April 26, 2023 Roberto Puzzanghera 423 comments
I have created a combined patch including the latest versions of several commonly-used qmail
patches:
[Follow the patch details here]
You're invited to take a look at the next page of this guide, which presents several tests for these patches toward the bottom of the page.
libsrs2
This library is a prerequisite of the SRS patch, which is part of my package. You must install this, otherwise the compilation will break.
wget http://www.libsrs2.org/srs/libsrs2-1.0.18.tar.gz tar xzf libsrs2-1.0.18.tar.gz cd libsrs2-1.0.18 ./configure make make install ldconfig cd ../
Be sure that libsrs2 is actually linked, otherwise you are going to have a qmail-send
infinite crash and finally an auto-DoS:
> ldconfig -p|grep libsrs2 libsrs2.so.0 (libc6,x86-64) => /usr/local/lib/libsrs2.so.0 libsrs2.so (libc6,x86-64) => /usr/local/lib/libsrs2.so
In case you decided to install the libsrs2
library by means of a package provided by your Linux distribution, you should check the path where the library was installed. Check if the file /usr/local/include/srs2.h
actually exists; if not you may have to modify the srs.c
in the netqmail
source directory as follows:
#include </usr/local/include/srs2.h>#include </usr/include/srs2.h>
wget https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/roberto-netqmail-1.06.patch-latest.gz cd netqmail-1.06 gunzip -c ../roberto-netqmail-1.06.patch-latest.gz | patch
The combined patch you downloaded has chkuser
enabled. It’s configured to perform recipient verification and MAV (Mail From: Address Verification).
You can customize your configuration by editing the chkuser_settings.h
file (in /usr/local/src/netqmail-1.06
) before compiling qmail
. In order to enable chkuser
, the following line must be uncommented:
#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"
Uncomment to enable the check of user and domain format for sender address. This will reject fake senders without any domain declared.
#define CHKUSER_SENDER_FORMAT
Uncomment to enable checking of domain MX for rcpt addresses
#define CHKUSER_RCPT_MX
Uncomment to enable checking of domain MX for sender address
#define CHKUSER_SENDER_MX
This enables usage of "#" and "+" characters within sender address. It is used by SRS (Sender Rewriting Scheme) products.
As far as my MTA is concerned, this solved an "invalid sender address format" reject message prompted by an email address of a mailman mailing list..
#define CHKUSER_ALLOW_SENDER_SRS
By default the authentication will be denied if the client does not provide the STARTTLS command. If you want to allow connections without TLS, just do
export FORCETLS=0
in your run file. Values other than 0 (or not declaring this variable at all) will force TLS before the authentication.
By default the auth is allowed with LOGIN or PLAIN mechanism. You are invited to look at the README.auth file for further details concerning the use of the SMTPAUTH environment variable, expecially if you want to use CRAM-MD5.
If this is a fresh installation for you compile qmail as follows:
make setup check
Then proceed to next paragraph (Creating an SSL key file), as the qmail configuration is presented in the next page.
Those who are upgrading and have qmail already running should stop qmail
before installing it:
qmailctl stop
The BIG-TODO patch included in my combined patch may require that your queue has to be rebuilt. So be aware that all existing messages in the queue will be destroyed when you erase the queue below.
To discover if your qmail
has messages in the queue:
> qmailctl stat qmail-smtpd: [ up ] (pid 5638) 4 day(s), 22:25:01 qmail-smtpd/log: [ up ] (pid 5642) 4 day(s), 22:25:01 qmail-smtpsd: [ up ] (pid 5662) 4 day(s), 22:25:01 qmail-smtpsd/log: [ up ] (pid 5663) 4 day(s), 22:25:01 qmail-submission: [ up ] (pid 5644) 4 day(s), 22:25:01 qmail-submission/log: [ up ] (pid 5641) 4 day(s), 22:25:01 qmail-send: [ up ] (pid 5664) 4 day(s), 22:25:01 qmail-send/log: [ up ] (pid 5665) 4 day(s), 22:25:01 vpopmaild: [ up ] (pid 5645) 4 day(s), 22:25:01 vpopmaild/log: [ up ] (pid 5660) 4 day(s), 22:25:01 vusaged: [ up ] (pid 5643) 4 day(s), 22:25:01 vusaged/log: [ up ] (pid 5661) 4 day(s), 22:25:01 messages in queue: 0 messages in queue but not yet preprocessed: 0
Only if this will be the first time you install the combined patch (which contains the BIG-TODO patch), you’ll need to rebuild the queue:
rm -r /var/qmail/queue
Now compile, install and restart qmail
:
make setup qmailctl start
To secure the smtp
authentication you must create the SSL certificate. The certificate must be owned by the user who runs qmail-smtpd
, vpopmail
in our case.
