Patching qmail
March 18, 2023 Roberto Puzzanghera 413 comments
- Latest stable combined patch for netqmail-1.06 v. 2023.03.18 (MD5)
- Changelog
- Readme
Changelog
- Mar 18, 2023
- bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
- redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here - Mar 17, 2023
- Restoring the 2023.01.31 patch as a bug in the current version is under inspection - Mar 14, 2023
- The split_str() function in dknewkey was modified in order to work on debian 11 (tx J) - Mar 12, 2023
- The mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER) diff here - Mar 1, 2023
- added qmail-fastremote patch (tx Ali Erturk TURKER for the advise)
- qmail-remote CRLF removed (replaced by fastremote) - Feb 27, 2023
- Now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER) - Feb 24, 2023
- several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here - Feb 19, 2023
- dkim patch upgraded to v. 1.37
* ed25519 support (RFC 8463)
* old yahoo's domainkeys stuff removed (no longer need the libdomainkeys.a library)
Configuring DKIM for qmail
March 18, 2023 Roberto Puzzanghera 185 comments
This note concerns the DKIM
patch embedded in my combined patch (more info here). This topic is advanced and you can skip it at the beginning.
- Info: http://www.dkim.org/ - http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
- Author: Manvendra Bhangui
- Patch's version: 1.39
- Download: from SourceForge - local copy
- Changelog
- Mirko Buffoni did a slight modification here to allow to sign messages sent by authenticated users, and to verify all non authenticated ones.
DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature.
You are invited to take a look to the man pages starting from dkim(8) and spawn-filter(8).
Changelog
- Mar 18, 2023
- bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info) - Mar 14, 2023
- Thesplit_str()
function indknewkey
was modified in order to work on debian 11 (tx J) - Feb 19, 2023 (v. 1.37 upgrade)
-ed25519
support (RFC 8463)
- multiple signatures/selectors via the enhanced control/dkimkeys orDKIMSIGN
/DKIMSIGNEXTRA
/DKIMSIGNOPTIONS
DKIMSIGNOPTIONSEXTRA
variables
-domainkey
script replaced bydknewkey
in order to createed25519
keys andrsa
keys with 1024/2048/4096 bit
- dropped yahoo's domainkeys support (no longer need thelibdomainkeys.a
library)
- man pages revised and enhanced
- domainkeys directory moved to /var/qmail/control/domainkeys
- the documentation in this page has been revised. You can find how to sign with thersa
key together with theed25519
key below.
vQadmin
February 18, 2023 Roberto Puzzanghera 30 comments
- Info: http://www.inter7.com/vqadmin-sysadmin-webcontrol/
- Download (local copy): vqadmin-2.3.7
- Combined patch installed (v. 2023.02.18)
vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.
Changelog
- Feb 18, 2023
Added Ali Erturk TURKER's patch to my combo. Original patch here
Installing and configuring vpopmail
February 18, 2023 Roberto Puzzanghera 88 comments
- Inter7's original page
vpopmail
version: 5.4.33- Combined patch v. 2023.03.02
- Changelog
- More info here
- README.vdelivermail
Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.
The purpose of this note is to show how to use Mysql
as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP
, and creating web-based user interfaces to manage accounts.
Patch details
The patch we'll apply is the result of the following bunch of patches:
- sql-aliasdomains patch, which makes
vpopmail
save the aliasdomains toMySQL
. This makes thedovecot
sql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see thedovecot
page for more info). - defaultdelivery patch, which makes
vpopmail
to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the defaultvpopmail
's behaviour, wherevpopmail
copies its delivery agentvdelivermail
. You have to configure with--enable-defaultdelivery
to enable this.
If the functionality is disabled (--disable-defaultdelivery
, which is the default option)vdelivermail
is installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore. - dovecot-sql-procedures patch
If you want to use thedovecot
's sql auth driver with one table for each domain (--disable-many-domains
) you have to heavily customize your queries to the sql database. With this patchvpopmail
installs the sql procedures and functions in the database when you create a new domain. The procedures can be called bydovecot
to perform the auth.
The sql stuff supports aliasdomains andmysql
limits and will be loaded from~/vpopmail/etc/disable-many-domains_procedures.sql.
You can customize the sql procedure editing this file.
You have to configure with--enable-mysql-bin=PATH
as we have to install the procedures calling themysql
bin as a shell command (no way to load an sql query from a file in C language, comments welcome). - vusaged configure patch
It seems that at least on Debian 11vusaged
refuses to run the configure successfully, as themysql
libraries are not linked (configure: error: No vauth_getpw in libvpopmail
). After some inspection, I noticed that avoiding the break of the configure command, the following make command will findlibmysqlclient
and compile with no problems, and the program works as expected.
NB: anautoreconf -f -i
into thevusaged
directory is needed before configuring, as theconfigure.ac
script was modified. - recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
- vuserinfo-D_newline, a cosmetic patch which prints a new line to separate users' infos when typing "vuserinfo -D domain"
- gcc-10-compat patch, which gets vpopmail to compile with
gcc-10
- A fix to the following issues (patch by Ali Erturk TURKER):
- vdelivermail.c checks spamassassin permissions, instead of maildrop permissions.
- vopen_smtp_relay() return values corrected, so that open_smtp_relay() can detect and report database connection errors (vmysql.c, voracle.pc, vpgsql.c )
- vdel_limits() core-dumps if a database connection is not available beforehand. (vmysql.c, voracle.pc)