Patching qmail

Changelog

The complete changelog is inside the patch file.

  • 2014-11-20
    -the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian)
  • 2014-11-15
    -modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log. Thanks to Simone for the hint.
  • 2014-04-14
    -added qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified
  • 2014-03-10
    -added qmail-smtpd-liberal-lf patch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
  • 2013-12-30
    -added qmail-SRS patch. You have to install libsrs2 now.
    -the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
  • 2013-12-18
    -added qmail-date-localtime patch
    -added qmail-hide-ip patch
    -the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now
    communications trying to send commands before the greeting will be closed. Premature disconnections will be
    logged as well.
    -CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like <foo>)
    -chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
    -added qmail-moreipme patch
    -added qmail-dnsbl patch (more info here)
  • 2013-12-05
    added two patches to make qmail rfc2821 compliant
  • 2013-11-23
    any-to-cname patch added

I have created a combined patch including the latest versions of several commonly-used qmail patches:

[Follow the patch details here]

Other patches:

You're invited to take a look at the next page of this guide, which presents several tests for these patches toward the bottom of the page.

NB: first of all, you must have a valid MX record for you /var/qmail/control/me domain, otherwise you''ll get errors when trying to send to ~alias/qmail-log (more info here).

Installing libdomainkeys

This library is a prerequisite of the DKIM patch by Manvendra Bhangui, which is part of my package. You must compile this, otherwise the compilation will break.

cd /usr/local/src
wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/tar/libdomainkeys-0.69.tar.gz
tar xzf libdomainkeys-0.69.tar.gz
wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/libdomainkeys-0.69.diff
ln -s libdomainkeys-0.69 libdomainkeys
cd libdomainkeys
chown -R root.root .
patch < ../libdomainkeys-0.69.diff
make
cd ../

Installing libsrs2

This library is a prerequisite of the SRS patch, which is part of my package. You must install this, otherwise the compilation will break.

wget http://www.libsrs2.org/srs/libsrs2-1.0.18.tar.gz
tar xzf libsrs2-1.0.18.tar.gz
cd libsrs2-1.0.18
./configure
make
make install
ldconfig
cd ../

Be sure that libsrs2 is actually linked, otherwise you are going to have a qmail-send infinite crash and finally an auto-DoS:

> ldconfig -p|grep libsrs2
        libsrs2.so.0 (libc6,x86-64) => /usr/local/lib/libsrs2.so.0
        libsrs2.so (libc6,x86-64) => /usr/local/lib/libsrs2.so

In case you decided to install the libsrs2 library by means of a package provided by your Linux distribution, you should check the path where the library was installed. Check if the file /usr/local/include/srs2.h actually exists; if not you may have to modify the srs.c in the netqmail source dir as follows:

#include </usr/local/include/srs2.h>
#include </usr/include/srs2.h>

Apply the patch

wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06.patch-latest.gz
cd netqmail-1.06
gunzip -c ../roberto-netqmail-1.06.patch-latest.gz | patch

Configuring chkuser

The combined patch you downloaded has chkuser enabled. It’s configured to perform recipient verification and MAV (Mail From: Address Verification). 

You can customize your configuration by editing the chkuser_settings.h file (in /usr/local/src/netqmail-1.06) before compiling qmail. In order to enable chkuser, the following line must be commented out:

#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"

Uncomment to enable the check of user and domain format for sender address. This will reject fake senders without any domain declared (like <foo>).

#define CHKUSER_SENDER_FORMAT

Uncomment to enable checking of domain MX for rcpt addresses

#define CHKUSER_RCPT_MX

Uncomment to enable checking of domain MX for sender address

#define CHKUSER_SENDER_MX

This enables usage of "#" and "+" characters within sender address. It is used by SRS (Sender Rewriting Scheme) products.

As far as my MTA Is concerned, this solved an "invalid sender address format" reject message prompted by an email address of a mailman mailing list..

#define CHKUSER_ALLOW_SENDER_SRS

force-tls variables

By default the authentication will be denied if the client does not provide the STARTTLS command. If you want to allow connections without TLS, just do

export FORCETLS=0

in your run file. Values other than 0 (or not declaring this variable at all) will force TLS before the auth.

qmail-auth variables

By default the auth is allowed with LOGIN or PLAIN mechanism. You are invited to look at the README.auth file for further details concerning the use of the SMTPAUTH environment variable, expecially if you want to use CRAM-MD5.

Recompiling qmail

The BIG-TODO patch included in my combined patch may require that your queue be rebuilt. So be aware that all existing messages in the queue will be destroyed when you erase the queue below.