> make cert Generating a 1024 bit RSA private key ..................++++++ .......++++++ writing new private key to '/var/qmail/control/servercert.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Italy Locality Name (eg, city) []:Cagliari Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Name Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:smtp.yourdomain.net Email Address []:postmaster@yourdomain.net > make tmprsadh > chown vpopmail.vchkpw /var/qmail/control/*.pem
It is important that the “Common Name” matches the domain name that your email clients will specify as their SMTP server.
Now let’s create a cronjob to update the certificate every day:
> crontab -e 03 05 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1
Important: If you run qmail-submission
as a user other than vpopmail
, and you’re installing my combined patch, you must adjust /var/qmail/bin/update_tmprsadh
accordingly. Otherwise you’ll probably exceed the connection timeout due to privilege problems, and won’t be able to send messages when connected remotely.
When everything is working and under your control it will be the time to install a valid certificate from Let's Encrypt, following the page "Installing a valid SSL certificate".
It provides cram-md5, login, plain authentication support for qmail-smtpd (port 587) and qmail-remote.
Added FORCEAUTHMAILFROM environment variable to REQUIRE that authenticated user and 'mail from' are identical.
Added SMTPAUTHMETHOD, SMTPAUTHUSER and SMTP_AUTH_USER env variables for external plugins (see http://qmail-spp.sourceforge.net/doc/)
It implements TLS encrypted and authenticated SMTP between the MTAs and from MUA to MTA. I have adjusted the file update_tmprsadh
to chown
the .pem
files to vpopmail
, which runs qmail-smtpd
.
You may be interested to take a look to the page concerning smtp-auth
and TLS testing here.
optionally gets qmail to require TLS before authentication to improve security.
You have to declare FORCETLS=0 if you want to allow the auth without TLS
performs recipient verification and Mail From: Address Verification (MAV).
Small adjustments and a bug fix by Luca Franceschini here. Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
You may be interested to take a look to this page concerning chkuser testing.
Enables simscan and qmail-dkim to return the appropriate message for each e-mail that qmail refuses to deliver. Simscan rejects with the name of the virus or the spam-score; qmail-dkim rejects with the verification failure message.
It can check incoming mails inside the SMTP daemon, add Received-SPF lines and optionally block undesired transfers.
implements Sender Rewriting Scheme fixing SPF break upon email forwarding. To enable SRS read carefully the configuration instructions above.
This patch enables qmail
to handle large DNS packets.
rereads control/concurrencylocal and control/concurrencyremote files when qmail-send receives a HUP signal.
It sets the spawn limit above 255.
Fixes a compiler error if you set concurrency
higher than 509 in /usr/local/src/netqmail-1.06/conf-spawn
.
adds maildirquota support to qmail-pop3d and qmail-local.
Fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here.
Facilitates diagnosing qmail-smtpd
logging its actions and decisions (search for a line starting with qmail-smtp
:). This is useful for discovering fake IP addresses with bad HELO’s when qmail-smtpd
doesn’t log anything.
adds a user-definable delay after SMTP clients have initiated SMTP sessions, prior to qmail-smtpd responding with "220 ESMTP". It can reject connections from clients which tried to send commands before greeting. You can control the delay via the environment variable SMTPD_GREETDELAY
(was GREETDELAY in the original patch). A value of SMTPD_GREETDELAY=”30”
will delay qmail-smtpd
’s response for 30 seconds.
adds DKIM signing & verification support to qmail at both qmail-smtpd
and qmail-remote/local
level and SURBL filtering support to qmail.
The file hier.c modified to chown /var/qmail/control/cache and subdirs to vpopmail.
addresses a problem known as the silly qmail (queue) problem.
Makes qmail
use a hashing mechanism in the todo folder similar to that used in the rest of the queue.
Prevents qmail-inject
from rewriting the null sender, fixing an issue with sieve vacation/reject messages.
Prevents double bounces from hitting your queue a second time provided that you delete the first line from /var/qmail/control/doublebounceto
Provides the ability to archive each email that flows through the system. Archiving only messages from or to certain email addresses is possible as well.
