netqmail-1.06 - basic setup

November 2, 2010 Roberto Puzzanghera24 comments

Remove all existing MTA's like sendmail:

rm /usr/sbin/sendmail

For Slackware users:

removepkg /var/log/packages/sendmail*

Create users and groups and compile netqmail:

groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails

cd /usr/local/src/netqmail-1.06
make setup check

netqmail will be patched, recompiled and configured once vpopmail has been installed.

Create a symbolic link of the sendmail program

ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

In his book The qmail Handbook, Dave Sill explains why we need to create a symbolic link for sendmail:

Because Sendmail was the de facto Unix MTA for years, many scripts and utilities run it directly to send mail messages. For this reason, qmail and other Unix MTAs provide a sendmail replacement that emulates Sendmail’s behavior for injecting message. Qmail’s sendmail resides in /var/qmail/bin/sendmail, so we’ll symbolically link it to the traditional location of Sendmail’s sendmail:

Add bin dir to your PATH and man dir to MANPATH

PATH=$PATH:/var/qmail/bin
export PATH
MANPATH=$MANPATH:/var/qmail/man
export MANPATH

Remember to save the new PATH and MANPATH in your profile (usually /etc/profile) also.

Comments

read failed error

Dear Roberto,

Happy New Year to you in advanced.

I have a user who is using IP 14.100.x.x sending email via my server with an internet IP of 10.10.12.10. I do not have any idea what is this IP 10.236.225.108

@400000005684afa602fb6f74 tcpserver: pid 12093 from 14.100.x.x
@400000005684afa602fdc51c tcpserver: ok 12093 0:::ffff:10.10.12.10:587 :14.100.x.x::13162
@400000005684afab1905bd24 qmail-smtpd: read failed: (null) from 14.100.x.x to (null) helo [10.236.225.108]
@400000005684afab19137cac tcpserver: end 12093 status 256
@400000005684afab19138864 tcpserver: status: 0/20

Do you have a clue what is going on? How can i allow this email to go through?

Thanks

nic

Reply | Permalink

Happy new year, Nic

Happy new year, Nic

I think 10.236.225.108 should be the helo of the client. I don't know why it is using such an ip. You can get the same log testing from command line..

Reply | Permalink

SSL3 error

Hi Roberto,

I am begining to see bounces like this.

TLS connect failed: error:14082174:SSL

routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small; connected to 202.79.217.55.

I'm not going to try again; this message has been in the queue too long.

May i know what is wrong? What should i do?

Many thanks

nic

Reply | Permalink

Fix TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK

Hi,

A few days ago I notice a user of the same problem as you relate, indeed it seems that the problem is due to the version of openssl on the remote server (currently have the latest version of openssl).

Downgrading openssl, it does not seem the most appropriate, since in particular the openssl is quite important.

To resolve the issue I made an exception ssl check for these remote hots.

I leave the steps in case help someone:

mkdir /var/qmail/control/notlshosts
touch /var/qmail/control/notlshosts/domain.com

(If you do not know the mx record of the domain you can use: "dig mx domain.com")

touch /var/qmail/control/notlshosts/mail.domain.com

qmailctl restart

Done! --> @4000000055943b8f3a664b64 delivery 1: success: IP_accepted_message./Remote_host_said:_250_2.0.0_t61JC5iW004986_Message_accepted_for_delivery/

Reply | Permalink

I will update this thread,

I will update this thread, sorry if it is the wrong place. I'm still going on with my hardening steps on my qmail server.

I'm trying to fix this output from a penetration testing scan:

- Deprecated SSLv2 and SSLv3 Protocol Detection

- Check for SSL Weak Ciphers

These two issues refer to my qmail ssl submit service running on port 465 (submission service on 587 is already ok, thanks to this line in the /var/qmail/ssl/env/tls.env file:

CIPHERS="TLSv1+HIGH:!SSLv3:!SSLv2:!MD5"

Dovecot is alreay fine with this:

10-ssl.conf:ssl_protocols = !SSLv2 !SSLv3

I tried to put this content  in the /var/qmail/control/tlsserverciphers:

ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM

but this breaks all the submission services (I get an "unknown error" both on 465 and 587 ports).