To discover if your qmail has messages in the queue:

> qmailctl stat

/service/qmail-send: up (pid 18127) 6 seconds
/service/qmail-send/log: up (pid 18134) 6 seconds
/service/qmail-smtpd: up (pid 18126) 6 seconds
/service/qmail-smtpd/log: up (pid 18135) 6 seconds
/service/qmail-submission: up (pid 18131) 6 seconds
/service/qmail-submission/log: up (pid 18132) 6 seconds
/service/vpopmaild: up (pid 18129) 6 seconds
/service/vpopmaild/log: up (pid 18128) 6 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

If this will be the first time you install the combined patch (which contains the BIG-TODO patch), you’ll need to take these steps:

qmailctl stop
rm -r /var/qmail/queue

Now compile qmail:

make

If qmail is running stop the services before installing:

qmailctl stop

Finally install and start  qmail:

make setup check
qmailctl start

Creating an SSL key file

If you don’t want to enable SMTP relay (using SMTP/TLS access), you can skip this section.

To secure the smtp authentication you must create the SSL certificate. The certificate must be owned by the user who runs qmail-smtpd, in our case vpopmail.

> make cert

Generating a 1024 bit RSA private key
..................++++++
.......++++++
writing new private key to '/var/qmail/control/servercert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IT
State or Province Name (full name) [Some-State]:Italy
Locality Name (eg, city) []:Cagliari
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Name
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:smtp.yourdomain.net
Email Address []:postmaster@yourdomain.net

> make tmprsadh
> chown vpopmail.vchkpw /var/qmail/control/*.pem

It is important that the “Common Name” matches the domain name that your email clients will specify as their SMTP server.

Now let’s create a cronjob to update the certificate every day:

> crontab -e

03 05 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1

Important: If you run qmail-submission as a user other than vpopmail, and you’re installing my combined patch, you must adjust /var/qmail/bin/update_tmprsadh accordingly. Otherwise you’ll probably exceed the connection timeout due to privilege problems, and won’t be able to send messages when connected remotely.

Combined patch details

qmail-authentication

It provides cram-md5, login, plain authentication support for qmail-smtpd (port 587) and qmail-remote.

qmail-tls

It implements SSL or TLS encrypted and authenticated SMTP between the MTAs and from MUA to MTA. I have adjusted the file update_tmprsadh to chown the .pem files to vpopmail, which runs qmail-smtpd.
The SSLv3 connection was switched off because of security reasons (thanks to Florian).

You may be interested to take a look to the page concerning smtp-auth and TLS testing here.

force-tls

optionally gets qmail to require TLS before authentication to improve security.

chkuser

performs recipient verification and Mail From: Address Verification (MAV).

You may be interested to take a look to this page concerning chkuser testing.

qmail-queue-custom-error.patch

Enables simscan and qmail-dkim to return the appropriate message for each e-mail it refuses to deliver. Simscan rejects with the name of the virus or the spam-score; qmail-dkim rejects with the verification failure message.

qmail-SPF

  • Author: Christophe Saout. Patch modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant.
  • Info: http://www.saout.de/misc/spf/
  • Version rc5

It can check incoming mails inside the SMTP daemon, add Received-SPF lines and optionally block undesired transfers.

qmail-SRS

implements Sender Rewriting Scheme fixing SPF break upon email forwarding. To enable SRS read carefully the configuration instructions above.

Oversize DNS

This patch enables qmail to handle large DNS packets.

Reread concurrency patch

rereads control/concurrencylocal and control/concurrencyremote files when qmail-send receives a HUP signal.

Big Concurrency patch

It sets the spawn limit above 255.

Big Concurrency fix

Fixes a compiler error if you set concurrency higher than 509 in /usr/local/src/netqmail-1.06/conf-spawn.

maildir++ patch

adds maildirquota support to qmail-pop3d and qmail-local.

Better qmail-smtpd Logging patch

Facilitates diagnosing qmail-smtpd logging its actions and decisions (search for a line starting with qmail-smtp:). This is useful for discovering fake IP addresses with bad HELO’s when qmail-smtpd doesn’t log anything.

Greeting delay patch

  • Author: John Simpson (?)
  • Download here
  • More info here

adds a user-definable delay after SMTP clients have initiated SMTP sessions, prior to qmail-smtpd responding with "220 ESMTP". It can reject connections from clients which tried to send commands before greeting. You can control the delay via the environment variable SMTPD_GREETDELAY (was GREETDELAY in the original patch). A value of SMTPD_GREETDELAY=”30” will delay qmail-smtpd’s response for 30 seconds.

