Dovecot vpopmail-auth driver removal

March 17, 2020 Roberto Puzzanghera 6 comments

Those who are still using the Dovecot's vpopmail auth driver should consider a migration to the sql driver, as on March 17 the Dovecot Team announced its removal possibly as soon as the v2.3.11 will be released. See here for additional info about obsolete feature removal.

Comments' new filter in place. Please report issues

March 11, 2020 Roberto Puzzanghera 0 comments

These days I'm forced at home and I've found the time to improve the filter against undesired comments.

Please report any issue dropping me an email if your comments are rejected.

Roberto

Installing Dovecot and sieve on a vpopmail + qmail server

February 24, 2020 Roberto Puzzanghera 65 comments

• Overview
• Installing
• Configuring
• Download my dovecot's config files
• dovecot.conf
• 10-auth.conf
• auth-sql.conf.ext
• 10-director.conf
• 10-logging.conf
• Logrotate
• 10-mail.conf
• 10-master.conf
• 10-ssl.conf
• 15-lda.conf
• 15-mailboxes.conf
• 20-imap.conf
• 20-lmtp.conf
• 20-pop3.conf
• 90-plugin.conf
• 90-quota.conf

Overview

• Info: http://www.dovecot.org/
• Documentation: http://wiki2.dovecot.org
• Mail Server overview: http://wiki2.dovecot.org/MailServerOverview
• Download: http://www.dovecot.org/releases/2.3/
• Version: dovecot-2.3.9.3

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.

Installing and configuring Spamassassin

February 11, 2020 Roberto Puzzanghera 24 comments

• Info: http://spamassassin.apache.org/
• Docs: http://spamassassin.apache.org/full/3.4.x/doc/
• Latest version: 3.4.4
• Download: http://spamassassin.apache.org/downloads.cgi

SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox.

read more

Patching qmail

January 11, 2020 Roberto Puzzanghera 267 comments

• Latest stable combined patch for netqmail-1.06 v. 2020.01.11 (MD5)

Changelog

The complete changelog and patch info are inside the README.PATCH file.

• 2020.01.11
  -qmail-tls patch updated to v. 20200107
  * working client cert authentication with TLSv1.3
• 2019.12.08
  -BUG qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na)
• 2019.08.07
  - a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
  * BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
  * CHKUSER_ENABLE_ALIAS_DEFAULT, CHKUSER_VAUTH_OPEN_CALL and CHKUSER_DISABLE_VARIABLE are now defined in chkuser_settings.h
  * Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
• 2019.07.12
  - qmail-channels patch added
  more info here http://www.thesmbexchange.com/eng/qmail-channels_patch.html
  - improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here
• 2019.06.19
  - DKIM patch updated to v. 1.26
  * BUG - honor body length tag in verification
• 2019.05.24
  - qmail-tls patch updated to v. 20190517
  * bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
• 2019.05.23
  - DKIM patch updated to v. 1.25
  * SIGSEGV - when the txt data for domainkeys is very large exposed a bug in the way realloc() was used incorrectly.
  * On 32 bit systems, variable defined as time_t overflows. Now qmail-dkim will skip expiry check in such conditions.
• 2019.04.25
  * bug fixed on qmail-smtpd.c: it was selecting the wrong openssl version on line 2331 (tx ChangHo.Na)
• 2019.04.09
  - qmail-tls patch updated to v. 20190408
  * make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
  * compiler warnings on char * casts (Kai Peter)
• 2019.04.03
  -libdomainkeys patch updated (tx Manvendra Banghui)
• 2019.03.22
  - fixed a bug causing crashes of qmail-remote when using openssl-1.1 (tx Luca Franceschini)
• 2019.02.27
  - port to openssl-1.1
  - DKIM patch updated to v. 1.24
  * bug fix: restored signaturedomains/nosignaturedomains functionalities.

Roundcube plugins

November 22, 2019 Roberto Puzzanghera 12 comments

• Official repository: http://plugins.roundcube.net/

My enabled plugins are (at the moment):

• password, which is already included in the plugins folder
• managesieve, which writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.
• SpamAssassin-User-Prefs-SQL, which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
• markasjunk. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
• rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
• Context Menu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
• autologon. Autologin from external Site e.g. (CMS, Portal ...)
• logout_redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
• newmail_notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
• carddav. CardDav client. You can sync your addressbook against a CardDav server like nextcloud or SoGO.
• enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format

To enable a plugin you have to include it in $config['plugins'] in such a way

$config['plugins'] = array(
        'password',
        'managesieve',
        'sauserprefs',
        'markasjunk',
        'rcguard',
        'contextmenu',
        'newmail_notifier',
        'carddav',
        'enigma'
 );

read more

Roundcube webmail

November 22, 2019 Roberto Puzzanghera 7 comments

• Info: http://roundcube.net
• Version: 1.4.1
• Requires: php>=5.4

Roundcube is a full featured webmail with a nice interface.

read more

Setting DMARC filter in Spamassassin

September 18, 2019 Roberto Puzzanghera 0 comments

• Thanks to Iulian for the hint. This is a link to his page
• Take a look here for further DMARC solutions for qmail
• MXtoolbox: verifying your DMARC record

You can use Spamassassin to apply a DMARC filter by means of the AskDNS plugin. Just add the following to your local.cf:

ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/
askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/
askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=reject;/

meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_REJECT
score DMARC_REJECT 10
meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_QUAR
score DMARC_QUAR 5
meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_NONE
score DMARC_NONE 0.1
endif # Mail::SpamAssassin::Plugin::AskDNS

Migrating from Linux-VServer to LXC (Slackware)

September 11, 2019 Roberto Puzzanghera 0 comments

Tired of the nightmares of remotely compiling the kernel with Linux-VServer, a software that I'm pleased with despite of some lack of documentation, these days I was playing with LXC, which is included and supported by Slackware and for which the Linux kernel doesn't need any patching because it already embeds the hacks for LXC containers.

To convert an existing Linux-VServer container in a (eventually unprivileged) LXC container you can follow these steps. I assume that you already know  how to create an LXC container; in case you are interested in unprivileged containers take a look to the excellent Chris Willing's guide (a big thanks to him) linked below.

More info:

• Linux-VServer
• LXC
• Installing Linux-VServer on Slackware
• Chris Willing's guide to LXC unprivileged containers on Slackware

smtp-auth + qmail-tls + forcetls patch for qmail

June 28, 2019 Roberto Puzzanghera 79 comments

• Download (MD5)
• Version: 2019.06.28

Changelog

• 2019.06.28
  - qmail-tls patch updated to v. 20190517
  * bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
• 2019-04-17
  - qmail-tls patch updated to v. 20190408
  * make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
  * compiler warnings on char * casts (Kai Peter)
• 2019-03-12
  * openssl-1.1 port

I have put into a package the latest version of the following patches for netqmail-1.06.

• 1
• 2
• Next