By default all outgoing emails are sent through the first IP address on the interface. In case of a multiple IP server this patch makes qmail send outgoing emails with the IP eventually stored in control/outgoingip. The ehlo domain is NOT modified by this patch.
makes qmail rfc2821 compliant.
Ali Erturk TURKER added implicit TLS (SMTPS) support (patch here).
makes qmail rfc2821 compliant
allows you to reject spam and virus looking at the sender's ip address. Added a line to make qmail-smtpd log the reject reason as well as the envelope to facilitate diagnostics.
prevents a problem caused by an MX or other mail routing directive instructing qmail to connect to itself without realizing it's connecting to itself, saving CPU time.
It will hide your Private or Public IP in the email Headers when you are sending Mail as a Relay Client.
causes the various qmail programs to generate date stamps in the local timezone.
allows qmail-smtpd
to accept messages that are terminated with a single \n
instead of the required \r\n
sequence.
allows you to set a limit on how many recipients are specified for any one email message by setting control/maxrcpt
. RFC 2821 section 4.5.3.1 says that an MTA MUST allow at least 100 recipients for each message, since this is one of the favourite tricks of the spammer.
I slightly modified the patch also to log its response.
eMPF follows a set of administrator-defined rules describing who can message whom. With this, companies can segregate various parts of their organizations email activities, as well as provide a variety of security-enhancing services.
It's useful in case of spammed servers, to temporarily stop outgoing messages. It adds a line like this in your qmail-smtp
log:
2015-03-30 18:05:54.442596500 policy_check: remote someone@somewhere.xy -> local user@yourdomain.xy (UNAUTHENTICATED SENDER) 2015-03-30 18:05:54.442612500 policy_check: policy allows transmission
adds the ability to match address evelopes via Regular Expressions (REs) in the qmail-smtpd process.
Added new control file 'badhelonorelay
', control/badmailto
renamed control/badrcptto
(Tx Luca Franceschini).
adds control/brtlimit
and BRTLIMIT variable to limit max invalid recipient errors before closing the connection.
It works in conjunction with chkuser with both cdb and mysql accounts. Look here for details
It gets qmail to reject relay probes generated by so-called anti-spammers. These relay probes have '!', '%' and '@' in the local (username) part of the address.
Fixed a little bug in 'mail from' address handling (see the patch by Andre Opperman at http://qmail.cr.yp.narkive.com/kBry6GJl/bug-in-qmail-smtpd-c-addrparse-function)
smtpd logging with fixed format (note: 'size' field is evaluated only when control/databytes or DATABYTES are set. An entry 'qlogenvelope' is generated after accepting or rejecting every recipients in the envelope phase, example:
qlogenvelope: result=rejected code=553 reason=rblreject detail=b.barracudacentral.org helo=test.machine.it mailfrom=test@domain.com rcptto=test@pippo.com relay=no rcpthosts=yes size= authuser= authtype= encrypted= sslverified=no localip=15.15.15.15 localport=25 remoteip=14.143.30.83 remoteport=57502 remotehost= qp= id=39156 qlogenvelope: result=accepted code=250 reason=rcptto detail=chkuser helo=test mailfrom=test@test.com rcptto=test@pippo.com relay=no rcpthosts=yes size= authuser= authtype= encrypted= sslverified=no localip=15.15.15.15 localport=25 remoteip=12.181.218.154 remoteport=57742 remotehost= qp= pid=37357
an entry 'qlogreceived' is generated after DATA (message accepted o rejected by qmail-queue)
qlogreceived: result=accepted code=250 reason=queueaccept detail= helo=test.machine.it mailfrom=test@domain.com rcptto=test@gmail.com relay=yes rcpthosts= size= authuser=pippo@pippo.com,pluto@pippo.com authtype=login encrypted=tls sslverified=no localip=192.168.200.162 localport=25 remoteip=192.168.200.162 remoteport=52602 remotehost= qp=30982 pid=30980
useful in special cases if you temporarily need to reject the null sender (although breaks RFC compatibility). You just need to put 1 (actually any number different from 0) in your control/rejectnullsenders or define REJECTNULLSENDERS
to reject the null sender with 421 error message.
Removed dns_cname call in qmail-remote.c instead of changing the funcion in dns.c,in case another patch requires dns_cname(). Avoids qmail getting large amounts of DNS data we have no interest in and that may overflow our response buffer.
Avoids qmail getting large amounts of DNS data we have no interest in and that may overflow our response buffer.