DKIM and SURBL patch

adds DKIM signing & verification support to qmail at both qmail-smtpd and qmail-remote/local level and SURBL filtering support to qmail.  
The file hier.c modified to chown /var/qmail/control/cache and subdirs to vpopmail.

EXT-TODO patch

addresses a problem known as the silly qmail (queue)  problem.

BIG-TODO patch

Makes qmail use a hashing mechanism in the todo folder similar to that used in the rest of the queue.

qmail-inject-null-sender patch

Prevents qmail-inject from rewriting the null sender, fixing an issue with sieve vacation/reject messages.

doublebounce-trim patch

Prevents double bounces from hitting your queue a second time provided that you delete the first line from /var/qmail/control/doublebounceto

esmtp-size patch

Enables qmail-smtpd to reject messages if they’re larger than the maximum number of bytes allowed (you can set this value in the /var/qmail/control/databytes control file).

qmail-tap

Provides the ability to archive each email that flows through the system.

qmail-remote CRLF patch

Enables qmail-remote to handle CR (\r) properly, always sending the line breaks as CRLF (\r\n) and avoiding to double the CR (like qmail-remote normally does). This often caused me a broken header when forwarding messages by means of a sieve rule.

outgoingip patch

  • Author: Andy Repton (adjusted by Sergio Gelato)
  • Original patch: http://www.qmail.org/outgoingip.patch
  • Robbie Walker provided a patch to correct qmail-qmqpc.c's call to timeoutconn(), because the function signature was modified by the original outgoingip patch

By default all outgoing emails are sent through the first IP address on the interface. In case of a multiple IP server this patch makes qmail send outgoing emails with the IP eventually stored in control/outgoingip. The ehlo domain is NOT modified by this patch.

qmail-bounce patch

limits the size of bounces. The default limit for bounces is 50000 bytes, but you can create a file in crontrol/bouncemaxbytes in order to change that number.

qmail-smtpd pid, qp log patch

makes qmail-smtpd log a line similar to the following:

@4000000039b89c95026a89b4 mail recv: pid 8155 from <name@domain.xy> qp 8157

The pid allows you to match the message up with a given tcpserver process and the qp lets you find a particular delivery.

any-to-cname

avoids qmail getting large amounts of DNS data we have no interest in and that may overflow our response  buffer.

qmail-rfc2821 patch

makes qmail rfc2821 compliant

smtpd-502-to-500 patch

  • Author: Jonathan de Boyne Pollard
  • Original patch: local copy
  • More info here

makes qmail rfc2821 compliant

qmail-dnsbl patch

allows you to reject spam and virus looking at the sender's ip address. Added a line to make qmail-smtpd log the reject reason as well as the envelope to facilitate diagnostics.

qmail-moreipme patch

prevents a problem caused by an MX or other mail routing directive instructing qmail to connect to itself without realizing it's connecting to itself, saving CPU time.

qmail-hide-ip-headers

  • Author: Alex Nee
  • Download here

It will hide your Private or Public IP in the email Headers when you are sending Mail as a Relay Client.

qmail-date-localtime patch

  • Author: John Saunders
  • Download here

causes the various qmail programs to generate date stamps in the local timezone.

qmail-liberal-lf patch

allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n  sequence.

qmail-maxrcpt

allows you to set a limit on how many recipients are specified for any one email message by setting control/maxrcpt. RFC 2821 section 4.5.3.1 says that an MTA MUST allow at least 100 recipients for each message, since this is one of the favourite tricks of the spammer.
I slightly modified the patch also to log its response.

queue-extra

I modified extra.h to record the Message-ID in the qmail-send log as explained here towards the bottom of the page. An alias ~alias/.qmail-log had to be added as well to store the awk command with the regex which retrieves the Message-ID.
Thanks to Simone for the hint.

Be aware that you must have a valid MX record for your FQDN (look at /var/qmail/control/me).

The qmail-send log now appears as follows:

