October 28, 2020 Roberto Puzzanghera0 comments
modified the spamassassin's DMARC rule. Now it passes emails with one between DKIM and SPF valid, according to RFC7489 (tx Marcel Veldhuizen and Iulian for the hints)
rcptcheck-overlimit.sh: bug fix (tx Tony Fung)
spamassassin/DMARC: corrected the askDNS rule as it was not triggering the reject in the event that only one of DKIM or SPF failed (tx A F)
qmailadmin: minor adjustments to the skin patch
dovecot: upgraded to v. 126.96.36.199
dovecot-pigeonhole: upgraded to v. 0.5.11
Roundcube: upgrade to v. 1.4.8
- new qmailadmin skin/combined patch released:
mod_user.html: added the "value" attribute to the name/gecos input tag (tx Pablo Murillo)
- simscan: upgraded to v. 1.4.1
- several clarifications in the simscan page;
- revised the ripMIME installation as the dev version of the program is now downloaded from github, to solve complation breaks.
- new combined patch
* dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui).
- new combined patch
* added a fix for cve-2005-1513 (tx C for the hint)
- spamassassin: added Razor2, Pyzor, Spamcop configuration
- Roundcube/markasjunk plugin has now info about the
cmd_learn and the
(tx Gabriel Torres)
Roundcube/password plugin: added a patch to make it work in combination with cracklib, to enforce password strenght (tx Tony Fung)
Roundcube: upgrade to v. 1.4.5
new qmailadmin skin/combined patch released
* patched qmailadmin to provide a new responsive skin for the control panel.
* combined patch released
* added qmailadmin-cracklib patch to enforce password complexity
* pwd-strenght patch removed
-combined patch updated
* qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca)
- new combined patch: qmail-remote-logging patch added (more info here)
- new combined patch: DKIM patch updated to v. 1.28
* outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
* declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
- DKIM configuration: added UNSIGNED_SUBJECT variable to the run files, which can be useful to declare if one wants to allow messages without the sign of the subject
dovecot: added the autoexpunge setting in 15-mailbox.conf. The expunge via cronjob in not needed anymore
vqAdmin: fixed a problem which was preventing the patch to be applied (tx Marco Varanda)
dovecot: modified 10-master.conf to set up stats' service priviledges and correct an error which appeared in qmail-send
table spamassassin.txrep modified as the column "count" was renamed (tx Tony Fung).
queue-repair.py: applied a patch to make the program python3 compliant (tx Tony Fung)
dovecot-sql.conf.ext: adjusted the user_query string to get compatibility with mariadb-10.3 (tx Tony Fung)
- new combined patch: qmail-tls patch updated to v. 20200107
* working client cert authentication with TLSv1.3
spamassassin: upgraded to v. 3.4.3
- big patch updated
* qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na)
- domainkeys script improved: it now manages 2048 bit long key (tx Tatsuya Yokota)
dovecot: upgraded to v. 2.3.8
dovecot-pigeonhole: upgraded to v. 0.5.8
Roundcube: upgraded to v. 1.4.1 (mobile responsive skin released!)
Roundcube plugins: updated
spamassassin: added a page concerning TxRep and another one concerning DMARC filter
dovecot: now the SQL user_query retrieves the quota as well (tx Alexandre Fonceca, more info here)
- a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
* BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
* CHKUSER_ENABLE_ALIAS_DEFAULT, CHKUSER_VAUTH_OPEN_CALL and CHKUSER_DISABLE_VARIABLE are now defined in chkuser_settings.h
* Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
- qmail-channels patch added
more info here http://www.thesmbexchange.com/eng/qmail-channels_patch.html
- improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here.
- DKIM patch updated to v. 1.26
* BUG - honor body length tag in verification
- qmail-tls patch updated to v. 20190517
* bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
- DKIM patch updated to v. 1.25
* SIGSEGV - when the txt data for domainkeys is very large exposed a bug in the way realloc() was used incorrectly.
* On 32 bit systems, variable defined as time_t overflows. Now qmail-dkim will skip expiry check in such conditions.
