Roundcube plugins

My enabled plugins are (at the moment):

  • password, which is already included in the plugins folder
  • sieverules-managesieve, which writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.
  • quickrules. Adds a button to the message list to allow the quick creation of rules in the SieveRules plugin. Infomration from selected emails is used to prefile the new rule form.
  • SpamAssassin-User-Prefs-SQL, which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
  • markasjunk2. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
  • rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
  • Context Menu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
  • autologon. Autologin from external Site e.g. (CMS, Portal ...)
  • logout_redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
  • newmail_notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
  • carddav. CardDav client. You can sync your addressbook against a CardDav server like owncloud or SoGO.
  • enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format

Slackware guest on Linux-Vserver

Linux-Vserver is an open source software which acts as a virtual private server implementation done by adding operating system-level virtualization capabilities to the Linux kernel.

This means that all guests share the same kernel and they don't need to provide hardware support.

The purpose of this note is to show how to setup a guest based on Slackware into a Slackware host. What follows was tested on Slackware 14.2, 14.1, 14.0, 13.37 and 13.1 (both 32b and 64b). I will assume that you have a Linux-Vserver box working. You can find here a quick and easy howto concerning Linux-Vserver installation and configuration (patching the kernel + utils-vserver installation).

Patching qmail

Changelog

The complete changelog is inside the patch file.

  • 2016-05-15
    -force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
    the STARTTLS command was not sent by the client
  • 2016-03-09
    -dkim patch updated to v. 1.19
    * verification will not fail when a dkim signature does not include the subject provided that the  UNSIGNED_SUBJECT environment variable is declared. More info here.
  • 2015-12-26
    -qmail-tls updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
    more info here
  • 2015-12-15
    -DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
  • 2015-10-03
    -qmail-authentication: updated to v. 0.8.3
  • 2015-08-08
    -fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
  • 2015-04-11
    -qmail-authentication: updated to v. 0.8.2
    -qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
  • 2015-03-28
    -added qmail-empf patch.
  • 2014-11-20
    -the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian)
  • 2014-11-15
    -modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log. Thanks to Simone for the hint.
  • 2014-04-14
    -added qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified

I have created a combined patch including the latest versions of several commonly-used qmail patches:

[Follow the patch details here]

Other patches:

smtp-auth + qmail-tls (starttls) + forcetls patch for qmail

Changelog

  • 2016-05-15 force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoid to write the auth verb if the the STARTTLS command was not sent by the client
  • 2015-12-26 qmail-tls: updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  • 2015-10-05 qmail-authentication: updated to v. 0.8.3
  • 2015.08-24 fixed a bug on qmail-smtpd.c causing a double 250-STARTTLS, thanks to Andreas
  • 2015.08.08 fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting, thanks to Cristoph Grover

I have put into a package the latest version of the following patches for netqmail-1.06. You may be interested to the combined patch I have put together here.

qmail-authentication

Provides cram-md5, login, plain authentication support.
Fixed an issue on wrong capabilities in the ehlo message (thanks to Florian and genconc): removed the "-" sign before the AUTH verb

-  if (smtpauth == 1 || smtpauth == 11) out("250-AUTH LOGIN PLAIN\r\n");
-  if (smtpauth == 3 || smtpauth == 13) out("250-AUTH LOGIN PLAIN CRAM-MD5\r\n");
-  if (smtpauth == 2 || smtpauth == 12) out("250-AUTH CRAM-MD5\r\n");
+  if (smtpauth == 1 || smtpauth == 11) out("250 AUTH LOGIN PLAIN\r\n");
+  if (smtpauth == 3 || smtpauth == 13) out("250 AUTH LOGIN PLAIN CRAM-MD5\r\n");
+  if (smtpauth == 2 || smtpauth == 12) out("250 AUTH CRAM-MD5\r\n");

remember to restore the "-" sign if you are going to append a new line to the ehlo message.

qmail-tls

Implements TLS encrypted and authenticated SMTP between the MTAs and from MUA to MTA.

force-tls

Optionally gets qmail to require TLS before authentication to improve security.

qmailadmin password-strenght patch

A big lack of qmail account managers, expecially qmailadmin, is that they do not provide any password complexity check. A couple of days ago I discovered in one of my servers a "test 123456" account and I realized that the time has come to put a patch on it.

Since I had no luck in having cracklib working inside qmailadmin (see crackilib patch, any help  on the purpose would be veeerrry much appreciated) I've quickly found a solution via a javascript form validation, which refuses unsecure passwords. You can easily customize how it decides to accept/refuse the passwords modifying the file pw_strenght_chk.js in the html dir.

qmail + vpopmail + Dovecot | Roberto's qmail notes

English

Quoting D. J. Bernstein definition

qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts

References

You can find a comprehensible introduction on how a mail server works in this page of the Dovecot site. The qmail newbie's guide to relaying by Chris Johnson is very clear. It’s very suitable reading material for someone who’s just getting started.

Disclaimer

The aim of this short guide is NOT to teach you how a mail server works, even though by the time you’re finished reading it you will hopefully have a working e-mail server. These notes just serve as a reminder of the main steps to follow in order to build a quick installation of qmail and related software. I published them because of the lack of any up-to-date documentation concerning the qmail “distributions” I was familiar with, hoping that these notes could be useful to others out there. And I created this guide partly just because I enjoy doing this kind of thing.
Therefore, to learn in depth how a mail server works, you are invited to read carefully at least the references I will mention in each page.

Secondly, I am NOT responsible for what you do with your server :) Use my guide at your own risk.

Finally, comments, criticisms and suggestions are always welcome! :-p

Which distro?

These notes have been written without a specific Linux distribution in mind. I tested them on my Slackware virtual mail servers, both 64 and 32 bit, and a number of guys out there can confirm that it works with other common distributions.

Is this a toaster?

According to the DJB's definition of a toaster, the answer would be yes. I personally consider a toaster something a la Bill Shupp or qmailtoaster, which comes with the packages included. Since I prefer to let you check for the latest versions of everything yourself, strictly speaking this shouldn’t properly be considered a toaster. I would simply call this site “Roberto’s qmail notes” instead. At any rate, I’ve included a paragraph about qmail toasters here just to satisfy the search engines -as most people come here actually looking for a toaster :)).

Before we start...

As I am not  a native english speaker, I will gladly accept every hint to improve the understanding of this guide.