Patching qmail
June 4, 2023 Roberto Puzzanghera 423 comments
- Latest stable combined patch for netqmail-1.06 v. 2023.06.04 (MD5)
- Changelog
- Readme
Changelog
- Jun 4, 2023 (diff)
-vpopmail uid and gid are determined dinamically instead of assigning 89:89 ids by default
-vpopmail install directory determined dinamically (was /home/vpopmail) - Apr 26, 2023
-dkim patch updated to v. 1.40
-qmail-dkim uses CUSTOM_ERR_FD as file descriptor for errors (more info here) - Mar 27, 2023
-chkuser.c: double hyphens "--" are now allowed also in the rcpt email (tx Ali Erturk TURKER)
-chkuser_settings.h: CHKUSER_SENDER_NOCHECK_VARIABLE commented out. Sender check is now enabled also for RELAYCLIENT
-removed a couple of redundant log lines caused by qmail-smtpd-logging
diff here - Mar 18, 2023
- bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
- redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here - Mar 17, 2023
- Restoring the 2023.01.31 patch as a bug in the current version is under inspection - Mar 14, 2023
- The split_str() function in dknewkey was modified in order to work on debian 11 (tx J) - Mar 12, 2023
- The mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER) diff here - Mar 1, 2023
- added qmail-fastremote patch (tx Ali Erturk TURKER for the advise)
- dropped qmail-remote CRLF (replaced by fastremote) - Feb 27, 2023
- Now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER) - Feb 24, 2023
- several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here - Feb 19, 2023
- dkim patch upgraded to v. 1.37
* ed25519 support (RFC 8463)
* dropped old yahoo's domainkeys stuff (no longer need the libdomainkeys.a library)
Installing a Let's Encrypt certificate for your qmail and dovecot servers
May 18, 2023 Roberto Puzzanghera 20 comments
More info:
Here is how to install and configure a valid certificate from Let's Encrypt for your qmail
and dovecot
servers. The installation will be done by certbot.
Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.
Changelog
- May 18, 2023
added the option--key-type rsa
to thecertbot
command, to avoid thatcertbot
will silently default toECDSA
the private key format, which results not understandable by myopenssl-1.1
. In this way the format of the private key will beRSA
. More info here.
SURBL filtering configuration
May 16, 2023 Roberto Puzzanghera 20 comments
SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders.
Web sites seen in unsolicited messages tend to be more stable than the rapidly changing botnet IP addresses used to send the vast majority of them. Sender lists like zen.spamhaus.org can be used in a first stage filter to help identify 80% to 90% of unsolicited messages. SURBLs can help find about 75% of the otherwise difficult, remaining unsolicited messages in a second stage filter. Used together with sender lists, SURBLs have proven to be a highly-effective way to detect 95% of unsolicited messages.
The SURBL filter is part of the DKIM patch by Manvendra Bhangui and it's embedded in my combined patch.
- Author: Manvendra Bhangui
- Version: 1.40
- ANNOUNCE
- Original patch
Changelog
- May 17, 2023
-Top level domains URL is changed. The update_tlds.sh script has been adjusted accordingly
qmailadmin
April 25, 2023 Roberto Puzzanghera 93 comments
- Author: Inter7
- Version: 1.2.16
- Download the sources from http://sourceforge.net/projects/qmailadmin/files/
- Combined patch v. 2023.04.26
- Changelog
qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.
Combined patch details
- qmailadmin-skin, a patch that I created during covid-19 spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a style sheet in the "images" folder and a couple of png files for the qmail logo. It will be much easier to modify the
qmailadmin
's skin from now on. - A patch to call
cracklib
in order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456". - A nice patch (thanks to Tony, original author unknown) which gets
qmailadmin
to have authentication failures logged. This makes possible to ban malicious IPs viafail2ban
. It is required to create the log file/var/log/qma-auth.log
initially and assign write priviledges toapache
. - ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with
ezmlm-idx-7
(thanks to J.D. Trolinger for the advice). - a fix to the catchall account (thanks to Luca Franceschini).
- another fix to autorespond.c to correct the way
.qmail
files are modified