* bug fixed on qmail-smtpd.c: it was selecting the wrong openssl version on line 2331 (tx ChangHo.Na)
- qmail-tls patch updated to v. 20190408
* make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
* compiler warnings on char * casts (Kai Peter)
- libdomainkeys patch updated (tx Manvendra Banghui)
- new qmail combined patch: fixed a bug causing crashes of qmail-remote when using openssl-1.1 (tx Luca Franceschini)
- port to openssl-1.1
- DKIM patch updated to v. 1.24
* bug fix: restored signaturedomains/nosignaturedomains functionalities.
simscan: patch updated (tx Pablo Murillo)
vQadmin: some adjustments into apache config and it's working again under apache-2.4 (tx Erald)
fail2ban upgraded to v. 0.10.4
spamassassin upgraded to v. 3.4.2
-DKIM patch updated to v. 1.23
* fixed a bug where including round brackets in the From: field ouside the double quotes (From: "Name Surname (My Company)" <firstname.lastname@example.org>) results in a DKIMContext structure invalid error (tx Mirko Buffoni).
* qmail-dkim and dkim were issuing a failure for emails which had multiple signature with at least one good signature. Now qmail-dkim and dkim will issue a success if at least one good signature is found.
-logging patch updated to v. 5
* fixed a bugin logit and logit2 functions where a RSET command and a subsequent brutal quit of the smtp conversation ^] by the client cause a segfault (tx Mirko Buffoni, more info here)
ezmlm-web: Ricardo Brisighelli sent me two patches which solves compilation breaks with gcc-7
-clamav updated to v. 0.100.0
-added a patch to daemontools to extend the log file size limit to 100MB (tx Sam Tang)
-qmailctl script updated (tx Sam Tang)
* "qmailctl stat" now shows something like "0 days, 00 hours 16 mins"
* can assign another service which related qmail for monitoring, like dovecot, clamd, freshclam...
* change "up" and "down" to green and red color.
-DKIM patch updated to v. 1.22
* openssl 1.1.0 port
* various improvements, bug fixes
added a new page to explain how to install a letsencrypt certificate for qmail and dovecot here
clamav updated to v. 0.99.3 (bug fix, tx to Bob Greco)
== combined patch updated
* fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here and here.
* removed, because it was causing more problems than advantages, as the domain of the email@example.com had to match the system's domain inside control/me and can't be a virtual domain at the same time.
== dovecot: upgraded to v. 2.3.0
== dovecot-pigeonhole: upgraded to v. 0.5.0.1
new patch arrived (tx Luca Franceschini)
-qlogfix (diff here)
* log strings should terminate with \n to avoid trailing ^M using splogger
* bug reporting custom errors from qmail-queue in qlog
-added dnscname patch
-added rcptcheck patch
added rcptcheck-overlimit.sh (tx Luca Franceschini)
added a page about rcptcheck-overlimit.sh usage
Roundcube upgraded to v. 1.3.1. The enigma plugin requires Crypt_GPG-1.6.2
-fail2ban: the qmail-smtpd.conf filter has been simplyfied and is now based on the "qlogenvelope" lines
-combined patch updated: qmail-smtpd now retains authentication upon rset (tx to Andreas)
-roundcube upgraded to v. 1.3.0
Combined patch updated:
DKIM patch updated to v. 1.20
It now manages long TXT records, avoiding the rejection of some hotmail.com messages.
-ucspi-tcp6 upgraded to v. 1.04 (some bug fixes http://www.fehcom.de/ipnet/ucspi-tcp6.html)
-Several new patches and improvements added (thanks to Luca Franceschini)
More info here http://notes.sagredo.eu/node/178
simscan: bug fix and new combined patch (thanks to Bob Greco, more info here)
-fixed BUG in qmail-remote.c: in case of remote server who doesn't allow EHLO the response for an alternative
HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
Patch applied: http://notes.sagredo.eu/files/qmail/patches/fix_sagredo_remotehelo.patch
-big patch updated: qmail-tls patch updated to v. 20160918
* bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
* bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
qmailadmin: added the ezmlm-idx 7 compatibility patch
ucspi-tcp6 upgraded to v. 1.02
-roundcube: added enigma plugin
-roundcube upgraded to v. 1.2.0. All plugins updated as well
-force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
the STARTTLS command was not sent by the client
-combined patch updated
* dkim patch updated to v. 1.19: verification will not fail when a dkim signature does not include the subject provided that the UNSIGNED_SUBJECT environment variable is declared. More info here.