Originally designed for the purpose of receipt validation, it can also be used to limit the number of email a given IP and/or auth-user and/or domain can send in a given time interval. It has to be used in conjuction with the rcptcheck-overlimit.sh LF's script.
Allows you to add an arbitrary number of supplemental remote queues, each distinguished by a list of recipient domains and separate throttling (concurrency) capabilities. This patch also allows dynamic throttling of the concurrency control files so you can just send qmail-send a HUP signal instead of restarting the service every time.
This patch is useful when some email provider complains of too many emails receveid at the same time (in case of news letters for instance).
Edit conf-channels before compiling: Total number of channels (queues) available for delivery. Must be at least 2, and anything above 2 are considered supplemental channels.
Gets qmail-remote
to log sender, recipient and IP adddress all together in the "Delivery success/failure" line
Here is the sample log lines:
@400000004b1bdd4d1f89d84c delivery 10: success: <From:owner-freebsd-current@freebsd.org_To:user@remotedomain.com>_193.140.X.X_accepted_message. /Remote_host_said:_250_ok_1260117440_qp_15626/ @400000004b1bdbb8191f1954 delivery 6: failure: <From:a@surgate.net_To:test323232@remoteserver.com>_212.252.x._does_not_like_recipient. /Remote_host_said:_550_non-existent_recipient/alici_bulunamadi/Giving_up_on_212.252.x.x/
addresses a vulnerability issue spotted by Georgi Guninski in 2005.
qmail-spp
provides plug-in support for qmail-smtpd
. It allows you to write external programs and use them to check SMTP
command argument validity. The plug-in can trigger several actions, like denying a command with an error message, logging data, adding a header and much more.
The qmail-spp
functionality is disabled by default, so that it will be transparent for ancient users of this patch. If you want to enable qmail-spp
just export the variable ENABLE_SPP
in your run file. Note that the variable NOSPP
is not available in this combined patch.
While sending individual messages with qmail consumes very little CPU, sending multiple large messages in parallel can effectively DoS a sender due to inefficiencies in qmail-remote's "blast" function. In its original form, this function scans the message one byte at a time to escape leading periods and newlines, as required by SMTP.
This patch modifies blast to scan the message in larger chunks. Tests show that the change reduces the CPU time consumed by qmail-remote by a factor of 10.
Thank you! for all the documentation, patches and support
May 26, 2023 08:42
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 15:25
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 07:46
DKIM_BAD_SYNTAX - signature error: DKIM-Signature could not parse or has bad tags/values
May 15, 2023 16:00
DKIM_BAD_SYNTAX - signature error: DKIM-Signature could not parse or has bad tags/values
May 15, 2023 15:30
DKIM_BAD_SYNTAX - signature error: DKIM-Signature could not parse or has bad tags/values
May 15, 2023 14:23
DKIM_BAD_SYNTAX - signature error: DKIM-Signature could not parse or has bad tags/values
May 15, 2023 14:16
DKIM_BAD_SYNTAX - signature error: DKIM-Signature could not parse or has bad tags/values
May 15, 2023 12:07
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin
Comments
Small modification
Radu March 29, 2023 07:55
Hello
Please modify the
with
Or save wget with latest .
Reply | Permalink
Small modification
Roberto Puzzanghera Radu March 29, 2023 12:34
Corrected. Thank you
Reply | Permalink
can not send email to special domain
Jacky March 26, 2023 07:46
Hi roberto puzzanghera
After applied the latest patch. I could not send email account with domain s--and--s.net
The error is "553 5.1.3 sorry, mailbox syntax not allowed ". I think 「--」 is not accepted.
Before updated the latest patch. I used 2022.05.22 patch.
Reply | Permalink
can not send email to special domain
Roberto Puzzanghera Jacky March 26, 2023 13:22
I cannot reproduce the issue. And I remember that we cured it here...
can you double check that you are actually applying the latest patch?
Reply | Permalink
can not send email to special domain
Jacky Roberto Puzzanghera March 26, 2023 19:29
hi roberto puzzanghera
Yes, I tried to compile again with the lastest patch. but the same is displayed.
In chkuser_settings.h , i uncommented 383 line and recomplied again everything is going well
Reply | Permalink
can not send email to special domain
Roberto Puzzanghera Jacky March 26, 2023 20:19
Do you have CHKUSER_SENDER_NOCHECK_VARIABLE defined as RELAYCLIENT?