2014-11-05 12:00:47.930384500 status: local 1/10 remote 1/20
2014-11-05 12:00:47.952694500 delivery 11: success: Received:_(qmail_17359_invoked_by_uid_89);_5_Nov_2014_12:00:47_+0100/Received:_(qmail_17359_invoked_by_uid_89);_5_Nov_2014_12:00:47_+0100/Received:_from_unknown_(HELO_mx.test.net)_(1.2.3.4)/Received:_from_unknown_(HELO_mx.test.net)_(1.2.3.4)/__by_0_with_ESMTPS_(DHE-RSA-AES256-GCM-SHA384_encrypted);_5_Nov_2014_12:00:47_+0100/Received:_(qmail_17349_invoked_by_uid_89);_5_Nov_2014_12:00:47_+0100/Received:_(qmail_17349_invoked_by_uid_89);_5_Nov_2014_12:00:47_+0100/Received:_from_unknown_(HELO_mail-wg0-f47.google.com)_(74.125.82.47)/Received:_from_unknown_(HELO_mail-wg0-f47.google.com)_(74.125.82.47)/__by_0_with_ESMTPS_(RC4-SHA_encrypted);_5_Nov_2014_12:00:46_+0100/Received:_by_mail-wg0-f47.google.com_with_SMTP_id_a1so597995wgh.6/Received:_by_mail-wg0-f47.google.com_with_SMTP_id_a1so597995wgh.6/Received:_by_mail-wg0-f47.google.com_with_SMTP_id_a1so597995wgh.6/________for_<info@test.net>;_Wed,_05_Nov_2014_03:00:48_-0800_(PST)/X-Received:_by_10.180.23.98_with_SMTP_id_l2mr4797959wif.51.1415185247978;_Wed,/X-Received:_by_10.180.23.98_with_SMTP_id_l2mr4797959wif.51.1415185247978;_Wed,/Received:_by_10.27.203.139_with_HTTP;_Wed,_5_Nov_2014_03:00:47_-0800_(PST)/Received:_by_10.27.203.139_with_HTTP;_Wed,_5_Nov_2014_03:00:47_-0800_(PST)/Date:_Wed,_5_Nov_2014_12:00:47_+0100/Message-ID:_<CAD=Xf-WdCFwED9DiMqRj=bUR5RsRA9mPah1OXgA-tB1ffk-3sw@mail.gmail.com>/Message-ID:_<CAD=Xf-WdCFwED9DiMqRj=bUR5RsRA9mPah1OXgA-tB1ffk-3sw@mail.gmail.com>/Subject:_dasda/From:_xxx_<someone@@gmail.com>/From:_xxx_<someone@gmail.com>/To:_info@test.net/---/did_0+0+2/
2014-11-05 12:00:47.952726500 status: local 0/10 remote 1/20
2014-11-05 12:00:48.326103500 delivery 12: success: 1.2.3.4_accepted_message./Remote_host_said:_250_ok_1415185248_qp_17366/

Comments

qmail-smtpd: read failed: (null) only with one sender

Hello Roberto,

i have a problem with mails coming from amazon. Every Mail send from amazon is not delivered because it shows the error qmail-smtpd: read failed. This error only happen with mails from the amazon mail servers, i do not have this eror with other mails. I have no clue whats wrong -  do you have an idea? Output from Log File:

tcpserver: pid 18422 from 54.240.0.89
tcpserver: ok 18422 0:::ffff:5.9.211.13:25 :54.240.0.89::32891
CHKUSER accepted sender: from <20141222011816fe8d1176403e4a1da936071f1208d53f-C24F0W6MS7QTYP@bounces.amazon.com|remoteinfo/auth:|chkuser-identify:> remote <helo:a0-89.smtp-out.eu-west-1.amazonses.com|remotehostname:unknown|remotehostip:54.240.0.89> rcpt <> : sender accepted
tcpserver: status: 1/20
qmail-smtpd: read failed: (null) from 54.240.0.89 to 20141222011816fe8d1176403e4a1da936071f1208d53f-C24F0W6MS7QTYP@bounces.amazon.com helo a0-89.smtp-out.eu-west-1.amazonses.com
tcpserver: end 18422 status 256

Regards,

Marc

I think you should record the

I think you should record the smtp conversation enabling recordio in your run file. Let me know if you solve


qmail-smtpd read failed - SPF Check was the problem

Hello Roberto,

thanks for the hint with recordio. I figured out that the SPF check was the problem:

@4000000054a81075289ded24 9091 > 451 SPF lookup failure (#4.3.0)
@4000000054a8107529ddac9c 9091 < RSET
@4000000054a8107529de0674 9091 > 250 flushed

When i changed the /var/qmail/control/spfbehavior entry to 1 mail from amazon get thru and i noticed, that it take some time to process the mail.

I tried a manual spfquery for the amazon mail and the check take about 70 sec. So i think that the check takes to long and the qmail-smtp process take this as an timeout and reject the mail because of that. Other spf checks to other domains are working fast. Maybe i should try to change the dns server entry? But it is strange that this happens only to amazon servers.

Thanks for helping.

  I would try a test

I would try a test like

dig amazon.com txt

and see if you get a timeout error or not


qmail-send fail

Dear Roberto

I completely followed your notes, my email server can send email to another domain but cannot deliver to local account.