-removed the line "
DKIMKEY=/var/qmail/control/domainkeys/%/default" from the qmail
rc config file, as
DKIMKEY is actually ignored by
dk-filter, which will look for the key in that location by default. Use
DKIMSIGN instead to define yor domainkey location (thanks to Steffen for the hint)
-qmail-tls updated to v. 20151215
* typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
* add ECDH to qmail-smtpd
* increase size of RSA and DH pregenerated keys to 2048 bits
* qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
more info here
-roundcube upgraded to v. 1.1.4 (security fixes, more info here)
-DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
qmail-submission/run modified: SMTPAUTH="!" to enable the submission feature (auth required). Now incoming msg can be received only on standard 25 port
-fail2ban upgraded to v. 0.9.3
-new combiend patch released: qmail-authentication updated to v. 0.8.3
dovecot: the user query on the auth is now able to manage
pop3/imap/webmail vpopmail limits (thanks to Arturo Blanco)
vQadmin: combined patch released
-fixed a bug on
qmail-remote.c that was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
qmailadmin: added a patch to log auth failures (thanks to Tony)
fail2ban: added a filter against
qmailadmin log failures
spamassassin: upgraded to v. 3.4.1?
qmailadmin: added a patch to check the password strenght
-combined patch updated:
--qmail-authentication: upgraded to v. 0.8.2
--qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
-combined patch updated: added qmail-empf patch
the home page graphic of qmailadmin has copyright issues as shown here (thanks to Marc for the hint)
roundcube: upgraded to v. 1.1.0. All plugins have been upgraded as well
roundcube: added carddav plugin
combined patch updated:
-the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian)
combined patch updated:
-modified the QUEUE_EXTRA variable in
extra.h to record the Message-ID in the
qmail-send's log (thanks to Simone for the hint). Look here for details.
simscan has been improved with the jms patch. The work dir is mounted as a ramdisk now
qmail-smtp.conf filter updated to look for GREETDELAY lines
SSLv3 disabled on
dovecot because of security reasons (more info here)
dovecot upgraded to v.
dovecot upgraded to v.
dovecot-pigeonhole upgraded to v. 0.4.3
the global sieve folder was moved to
roundcube upgraded to v. 1.0.3.
roundcube-auth filter to
roundcube upgraded to v. 1.0.2. Fixed some errors in the relative page, as sometime the
$config variable was still
$rcmail_config as in the past, and all the config files are now merged into config.inc.php (thanks to Otto)
the log rotation of
qmail is managed by the jms' https://qmail.jms1.net/scripts/convert-multilog. Thanks to Marc for the suggestion
added a page concerning fail2ban setup
clamav upgraded to v. 0.98.3
roundcube upgraded to v. 1.0.1
ezmlm-idx upgraded to v. 7.2.2
qmailadmin recompiled against
ezmlm-idx upgraded to v. 7.2.0
Bruce Guenter has released a new version of
ezmlm-idx, getting the program to be compliant with the Yahoo DMARC Policy Change. You have to recompile
ezmlm as well.
combined patch updated:
qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified
roundcube upgraded to v. 1.0.0
combined patch updated:
qmail-smtpd-liberal-lf patch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
spamassassin upgraded to v. 3.4.0
roundcube upgraded to v. 1.0-rc. Plugins have been upgraded as well
ucspi-tcp6 upgraded to v. 1.00: fixed problems when compiling with C99 compilers
combined patch updated:
-added qmail-SRS patch. You must install libsrs2 now.
-the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
combined patch updated (more info here):
-added qmail-date-localtime patch
-added qmail-hide-ip patch
-the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now communications trying to send commands before the greeting will be closed. Premature disconnections will be logged as well. More info here
-modified the configuration of qmail-smtpd and qmail-submission according to the new greetdelay patch
-updated the page concerning greetdelay
-CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like )
-chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
-added qmail-moreipme patch
-added qmail-dnsbl patch (more info here)
-added a page concerning qmail-dnsbl patch
added two patches to my combined patch to make qmail rfc2821 compliant
any-to-cname patch added to the combined patch
Added two contributions by Costel Balta:
-how to avoid to be "cut off" from spamhaus.org (read here)
-adding the foxhole db to clamav (on the bottom of the clamav page)
-DKIM patch upgraded to v. 1.17. Defined -DHAVE_SHA_256 while compiling dkimverify.cpp in the Makefile. This solved an issue while verifying signatures using sha256.
