-force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
the STARTTLS command was not sent by the client
-combined patch updated
* dkim patch updated to v. 1.19: verification will not fail when a dkim signature does not include the subject provided that the UNSIGNED_SUBJECT environment variable is declared. More info here.
-removed the line "
DKIMKEY=/var/qmail/control/domainkeys/%/default" from the qmail
rcconfig file, as
DKIMKEYis actually ignored by
dk-filter,which will look for the key in that location by default. Use
DKIMSIGNinstead to define yor domainkey location (thanks to Steffen for the hint)
-qmail-tls updated to v. 20151215
* typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
* add ECDH to qmail-smtpd
* increase size of RSA and DH pregenerated keys to 2048 bits
* qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
more info here
-roundcube upgraded to v. 1.1.4 (security fixes, more info here)
-DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
qmail-submission/run modified: SMTPAUTH="!" to enable the submission feature (auth required). Now incoming msg can be received only on standard 25 port
-fail2ban upgraded to v. 0.9.3
-new combiend patch released: qmail-authentication updated to v. 0.8.3
dovecot: the user query on the auth is now able to manage
pop3/imap/webmail vpopmaillimits (thanks to Arturo Blanco)
vQadmin: combined patch released
-fixed a bug on
qmail-remote.cthat was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
qmailadmin: added a patch to log auth failures (thanks to Tony)
fail2ban: added a filter against
spamassassin: upgraded to v. 3.4.1
qmailadmin: added a patch to check the password strenght
-combined patch updated:
--qmail-authentication: upgraded to v. 0.8.2
--qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
-combined patch updated: added qmail-empf patch
the home page graphic of qmailadmin has copyright issues as shown here (thanks to Marc for the hint)
roundcube: upgraded to v. 1.1.0. All plugins have been upgraded as well
roundcube: added carddav plugin
combined patch updated:
-the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian)
combined patch updated:
-modified the QUEUE_EXTRA variable in
extra.hto record the Message-ID in the
qmail-send's log (thanks to Simone for the hint). Look here for details.
simscanhas been improved with the jms patch. The work dir is mounted as a ramdisk now
qmail-smtp.conffilter updated to look for GREETDELAY lines
SSLv3 disabled on
dovecotbecause of security reasons (more info here)
dovecotupgraded to v.
dovecotupgraded to v.
dovecot-pigeonholeupgraded to v. 0.4.3
the global sieve folder was moved to
roundcubeupgraded to v. 1.0.3.
roundcubeupgraded to v. 1.0.2. Fixed some errors in the relative page, as sometime the
$configvariable was still
$rcmail_configas in the past, and all the config files are now merged into config.inc.php (thanks to Otto)
the log rotation of
qmailis managed by the jms' https://qmail.jms1.net/scripts/convert-multilog. Thanks to Marc for the suggestion
added a page concerning fail2ban setup
clamavupgraded to v. 0.98.3
roundcubeupgraded to v. 1.0.1
ezmlm-idxupgraded to v. 7.2.2
ezmlm-idxupgraded to v. 7.2.0
Bruce Guenter has released a new version of
ezmlm-idx, getting the program to be compliant with the Yahoo DMARC Policy Change. You have to recompile
combined patch updated:
qmail-maxrcptpatch, which allows you to set a limit on how many recipients are specified
roundcubeupgraded to v. 1.0.0
combined patch updated:
qmail-smtpd-liberal-lfpatch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
spamassassinupgraded to v. 3.4.0
roundcubeupgraded to v. 1.0-rc. Plugins have been upgraded as well
ucspi-tcp6upgraded to v. 1.00: fixed problems when compiling with C99 compilers
combined patch updated:
-added qmail-SRS patch. You must install libsrs2 now.
-the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
combined patch updated (more info here):
-added qmail-date-localtime patch
-added qmail-hide-ip patch
-the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now communications trying to send commands before the greeting will be closed. Premature disconnections will be logged as well. More info here
-modified the configuration of qmail-smtpd and qmail-submission according to the new greetdelay patch
-updated the page concerning greetdelay
-CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like <foo>)
-chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
-added qmail-moreipme patch
-added qmail-dnsbl patch (more info here)
-added a page concerning qmail-dnsbl patch
added two patches to my combined patch to make qmail rfc2821 compliant
any-to-cname patch added to the combined patch
Added two contributions by Costel Balta:
-how to avoid to be "cut off" from spamhaus.org (read here)
-adding the foxhole db to clamav (on the bottom of the clamav page)
-DKIM patch upgraded to v. 1.17. Defined -DHAVE_SHA_256 while compiling dkimverify.cpp in the Makefile. This solved an issue while verifying signatures using sha256.