I've try to send from huyenha to nxhuy (2 accounts already created and loged in sucsessful) but it said: 

failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/

qmail-send log:

@4000000054832f6635627354 new msg 2754774
@4000000054832f6635627b24 info msg 2754774: bytes 1228 from <huyenha@4trust.vn> qp 2158 uid 89
@4000000054832f6635627f0c starting delivery 1: msg 2754774 to local log@4trust.vn
@4000000054832f6635627f0c status: local 1/10 remote 0/20
@4000000054832f66356282f4 starting delivery 2: msg 2754774 to local nxhuy@4trust.vn
@4000000054832f66356282f4 status: local 2/10 remote 0/20
@4000000054832f66358539ac delivery 2: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
@4000000054832f6635e71474 status: local 1/10 remote 0/20
@4000000054832f6635f5b2a4 delivery 1: success: Received:_(qmail_2158_invoked_by_uid_89);_6_Dec_2014_11:31:24_-0500/Received:_(qmail_2158_invoked_by_uid_89);_6_Dec_2014_11:31:24_-0500/Received:_by_simscan_1.4.0_ppid:_2149,_pid:_2151,_t:_0.0077s/Received:_by_simscan_1.4.0_ppid:_2149,_pid:_2151,_t:_0.0077s/Received:_from_unknown_(HELO_mail.4trust.vn)_()/Received:_from_unknown_(HELO_mail.4trust.vn)_()/__by_0_with_SMTP;_6_Dec_2014_11:31:24_-0500/Date:_Sat,_06_Dec_2014_23:31:24_+0700/From:_huyenha@4trust.vn/To:_nxhuy@4trust.vn/Subject:_Re:_Fwd:_ssdfadf/In-Reply-To:_<e8dd61a49b9a353705819b4d656a3cbc@4trust.vn>/References:_<01988b8baeb0552fb9b3e52dbf482e6a@4trust.vn>/_<e8dd61a49b9a353705819b4d656a3cbc@4trust.vn>/Message-ID:_<8e9696acc4134d69e84119c5567ac871@4trust.vn>/Message-ID:_<8e9696acc4134d69e84119c5567ac871@4trust.vn>/---/did_0+0+2/
@4000000054832f6635f62bbc status: local 0/10 remote 0/20
@4000000054832f670250cbdc bounce msg 2754774 qp 2167
@4000000054832f670250d3ac end msg 2754774

Please help me!

Duplicate emails

Hi, 

I made the installation of a new server, I have the same problems as mentioned, for every email that incoming or outgoing a copy this email is sent to the account log@domain.com.

I revert the path and all work fine.

Any ideas???

Thanks

This is normal, as the

This is normal, as the log@yourdomain.xy account is used to improve the qmail-send log. What do you have in your ~alias/.qmail-log file?


The .qmail-log contains:|

The .qmail-log contains:

| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]/ { print } /^[rR][eE][cC][eE][iI][vV][eE][dD]:/ { print; } /^[fF][rR][oO][mM]:/ { print } /^[tT][oO]:/ { print } /^[sS][uU][bB][jJ][eE][cC][tT]:/ { print } /^[xX]-[mM][aA][iI][lL][eE][rR]/ { print } /[hH][eE][lL][oO]/{ print } /^[rR][eE][pP][lL][yY]-[tT][oO]/{ print } /^[rR][eE][tT][uU][rR][nN]-[pP][aA][tT][hH]/{ print } /^[cC][cC]:/{ print } /^[dD][eE][lL][iI][vV][eE][rR][eE][dD]-[tT][oO]/{ print } /^[dD][aA][tT][eE]:/{ print } / by /{ print } / id /{ print } /<.*>/{ print }'
| echo "---"

But the error is:

<log@domain.com>: Sorry, no mailbox here by that name. (#5.1.1)

And log:

@4000000054a7d4ad3592ce3c new msg 1322152
@4000000054a7d4ad3592d224 info msg 1322152: bytes 2377 from <> qp 4710 uid 1008
@4000000054a7d4ad359310a4 starting delivery 3: msg 1322152 to local domain.com-log@domain.com
@4000000054a7d4ad359310a4 status: local 1/10 remote 0/20
@4000000054a7d4ad35933f84 starting delivery 4: msg 1322152 to remote me@mail.es
@4000000054a7d4ad3593436c status: local 1/10 remote 1/20
@4000000054a7d4ad35c68c54 delivery 3: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
@4000000054a7d4ad35c75774 status: local 0/10 remote 1/20

Thanks!

can you confirm that

can you confirm that domain.com (the domain inside control/me) really exists and has a valid MX record?


Yes is correct!

Hi,

The MX is correct and set fine in control/me file.

and you created the

and you created the domain with vpopmail?