Minor fixes to the DKIM patch
-new combined patch released. The DKIM patch has been upgraded to v. 1.16; the signing at qmail-remote level has been revised by its author.
-I added notes about qmail-remote signing in the DKIM page of this guide.
-the domainkey program now gives ownership of the domainkey to qmailr, which runs qmail-remote
-qmail-qmqpc.c call to timeoutconn() needed a correction because the function signature was modified by the
outgoingip patch. Thanks to Robbie Walker
(diff file here http://notes.sagredo.eu/files/qmail/patches/qmail-qmqpc.diff)
ucspi-tcp6: upgraded to v. 0.99. The current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you install his modified qmail-spf patch (my combined patch already has this adjustment to spf).
Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from http://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/
-big patch updated: fixed a bug in hier.c which caused the installation not to build properly the queue/todo dir structure (thanks to Scott Ramshaw)
-DKIM-SURBL patch by Manvendra Bhangui updated to v. 1.14
-added a page about SURBL configuration
-DKIM patch upgraded to v. 1.12. The new patch adds surblfilter functionality.
-added qmail-smtpd pid, qp log patch
-qmail-SPF modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant. In order to have it working with such addresses you have to patch tcpserver.c accordingly. You can use a patch fot ucspi-tcp6-0.98 by Manvendra Bhangui at http://notes.sagredo.eu/files/qmail/patches/tcpserver-ipv6mapped_ipv4.patch or wait for v. 0.99 relase of ucspi-tcp6
-added outgoingip patch
-added qmail-bounce patch
dovecot: upgraded to v. 2.2.2
Roundcube: upgraded to v. 0.9.1
-dovecot-pigeonhole: upgraded to stable 0.4.0 version
-dovecot: upgraded to v. 2.2.1 The configuration has been modified to use the sql/mysql driver in place of the vpopmail one; the password is now sended in plain text
-dovecot-pigeonhole: upgraded to latest development version
-RoundCube: imap_auth_type has been set to NULL to send the password in plain text and make dovecot's auth happy
-the dovecot's expunge shell script was simplyfied. Using the sql driver solved all issues of the old vpopmail backend related to the missing iteration feature.
Roundcube: upgraded to v. 0.9.0
All rc plugins have been updated as well
new combined patch: qmail-auth updated to latest v. 0.8.1 Added authentication by recipient domain for qmail-remote. Look at README.auth for further details
new combined patch: some code adjustments in qmail-smtpd.c smtpd_ehlo() to restore total compatibility with esmtp-size patch
new combined patch: qmail-auth has been updated to the latest v. 0.7.6. Look at README.auth for further details
ucspi-tpc6: updated to v. 0.98
- 2013.01.28 new combined patch released: fixed an issue on qmail-pop3d which was causing a double +OK after the pass command (thanks to Rakesh, Orbit and Simplex for helping in testing and troubleshooting)
- 2013.01.27 ucspi-tpc6: updated to v. 0.97
- 2013.01.06 ucspi-tpc6 0.96 by E.Hoffmann replace the ucspi-tcp 0.88 by DJB. It provides IPv6 and rblsmtpd greetdelay support
combined patch modified. The variable GREETDELAY was renamed to SMTPD_GREETDELAY just to avoid conflicts with the GREETDELAY variable inside rblsmtpd
qmail-smtpd/run file modified accordingly
- 2012.11.14 Roundcube: upgraded to v. 0.8.4
- 2012.11.10 Roundcube: upgraded to v. 0.8.3. Autologon plugin: modified
- 2012-10-31 new combined patch: qmail-auth has been updated to the latest v. 0.7.5. Look at README.auth for further details
The qmail-forcetls patch was simplyfied accordingly.
