Making Mailman3 work in a qmail + vpopmail server

May 16, 2024 by Roberto Puzzanghera 0 comments

Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content filtering, digest delivery, spam filters, and more.

Mailman is free software, distributed under the GNU General Public License, and written in the Python programming language.

Index

Patching qmail

May 16, 2024 by Roberto Puzzanghera 510 comments

For my convenience I moved the qmail sources to my github space. Nonetheless, all information about qmail and related programs will continue to be posted in this web space, and this pages remain the place to  eventually seek support. From now on, instead of releasing a combined patch for qmail, I'll release a package which is the result of the ancient netqmail-1.06 plus the patches and modifications listed below.

Changelog

WARNING: IF YOU ARE UPGRADING qmail AND YOU ARE USING A VERSION BEFORE 2024.01.11, BE AWARE THAT dk-filter HAS BEEN DROPPED, SO YOU HAVE TO RECONFIGURE DKIM AND MODIFY YOUR rc FILE ACCORDINGLY.

  • May 16, 2024
    - DKIM: Make the dkimsign binary _not_ derive the "d=" domain value from the Return-Path header (tx mpdude)
    - Fixed -Wstringop-overflow on qmail-start.c line 128 (gcc-13.2) (commit)
    - Fixed -Wincompatible-pointer-types compilation warnings onsubstdio.h (commit)
    - Big Concurrency fix patch removed, as it is incompatible with the above change.
    - Create a trigger to decide if your qmail-smtpd instance should respect badmailfrom regex or not. This could be very handling if you decide to have very strict rules for your qmail-smtpd that you don´t want to be applied to qmail-submission. Usage: add export DISABLE_BADMAILFROM=1 to run file service (tx brdelphus)
  • Feb 12, 2024
    - DKIM patch upgraded to v. 1.48
    * fixed minor bug using filterargs for local deliveries (commit)
    - Fixed several compilation warnings (commit)
    - Fixed incompatible redeclaration of library function 'log2' in qmail-send.c qsutil.c as showed by notqmail friends here
    - removed FILES, shar target from Makefile
  • Feb 6, 2024
    - DKIM patch upgraded to v. 1.47
    * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
  • Jan 20, 2024 (diff here)
    liberal-lf: bare LF are no longer allowed by default due to smuggling vulnerability CVE-2023-51765. Bare LF can be allowed by defining ALLOW_BARELF in the tcprules or in the run file.
  • Jan 15, 2024
    TLS patch by F. Vermeulen upgraded to version 20231230 (more info at https://inoa.net/qmail-tls/ tx Greg Bell for the patch)
    - support to openssl 3.0.11
  • Jan 11, 2024
    - dkim patch upgraded to version 1.46
    * dk-filter.sh has been dropped. If signing at qmail-remote level, before upgrading, you have to review the configuration.
    - The variables USE_FROM, USE_SENDER and DKIMDOMAIN have been dropped
    - when signing at qmail-remote level qmail-dkim now has to be called directly by spawn-filter in the rc file. man spawn-filter for more info
    - In case of bounces the signature will be automatically based on the from: field. This will solve issues of DMARC reject by google in case of sieve/vacation bounces.
    - In case of ordinary bounces (mailbox not found, for instance) the bounce domain will be taken from control/bouncehost and, if doesn't exist, from control/me
  • Dec 9, 2023
    - sources moved to github.

Setting up your firewall with fail2ban

May 1, 2024 by Roberto Puzzanghera 23 comments

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

I will show shortly how to install and configure fail2ban to ban malicious IPs, especially those related to the qmail-dnsrbl patch. This will avoid to be banned ourselves by spamhaus, which is free up to 100.000 queries per day.

fail2ban requires that you have a firewall as nftables or iptables active.

Changelog

  • May 1, 2024
    - fail2ban upgraded to v. 1.1.0 (changelog)
    * This version drops the python2 support
    * new fail2ban-client stats command returns statistic in form of table (jail, backend, found and banned counts)
  • Jul 15, 2023
    - the installation and the configuration has been revised in order to work on Debian, where python2 is missing (tx Gabriel Torres)
  • Nov 20, 2022
    - switched all actions to nftables, as it has now replaced iptables and fail2ban has support for it. Just replace "iptables" with "nftables" in your jails.
  • Nov 18, 2022
    - fail2ban upgraded to v. 1.0.2
    - jails now have a different action's declaration (iptables[type=multiport] instead of iptables-multiport[])
    - added a short note on how to configure the server with a network bridge

qmailadmin

March 27, 2024 by Roberto Puzzanghera 121 comments

qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.

As you can see, for convenience I moved the qmailadmin sources to my github space. Nonetheless, all information about qmailadmin will continue to be posted here, and this page remains the place to seek support if needed.