Yes

Yes, the domain was created with vpopmail, and i delete and recreate the domain.

The domain is on another files control\files.

  what control\files is

what control\files is needed for?


I mean that the domain is

I mean that the domain is automatically added to other files in the folder Control (virtualdomains, rcpthosts, etc).

No ideas at the moment, but 

No ideas at the moment, but  you can be sure that the domain was actually created trying to connect to the postmaster account, for example

telnet 0 89
login postmaster@domain.com PASSWORD

Good news, I think I've found

Good news, I think I've found a possible motive, apparently aliases found in /var/qmail/alias not working, I created a symbolic link to /home/vpopmail/domains/domain.com/.qmail-log and this if is working now.

@4000000054a9350306110ffc delivery 19: success: Received:_(qmail_30229_invoked_by_uid_33);_4_Jan_2015_12:41:28_+0000/Received:_(qmail_30229_invoked_by_uid_33);_4_Jan_2015_12:41:28_+0000/To:_Arturo_Blanco_/To:_Arturo_Blanco_/Subject:_Re:_test_03/Date:_Sun,_04_Jan_2015_13:41:28_+0100/From:_user@domain.com/In-Reply-To:_/References:_/Message-ID:_/Message-ID:_/---/did_0+0+2/

Any idea why I do not work the /var/qmail/alias??

mmh... do you have your

mmh... do you have your aliases stored in mysql db (vpopmail compiled with --enable-valias)?


This configurator with the

This configurator with the --disable-valias option (I followed every step of your tutorial)

root@mail:~# telnet 0

root@mail:~# telnet 0 89 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK login postmaster@domain.com pass +OK+ vpopmail_dir /home/vpopmail domain_dir /home/vpopmail/domains/domain.com uid 89 gid 89 name postmaster comment Postmaster quota NOQUOTA user_dir /home/vpopmail/domains/domain.com/postmaster encrypted_password pass_encrypt clear_text_password pass no_password_change 0 no_pop 0 no_webmail 0 no_imap 0 bounce_mail 0 no_relay 0 no_dialup 0 user_flag_0 0 user_flag_1 0 user_flag_2 0 user_flag_3 0 no_smtp 0 domain_admin_privileges 1 override_domain_limits 0 no_spamassassin 0 delete_spam 0 no_maildrop 0 system_admin_privileges 0 .

I realise that in qmail-send

I realise that in qmail-send log:

@4000000054832f66356282f4 starting delivery 2: msg 2754774 to local nxhuy@4trust.vn

must be:

@4000000054832f66356282f4 starting delivery 2: msg 2754774 to local 4trust.vn-nxhuy@4trust.vn

So I delete the domain and re-add, now it can deliver to local account.

But that generate another error that can't deliver to "log alias" for qmail-tap function

@400000005483d6841bf4da4c new msg 2754788
@400000005483d6841bf4de34 info msg 2754788: bytes 628 from <huyenha@4trust.vn> qp 11658 uid 89
@400000005483d6841bf4e21c starting delivery 1: msg 2754788 to local 4trust.vn-log@4trust.vn
@400000005483d6841bf4e604 status: local 1/10 remote 0/20
@400000005483d6841bf4e9ec starting delivery 2: msg 2754788 to local 4trust.vn-nxhuy@4trust.vn
@400000005483d6841bf4e9ec status: local 2/10 remote 0/20
@400000005483d6841ccb8f24 delivery 1: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
@400000005483d6841ccb96f4 status: local 1/10 remote 0/20
@400000005483d6841cced314 delivery 2: success: did_0+0+1/
@400000005483d6841cced6fc status: local 0/10 remote 0/20
@400000005483d6842401182c bounce msg 2754788 qp 11669
@400000005483d6842401c40c end msg 2754788

I think this is because my

I think this is because my patch creates an alias /var/qmail/alias/.qmail-log which uses the same address of your tap address (http://notes.sagredo.eu/node/82#queue-extra). This alias is needed to improve the log of qmail send. You can solve by changing the tap address


qmail-log alias

Hi Roberto ,

I have followed your excellent guide and installed my server. The issues is for every mail that is sent or received it is trying to send a copy to some log alias. How can I disable that . Below is the message transcript.