Reply | Permalink
can not send email to special domain
Jacky Roberto Puzzanghera March 27, 2023 07:04
Yes ,I have #define CHKUSER_SENDER_NOCHECK_VARIABLE "RELAYCLIENT" in chkuser_settings.h too.
Reply | Permalink
can not send email to special domain
Roberto Puzzanghera Jacky March 27, 2023 11:06
Weird... This option would be sufficient to let RELAYCLIENT send even garbage in the domain syntax.
My tests work as expected. And if I disable RELAYCLIENT from tcprules mails with the double hyphen are sent anyway
Reply | Permalink
can not send email to special domain
Jacky Roberto Puzzanghera March 27, 2023 11:44
Thank you roberto puzzanghera
Now I can not figure out the problem. So I will run qmail with this setting.
Reply | Permalink
can not send email to special domain
Ali Erturk TURKER Jacky March 27, 2023 12:53
Hi Jacky
Unfortunately you are playing with the wrong knobs. Please undo what you did.
The patch Roberto mentioned previously corrected "check_sender_address_format()" function.
But you are bitten by "check_rcpt_address_format()" function.
Please search this function after patching, and comment out the lines below as follows:
Reply | Permalink
can not send email to special domain
Roberto Puzzanghera Ali Erturk TURKER March 27, 2023 14:44
Thanks Ali. Patch updated
Reply | Permalink
can not send email to special domain
Jacky Roberto Puzzanghera March 28, 2023 10:55
Hi roberto puzzanghera and Ali Erturk TURKER
Thank you very much!
I applied the latest patch. Everything is going well.
Appreciated
Reply | Permalink
STARTTLS/SMTPS AUTH header fix for qmail-smtpd
Ali Erturk TURKER March 12, 2023 12:19
Hi Roberto,
As you will see here the qmail-auth patch sets the protocol string as "ESMTPA", even though the user is authenticated via starttls/smtps. We need a patch like this to correct the headers generated by qmail-smtpd (which should cleanly apply on your combined patch). After the patch, the mail headers will change from "ESMTPA" to "ESMTPSA" and the
ssl_cipher used will be provided as follows:
Before patch:
After patch:
Feel free to test and share on your website.
Regards,
AET
Reply | Permalink
STARTTLS/SMTPS AUTH header fix for qmail-smtpd
Roberto Puzzanghera Ali Erturk TURKER March 12, 2023 13:33
Thank you, Ali. Added
Reply | Permalink
qmail-remote CRLF patch on steroids
Ali Erturk TURKER March 1, 2023 10:01
Hi Roberto,
Bruce Guenter (a qmail guru) has written a patch which offers the exact same functionality of your qmail-remote CRLF patch, while providing 10x less CPU usage for qmail-remote. He accomplishes this by reading the message in 4K chunks (instead of byte-by-byte) while substituting the control characters, and pushing the mail to the remote mail server.
That makes perfect sense, as almost all major filesystems in use today (ext4, btrfs, xfs) default to 4K blocksize.
I modified his patch so that it applies cleanly on your combined patch. Feel free to download from this link, test and share on your website.
Reply | Permalink
qmail-remote CRLF patch on steroids
Roberto Puzzanghera Ali Erturk TURKER March 1, 2023 15:59
Hi Ali, thanks for the advise. Patch added
Reply | Permalink
vpopmail needed?
Dimi February 28, 2023 20:59
Hi Roberto,
Thank you for putting together the combined patch that adds so many useful feature to netqmail-1.06.
Will the combine patch work without vpopmail? I would like to use it on servers where I do not have mysql and vpopmail installed.
Reply | Permalink
vpopmail needed?
Roberto Puzzanghera Dimi March 1, 2023 04:51
No, it has vpopmail as a prerequisite
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Ali Erturk TURKER February 27, 2023 09:51
Hi Robert
As you will see here, if the remote port is given as "465" in control/smtproutes file, qmail-remote automatically switches to implicit TLS ("SMTP over TLS" or "smtps"). I believe qmail-rfc2821 patch appeared before the qmail-tls support, therefore it does not cover implicit TLS (SMTPS) connections. Since I am a fan of implicit TLS connections myself, (due to STARTTLS MitM attacks), I created this patch. Feel free to test and share on your website.
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Roberto Puzzanghera Ali Erturk TURKER February 27, 2023 14:36
Do you think that it shoukd be like this?
