Patching qmail

August 25, 2018 Roberto Puzzanghera 178 comments

Changelog

The complete changelog and patch info are inside the README.PATCH file.

  • 2018.08.25
    -DKIM patch updated to v. 1.23
    * fixed a bug where including round brackets in the From: field ouside the double quotes (From: "Name Surname (My Company)" <name.surname@company.com>) results in a DKIMContext structure invalid error (tx Mirko Buffoni).
    * qmail-dkim and dkim were issuing a failure for emails which had multiple signature with at least one good signature. Now qmail-dkim and dkim will issue a success if at least one good signature is found.
  • 2018.08.23
    -logging patch updated to v. 5
    * fixed a bug in logit and logit2 functions where a RSET command and a subsequent brutal quit of the smtp conversation ^] by the client cause a segfault (tx Mirko Buffoni, more info here)
    -patch info moved to README.PATCH file
  • 2018.04.03
    -DKIM patch updated to v. 1.22
    * openssl 1.1.0 port
    * various improvements, bug fixes
  • 2018.01.10
    -maildir++
    * fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here.
    -qmail-queue-extra
    * removed, because it was causing more problems than advantages, as the domain of the log@yourdomain.tld had to match the system's domain inside control/me and can't be a virtual domain at the same time.
  • 2017-10-11 (tx Luca Franceschini)
    -qlogfix (diff here)
    * log strings should terminate with \n to avoid trailing ^M using splogger
    * bug reporting custom errors from qmail-queue in qlog
    -added dnscname patch
    -added rcptcheck patch
  • 2017-08-18
    -qmail-smtpd now retains authentication upon rset (tx to Andreas)
  • 2017-05-14
    -DKIM patch updated to v. 1.20
    It now manages long TXT records, avoiding the rejection of some hotmail.com messages.
  • 2016-12-19
    -Several new patches and improvements added (thanks to Luca Franceschini)
    More info here http://notes.sagredo.eu/varie-190/merry-xmas-and-happy-new-patch-178.html
    -qregex patch
    -brtlimit patch
    -validrcptto patch
    -rbl patch (updates qmail-dnsbl patch)
    -reject-relay-test patch
    -added DISABLETLS environment variable, useful if you want to disable TLS on a desired port
    -added FORCEAUTHMAILFROM environment variable to REQUIRE that authenticated user and 'mail from' are identical
    -fixed little bug in 'mail from' address handling (patch by Andre Opperman at http://qmail.cr.yp.narkive.com/kBry6GJl/bug-in-qmail-smtpd-c-addrparse-function)
    -added SMTPAUTHMETHOD, SMTPAUTHUSER and SMTP_AUTH_USER env variables for external plugins
    -qlog patch
    -reject null senders patch
    -qmail-taps-extended (updates qmail-tap)
  • 2016-12-02
    -fixed BUG in qmail-remote.c: in case of remote servers not allowing EHLO the response for an alternative HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
    Patch applied here
  • 2016-09-18
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matched (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)

read more

Installing a Let's Encrypt certificate for your qmail and dovecot servers

March 21, 2018 Roberto Puzzanghera 14 comments

More info:

Here is how to install and configure a valid certificate from Let's Encrypt for your qmail and dovecot servers. The installation will be done by certbot.

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.

read more

Installing Dovecot and sieve on a vpopmail + qmail server

March 21, 2018 Roberto Puzzanghera 48 comments

Overview

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.

read more

Sieve interpreter & Dovecot ManageSieve

January 10, 2018 Roberto Puzzanghera 31 comments

The Pigeonhole project provides Sieve support as a plugin for Dovecot's Local Delivery Agent (LDA) and also for its LMTP service. The plugin implements a Sieve interpreter, which filters incoming messages using a script specified in the Sieve language. The Sieve script is provided by the user and, using that Sieve script, the user can customize how incoming messages are handled. Messages can be delivered to specific folders, forwarded, rejected, discarded, etc.

