Patching qmail

March 27, 2023 Roberto Puzzanghera 423 comments

• Latest stable combined patch for netqmail-1.06 v. 2023.03.27 (MD5)
• Changelog
• Readme

Changelog

• Mar 27, 2023
  -chkuser.c: double hyphens "--" are now allowed also in the rcpt email (tx Ali Erturk TURKER)
  -chkuser_settings.h: CHKUSER_SENDER_NOCHECK_VARIABLE commented out. Sender check is now enabled also for RELAYCLIENT
  -removed a couple of redundant log lines caused by qmail-smtpd-logging
  diff here
• Mar 18, 2023
  - bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
  - redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here
• Mar 17, 2023
  - Restoring the 2023.01.31 patch as a bug in the current version is under inspection
• Mar 14, 2023
  - The split_str() function in dknewkey was modified in order to work on debian 11 (tx J)
• Mar 12, 2023
  - The mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER) diff here
• Mar 1, 2023
  - added qmail-fastremote patch (tx Ali Erturk TURKER for the advise)
  - qmail-remote CRLF removed (replaced by fastremote)
• Feb 27, 2023
  - Now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER)
• Feb 24, 2023
  - several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here
• Feb 19, 2023
  - dkim patch upgraded to v. 1.37
  * ed25519 support​ (RFC 8463)
  * dropped old yahoo's domainkeys stuff (no longer need the libdomainkeys.a library)

Configuring DKIM for qmail

March 18, 2023 Roberto Puzzanghera 185 comments

This note concerns the DKIM patch embedded in my combined patch (more info here). This topic is advanced and you can skip it at the beginning.

• Info: http://www.dkim.org/ - http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
• Author: Manvendra Bhangui
• Patch's version: 1.39
• Download: from SourceForge - local copy
• Changelog
• Mirko Buffoni did a slight modification here to allow to sign messages sent by authenticated users, and to verify all non authenticated ones.

DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature.

You are invited to take a look to the man pages starting from dkim(8) and spawn-filter(8).

Changelog

• Mar 18, 2023
  - bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
• Mar 14, 2023
  - The split_str() function in dknewkey was modified in order to work on debian 11 (tx J)
• Feb 19, 2023 (v. 1.37 upgrade)
  - ed25519 support​ (RFC 8463)
  - multiple signatures/selectors via the enhanced control/dkimkeys or DKIMSIGN / DKIMSIGNEXTRA / DKIMSIGNOPTIONS  DKIMSIGNOPTIONSEXTRA variables
  - domainkey script replaced by dknewkey in order to create ed25519 keys and rsa keys with 1024/2048/4096 bit
  - dropped yahoo's domainkeys support (no longer need the libdomainkeys.a library)
  - man pages revised and enhanced
  - domainkeys directory moved to /var/qmail/control/domainkeys
  - the documentation in this page has been revised. You can find how to sign with the rsa key together with the ed25519 key below.
  

read more

vQadmin

February 18, 2023 Roberto Puzzanghera 30 comments

• Info: http://www.inter7.com/vqadmin-sysadmin-webcontrol/
• Download (local copy): vqadmin-2.3.7
• Combined patch installed (v. 2023.02.18)

vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.

Changelog

• Feb 18, 2023
  Added Ali Erturk TURKER's patch to my combo. Original patch here

read more

Installing and configuring vpopmail

February 18, 2023 Roberto Puzzanghera 88 comments

• Inter7's original page
• vpopmail version: 5.4.33
• Combined patch v. 2023.03.02
• Changelog
• More info here
• README.vdelivermail

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.

Patch details

The patch we'll apply is the result of the following bunch of patches:

• sql-aliasdomains patch, which makes vpopmail save the aliasdomains to MySQL. This makes the dovecot sql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see the dovecot page for more info).
• defaultdelivery patch, which makes vpopmail to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default vpopmail's behaviour, where vpopmail copies its delivery agent vdelivermail. You have to configure with --enable-defaultdelivery to enable this.
  If the functionality is disabled (--disable-defaultdelivery, which is the default option) vdelivermail is installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore.
• dovecot-sql-procedures patch
  If you want to use the dovecot's sql auth driver with one table for each domain (--disable-many-domains) you have to heavily customize your queries to the sql database. With this patch vpopmail installs the sql procedures and functions in the database when you create a new domain. The procedures can be called by dovecot to perform the auth.
  The sql stuff supports aliasdomains and mysql limits and will be loaded from ~/vpopmail/etc/disable-many-domains_procedures.sql. You can customize the sql procedure editing this file.
  You have to configure with --enable-mysql-bin=PATH as we have to install the procedures calling the mysql bin as a shell command (no way to load an sql query from a file in C language, comments welcome).
• vusaged configure patch
  It seems that at least on Debian 11 vusaged refuses to run the configure successfully, as the MySQL libraries are not linked (configure: error: No vauth_getpw in libvpopmail). After some inspection, I noticed that avoiding the break of the configure command, the following make command will find libmysqlclient and compile with no problems, and the program works as expected.
  NB: an autoreconf -f -i into the vusaged directory is needed before configuring, as the configure.ac script was modified.
• recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
• vuserinfo-D_newline, a cosmetic patch which prints a new line to separate users' infos when typing "vuserinfo -D domain"
• gcc-10-compat patch, which gets vpopmail to compile with gcc-10 and later versions
• A fix to the following issues (patch by Ali Erturk TURKER):
  - vdelivermail.c checks spamassassin permissions, instead of maildrop permissions.
  - vopen_smtp_relay() return values corrected, so that open_smtp_relay() can detect and report database connection errors (vmysql.c, voracle.pc, vpgsql.c)
  - vdel_limits() core-dumps if a database connection is not available beforehand. (vmysql.c, voracle.pc)
  
  

• 1
• 2
• 3
• 4
• Next