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Ali Erturk TURKER Roberto Puzzanghera February 27, 2023 14:49
Hi Roberto,
I also removed 2 lines from tls_init() to move the connection checks to smtp() function,
to make the code consistent with the previous qmail-rfc2821 patch. Please check my patch again.
It should apply cleanly on your combined patch.
AET
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Roberto Puzzanghera Ali Erturk TURKER February 27, 2023 14:58
Yes, I see those other two lines removed.
But I don't understand why in your patched file this line
is no longer inside the if (tls_init())
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Anonymous Roberto Puzzanghera February 27, 2023 15:07
Hi Roberto,
Probably there is a misunderstanding. My patch does not replace the qmail-rfc2821 patch.
My patch should be applied on top of your latest combined patch (netqmail-1.06 v. 2023.02.24).
After patching, qmail-remote.c should look like this. Please check and let me know if you have any questions.
Regards
AET
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Roberto Puzzanghera Anonymous February 27, 2023 15:15
Exactly. What I don't understand is why that last
before your patch is inside the if (tls_init()) block
while after your patch it is outside the same block
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Anonymous Roberto Puzzanghera February 27, 2023 15:42
Hi Roberto
You are %1000000000000 right.
First I created the patch on my win10 machine and it's exactly how you suggested.
Then I manually created it again on my linux vm to rebase it on your combined patch, and screwed up.
I revised the patch , should be OK now.
Reply | Permalink
qmail-rfc2821 patch does not cover implicit TLS (SMTPS) connections.
Roberto Puzzanghera Anonymous February 27, 2023 16:17
Impossible not to have at least a bug when you develop on Windows :-)
Patch updated
Reply | Permalink
qregex patch needs to be corrected
Ali Erturk TURKER February 24, 2023 06:11
Hi Roberto
At some point in time, Luca Franceschini had renamed control/badmailto and control/badmailtonorelay files to control/badrcptto and control/badrcpttonorelay files in:
Unfortunately this patch overlooked these files, which still contain the old naming scheme.
The above files should also be updated accordingly.
Regards,
Ali Erturk TURKER
Reply | Permalink
qregex patch needs to be corrected
Roberto Puzzanghera Ali Erturk TURKER February 24, 2023 06:38
corrected. Thank you
Reply | Permalink
Timeout Log
Jacky November 15, 2022 00:53
Hi roberto puzzanghera
Today, I got many error in SMTP log.
Can you tell me the meaning of「reason=alarmtimeout 」 . And how can I tunning any qmail 's parameter to fix it ?
Reply | Permalink
Timeout Log
Roberto Puzzanghera Jacky November 16, 2022 10:40
Hi Jacky,
it is an error belonging to the timeoutread function of qmail-smtpd, which doesn't have any comment inside. It is triggered when the client does not provide some of the mandatory commands in time, such as helo, mailfrom, rcptto etc. When I have this error I can always see a missing helo, or a missing mailfrom or rcptto just like when the client didn't provide them in time. You can see that rcptto is empty also in your example.
I don't think that this is your server's renponsibility. Anyway you can try to increase the "timeoutsmtpd" time in your control/timeoutsmtpd if you have set it to a very short time interval. It defaults to 1200s (20 minutes), which is a very long time.
You can reproduce that logline by connecting to your server, not providing the helo or mailfrom or rcptto commands and letting the remote server close the connection after the timeout (of course it's better to shorten it modifying your control/timeoutsmtpd file).
Reply | Permalink
Timeout Log
Jacky Roberto Puzzanghera November 17, 2022 08:10
I increased timoutsmtpd to 600 second. Until now I did not get any alarmtimeout log anymore.
Thank you roberto puzzanghera
Reply | Permalink
Get size of message via environment variable
Jacky July 2, 2022 15:03
Hi roberto puzzanghera
I am trying to write a qmail-spp plugin to deny the message that over size limit of our partner mail server.
So can I get size of message via environment variable like TCPREMOTEHOST ?
Reply | Permalink
Get size of message via environment variable
Roberto Puzzanghera Jacky July 2, 2022 16:37
Hi,
I'm not sure that the environment variables visible for qmail-smtpd will be directly visible inside a qmail-spp program. You can see which variables you have in the readme file at point 5 https://notes.sagredo.eu/files/qmail/patches/qmail-spp/README. I don't recall if/where the size of the incoming message is stored, but you can easily print those variables to find out where it is.
