simscan

August 4, 2020 Roberto Puzzanghera 44 comments

Simscan is a simple program that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation so the processing load on the email system is kept to a minimum.

Combined patch details

Version 1.4.1 is a fork of the original simscan by Inter7. The sources have been polished and modernized a bit and contain a number of bug fixes and patches, including almost all the patches by jms (the only missing one is the "debug" patch which we will apply below) and the bug fix by Gustavo Castro that I had in my previous bundle of patches. Therefore the new patch simply adds the following:

  • the jms "debug" patch, to improve the debugging of simscan on qmail-smtpd log;
  • a bug fix by Bob Greco where a received message with multiple 'local' recipients executes spamc as null user and not as the user extracted from the first local recipient.

read more

Patching qmail

July 29, 2020 Roberto Puzzanghera 280 comments

Changelog

The complete changelog and patch info are inside the README.PATCH file.

  • 2020.07.29
    -dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui).
  • 2020.07.27
    -added a fix for CVE-2005-2513 (tx C)
  • 2020.04.25
    -qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca)
  • 2020.04.16
    -qmail-remote-logging patch added (more info here)
  • 2020.04.10
    -DKIM patch updated to v. 1.28
    * outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
    * declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
  • 2020.01.11
    -qmail-tls patch updated to v. 20200107
    * working client cert authentication with TLSv1.3
  • 2019.12.08
    -BUG qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na)
  • 2019.08.07
    - a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
    * BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
    * CHKUSER_ENABLE_ALIAS_DEFAULT, CHKUSER_VAUTH_OPEN_CALL and CHKUSER_DISABLE_VARIABLE are now defined in chkuser_settings.h
    * Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
  • 2019.07.12
    - qmail-channels patch added
    more info here http://www.thesmbexchange.com/eng/qmail-channels_patch.html
    - improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here

read more

Roundcube plugins

July 16, 2020 Roberto Puzzanghera 22 comments

UPDATE as of Jul 15: markasjunk plugin has now info about the cmd_learn and multi_driver drivers

My enabled plugins are (at the moment):

  • password, which is already included in the plugins folder
  • managesieve, which writes sieve scripts to filter the incoming mails (reject, move to specific folders etc.). Note that in order to use it you must have Dovecot managesieve enabled.
  • SpamAssassin-User-Prefs-SQL, which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
  • markasjunk. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
  • rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
  • Context Menu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
  • autologon. Autologin from external Site e.g. (CMS, Portal ...)
  • logout_redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
  • newmail_notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
  • carddav. CardDav client. You can sync your addressbook against a CardDav server like nextcloud or SoGO.
  • enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format

read more

Installing and configuring Spamassassin

July 15, 2020 Roberto Puzzanghera 25 comments

SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox.

UPDATE as of Jul 15: added Razor2Pyzor and Spamcop configuration (thanks to Gabriel Torres for the hint).

read more

qmailadmin

May 22, 2020 Roberto Puzzanghera 43 comments

qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.

Combined patch details

  • qmailadmin-skin, a patch that I created during coronavirus spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a stylesheet style.ccs in the images folder and png files for the qmail logo.
  • patch to call cracklib in order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456".
  • A patch (thanks to Tony, original author unknown) which gets qmailadmin to have authentication failures logged. This makes possibile to ban malicious IPs via fail2ban. It is required to create the log file /var/log/qma-auth.log initially and assign write priviledges to apache.
  • ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with ezmlm-idx-7 (thanks to J.D. Trolinger for the advice).
  • a fix to the catchall account (thanks to Luca Franceschini).
  • another fix to autorespond.c to correct the way .qmail files are modified

Changelog

  • 2020.05.22
    - mod_user.html: removed the "required" attribute on password field, to allow modifications with no password change

 

read more

Dovecot vpopmail-auth driver removal

March 17, 2020 Roberto Puzzanghera 6 comments

Those who are still using the Dovecot's vpopmail auth driver should consider a migration to the sql driver, as on March 17 the Dovecot Team announced its removal possibly as soon as the v2.3.11 will be released. See here for additional info about obsolete feature removal.

read more

Comments' new filter in place. Please report issues

March 11, 2020 Roberto Puzzanghera 0 comments

These days I'm forced at home and I've found the time to improve the filter against undesired comments.

Please report any issue dropping me an email if your comments are rejected.

Roberto

read more

Configuring DKIM for qmail

April 10, 2020 Roberto Puzzanghera 136 comments

This note concerns the DKIM patch embedded in my combined patch (more info here). This topic is advanced and you can skip it at the beginning.

DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature.

read more
qmail notes

General notes

daemontools

ucspi-tcp6

qmail

vpopmail

Patching

Configuring

Testing

autorespond

ezmlm-idx

qmailadmin

Add-ons

RBL

Greetdelay

tcprules

SPF

DKIM

SURBL

Limiting per user/domain/IP outgoing emails

qmail-taps-extended

moreipme

qmHandle

queue-repair

vQadmin

ezmlm-browse

ezmlm-web

rblsmtpd

qmail-rblchk

Dovecot

Running

Testing

Filtering

Expunging

vpopmail-auth driver removal

Roundcube

Plugins

Spamassassin

Userprefs

TxRep and Bayesean

DMARC

ClamAV

simscan

Testing

fail2ban

Installing a valid SSL certificate

Need help?

ChangeLog

Pay me a coffee:

PayPal - The safer, easier way to pay online.

Other contents

Linux-VServer on Slackware

Migrating from Linux-VServer to LXC (Slackware)

Running two php on the same server

rsync backup via ssh

Securing proftpd

Installing mariaDB

Setting up MySQL

SEO friendly URLs with apache mod_rewrite

Building your ownCloud

Building your own mozilla-sync server

Setting up Tex on Mediawiki

Slackware RSS feeds

English
Italiano
Recent comments

simscan 1.4.1
August 4, 2020 10:12

dovecot mail delivery
August 3, 2020 19:54

dovecot mail delivery
August 3, 2020 19:17

dovecot mail delivery
August 3, 2020 18:26

dovecot mail delivery
August 3, 2020 17:54

dovecot mail delivery
August 3, 2020 17:18

dovecot mail delivery
August 3, 2020 16:52

Access denied on textfile2
August 3, 2020 15:00

dovecot mail delivery
August 3, 2020 14:44

dovecot mail delivery
August 3, 2020 14:29

Tags

apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin

Recent posts

ChangeLog

simscan

Patching qmail

ClamAV

Installing and configuring vpopmail

Roundcube plugins

Installing and configuring Spamassassin

Roundcube webmail

Configuring qmail

Spamassassin userprefs & SQL

RSS feeds