Minor fixes to the DKIM patch
-new combined patch released. The DKIM patch has been upgraded to v. 1.16; the signing at qmail-remote level has been revised by its author.
-I added notes about qmail-remote signing in the DKIM page of this guide.
-the domainkey program now gives ownership of the domainkey to qmailr, which runs qmail-remote
-qmail-qmqpc.c call to timeoutconn() needed a correction because the function signature was modified by the
outgoingip patch. Thanks to Robbie Walker
(diff file here http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/qmail-qmqpc.diff)
ucspi-tcp6: upgraded to v. 0.99. The current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you install his modified qmail-spf patch (my combined patch already has this adjustment to spf).
Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from http://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/
-big patch updated: fixed a bug in hier.c which caused the installation not to build properly the queue/todo dir structure (thanks to Scott Ramshaw)
-DKIM-SURBL patch by Manvendra Bhangui updated to v. 1.14
-added a page about SURBL configuration
-DKIM patch upgraded to v. 1.12. The new patch adds surblfilter functionality.
-added qmail-smtpd pid, qp log patch
-qmail-SPF modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant. In order to have it working with such addresses you have to patch tcpserver.c accordingly. You can use a patch fot ucspi-tcp6-0.98 by Manvendra Bhangui at http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/tcpserver-ipv6mapped_ipv4.patch or wait for v. 0.99 relase of ucspi-tcp6
-added outgoingip patch
-added qmail-bounce patch
dovecot: upgraded to v. 2.2.2
Roundcube: upgraded to v. 0.9.1
-dovecot-pigeonhole: upgraded to stable 0.4.0 version
-dovecot: upgraded to v. 2.2.1 The configuration has been modified to use the sql/mysql driver in place of the vpopmail one; the password is now sended in plain text
-dovecot-pigeonhole: upgraded to latest development version
-RoundCube: imap_auth_type has been set to NULL to send the password in plain text and make dovecot's auth happy
-the dovecot's expunge shell script was simplyfied. Using the sql driver solved all issues of the old vpopmail backend related to the missing iteration feature.
Roundcube: upgraded to v. 0.9.0
All rc plugins have been updated as well
new combined patch: qmail-auth updated to latest v. 0.8.1 Added authentication by recipient domain for qmail-remote. Look at README.auth for further details
new combined patch: some code adjustments in qmail-smtpd.c smtpd_ehlo() to restore total compatibility with esmtp-size patch
new combined patch: qmail-auth has been updated to the latest v. 0.7.6. Look at README.auth for further details
ucspi-tpc6: updated to v. 0.98
- 2013.01.28 new combined patch released: fixed an issue on qmail-pop3d which was causing a double +OK after the pass command (thanks to Rakesh, Orbit and Simplex for helping in testing and troubleshooting)
- 2013.01.27 ucspi-tpc6: updated to v. 0.97
2013.01.06 ucspi-tpc6 0.96 by E.Hoffmann replace the ucspi-tcp 0.88 by DJB. It provides IPv6 and rblsmtpd greetdelay support
combined patch modified. The variable GREETDELAY was renamed to SMTPD_GREETDELAY just to avoid conflicts with the GREETDELAY variable inside rblsmtpd
qmail-smtpd/run file modified accordingly
- 2012.11.14 Roundcube: upgraded to v. 0.8.4
- 2012.11.10 Roundcube: upgraded to v. 0.8.3. Autologon plugin: modified
2012-10-31 new combined patch: qmail-auth has been updated to the latest v. 0.7.5. Look at README.auth for further details
The qmail-forcetls patch was simplyfied accordingly.