Reply | Permalink
Get size of message via environment variable
Anonymous Roberto Puzzanghera July 6, 2022 07:00
Hi roberto puzzanghera
I will try to set enviroment MAILSIZE in qmail-smtpd.c
I have one more question. Is there limit maximum of allowed recipients(To,Cc or Bcc). I try to send 1000 recipients
but it does not work well
I dont set CHKUSER_RCPTLIMIT variable.
Reply | Permalink
Get size of message via environment variable
Roberto Puzzanghera Anonymous July 6, 2022 10:54
yes, look at the concurrencylocal and concurrencyremote config files (http://www.lifewithqmail.org/lwq.html#configuration)
edit: be sure not to have set limits here for that particular account https://notes.sagredo.eu/en/qmail-notes-185/limiting-the-number-of-emails-sent-by-a-given-auth-userdomainip-231.html
Reply | Permalink
incoming maximum number of recipients allowed
luchris May 31, 2022 03:53
Hi Roberto and all,
Recently one of my domains keep getting 550_5.5.3_sorry,_reached_maximum_number_of_recipients_allowed_in_one_session_(chkuser) when someone sent more than 20 recipients to them. How and where do i increase this limit?
Thank you
Reply | Permalink
incoming maximum number of recipients allowed
Roberto Puzzanghera luchris May 31, 2022 08:04
Hi, just edit control/concurrencyincoming and restart qmail
Reply | Permalink
qmail-smtpd: read failed (hang up before quit cmd)
Gabriel Torres May 22, 2022 16:32
Hi Roberto,
I see a lot of messages like this from time to time in the smptd log. I don't know if this is something we should worry about or it is normal and safe to ignore.
Thank you in advance!
Reply | Permalink
qmail-smtpd: read failed (hang up before quit cmd)
Roberto Puzzanghera Gabriel Torres May 23, 2022 15:17
I recorded a qmail-smtpd session just to be sure what that messages means:
It is an issue due to the fact that the client closed the connection unexpectedly without sending the quit command. Tecnically it is something that should not happen, so the read error.
PS often this happens after the client received a reject message from our qmail. I've just modified the error messages in the patch of may 22 from "hang up before quit cmd" to "client closed the connection before the quit command"
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Bruno Ribas May 13, 2022 15:30
Hello,
After apply the patch roberto-netqmail-1.06.patch-2022.02.13, i got this error:
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Roberto Puzzanghera Bruno Ribas May 13, 2022 15:35
Did you install libsrs2 first?
If yes please post the entire error string
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Anonymous Roberto Puzzanghera May 17, 2022 18:57
Thanks, I installed libsrs2 and the process advanced a little further, changing the error message:
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Roberto Puzzanghera Anonymous May 17, 2022 19:32
Can you provide the entire error string, please?
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Bruno Ribas Roberto Puzzanghera May 19, 2022 20:23
This is the complete output after I run the command 'make setup check'
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Roberto Puzzanghera Bruno Ribas May 19, 2022 20:33
did you installed openssl? which version?
can you post which version of gcc and which os you have?
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Bruno Ribas Roberto Puzzanghera May 23, 2022 17:52
OpenSSL Version:
OpenSSL 1.1.1n 15 Mar 2022
In 'gcc -v' the result is this:
And my OS is Debian 11.3
Reply | Permalink
Failed after apply roberto-netqmail-1.06.patch-2022.02.13
Roberto Puzzanghera Bruno Ribas May 23, 2022 18:45
ssl_err_str was defined around line 72 of qmail-remote.c, isn't it?
did you get any error during the patch process?
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky February 25, 2022 14:15
Hi roberto puzzanghera
In this qmail patch can I apply reject null senders only for special port (465 or 587) with environment variable ?
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 25, 2022 14:48
try this patch defining REJECTNULLSENDERS in your run file https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/roberto-netqmail-1.06.patch-2022.02.25.gz
let me know
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky Roberto Puzzanghera February 25, 2022 15:14
Hi roberto puzzanghera
Thank your patch.
After apply new patch I got this error below.
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 25, 2022 15:36
try downloading again now
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky Roberto Puzzanghera February 25, 2022 23:17
Hi roberto puzzanghera
Everything is fine. Thank you very much.
P/s: I think if add ipv6 support this patch is the best patch for qmail.
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 26, 2022 07:21
Yes, I think because this is the only maintained patch published on the internet!
Ipv6 would be great! Which patch are you testing?
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky Roberto Puzzanghera February 26, 2022 10:02
I tested this patch roberto-netqmail-1.06.patch-2022.02.25.gz
and implemented to one production server for workload test.
