Patching qmail
January 31, 2023 Roberto Puzzanghera 394 comments
- Latest stable combined patch for netqmail-1.06 v. 2023.01.31 (MD5)
- Changelog
- Readme
Changelog
- Jan 31,2023
-bug fix in qmail-smtpd.c. 4096 bit RSA key cannot be open (tx Ali Erturk TURKER) - Jan 1, 2023
-bug fix in dk-filter. It was calling a non existent function (tx Andreas).
More info here - Dec 17, 2022
-chkuser receipt check won't be disabled for RELAYCLIENT
* CHKUSER_DISABLE_VARIABLE commented out from chkuser_settings.h
diff here - Oct 1, 2022
-dkim patch updated to v. 1.30
* bug fix: it was returning an error in case of domains with no key. - Sep 28, 2022
-dkim patch updated to v. 1.29 (tx M. Bhangui and Computerism for troubleshooting)
* Custom selector via new control file /var/qmail/control/dkimkeys. More info here - May 22, 2022
"qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
-improved a couple of read_failed error messages - Feb 26, 2022
-added REJECTNULLSENDERS environment variable (diff) - Feb 13, 2022
-fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier (only openssl-1.1). (diff here) - Jan 17, 2022
-now qmail-smtpd logs rejections when the client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
-added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
diff here - Dec 19, 2021
-added qmail-spp patch
e-mail indexing with Solr FTS Engine
January 4, 2023 Roberto Puzzanghera 0 comments
Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.
- Download latest version: v. 9.1.0
- Solr documentation page
- Solr FTS Engine documentation page for Dovecot
Upgrading to version 9.1.0
- More info here
Before starting check that your java is at least at version 11.
Download version 9.1.0:
wget https://www.apache.org/dyn/closer.lua/solr/solr/9.1.0/solr-9.1.0.tgz?action=download -O solr-9.1.0.tgz
Then stop your Solr server and run the upgrade with the -f (upgrade) and -n (do not start the server when finished) options:
tar xzf solr-9.1.0.tgz solr-9.1.0/bin/install_solr_service.sh --strip-components=2 sudo bash ./install_solr_service.sh solr-9.1.0.tgz -f -n
Slackware users will have to do:
wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh chmod +x install_solr_slackware.sh ./install_solr_slackware.sh solr-9.1.0.tgz -f -n
Now download and install the new schema and configuration files for Dovecot
cd /var/solr/data/dovecot/conf rm -f schema.xml managed-schema solrconfig.xml wget https://notes.sagredo.eu/files/qmail/solr/schema-9.1.0.xml -O schema.xml wget https://notes.sagredo.eu/files/qmail/solr/solrconfig-9.1.0.xml -O solrconfig.xml chown solr:solr solrconfig.xml schema.xml
The new configuration file replaces LRUCache with CaffeineCache and changes the location of the .jar libraries (diff here).
Configure your /etc/default/solr.in.sh file, as many options are changed. Then restart the Solr server.
Finally upgrade the indexes (edit the downloaded script to insert your Dovecot password)
wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh chmod +x solr_rescan_index.sh chown root:root solr_rescan_index.sh chmod o-wrx solr_rescan_index.sh ./solr_rescan_index.sh Stopping Dovecot . <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"> <int name="status">0</int> <int name="QTime">20</int> </lst> </response> Starting Dovecot.
If the script does not return errors (status=0) you are ok. If you get errors, double check the Authorization and the Solr's dovecot user credentials.
Installing ClamAV
January 1, 2023 Roberto Puzzanghera 8 comments
- Info: http://www.clamav.net
- Latest version: 1.0.0
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Upgrading to v. 1.0.0
Version 1.0.0 of ClamAV requires the Rust environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust package and then install a new version in this way:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH. If something went wrong, add it by yourself to your profile:
export PATH:$PATH:/root/.cargo/bin
If one day you want to uninstall this Rust installation, because the package is available in your distro, you can do like this:
rustup self uninstall
Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.
cd /usr/local/etc mv clamd.conf clamd.conf.105 mv clamd.conf.sample clamd.conf mv freshclam.conf freshclam.conf.105 mv freshclam.conf.sample freshclam.conf
You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have
LogRotate yes
in your config files.
Migrating spamassassin to version 4.0
December 27, 2022 Roberto Puzzanghera 0 comments
Install spamassassin v. 4
SA v.4 DMARC plugin requires Mail::DMARC::PurePerl, while DecodeShortURLs requires DBD::SQLite ( or DBD::MariaDB or DBD::mysql), so it's better to install them before the upgrade:
perl -MCPAN -e shell cpan> force notest install Mail::DMARC::PurePerl DBD::SQLite cpan> quit
Stop qmail and spamd and then upgrade spamassassin, run sa-update and restart the services:
qmailctl stop spamdctl stop perl -MCPAN -e shell cpan> force notest install Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2 cpan> quit sa-update spamdctl start qmailctl start
