Patching qmail

March 18, 2023 Roberto Puzzanghera 413 comments

Changelog

  • Mar 18, 2023
    - bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
    - redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here
  • Mar 17, 2023
    - Restoring the 2023.01.31 patch as a bug in the current version is under inspection
  • Mar 14, 2023
    - The split_str() function in dknewkey was modified in order to work on debian 11 (tx J)
  • Mar 12, 2023
    - The mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER) diff here
  • Mar 1, 2023
    - added qmail-fastremote patch (tx Ali Erturk TURKER for the advise)
    - qmail-remote CRLF removed (replaced by fastremote)
  • Feb 27, 2023
    - Now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER)
  • Feb 24, 2023
    - several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here
  • Feb 19, 2023
    - dkim patch upgraded to v. 1.37
    * ed25519 support​ (RFC 8463)
    * old yahoo's domainkeys stuff removed (no longer need the libdomainkeys.a library)

read more

Configuring DKIM for qmail

March 18, 2023 Roberto Puzzanghera 185 comments

This note concerns the DKIM patch embedded in my combined patch (more info here). This topic is advanced and you can skip it at the beginning.

DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature.

You are invited to take a look to the man pages starting from dkim(8) and spawn-filter(8).

Changelog

  • Mar 18, 2023
    - bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
  • Mar 14, 2023
    - The split_str() function in dknewkey was modified in order to work on debian 11 (tx J)
  • Feb 19, 2023 (v. 1.37 upgrade)
    - ed25519 support​ (RFC 8463)
    - multiple signatures/selectors via the enhanced control/dkimkeys or DKIMSIGNDKIMSIGNEXTRADKIMSIGNOPTIONS  DKIMSIGNOPTIONSEXTRA variables
    - domainkey script replaced by dknewkey in order to create ed25519 keys and rsa keys with 1024/2048/4096 bit
    - dropped yahoo's domainkeys support (no longer need the libdomainkeys.a library)
    - man pages revised and enhanced
    - domainkeys directory moved to /var/qmail/control/domainkeys
    - the documentation in this page has been revised. You can find how to sign with the rsa key together with the ed25519 key below.

read more

vQadmin

February 18, 2023 Roberto Puzzanghera 30 comments

vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.

Changelog

read more

Installing and configuring vpopmail

February 18, 2023 Roberto Puzzanghera 88 comments

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.

Patch details

The patch we'll apply is the result of the following bunch of patches:

  • sql-aliasdomains patch, which makes vpopmail save the aliasdomains to MySQL. This makes the dovecot sql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see the dovecot page for more info).
  • defaultdelivery patch, which makes vpopmail to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default vpopmail's behaviour, where vpopmail copies its delivery agent vdelivermail. You have to configure with --enable-defaultdelivery to enable this.
    If the functionality is disabled (--disable-defaultdelivery, which is the default option) vdelivermail is installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore.
  • dovecot-sql-procedures patch
    If you want to use the dovecot's sql auth driver with one table for each domain (--disable-many-domains) you have to heavily customize your queries to the sql database. With this patch vpopmail installs the sql procedures and functions in the database when you create a new domain. The procedures can be called by dovecot to perform the auth.
    The sql stuff supports aliasdomains and mysql limits and will be loaded from ~/vpopmail/etc/disable-many-domains_procedures.sql. You can customize the sql procedure editing this file.
    You have to configure with --enable-mysql-bin=PATH as we have to install the procedures calling the mysql bin as a shell command (no way to load an sql query from a file in C language, comments welcome).
  • vusaged configure patch
    It seems that at least on Debian 11 vusaged refuses to run the configure successfully, as the mysql libraries are not linked (configure: error: No vauth_getpw in libvpopmail). After some inspection, I noticed that avoiding the break of the configure command, the following make command will find libmysqlclient and compile with no problems, and the program works as expected.
    NB: an autoreconf -f -i into the vusaged directory is needed before configuring, as the configure.ac script was modified.
  • recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
  • vuserinfo-D_newline, a cosmetic patch which prints a new line to separate users' infos when typing "vuserinfo -D domain"
  • gcc-10-compat patch, which gets vpopmail to compile with gcc-10
  • A fix to the following issues (patch by Ali Erturk TURKER):
    - vdelivermail.c checks spamassassin permissions, instead of maildrop permissions.
    - vopen_smtp_relay() return values corrected, so that open_smtp_relay() can detect and report database connection errors (vmysql.c, voracle.pc, vpgsql.c )
    - vdel_limits() core-dumps if a database connection is not available beforehand. (vmysql.c, voracle.pc)

read more
qmail notes

General notes

Preinstallation tasks

daemontools

fehQlibs

ucspi-tcp6

ucspi-ssl

qmail

vpopmail

Patching

Configuring

Testing

autorespond

ezmlm-idx

qmailadmin

Add-ons

RBL

Greetdelay

tcprules

SPF

DKIM

SURBL

Limiting per user/IP outgoing emails

Denying bad DNS HELOs

Greylisting

qmail-taps-extended

moreipme

qmHandle

queue-repair

vQadmin

ezmlm-browse

ezmlm-web

rblsmtpd

qmail-rblchk

Dovecot

Running

Testing

Filtering

Indexing

Expunging

vpopmail-auth driver removal

Spamassassin

Filtering networks

User Prefs

TxRep and Bayesian

Learning and reporting

DMARC

Roundcube

Plugins

ClamAV

clamav-unofficial-sigs

simscan

Testing

fail2ban

Installing a valid SSL certificate

ChangeLog

Need help?

Pay me a coffee:

PayPal - The safer, easier way to pay online.

LXC scripts

Introduction

Basic configuration files

Creating an unprivileged container

Scripts overview

Natting

Other contents

Converting a Linux installation to Slackware in OVH server

Running OpenBoard in a window

Migrating from Linux-VServer to LXC

Linux-VServer on Slackware

Running two php on the same server

rsync backup via ssh

Securing proftpd

Installing mariaDB

Setting up MySQL

SEO friendly URLs with apache mod_rewrite

Building your ownCloud

Building your own mozilla-sync server

Setting up Tex on Mediawiki

Slackware RSS feeds

English
Italiano
Recent comments

RBL and Bordermailer
March 20, 2023 09:31

RBL and Bordermailer
March 20, 2023 09:13

RBL and Bordermailer
March 18, 2023 15:52

Bug in dknewkey
March 18, 2023 11:35

What is qq_internal_bug_?
March 18, 2023 11:28

What is qq_internal_bug_?
March 18, 2023 11:08

What is qq_internal_bug_?
March 18, 2023 08:48

What is qq_internal_bug_?
March 18, 2023 08:08

What is qq_internal_bug_?
March 18, 2023 07:43

What is qq_internal_bug_?
March 18, 2023 04:37

Tags

apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin

Recent posts

ChangeLog

Patching qmail

Configuring DKIM for qmail

smtp-auth + qmail-tls + forcetls patch for qmail

Preinstallation tasks

Configuring qmail

Installing and configuring vpopmail

vQadmin

Dovecot vpopmail-auth driver removal. Migrating to the SQL driver

Installing Dovecot and sieve on a vpopmail + qmail server

RSS feeds