2012.10.25 vpopmail: upgraded to v. 5.4.33 (now marked as stable). Be aware that you have to recompile netqmail, qmailadmin and vqadmin as well.
qmailadmin: upgraded to v. 1.2.16
- 2012.10.19 Roundcube: added context menu, autologon and logout_redirect plugins
- 2012.10.18 Roundcube: upgraded to v. 0.8.2
2012.10.11 dovecot: upgraded to v. 2.1.10
dovecot-pigeonhole: upgraded to v.0.3.3
- 2012.10.10 fixed vQadmin 'invalid language' issue (see vQadmin page for details http://notes.sagredo.eu/node/26)
- 2012.09.19 ClamAV: upgraded to v. 0.97.6
- 2012.09.04 zipdownload Roundcube's plugin: modified to gain compatibility to v. 0.8.1 (thanks to taki)
2012.08.31 Roundcube: upgraded to v. 0.8.1
dovecot: upgraded to v. 2.1.9
- 2012.08.07 Roundcube: upgraded to v. 0.8.0
- 2012.05.26 dovecot-pigeonhole: upgraded to v 0.3.1
- 2012.05.24 dovecot: upgraded to v. 2.1.6
2012-04-25 new combined patch: added qmail-remote CRLF (thanks to Pierre Lauriente for the help on testing and troubleshooting)
The qmail-remote CRLF patch solved a problem of broken headers after sieve forwarding that was caused by a bad handling of the CR (carriage return) by qmail-remote. The issue is also reported here http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
- 2012.04.16 new combined patch: added qmail-tap
- 2012.03.19 the syntax of the qmail section of this guide has been revised (a big thanks to Dave Martin)
2012.03.03 dovecot: upgraded to v. 2.1.1
The configuration files have been updated: the most important change was the location of the auth_socket_path variable inside 10-mail.conf
2012.02.17 dovecot: upgraded to v. 2.1.0
dovecot-pigeonhole: upgraded to v.0.3.0
- 2012.02.08: esmtp-size patch added to my combined patch
- 2012.01.29: New combined patch released: added doublebounce-trim patch
- 2012.01.21 Roundcube: updated to v. 0.7.1. All plugins have been updated to latest version as well.
- 2011.12.13 dnsbl.sorbs.org is not on my RBL examples anymore, as it proved to be a bad list. It's rejecting gmail's IPs and also confusing the IP of my own server as dynamic.
2011.12.12 New combined patch released.
-update_tmprsadh modified to chown the .pem files to vpopmail to avoid hang-ups during the smtp conversation on port 587 caused by permission problems.
2011.10.06 New combined patch released.
-qmail-remote.c: fixed. It was not going into tls on authentication (thanks to Krzysztof Gajdemski)
-force-tls now quits if the starttls command is not provided when required (thanks to Jacekalex)
2011.09.30 Dovecot: upgraded to v. 2.0.15
dovecot-pigeonhole: upgraded to v . 0.2.4
ICU: upgraded to v. 4.8.1
- 2011.09.29 RoundCube: upgraded to v. 0.6. All plugins have been updated to latest version
- 2011.08.13 RoundCube: upgraded to v. 0.5.4 (security fix)
2011.07.27 Big patch updated. My force-tls patch allows the management of STARTTLS and CRAM-MD5 variables in the run file, so that there's no need to recompile each time anymore.
I also added the "qmail-inject-null-sender" patch by Stéphane Cottin, which addresses a bug on qmail-inject
- 2011.07.23 The configuration of dovecot was updated to allow maildir++ (thanks to Nicolas) on files 90-quota.conf and 20-imap.conf
- 2011.07.15 The combined patch has been updated: an issue which caused the compilation's break down of qmail on 64b platforms has been fixed
- 2011.07.03 Added support for rblsmtpd. Added a page about the greetdelay patch.
2011.06.28 New combined patch released. Added ext-todo and big-todo patches, which adress the "silly qmail syndrome" on big servers.
rblsmtpd patched for greeting delay.
- 2011.06.24 Spamassassin: updated to v. 3.3.2
- 2011.06.02 Roundcube: updated to v. 0.5.3 (2 important bug fixes)
- 2011.05.29 Dovecot: added a page concerning the purging of expired emails from Trash/Junk
- 2011.05.25 RoundCube: updated to v. 0.5.2. Updated almost all roundcube's plugin to latest version.
- 2011.05.17 Added Luca Morettoni's qmail-rblchk
- 2011.04.19 Dovecot-2.0.12 upgrade; dovecot-pigeonhole v.0.2.3 upgrade
2011.04.06 Vermulen's TLS patch updated (security fix, see http://www.kb.cert.org/vuls/id/555316).
New qmail combined patch released.
- 2011.02.25 Added DKIM patch and related page
- 2010.12.12 first release of this guide and related qmail patch