Hi. This is the qmail-send program at akhurathacpl.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <log@akhurathacpl.com>: Sorry, no mailbox here by that name. (#5.1.1) --- Below this line is a copy of the message. Return-Path: <support@akhurathacpl.com> Received: (qmail 11804 invoked by uid 89); 12 Dec 2014 13:46:33 +0530 Received: by simscan 1.4.0 ppid: 11796, pid: 11799, t: 0.0938s scanners: attach: 1.4.0 clamav: 0.98.5/m:55/d:19764 spam: 3.4.0 Received: from unknown (HELO mail.akhurathacpl.com) (::1) by 0 with SMTP; 12 Dec 2014 13:46:33 +0530 Received-SPF: unknown (0: No IP address in conversation) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_354b252cc407d8efce244ea9bc720ecc" Date: Fri, 12 Dec 2014 13:46:20 +0530 From: support@akhurathacpl.com To: support@akhurathacpl.com Subject: test mail Message-ID: <0703b9b216a5918c3639dcf4dad7d264@akhurathacpl.com> X-Sender: support@akhurathacpl.com User-Agent: Roundcube Webmail/1.0.3 --=_354b252cc407d8efce244ea9bc720ecc Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII test --=_354b252cc407d8efce244ea9bc720ecc Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"> <html><body style=3D'font-size: 10pt; font-family: Verdana,Geneva,sans-seri= f'> <p>test</p> <div>&nbsp;</div> </body></html> --=_354b252cc407d8efce244ea9bc720ecc--

Request your help in this regards

Thanks

you can revert this patch

you can revert this patch http://notes.sagredo.eu/node/82#queue-extra

anyway I think you have deleted the ~alias/.qmail-log alias or you don't have a valid mx for your control/me domain. Actually this is not a real mailbox but an alias created in order to improve the qmail-send log, so you may want to continue to use it


qmail-log alias

ahhh now I get you , actually this is a newly created server and I have still not pointed the mx to the new servers ip . Let me check by doing point the valid MX to the server .

Thanks a lot for your precious guidance as always you are a real life saver

I think you have a valid mx

I think you have a valid mx for for your domain

$ dig akhurathacpl.com mx

; <<>> DiG 9.9.6-P1 <<>> akhurathacpl.com mx                                                                                                                                                  
;; global options: +cmd                                                                                                                                                                       
;; Got answer:                                                                                                                                                                                
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36916                                                                                                                                     
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:  0                                                                                                                          
                                                                                                                                                                                              
;; QUESTION SECTION:                                                                                                                                                                          
;akhurathacpl.com.              IN      MX                                                                                                                                                    
                                                                                                                                                                                              
;; ANSWER SECTION:                                                                                                                                                                            
akhurathacpl.com.       3600    IN      MX      10 mail.net4india.com.

;; Query time: 288 msec
;; SERVER: 213.205.32.70#53(213.205.32.70)
;; WHEN: Fri Dec 12 14:03:12 CET 2014
;; MSG SIZE  rcvd: 65

and are you sure you are

and are you sure you are using my patch? I can't see chkuser in action... is it enabled?


Yes, chkuser in action, this

Yes, chkuser in action, this is qmail-smtpd log:

@4000000054832fc82cfe8ff4 tcpserver: status: 1/20
@4000000054832fc82cffbcbc tcpserver: pid 2222 from ::1
@4000000054832fc82d009f4c tcpserver: ok 2222 0:::1:25 :::1::40420
@4000000054832fc82d3d331c CHKUSER accepted sender: from <huyenha@4trust.vn|remoteinfo/auth:|chkuser-identify:> remote <helo:mail.4trust.vn|remotehostname:unknown|remotehostip:::1> rcpt <> : accepted any sender always
@4000000054832fc82d66a47c CHKUSER accepted rcpt: from <huyenha@4trust.vn|remoteinfo/auth:|chkuser-identify:> remote <helo:mail.4trust.vn|remotehostname:unknown|remotehostip:::1> rcpt <nxhuy@4trust.vn> : found existing recipient
@4000000054832fc8304afbd4 simscan:[2222]:RELAYCLIENT:0.0045s:-:::1:huyenha@4trust.vn:nxhuy@4trust.vn
@4000000054832fc83547c734 mail recv: pid 2222 from <huyenha@4trust.vn> qp 2224
@4000000054832fc83547cb1c qmail-smtpd: message accepted: huyenha@4trust.vn from ::1 to nxhuy@4trust.vn helo mail.4trust.vn
@4000000054832fc907f41454 tcpserver: end 2222 status 0
@4000000054832fc907f41c24 tcpserver: status: 0/20

can you show your

can you show your control/defaultdelivery?


 Now it

 Now it is:
|/var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -d $EXT@$USER

I also tried "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

But the result is the same error

the content of the

the content of the defaultdelivery is

| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox

without quotes, right?


dovecot issue?

It can be a dovecot issue (you should also look for dovecot-lda errors, expecially in the sql driver).