Question is, how can I disable SSLv2/SSLv3 and all the weak cyphers for 465 qmail service ?

Thank you !

Reply | Permalink

I gueess it's an openssl

I guess it's an openssl related error, but I've never seen it...

Reply | Permalink

Dear Roberto,I realised it

Dear Roberto,

I realised it is the openssl package 1.0.1e-30.el6.9 is causing this. I had downgraded to 1.0.1e-30.el6.8.x86_64 and it is working fine.

Many thanks

nic

Reply | Permalink

qmail-smtpd: read failed:

Hi, I am getting alot of in my /var/log/qmail/smtpd/current qmail-smtpd: read failed: & qmail-smtpd read failed (null) And i realized alot of legit emails are rejected by these. Any idea what does this means and how to solve this issue? Many thanks again nic

Reply | Permalink

Hi Nic,they are rejections

Hi Nic,

they are rejections due to bad smtp syntax by the client, definitely a spam or a bot bad connection attempt. Me too have tons of such lines in the log and never had a complaint for an unreceived msg :)

These days I'm looking for an additional patch just to improve the verbosity of smtpd, which would help to show more details of such rejections...

Reply | Permalink

Hi Roberto,Seem like these

Hi Roberto,

Seem like these emails are from a copier. The user is trying to scan some documents from the copier to an email address on the server.
The email address used to send from the copier is not authenticated. It is the ISP's email address which do not need to be verifed.
Thus the emails were rejected by spamdyke. I had then added the email into whitelist_senders but still got rejected by spamdyke.

Guess i will have to check with the spamdyke mailing list

Thanks
nic

Reply | Permalink

qmail-smtpd: read failed

Hi Roberto!

First, sorry my bad english...

I was looking for the same error, qmail-smtpd: read failed.
In may case, i see many real messages refused from server at logs, but the message is received in user account.

I think the sending server received errors and try to send again.

I received report from user when he received same message many times... and, i search logs and look this...

From he user, sender is real person using Gmail...

Looking qmail-smtp logs, i see other cases, many messages sent by Bots or spammers and others reals..

In case of spam, i see at Spam Folder at RoundCube, many copies of same message, again, i think this because sending server received errors and try to send again.

You have any idea ?

I'm look for timeout from qmail, but the default values is big at time:

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

[] s

Tiago

 

Reply | Permalink

Hi Tiago, can you show the

Hi Tiago, can you show the logs of those failures?

Reply | Permalink

qmail-smtpd: read failed - LOGS

Yes, see two cases bellow:

First:

2014-11-04 09:46:20.006514500 tcpserver: pid 21642 from 209.85.217.179
2014-11-04 09:46:20.008674500 rblsmtpd: ::ffff:209.85.217.179 pid 21642: greetdelay: 30
2014-11-04 09:46:53.645219500 CHKUSER accepted sender: from <xxxxxxx@gmail.com::> remote <mail-lb0-f179.google.com:unknown:::ffff:209.85.217.179> rcpt <> : sender accepted
2014-11-04 09:46:54.054991500 CHKUSER accepted rcpt: from <xxxxxxx@gmail.com::> remote <mail-lb0-f179.google.com:unknown:::ffff:209.85.217.179> rcpt <my_client@domain.com.br> : found existing recipient
2014-11-04 09:55:19.411489500 simscan:[21642]:CLEAN (-0.10/9.50):505.0341s:=?UTF-8?B?XXXXXXXXXX=?=:::ffff:209.85.217.179:xxxxxxx@gmail.com:my_client@domain.com.br
2014-11-04 09:55:19.947539500 qmail-smtpd: message accepted: xxxxxxx@gmail.com from ::ffff:209.85.217.179 to my_client@domain.com.br helo mail-lb0-f179.google.com
2014-11-04 09:55:19.947546500 qmail-smtpd: read failed: xxxxxxx@gmail.com from ::ffff:209.85.217.179 to my_client@domain.com.br helo mail-lb0-f179.google.com
2014-11-04 09:55:19.948518500 tcpserver: end 21642 status 256

