SURBL

Patching qmail

Changelog

The complete changelog is inside the patch file.

  • 2016-12-19
    -Several new patches and improvements added (thanks to Luca Franceschini)
    More info here http://notes.sagredo.eu/node/178
    -qregex patch
    -brtlimit patch
    -validrcptto patch
    -rbl patch (updates qmail-dnsbl patch)
    -reject-relay-test patch
    -added DISABLETLS environment variable, useful if you want to disable TLS on a desired port
    -added FORCEAUTHMAILFROM environment variable to REQUIRE that authenticated user and 'mail from' are identical
    -fixed little bug in 'mail from' address handling (patch by Andre Opperman at http://qmail.cr.yp.narkive.com/kBry6GJl/bug-in-qmail-smtpd-c-addrparse-function)
    -added SMTPAUTHMETHOD, SMTPAUTHUSER and SMTP_AUTH_USER env variables for external plugins
    -qlog patch
    -reject null senders patch
    -qmail-taps-extended (updates qmail-tap)
  • 2016-12-02
    -fixed BUG in qmail-remote.c: in case of remote servers not allowing EHLO the response for an alternative HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
    Patch applied: http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/fix_sagredo_remotehelo.patch
  • 2016-09-18
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matched (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-05-15
    -force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the STARTTLS command was not sent by the client
  • 2016-03-09
    -dkim patch updated to v. 1.19
    * verification will not fail when a dkim signature does not include the subject provided that the  UNSIGNED_SUBJECT environment variable is declared. More info here.
  • 2015-12-26
    -qmail-tls updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
    more info here

I have created a combined patch including the latest versions of several commonly-used qmail patches:

[Follow the patch details here]

Other patches:

SURBL filtering configuration

SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders.

Web sites seen in unsolicited messages tend to be more stable than the rapidly changing botnet IP addresses used to send the vast majority of them. Sender lists like zen.spamhaus.org can be used in a first stage filter to help identify 80% to 90% of unsolicited messages. SURBLs can help find about 75% of the otherwise difficult, remaining unsolicited messages in a second stage filter. Used together with sender lists, SURBLs have proven to be a highly-effective way to detect 95% of unsolicited messages.

The SURBL filter is part of the DKIM patch by Manvendra Bhangui and it's embedded in my combined patch.