Greylisting for qmail
February 11, 2022 Roberto Puzzanghera 7 comments
Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.
While greylisting is not effective as in the past, it still cut a certain fraction of the total spam.
qmail-spp greylisting
plugin
I introduce here how greylisting
can be implemented on qmail
by means of another qmail-spp plugin, which saves the data in MySQL
. Having the data in MySQL
is useful to measure how much spam is blocked by greylisting
.
- More info here
- Author: Manuel Mausz
Dovecot vpopmail-auth driver removal. Migrating to the SQL driver
March 9, 2021 Roberto Puzzanghera 40 comments
Those who are still using the Dovecot
's vpopmail
auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13
was released and the vpopmail
auth driver removed (more info here).
I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail
table and with one table for each domain (--disable-many-domains
). You can find how to setup the driver in this page. A short reference to vpopmail
's vconvert
program is presented toward the bottom of this page, in case one is planning to switch to sql.
If you browse the comments below you'll find some other nice solutions to replace the vpopmail
driver:
- Tyler Simpkin posted his auth.lua file (enhanced by Rick Richards to work with encrypted passwords)
- Laurent Bercot posted a solution based on passwd-file driver
- Pablo Murillo improved the sql password_query to work with one table for each domain
- erdgeist showed how to convert cdb accounts to postgres
Saving vpopmail
's aliasdomains
to MySQL
As some commentators have pointed out, switching to the dovecot
's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot
aware of the vpopmail
's aliasdomains
, so that a user who tries to login with a domain alias can pass the authentication.
The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL
table, for example:
MariaDB [vpopmail]> SELECT * FROM aliasdomains; +----------------------+----------------------+ | alias | domain | +----------------------+----------------------+ | alias.net | realdomain.net | +----------------------+----------------------+
...and then modify the dovecot
's sql
query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail
table otherwise.
I patched vpopmail
so that it will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain
/vdeldomain
vpopmail
's programs.
Patching qmail
May 22, 2022 Roberto Puzzanghera 379 comments
- Latest stable combined patch for netqmail-1.06 v. 2022.05.22 (MD5)
- Changelog
- Readme
Changelog
- May 22, 2022
"qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
-improved a couple of read_failed error messages - Feb 26, 2022
-added REJECTNULLSENDERS environment variable (diff) - Feb 13, 2022
-fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier (only openssl-1.1). (diff here) - Jan 17, 2022
-now qmail-smtpd logs rejections when the client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
-added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
diff here - Dec 19, 2021
-added qmail-spp patch
Running OpenBoard in a window
May 10, 2021 Roberto Puzzanghera 13 comments
- OpenBoard home page
- Download my patch
- Github
- Github discussion
- Slackbuild (Slackware users)
These days I'm forced again to do lessons from remote. My school asked me to refer to Google Meet
for the videoconferences and one thing I disliked was the Jam
interactive whiteboard, which is completely inadequate for scientific subjects. On the other hand OpenBoard, my favourite board tool that I successfully use with Zoom
, seemed not to be recognized as an application to be shared, because it runs fullscreen.
After some googleing I found a patch from this guy (I big thank for his work!) which forces OpenBoard to run in a window, but at the cost of passing a variable at compilation time. I modified the logic of that patch so that a user can set how OpenBoard will run just modifying an option in the config file. The "run windowed" feature is disabled by default, so it will not bother those teachers who are already familiar with the interface, but it can be easily switched on by advanced users.