Dovecot Managesieve Server is a service used to manage a user's Sieve script collection.

read more

Limiting the number of emails sent by a given auth-user/domain/IP

October 24, 2017 Roberto Puzzanghera 4 comments

If you want to avoid the risk of compromising your server because of accounts who are sending messages indiscriminately to the world, because their password was violated in some way, then you can take advantage of Luca Franceschini's rcptcheck-overlimit.sh script, which has to be used in conjunction with the rcptcheck patch (a patch derived by Luca himself from an original work of Jay Soffian).

Since in 2016 Luca has decided to merge his combo with my big patch, he is giving his personal contribution to it fixing bugs, adding new important patches and functionalities, often writing himself the code. The script shared here is just the last one and it's quite surprising (at least for me) to observe how many things are performed putting together just 20 lines.

read more

smtp-auth + qmail-tls + forcetls patch for qmail

August 18, 2017 Roberto Puzzanghera 73 comments

Changelog

  • 2017-08-18
    -qmail-smtpd now retains authentication upon rset (tx to Andreas)
  • 2016-09-19
    -qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-05-15 force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoid to write the auth verb if the STARTTLS command was not sent by the client
  • 2015-12-26 qmail-tls: updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  • 2015-10-05 qmail-authentication: updated to v. 0.8.3
  • 2015.08-24 fixed a bug on qmail-smtpd.c causing a double 250-STARTTLS, thanks to Andreas
  • 2015.08.08 fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting, thanks to Cristoph Grover

I have put into a package the latest version of the following patches for netqmail-1.06. You may be interested to the combined patch I have put together here.

read more

Slackware guest on Linux-Vserver

July 5, 2016 Roberto Puzzanghera 4 comments

Linux-Vserver is an open source software which acts as a virtual private server implementation done by adding operating system-level virtualization capabilities to the Linux kernel.

read more
qmail notes

General notes

daemontools

ucspi-tcp6

qmail

vpopmail

Patching

Configuring

Testing

autorespond

ezmlm-idx

qmailadmin

Add-ons

RBL

Greetdelay

tcprules

DKIM

SURBL

Limiting per user/domain/IP outgoing emails

Installing a valid SSL certificate

qmail-taps-extended

moreipme

qmHandle

queue-repair

vQadmin

ezmlm-browse

ezmlm-web

rblsmtpd

qmail-rblchk

Dovecot

Running

Testing

Filtering

Expunging

Roundcube

Plugins

Spamassassin

Userprefs

ClamAV

simscan

Testing

fail2ban

Need help?

ChangeLog

Pay me a coffee:

PayPal - The safer, easier way to pay online.

Other contents

Linux-vserver on Slackware

Running two php on the same server

rsync backup via ssh

Securing proftpd

Installing mariaDB

Setting up MySQL

SEO friendly URLs with apache mod_rewrite

Building your ownCloud

Building your own mozilla-sync server

Setting up Tex on Mediawiki

Slackware RSS feeds

English
Italiano
Recent comments

Thanks a lot. I found the same problem
December 8, 2018 14:10

Updated qmail-queue-custom-error.patch to work with netqmail-1.06
December 7, 2018 21:20

Access denied on textfile2
December 4, 2018 22:35

Access denied on textfile2
December 4, 2018 19:27

Access denied on textfile2
December 4, 2018 03:23

rcptcheck with starttls
December 3, 2018 21:27

rcptcheck with starttls
December 2, 2018 20:43

Dovecot vpopmail userdb and passdb without SQL backend.
December 2, 2018 12:55

Dovecot vpopmail userdb and passdb without SQL backend.
December 2, 2018 12:45

rcptcheck with starttls
November 30, 2018 14:13

Tags

apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin

Recent posts

Installing and configuring Spamassassin

Configuring DKIM for qmail

Patching qmail

ezmlm-web

ClamAV

autorespond

ucspi-tcp6

daemontools

Configuring qmail

ChangeLog

RSS feeds