Second:


2014-11-04 11:04:58.791132500 tcpserver: pid 3848 from 200.169.101.24
2014-11-04 11:04:58.791297500 tcpserver: ok 3848 0:::ffff:192.168.0.141:25 :200.169.101.24::53778
2014-11-04 11:04:58.792396500 rblsmtpd: ::ffff:200.169.101.24 pid 3848: greetdelay: 30
2014-11-04 11:05:30.449029500 CHKUSER accepted sender: from <FROM@trucofXX.com.br::> remote <nomer-spool-2a.nomer.com.br:unknown:::ffff:200.169.101.24> rcpt <> : sender accepted
2014-11-04 11:05:30.735536500 CHKUSER accepted rcpt: from <FROM@trucofXX.com.br::> remote <nomer-spool-2a.nomer.com.br:unknown:::ffff:200.169.101.24> rcpt <my_other_client@other_domain.com.br> : found existing recipient
2014-11-04 11:06:38.809496500 simscan:[2112]:CLEAN (1.60/9.50):160.2689s:=?iso-8859-1?Q?RES__XXXXXXXXXXXXXXXXx?=:::ffff:200.169.101.24:FROM@trucofXX.com.br:my_other_client@other_domain.com.br
2014-11-04 11:06:38.961131500 qmail-smtpd: message accepted: FROM@trucofXX.com.br from ::ffff:200.169.101.24 to my_other_client@other_domain.com.br helo nomer-spool-2a.nomer.com.br
2014-11-04 11:06:38.961179500 qmail-smtpd: read failed: FROM@trucofXX.com.br from ::ffff:200.169.101.24 to my_other_client@other_domain.com.br helo nomer-spool-2a.nomer.com.br
2014-11-04 11:06:38.962129500 tcpserver: end 2112 status 256

I'm borred mails and subjects, minus @gmail.com at first

I noticed that the scan time of spamd is high at many cases... but not all

[] s

Reply | Permalink

you have to investigate about

you have to investigate about that read-failure... have you performed all suggested tests to your mail server? If yes, send me in private a telnet session on port 25 recorded when receiving a message from the outnet. Or you can enable recordio as explained here towards the bottom of the page http://notes.sagredo.eu/node/22

Reply | Permalink

554 Error

Hi,

I had installed a toaster base on your tutorial. Everything is running good. But my setup will not be able to accept mails from Yahoo. I had tested almost all the free mail available and found out that Yahoo is the only 1 with issue.

It just bounced with the error below

Sorry, we were unable to deliver your message to the following address.

<nicholas@domain.com>:
Remote host said: 554 mail server permanently rejected message (#5.3.0) [BODY]

I had check my log, and i am very sure the server received it well.

/var/qmail/smtpd/current

@4000000050852ba3254e2db4 CHKUSER accepted sender: from <username@yahoo.com::> remote <nm26-vm0.bullet.mail.ne1.yahoo.com:unknown:98.138.91.68> rcpt <> : sender accepted
@4000000050852ba338cf348c CHKUSER accepted rcpt: from <username@yahoo.com::> remote <nm26-vm0.bullet.mail.ne1.yahoo.com:unknown:98.138.91.68> rcpt <nicholas@domain.com> : found existing recipient
@4000000050852ba5330c811c simscan:[10602]:CLEAN (1.70/5.00):1.6457s:TEST:98.138.91.68:username@yahoo.com:nicholas@domain.com
@4000000050852ba616a1e06c tcpserver: end 10602 status 0
@4000000050852ba616a1ec24 tcpserver: status: 0/20