This qmailadmin puts togheter the original Inter7's 1.2.16 version with the following patches (updated to 2023.08.27 old patch version):

  • qmailadmin-skin, a patch that I created during covid-19 spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a style sheet in the "images" folder and a couple of png files for the qmail logo. It will be much easier to modify the qmailadmin's skin from now on.
  • A patch to call cracklib in order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456".
  • A nice patch (thanks to Tony, original author unknown) which gets qmailadmin to have authentication failures logged. This makes possible to ban malicious IPs via fail2ban. It is required to create the log file /var/log/qma-auth.log initially and assign write priviledges to apache.
  • ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with ezmlm-idx-7 (thanks to J.D. Trolinger for the advice).
  • a fix to the catchall account (thanks to Luca Franceschini).
  • another fix to autorespond.c to correct the way the .qmail files are modified

Roundcube webmail

February 14, 2024 by Roberto Puzzanghera 12 comments

Feb 12, 2024: Roundcube webmail bug now exploited in attacks. It is sufficient to update Roundcube to the latest version.


Roundcube is a full featured webmail with a nice interface.

Changelog

  • Gen 21, 2024
    RC upgraded to v. 1.6.6
    -new $config['imap_host'] variable
    -all my SMTP config options were stripped from my configuration file and I had to restore them
  • Jan 3, 2021
    disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.

Read the release note at https://github.com/roundcube/roundcubemail/blob/master/CHANGELOG.md for more info.

VqAdmin

January 19, 2024 by Roberto Puzzanghera 34 comments

vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.

As you can see, VqAdmin has a new version with a new skin, all my patches (with ALI's patch included) and a lot of work in polishing the code. I also solved all autotools and gcc compilation warnings and changed a couple of things in order to rebuild the HTML theme (have a look at the changelog for more details). As always, your contributions in the comments are welcome.

PS: the apache side has some modification as well.

Have fun!

Changelog

  • Mar 5, 2024
    - version 2.4.0 marked as stable
  • Jan 19, 2024
    - version 2.4.0-beta.2
     * fixed a buffer overflow in domain.c (tx Bai Borko)
     * solved -Wstringop-truncation warnings in domain.c and lang.c
  • Dec 21, 2023
    - 2.4.0-beta released
    - vqadmin moved to github
  • Jul 18, 2023
    patch updated
    - Italian translation file html/it updated, following the patch by Ali Erturk TURKER
    - the vqadmin source directory has been cleaned of unnececessary files
  • Feb 18, 2023
    Added Ali Erturk TURKER's patch to my combo. Original patch here

Installing and configuring vpopmail

January 11, 2024 by Roberto Puzzanghera 126 comments

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

Update as of December 11, 2023

Thanks to TLK Games guys at https://github.com/brunonymous/vpopmail we have a new vpopmail-5.6.0 version. They did a huge job merging together the old vpopmail-5.4.33 version with many patches that can be found around the net, my combo included. More importantly, they polished and corrected the code and added several features that you can see in the changelog.

From now on, I'll no longer release a new patch but I'll pull a request there, where you can get the released package.

For any request concerning my patches, this page remains the place where to find more information and ask for support. If you want to contribute to the code of my patches, you can send it here in a comment or post a PR in my github space (we don't want to bother our french friends with issues concerning my patch, ok?).

Changelog

Complete changelog

  • Jan 11, 2024
    - vmysql.c: allow the insertion of a second valias row with the same alias/domain when vpopmail is configured with --enable-defaultdelivery and --enable-valias
    - bug fix in mysql.h: wrong definition of VALIAS_TABLE_LAYOUT as it was looking for DEFAULTDELIVERY definition instead of DEFAULT_DELIVERY. This bug was preventing the correct auto creation of the valias table in MySQL
    - configure.ac: solved all autoconf warnings
  • Dec 11, 2023
    - patch merged with github/brunonymous
    - vpopmail-5.6.0 released (read the upgrading notes)
  • Nov 11, 2023
    - defaultdelivery patch: vmakedotqmail won't create users' .qmail if control/defaultdelivery already has vdelivermail.
  • Oct 23, 2023
    - defaultdelivery patch: .qmail file won't be created if control/defaultdelivery already has vdelivermail

  • Sep 5, 2023
    - changed configuration option --enable-logging=e (was p). Now failed attempts will be logged with no password shown.
  • Aug 27, 2023
    - new combined patch. More info here
    * The logic of the defaultdelivery patch/feature has been revised. If configured with --enable-defauldelivery vpopmail will save control/defauldelivery in the user's .qmail and vdelivermail LDA in the domain's .qmail-default file. This will achieve multiple benefits: you have qmail forwards and sieve together and valias available. The valias table schema was changed as well.

Source code moved to github

December 11, 2023 by Roberto Puzzanghera 0 comments

For my work convenience, I moved the source code of daemontools, qmail, vpopmail, qmailadmin simscan and VqAdmin to github. From now on, instead of releasing new patches of those programs I'll publish a package there. Nonetheless this web space remains the place where to find more information and ask for support. You'll notice that issues on my github spaces are disabled because I prefer to centralize the discussions here.

vpopmail will be grabbed from https://github.com/brunonymous/vpopmail. They did a huge job releasing a new vpopmail version with many patches, mine included. More importantly, they polished and corrected the code and added several features that you can see in the changelog.

GitHub logo

Recent comments
Recent posts

RSS feeds