Patching qmail

October 2, 2022 Roberto Puzzanghera 386 comments

Changelog

  • 2022.10.01
    -dkim patch updated to v. 1.30
    * bug fix: it was returning an error in case of domains with no key.
  • Sep 28, 2022
    -dkim patch updated to v. 1.29 (tx M. Bhangui and Computerism for troubleshooting)
    * Custom selector via new control file /var/qmail/control/dkimkeys. More info here
  • May 22, 2022
    "qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
    -improved a couple of read_failed error messages
  • Feb 26, 2022
    -added REJECTNULLSENDERS environment variable (diff)
  • Feb 13, 2022
    -fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier (only openssl-1.1). (diff here)
  • Jan 17, 2022
    -now qmail-smtpd logs rejections when the client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
    -added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
    diff here
  • Dec 19, 2021
    -added qmail-spp patch

Configuring DKIM for qmail

October 2, 2022 Roberto Puzzanghera 156 comments

This note concerns the DKIM patch embedded in my combined patch (more info here). This topic is advanced and you can skip it at the beginning.

DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature.

Roundcube webmail

September 28, 2022 Roberto Puzzanghera 7 comments

Roundcube is a full featured webmail with a nice interface.

Changelog

  • Sep 28, 2022
    RC upgraded to v. 1.6.0
    -new $config['imap_host'] variable
    -all my SMTP config option were stripped from my configuration file and I had to restore them
  • Gen 3, 2021
    disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.

qmailadmin

September 11, 2022 Roberto Puzzanghera 89 comments

qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.

Combined patch details

  • qmailadmin-skin, a patch that I created during covid-19 spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a stylesheet style.css in the images folder and a couple of png files for the qmail logo. It should be much easier to modify the qmailadmin's skin from now on.
  • A patch to call cracklib in order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456".
  • A nice patch (thanks to Tony, original author unknown) which gets qmailadmin to have authentication failures logged. This makes possible to ban malicious IPs via fail2ban. It is required to create the log file /var/log/qma-auth.log initially and assign write priviledges to apache.
  • ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with ezmlm-idx-7 (thanks to J.D. Trolinger for the advice).
  • a fix to the catchall account (thanks to Luca Franceschini).
  • another fix to autorespond.c to correct the way .qmail files are modified