/var/log/maillog
Oct 22 19:18:50 fantastic spamd[6695]: spamd: processing message <1350904775.35199.YahooMailNeo@web122103.mail.ne1.yahoo.com> for simscan:91
Oct 22 19:18:51 fantastic spamd[6695]: spamd: clean message (1.7/5.0) for simscan:91 in 1.1 seconds, 2769 bytes.
Oct 22 19:18:51 fantastic spamd[6695]: spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RDNS_NONE,REPTO_QUOTE_YAHOO,TVD_SPACE_RATIO scantime=1.1,size=2769,user=simscan,uid=91,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57546,mid=<1350904775.35199.YahooMailNeo@web122103.mail.ne1.yahoo.com>,autolearn=disabled
Oct 22 19:18:53 fantastic spamd[25033]: prefork: child states: II

Any idea what is going on?

Many thanks
Nic

Reply | Permalink

Hi Nic

Hi Nic,

supposing that your LDA is working fine, did you test just a particular yahoo's address or you get a bounce each time you receive a message from yahoo?

If the first option is true, does the sender address contain any strange character such as + - (minus) etc.?

What LDA are you using? dovecot-lda? vpopmail delivery?

What does qmail-send say?

Reply | Permalink

Hi Roberto,Thanks for your

Hi Roberto,

Thanks for your reply.

It happens to all incoming yahoo addresses and i am very sure there isnt any strange character in any of these addresses.

I am using vpopmail delivery.

/var/log/qmail/current does not contain any log from yahoo email. Where can i see the log for qmail-send ?

 

Many thanks

Nic

Reply | Permalink

Hi Nic,Assuming that those

Hi Nic,

Assuming that those messages are not considered spam, that you are not using an rbl list and that the messages are accepted by your qmail-smtpd as shown by the logs above, the qmail-send log is /var/log/qmail/send/current (if you are following my tutorial). You should see the reason why the message is not  stored and the bounce message must be shown also by qmail-smtpd log

Reply | Permalink

Hi,/var/log/qmail/send/curren

Hi,

/var/log/qmail/send/current does not log the bounced from Yahoo mails. But it is loging other domains.

What other aspect should i look into?

 

Thanks

nic

Reply | Permalink

..in addition, if the message

..in addition, if the message passed qmail-smtpd stage as shown by your log the problem should be the delivery, and this should be shown by qmail-send log as well.

Reply | Permalink

Many thanks Roberto.I got it

Many thanks Roberto.

I got it to work by recompiling simscan. Now i got into another situation.

I had setup Send Vacation Auto-Response on my email account. The auto-response works great. But when 2 accounts have turn on Auto-Response and send mail to each other, both account will be disabled due to overquota.These 2 accounts do not have mail quota set.

What should i do to fix this or stop the looping.

 

Thanks

nic

Reply | Permalink

Good point

Actually I'm not so familiar with autorespond, but I see that you can set it to avoid traffic (http://rpm.pbone.net/index.php3/stat/45/idpl/17585744/numer/1/nazwa/qmail-autoresponder). btw I thought that it couldn't be possible, as an autorespond msg is sent with a null sender (<>) to which most MTAs are programmed not to respond..

In place of qmail autorespond you can use a sieve rule like this which should do the trick:

require ["vacation"];

# rule:[vacation]
if anyof (true)
{
        vacation
                :days 7
                :subject "Holiday time!"
                "this is the body";
}

and the messages will not be sent again to a given address during a 7 days time interval

Reply | Permalink

If I have understand well

If I have understand well, all messages from yahoo are bounced from you mail server. In that case you should see a sent message looking into qmail-send log.

Reply | Permalink

Hi,I understand you well. But

Hi,

I understand you well. But /var/log/qmail/send/current is not logging anything for Yahoo mails. I thought it is not working. But i try sending out mails and i can see those entries.

 

regards

nic

Reply | Permalink