Patching qmail

October 28, 2017 Roberto Puzzanghera 166 comments


The complete changelog is inside the patch file.

  • 2017-10-11 (tx Luca Franceschini)
    -qlogfix (diff here)
    * log strings should terminate with \n to avoid trailing ^M using splogger
    * bug reporting custom errors from qmail-queue in qlog
    -added dnscname patch
    -added rcptcheck patch
  • 2017-08-18
    -qmail-smtpd now retains authentication upon rset (tx to Andreas)
  • 2017-05-14
    -DKIM patch updated to v. 1.20
    It now manages long TXT records, avoiding the rejection of some messages.
  • 2016-12-19
    -Several new patches and improvements added (thanks to Luca Franceschini)
    More info here
    -qregex patch
    -brtlimit patch
    -validrcptto patch
    -rbl patch (updates qmail-dnsbl patch)
    -reject-relay-test patch
    -added DISABLETLS environment variable, useful if you want to disable TLS on a desired port
    -added FORCEAUTHMAILFROM environment variable to REQUIRE that authenticated user and 'mail from' are identical
    -fixed little bug in 'mail from' address handling (patch by Andre Opperman at
    -added SMTPAUTHMETHOD, SMTPAUTHUSER and SMTP_AUTH_USER env variables for external plugins
    -qlog patch
    -reject null senders patch
    -qmail-taps-extended (updates qmail-tap)
  • 2016-12-02
    -fixed BUG in qmail-remote.c: in case of remote servers not allowing EHLO the response for an alternative HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
    Patch applied here
  • 2016-09-18
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matched (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)

Limiting the number of emails sent by a given auth-user/domain/IP

October 24, 2017 Roberto Puzzanghera 0 comments

If you want to avoid the risk of compromising your server because of accounts who are sending messages indiscriminately to the world, because their password was violated in some way, then you can take advantage of Luca Franceschini's script, which has to be used in conjunction with the rcptcheck patch (a patch derived by Luca himself from an original work of Jay Soffian).

Since in 2016 Luca has decided to merge his combo with my combined patch, he is giving his personal contribution to it fixing bugs, adding new important patches and functionalities, often writing himself the code. The script shared here is just the last one and it's quite surprising (at least for me) to observe how many things are performed putting together just 20 lines.

smtp-auth + qmail-tls + forcetls patch for qmail

August 18, 2017 Roberto Puzzanghera 68 comments


  • 2017-08-18
    -qmail-smtpd now retains authentication upon rset (tx to Andreas)
  • 2016-09-19
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-05-15 force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoid to write the auth verb if the STARTTLS command was not sent by the client
  • 2015-12-26 qmail-tls: updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  • 2015-10-05 qmail-authentication: updated to v. 0.8.3
  • 2015.08-24 fixed a bug on qmail-smtpd.c causing a double 250-STARTTLS, thanks to Andreas
  • 2015.08.08 fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting, thanks to Cristoph Grover

I have put into a package the latest version of the following patches for netqmail-1.06. You may be interested to the combined patch I have put together here.

Bye bye Drupal

August 12, 2017 Roberto Puzzanghera 0 comments

Finally I managed to get rid of the old Drupal platform that I used for this site. I found the time to migrate  the Drupal's database and to rewrite the old style.

On the other hand, over the last 15 years I've been carrying on the development of a CMS of mine (based on php/mariadb), which was not originally used for this site because of the lack of the time needed to build a new theme.

Now this site lives in a code that I have written by myself at 99%, even though tons of free classes and jQuery plug-ins are still embedded. This makes future upgrades much simpler and especially less time consuming than the nightmare Drupal's upgrades. In addition we now have a Mobile Responsive theme.

The part of the code concerning the "comments" was not fully tested and I would be glad if you guys will give me some feedback, so don't hesitate to drop me a note on the purpose.

Have fun!

Choosing your OS

December 30, 2016 Roberto Puzzanghera 0 comments

Merry Xmas and happy new... patch!

December 19, 2016 Roberto Puzzanghera 8 comments

Massive Christmas present by my italian friend Luca Franceschini of digitalmind. He merged his combo with my combined patch (2016.12.02 version) adding several (heavily customized) patches and functionalities. Luca is a C programmer and an expert system administrator who manages big servers.

Slackware guest on Linux-Vserver

July 5, 2016 Roberto Puzzanghera 4 comments

Linux-Vserver is an open source software which acts as a virtual private server implementation done by adding operating system-level virtualization capabilities to the Linux kernel.