modified to smtpssl-mfcheck.patch)
(4) http://www.qcc.sk.ca/~charlesc/software/misc/nullenvsender-recipcount.patch 
    (modified to smtpssl-nullenvsender.patch)

(10) checkpasswd (http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz)
(11) stunnel (modify to remove insane logging) 4.03 or newest
  
(http://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/) 

mkdir mail1
cd mail1
tar zxf ../qmail-1.03.tar.gz
ln -s qmail-1.03 qmail-1.03-tls-auth
patch -p0 < ../qmail-1.03-starttls-smtp-auth.patch
patch -p0 < ../smtpssl-mfcheck.patch
patch -p0 < ../smtpssl-nullenvsender.patch


To build:
  cd qmail-1.03/
  mkdir /var/qmail
# Create some ID's
  groupdel console
  groupadd -g 101 nofiles
  useradd -u 100 -g nofiles -d /var/qmail/alias alias
  useradd -u 101 -g nofiles -d /var/qmail qmaild
  useradd -u 102 -g nofiles -d /var/qmail qmaill
  useradd -u 103 -g nofiles -d /var/qmail qmailp
  groupadd -g 102 qmail
  useradd -u 104 -g qmail -d /var/qmail qmailq
  useradd -u 105 -g qmail -d /var/qmail qmailr
  useradd -u 106 -g qmail -d /var/qmail qmails
# Done making ID's
# Finish building qmail
  make setup check
  ./config-fast mail.vectorstar.net
# Make cert
  make cert
  make cert-req  ### optional
# Done making cert
  cd ~alias
  touch .qmail-postmaster .qmail-mailer-daemon .qmail-root
  chmod 644 ~alias/.qmail*
  cd /var/qmail/boot
  cp home ../rc
add "sh -cf '/var/qmail/rc &'" to end of /etc/rc.d/rc.local
  rm /usr/*/sendmail

add this line to inetd.conf:
 smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd mail.vectorstar.net /bin/checkpassword /bin/true

compile checkpassword:
  tar zxf checkpassword-0.90.tar.gz
  cd checkpassword-0.90
  make
  ./install
  chmod 4755 /bin/checkpassword

Compile stunnel:
  tar zxf stunnel-4.03.tar.gz
  cd stunnel-4.03
  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  make (build your cert. it'll get written to /etc/stunnel or something)
  make install