- 2012.10.25 vpopmail: upgraded to v. 5.4.33 (now marked as stable). Be aware that you have to recompile netqmail, qmailadmin and vqadmin as well.
qmailadmin: upgraded to v. 1.2.16
- 2012.10.19 Roundcube: added context menu, autologon and logout_redirect plugins
- 2012.10.18 Roundcube: upgraded to v. 0.8.2
dovecot: upgraded to v. 2.1.10
dovecot-pigeonhole: upgraded to v.0.3.3
- 2012.10.10 fixed vQadmin 'invalid language' issue (see vQadmin page for details http://notes.sagredo.eu/node/26)
- 2012.09.19 ClamAV: upgraded to v. 0.97.6
- 2012.09.04 zipdownload Roundcube's plugin: modified to gain compatibility to v. 0.8.1 (thanks to taki)
- 2012.08.31 Roundcube: upgraded to v. 0.8.1
dovecot: upgraded to v. 2.1.9
- 2012.08.07 Roundcube: upgraded to v. 0.8.0
- 2012.05.26 dovecot-pigeonhole: upgraded to v 0.3.1
dovecot: upgraded to v. 2.1.6
- 2012-04-25 new combined patch: added qmail-remote CRLF (thanks to Pierre Lauriente for the help on testing and troubleshooting)
The qmail-remote CRLF patch solved a problem of broken headers after sieve forwarding that was caused by a bad handling of the CR (carriage return) by qmail-remote. The issue is also reported here http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
- 2012.04.16 new combined patch: added qmail-tap
- 2012.03.19 the syntax of the
qmail section of this guide has been revised (a big thanks to Dave Martin)
dovecot: upgraded to v. 2.1.1
The configuration files have been updated: the most important change was the location of the
auth_socket_path variable inside 10-mail.conf
dovecot: upgraded to v. 2.1.0
dovecot-pigeonhole: upgraded to v.0.3.0
esmtp-size patch added to my combined patch
- 2012.01.29: New combined patch released: added
Roundcube: updated to v. 0.7.1. All plugins have been updated to latest version as well.
dnsbl.sorbs.org is not on my RBL examples anymore, as it proved to be a bad list. It's rejecting gmail's IPs and also confusing the IP of my own server as dynamic.
- 2011.12.12 New combined patch released.
update_tmprsadh modified to chown the
.pem files to
vpopmail to avoid hang-ups during the
smtp conversation on port 587 caused by permission problems.
- 2011.10.06 New combined patch released.
qmail-remote.c: fixed. It was not going into tls on authentication (thanks to Krzysztof Gajdemski)
force-tls now quits if the
starttls command is not provided when required (thanks to Jacekalex)
Dovecot: upgraded to v. 2.0.15
dovecot-pigeonhole: upgraded to v . 0.2.4
ICU: upgraded to v. 4.8.1
RoundCube: upgraded to v. 0.6. All plugins have been updated to latest version
RoundCube: upgraded to v. 0.5.4 (security fix)
- 2011.07.27 Big patch updated. My
force-tls patch allows the management of
CRAM-MD5 variables in the run file, so that there's no need to recompile each time anymore.
I also added the "
qmail-inject-null-sender" patch by Stéphane Cottin, which addresses a bug on
- 2011.07.23 The configuration of
dovecot was updated to allow
maildir++ (thanks to Nicolas) on files
- 2011.07.15 The combined patch has been updated: an issue which caused the compilation's break down of
qmail on 64b platforms has been fixed
- 2011.07.03 Added support for
rblsmtpd. Added a page about the greetdelay patch.
- 2011.06.28 New combined patch released. Added
big-todo patches, which adress the "silly qmail syndrome" on big servers.
rblsmtpd patched for
Spamassassin: updated to v. 3.3.2
Roundcube: updated to v. 0.5.3 (2 important bug fixes)
Dovecot: added a page concerning the purging of expired emails from Trash/Junk
RoundCube: updated to v. 0.5.2. Updated almost all
roundcube's plugin to latest version.
- 2011.05.17 Added Luca Morettoni's
dovecot-pigeonhole v.0.2.3 upgrade
- 2011.04.06 Vermulen's
TLS patch updated (security fix, see http://www.kb.cert.org/vuls/id/555316).
New qmail combined patch released.
- 2011.02.25 Added
DKIM patch and related page
- 2010.12.12 first release of this guide and related
Pay me a coffee: