Patch di qmail

Changelog

Il changelog completo è all'interno della patch stessa.

  • 2017-05-14
    -DKIM patch updated to v. 1.20
    It now Manages long TXT records, avoiding the rejection of some hotmail.com messages.
  • 2016-12-19
    -Several new patches and improvements added (thanks to Luca Franceschini)
    More info here http://notes.sagredo.eu/node/178
    -qregex patch
    -brtlimit patch
    -validrcptto patch
    -rbl patch (updates qmail-dnsbl patch)
    -reject-relay-test patch
    -added DISABLETLS environment variable, useful if you want to disable TLS on a desired port
    -added FORCEAUTHMAILFROM environment variable to REQUIRE that authenticated user and 'mail from' are identical
    -fixed little bug in 'mail from' address handling (patch by Andre Opperman at http://qmail.cr.yp.narkive.com/kBry6GJl/bug-in-qmail-smtpd-c-addrparse-function)
    -added SMTPAUTHMETHOD, SMTPAUTHUSER and SMTP_AUTH_USER env variables for external plugins
    -qlog patch
    -reject null senders patch
    -qmail-taps-extended (updates qmail-tap)
  • 2016-12-02
    -fixed BUG in qmail-remote.c: in case of remote server who doesn't allow EHLO the response for an alternative HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
    Patch applied: http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/fix_sagredo_remotehelo.patch
  • 2016-09-19
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-05-15
    force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
    the STARTTLS command was not sent by the client

Ho creato un pacchetto con le ultime versioni di alcune patch di uso comune. Queste le patch incluse nel pacchetto:

[Vedi i dettagli sulla patch applicata qui]

Merry Xmas and happy new... patch!

Massive Christmas present by my italian friend Luca Franceschini of digitalmind. He merged his combo with my combined patch (2016.12.02 version) adding several (heavily customized) patches and functionalities. Luca is an expert system administrator and a C programmer who manages big servers.

Plugins per Roundcube

I plugin che ho abilitato sono (al momento):

  • password, già incluso nella cartella plugins
  • managesieve, che scrive gli script per filtrare le email in arrivo (rigetto, spostamento in una cartella specifica, etc.). Notare che per usare questo è necessario aver abilitato  Dovecot managesieve.
  • SpamAssassin-User-Prefs-SQL, che consente all'utente di caricare su database SQL le prefenze su come Spamassassin deve filtrare la sua posta, creando ad esempio una black list.
  • Markasjunk2, un plugin che consente di aggiungere con un click nel bottone "Marca come spam" l'indirizzo e-mail del mittente alla propria blacklist, o viceversa, o lanciare un comando come sa_learn.
  • rcguard.Questo plugin registra i tentativi di accesso falliti e presenta una verifica reCAPTCHA dopo un certo numero di accessi falliti.
  • Context Menu. Aggiunge un menu di dialogo alla lista dei messaggi, attivabile con il tasto destro, che comprende tra le altre cose la lista delle cartelle, la rubrica, il marcamento come letto/non letto, cancella, rispondi e inoltra. 
  • autologon. Esegue il login da una pagina esterna (CMS)
  • logout_redirect. Versione modificata per redirigere alla home page dopo il logout
  • newmail_notifier. può notificare le nuove mail in tre modi: focalizzando la finestra del browser e cambiandone l'icona, riproducendo un suono, oppure mostrando la notifica sul desktop (via webkitNotifications).
  • carddav. CardDav client. Può sincronizzare la rubrica con un server CardDav server come owncloud o SoGO.
  • enigma. Fornisce il supporto per la visualizzazione e l'invio di messaggi firmati e/o criptati in formato PGP (RFC 2440) e PGP/MIME (RFC 3156).

smtp-auth + qmail-tls + forcetls patch for qmail

Changelog

  • 2016-09-19
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-05-15 force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoid to write the auth verb if the STARTTLS command was not sent by the client
  • 2015-12-26 qmail-tls: updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  • 2015-10-05 qmail-authentication: updated to v. 0.8.3
  • 2015.08-24 fixed a bug on qmail-smtpd.c causing a double 250-STARTTLS, thanks to Andreas
  • 2015.08.08 fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting, thanks to Cristoph Grover

I have put into a package the latest version of the following patches for netqmail-1.06. You may be interested to the combined patch I have put together here.

qmail-authentication

Provides cram-md5, login, plain authentication support.
Fixed an issue on wrong capabilities in the ehlo message (thanks to Florian and genconc): removed the "-" sign before the AUTH verb

-  if (smtpauth == 1 || smtpauth == 11) out("250-AUTH LOGIN PLAIN\r\n");
-  if (smtpauth == 3 || smtpauth == 13) out("250-AUTH LOGIN PLAIN CRAM-MD5\r\n");
-  if (smtpauth == 2 || smtpauth == 12) out("250-AUTH CRAM-MD5\r\n");
+  if (smtpauth == 1 || smtpauth == 11) out("250 AUTH LOGIN PLAIN\r\n");
+  if (smtpauth == 3 || smtpauth == 13) out("250 AUTH LOGIN PLAIN CRAM-MD5\r\n");
+  if (smtpauth == 2 || smtpauth == 12) out("250 AUTH CRAM-MD5\r\n");

remember to restore the "-" sign if you are going to append a new line to the ehlo message.

qmail-tls

Implements TLS encrypted and authenticated SMTP between the MTAs and from MUA to MTA.

force-tls

Optionally gets qmail to require TLS before authentication to improve security.

Slackware guest on Linux-Vserver

Linux-Vserver is an open source software which acts as a virtual private server implementation done by adding operating system-level virtualization capabilities to the Linux kernel.

This means that all guests share the same kernel and they don't need to provide hardware support.

The purpose of this note is to show how to setup a guest based on Slackware into a Slackware host. What follows was tested on Slackware 14.2, 14.1, 14.0, 13.37 and 13.1 (both 32b and 64b). I will assume that you have a Linux-Vserver box working. You can find here a quick and easy howto concerning Linux-Vserver installation and configuration (patching the kernel + utils-vserver installation).

qmailadmin password-strenght patch

A big lack of qmail account managers, expecially qmailadmin, is that they do not provide any password complexity check. A couple of days ago I discovered in one of my servers a "test 123456" account and I realized that the time has come to put a patch on it.

Since I had no luck in having cracklib working inside qmailadmin (see crackilib patch, any help  on the purpose would be veeerrry much appreciated) I've quickly found a solution via a javascript form validation, which refuses unsecure passwords. You can easily customize how it decides to accept/refuse the passwords modifying the file pw_strenght_chk.js in the html dir.