But it's strange that you can't have it working when using vpopmail as deliver. Are there any .qmail overriding the defaultdelivery?

Let's fix vpopmail first of all.


I've change the

I've change the control/defaultdelivery and ~vpopmail/domains/4trust.vn/.qmail_default to | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

But the error is still the same :(

do you have double quotes?

do you have double quotes at the end of that line?


Sorry, It's my mistake, i've

Sorry, It's my mistake, i've remove the double quote and re-test. The error is still there.

Could it be a qmail's error?

can you send me in a private

can you send me in a private msg an strace of smtp session?


Hi, have you passed the

Hi, have you passed the vpopmail login test from the command line?


I've follow your vpopmail

I've follow your vpopmail auth test at http://notes.sagredo.eu/node/22#vpopmail

the result is ok

telnet localhost 89
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK
login nxhuy@4trust.vn 123456
+OK+
vpopmail_dir /home/vpopmail
domain_dir /home/vpopmail/domains/4trust.vn
uid 89
gid 89
name nxhuy
comment nxhuy
quota 524288000S
user_dir /home/vpopmail/domains/4trust.vn/nxhuy
encrypted_password $1$uk0Fi8aE$USOXMa6g9i0Rjgd9vgLx2/
clear_text_password 123456
no_password_change 0
no_pop 0
no_webmail 0
no_imap 0
bounce_mail 0
no_relay 0
no_dialup 0
user_flag_0 0
user_flag_1 0
user_flag_2 0
user_flag_3 0
no_smtp 0
domain_admin_privileges 0
override_domain_limits 0
no_spamassassin 0
delete_spam 0
no_maildrop 0
system_admin_privileges 0
.

forcetls patch

Can you pls let me know how to remove the ForceTls patch from the big patch? I need the auth to work without tls.

Thank you!

read above! :)

read above! :)


DKIM and SRS = fail :-(

Hi,

if you use SRS, DKIM filter fails, as it sets original SENDER domain instead of that specified in SRS. Any suggestions how to fix it?

cheers and thanks for your patches!

S.

Can you post how the headers

Can you post how the headers look like when we you use SRS?

I contacted M.Banghui, the author of the DKIM patch, and he told me that he can fix it.


Sure :)

The DKIM is getting _SENDER  - and SRS is providing to qmail an original Sender domain, instead of the one taken from /var/qmail/control/srs_domain

BTW, why don't you move your awesome patchset to github? It would make things much easier :)

I would declare I can work on IPv6 part, as it is the only (but big) missing thing from your patches.

cheers,

S

Hi, can you do a cut&paste of

Hi, can you do a cut&paste of the headers?

Actually an help on the IPv6 patch would be appreciated, as I have not much time these days, and I'm not an IPv6 expert. As you probably know M.Banghui has merged an IPv6 patch in his DKIM/SURBL and my plan is to add it to my package soon or later :)


qmail-todo problem

Firslty, thanks Roberto for ur efforts of creating the patch, But i'm facing a critical problem after i patched qmail 1.6  with ur patch that i have found my server load reached to 250, and when i check the process found that qmail-todo consuming cpu terribly. But i don't know why this happened and what should i do, although i have applied the steps and installed qmail successfully.

Re: qmail-todo problem

Hi Kamal,

I assume that you erased your queue in this way before installing the todo-patched qmail for the first time:

qmailctl stop
rm -rf /var/qmail/queue
make setup check

If yes please post a

ps axfuww | grep qmail 

The best way to investigate what qmail-todo is doing is using strace:

strace -Ff -o /tmp/qmail-strace.log -p <pid_of_qmail-todo>

Re: qmail-todo problem

Hi Roberto,

Yes, I already erased the queue as you mentioned, I want to clear something i'm using the combined patch "roberto-netqmail1.06.patch-latest"  NOT todo-patch. but the problem with qmail-todo process that was consuming cpu.

Kindly find output details below,

strace.log
http://www.mediafire.com/view/9ptwzxri9xpptgr/qmail-strace.log

ps-axfuww.log
http://www.mediafire.com/view/1277h6de1g80xsn/ps-axfuww

Maybe a lbsrs problem did you

Maybe a lbsrs problem did you successfully installed it? did you ldconfig it?

 

I think it's not a libsrs

I think it's not a libsrs issue, as in that case the compilation itself will break


Re: qmail-todo problem

it seems to be an infinite loop...

when you stop qmail I would try to kill all those qmail-todo which doesn't belong to qmail-send anymore, and after that erase the existing queue, recompile and restart qmail


Re: qmail-todo problem

I realy did that, but unfortunately still the same, the load reached to 270,and server was going to explode.