Patching qmail

January 31, 2023 Roberto Puzzanghera 394 comments

Changelog

  • Jan 31,2023
    -bug fix in qmail-smtpd.c. 4096 bit RSA key cannot be open (tx Ali Erturk TURKER)
  • Jan 1, 2023
    -bug fix in dk-filter. It was calling a non existent function (tx Andreas).
    More info here
  • Dec 17, 2022
    -chkuser receipt check won't be disabled for RELAYCLIENT
    * CHKUSER_DISABLE_VARIABLE commented out from chkuser_settings.h
    diff here
  • Oct 1, 2022
    -dkim patch updated to v. 1.30
    * bug fix: it was returning an error in case of domains with no key.
  • Sep 28, 2022
    -dkim patch updated to v. 1.29 (tx M. Bhangui and Computerism for troubleshooting)
    * Custom selector via new control file /var/qmail/control/dkimkeys. More info here
  • May 22, 2022
    "qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
    -improved a couple of read_failed error messages
  • Feb 26, 2022
    -added REJECTNULLSENDERS environment variable (diff)
  • Feb 13, 2022
    -fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier (only openssl-1.1). (diff here)
  • Jan 17, 2022
    -now qmail-smtpd logs rejections when the client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
    -added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
    diff here
  • Dec 19, 2021
    -added qmail-spp patch

e-mail indexing with Solr FTS Engine

January 4, 2023 Roberto Puzzanghera 0 comments

Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.

Upgrading to version 9.1.0

Before starting check that your java is at least at version 11.

Download version 9.1.0:

wget https://www.apache.org/dyn/closer.lua/solr/solr/9.1.0/solr-9.1.0.tgz?action=download -O solr-9.1.0.tgz

Then stop your Solr server and run the upgrade with the -f (upgrade) and -n (do not start the server when finished) options:

tar xzf solr-9.1.0.tgz solr-9.1.0/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-9.1.0.tgz -f -n

Slackware users will have to do:

wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh
chmod +x install_solr_slackware.sh
./install_solr_slackware.sh solr-9.1.0.tgz -f -n

Now download and install the new schema and configuration files for Dovecot

cd /var/solr/data/dovecot/conf
rm -f schema.xml managed-schema solrconfig.xml
wget https://notes.sagredo.eu/files/qmail/solr/schema-9.1.0.xml     -O schema.xml
wget https://notes.sagredo.eu/files/qmail/solr/solrconfig-9.1.0.xml -O solrconfig.xml
chown solr:solr solrconfig.xml schema.xml

The new configuration file replaces LRUCache with CaffeineCache and changes the location of the .jar libraries (diff here).

Configure your /etc/default/solr.in.sh file, as many options are changed. Then restart the Solr server.

Finally upgrade the indexes (edit the downloaded script to insert your Dovecot password)

wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh
chmod +x solr_rescan_index.sh
chown root:root solr_rescan_index.sh
chmod o-wrx solr_rescan_index.sh

./solr_rescan_index.sh
Stopping Dovecot 
. 
<?xml version="1.0" encoding="UTF-8"?> 
<response> 

<lst name="responseHeader"> 
 <int name="status">0</int> 
 <int name="QTime">20</int> 
</lst> 
</response> 
Starting Dovecot.

If the script does not return errors (status=0) you are ok. If you get errors, double check the Authorization and the Solr's dovecot user credentials.

Installing ClamAV

January 1, 2023 Roberto Puzzanghera 8 comments

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Upgrading to v. 1.0.0

Version 1.0.0 of ClamAV requires the Rust environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust package and then install a new version in this way:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH. If something went wrong, add it by yourself to your profile:

export PATH:$PATH:/root/.cargo/bin

If one day you want to uninstall this Rust installation, because the package is available in your distro, you can do like this:

rustup self uninstall

Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.

cd /usr/local/etc
mv clamd.conf clamd.conf.105
mv clamd.conf.sample clamd.conf
mv freshclam.conf freshclam.conf.105
mv freshclam.conf.sample freshclam.conf

You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have 

LogRotate yes

in your config files.

Migrating spamassassin to version 4.0

December 27, 2022 Roberto Puzzanghera 0 comments

Install spamassassin v. 4

SA v.4 DMARC plugin requires Mail::DMARC::PurePerl, while DecodeShortURLs requires DBD::SQLite ( or DBD::MariaDB or DBD::mysql), so it's better to install them before the upgrade:

perl -MCPAN -e shell
cpan> force notest install Mail::DMARC::PurePerl DBD::SQLite
cpan> quit

Stop qmail and spamd and then upgrade spamassassin, run sa-update and restart the services: 

qmailctl stop
spamdctl stop

perl -MCPAN -e shell
cpan> force notest install Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2
cpan> quit

sa-update
spamdctl start
qmailctl start