ucspi-tcp6

ucspi-tcp6 is a fork of Bernsteins' ucspi-tcp 0.88 program, which includes, among the other things, ipv6 capabilities to the original ucspi-tcp. tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications.

Install ucspi-tcp6

cd /usr/local/src
wget http://www.fehcom.de/ipnet/ucspi-tcp6/ucspi-tcp6-1.04.tgz
cd /var/qmail/
tar xzf /usr/local/src/ucspi-tcp6-1.04.tgz
chown -R root.root host/
cd host/ucspi-tcp6-1.04/
package/install

NB: remove -m64 from conf-ld if compiling on 32b platforms.

The new ucspi-tcp6 is patched for rblsmtpd and greetdelay, but we'll not make use them because there are more suitable patches that do the same as explained later.

The tcpserver usage, as far as IPv4 is concerned, is similar to the original Bernstein's program.

Edit: the current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you use his fix to the qmail-spf patch (my combined patch already has this adjustment to spf).

Comments

When doing

package/install

Install ucspi-tcp6
----
./load chkshsgr
/usr/bin/ld: cannot find crt1.o: No such file or directory
/usr/bin/ld: cannot find crti.o: No such file or directory
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc_s.so when searching for -lgcc_s /usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find -lc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc_s.so when searching for -lgcc_s /usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find crtn.o: No such file or directory
collect2: error: ld returned 1 exit status
make: *** [chkshsgr] Error 1
compile: fatal: cannot make it-base

I would try to reinstall glibc, as crti.o is part of that pkg..

take a look at this as well: http://stackoverflow.com/questions/6329887/compiling-problems-cannot-find-crt1-o, http://stackoverflow.com/questions/91576/crti-o-file-missing

compiles ok under amd64

under i386 debian it's still giving me this:

./load chkshsgr
/usr/bin/ld: i386 architecture of input file `chkshsgr.o' is incompatible with i386:x86-64 output
collect2: error: ld returned 1 exit status
make: *** [chkshsgr] Error 1
compile: fatal: cannot make it-base

maybe the library was written with 64 bit support in mind....

I'm successfully compiling both on 64 and 32 bit.

In case you are not interested in the new IPv6 features of ucspi-tcp6, you can try to install the old bernstein's ucspi-tcp 0.88 program, following this page of my guide.

In 32bit system, you have to remove the flag "-m64"  in src/conf-ld.

Then try package/install again, and it will be ok.

I have solve problem with remove option  into src/conf-ld  "-m64 "

Hi, I'm trying to secure as deeply as possible my centos 6.7 mailbox. I still have to compile the latest qmail patched version from Roberto, in the meanwhile I upgraded from ucspi-ssl-0.84 to ucspi-ssl-0.95b, in order to secure my sslserver-based submission services (465 / 587). Will let you know how it works; any other security hint is warmly welcome ;-)

Hello ,

I have a problem with rblsmptd on Centos 7.2 and Centos 7.3. Perhaps this problem is related to ucspi-tcp6 with patch given above.

After starting /usr/local/bin/rblsmtp I got error:

kernel: rblsmtpd[27381]: segfault at 0 ip 0000000000405fe8 sp 00007fff6a8fe698 error 4 in rblsmtpd[400000+a000]

..but wiith following installation everithing works fine:

cd /usr/local/src/
tar -xzvf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch < /usr/local/src/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch
make
make setup check

which version of ucspi-tcp6 are you using?

I tried both ucspi-tcp6-1.02.tgz and  ucspi-tcp6-1.04.tgz. After starting command from terminal I got this:

[root@mailsrv ucspi-tcp6-1.04]# /usr/local/bin/rblsmtpd
Segmentation fault

and in logs I had this:

kernel: rblsmtpd[27381]: segfault at 0 ip 0000000000405fe8 sp 00007fff6a8fe698 error 4 in rblsmtpd[400000+a000]

Also, I am using Centos7 x86_64.

Thank you,

Alex

I don't think this is the proper way to test rblsmtpd from the command line, as it runs at least a prog. Take a look to the man page

Unfortunately, this error:

rblsmtpd[10523]: segfault at 0 ip 0000000000406028 sp 00007fff37919388 error 4 in rblsmtpd[400000+a000] 

still exists when is run by qmail. Server continually deny messages with 451 code.

ok, can you share your run file, please?

Sure, here it is:

#!/bin/sh

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SOFTLIMIT=`cat /var/qmail/control/softlimit`

# This enables chkuser

export CHKUSER_START=ALWAYS

# This turns off TLS on port 25

export DISABLETLS="1"

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \

    /usr/local/bin/tcpserver -v -H -R -l 0 \
    -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
    /usr/local/bin/rblsmtpd -W \
        -b -r zen.spamhaus.org \
        -b -r bl.spamcop.org \
    /var/qmail/bin/qmail-smtpd 2>&1

I, also tried with differnet links other than zen.spamhaus.org and bl.spamcop.org.

 

did you define the GREETDELAY variable? This is important since you have the -W parameter and rblsmtps is looking for a non null value

Also consider that the reference page for rblsmtpd is changed like follows http://www.fehcom.de/ipnet/ucspi-tcp6/rblsmtpd.html (I'm going to correct mypage as well)

I removed -W  and output was the same. I also tried with GREETDELAY variable, but without success.

I think there is some problem with my OS distribution (Centos 7) and ucspi-tcp6, because when I run command from terminal with installed ucspi-tcp-0.88 I get following message: 

[root@mailsrv ucspi-tcp-88]# /usr/local/bin/rblsmtpd
rblsmtpd: usage: rblsmtpd [ -b ] [ -R ] [ -t timeout ] [ -r base ] [ -a base ] smtpd [ arg ... ]

I also tried, qmail-rblcheck addon and it works fine, so I will switch to it until I find solution.

Thank you very much for your help,

Alex

I also get an error like that when running rblsmtpd from command line, but I think it can be normal, as some environment variables that the program is expecting are missing.

If you decide to switch to another RBL program, I suggest you to consider qmail-dnsbl (http://notes.sagredo.eu/node/162) as qmail-rblcheck's configuration that I present here is not fully tested (I played with it ages ago) and I guess it is not even maintained these days

Thank you very much, qmail-rblcheck works excellent

I just made some test with rblsmtpd and it works as expected. 

Let me know if solve, or if you find a way to test it from the command line