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 26, 2022 13:06
I'm not sure that ipv6 can work without patching the core of qmail...
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky Roberto Puzzanghera February 26, 2022 13:34
Exactly,
I just applied tcpserver for ipv6 only . incomming email is fine(RBL is not working well) ,
but outgoing does not work.
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 26, 2022 16:23
I guess that the rblsmtpd program by eh embedded in ucspi-tcp6 will work
I think that also at least spf and moreipme have to patched.
If you want to help, can you test the Manvendra's ipv6 patch here https://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/ against Saout's spf?
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Jacky Roberto Puzzanghera February 27, 2022 06:21
this patch with name dkim+spf+ipv6.patch-1.14.gz right?
If you need one machine with ipv6 let me know.
Reply | Permalink
Implement reject null senders patch only for port 465 or 587
Roberto Puzzanghera Jacky February 27, 2022 07:57
yes, this one. At a certain point Manvendra added ipv6 to the original dkim patch, but I've never found the time to add it to my patch.
I would install it on a vanilla qmail and test it as is. Then I would install the spf patch (https://notes.https://notes.sagredo.eu/files/qmail/patches/qmail-spf-rc5.patchsagredo.eu/files/qmail/patches/qmail-spf-rc5.patch) on top of it and test spf.
Thanks for the collaboration and for the possibility to use a machine of yours. This month I don't have free time because I have to migrate this server.
We can continue this discussion on ipv6 in private via mail if you like (contact button on the top of this page).
Reply | Permalink
not-qmail?
Ryan February 17, 2022 03:14
Hey Robert,
Long time reader, first time caller. Recently came across the not-qmail project (GH/not-qmail/not-qmail), from some former qmail users who went over to postfix and came back. Was wondering if you'd taken a look at their work, or if you think net-qmail is still the best base for qmail?
Reply | Permalink
not-qmail?
Roberto Puzzanghera Ryan February 17, 2022 09:57
Hi Ryan, certainly a combined patch based on the qmail legacy like mine can't represent the future of qmail and one day we'll have to look at some of those qmail successors like not-qmail. I've never played with not-qmail but I have a big respect for such an ambitious project, and the fact that it comes from qmail gurus like Manvendra Bhangui and the others sounds like a garantee for me. But, as their wishlist says, most common features still have to be implemented, so let's give them their time.
Nowadays, if I'd have to use in production a qmail successor, I'd rather consider Manvendra's indimail (it has everything) and Erwin Hoffmann's s/qmail (very active and complete)
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Jacky February 13, 2022 14:43
Hi roberto puzzanghera
I tried to apply newest patch combined patch for netqmail-1.06 v. 2022.02.10
but got some error below. Can you check it for me. is it displayed only on my server?
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Roberto Puzzanghera Jacky February 13, 2022 14:59
can you try with this one please? https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/roberto-netqmail-1.06.patch-2022.02.13.gz
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Roberto Puzzanghera Jacky February 13, 2022 14:48
Hi, which version of openssl do you have?
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Jacky Roberto Puzzanghera February 13, 2022 19:17
Hi,
I am using openssl version below. Is it old?
OpenSSL 1.0.2k-fips 26 Jan 2017
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Roberto Puzzanghera Jacky February 13, 2022 19:36
openssl is now at v. 1.1.
The patch that I linked above should solve your problem. Let me know.
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Jacky Roberto Puzzanghera February 14, 2022 11:13
Hi roberto puzzanghera
When i tried to apply the link you gave to me. I got some text below.
what should i do? Just enter to countinue?
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Roberto Puzzanghera Jacky February 14, 2022 11:40
Sorry, the patch that I uploaded yesterday is corrupted. Please download it again and retry
Reply | Permalink
Got error with netqmail-1.06 v. 2022.02.10
Jacky Roberto Puzzanghera February 15, 2022 00:42
Hi Roberto Puzzanghera
Thank you very much .
I applied new patch successfully.
Until now everything is good.
Reply | Permalink
qmail-smtp get 100% of CPU
Jacky January 23, 2022 14:54
Hi roberto puzzanghera
Yesterday, I updated the latest this patch. After that i faced the problem with qmail-smtpd process.
It made my CPU to 100% . Did you have the same issue? Do you have any advice for me to check my server?
Send and receive e-mail is ok.
Reply | Permalink
qmail-smtp get 100% of CPU
Roberto Puzzanghera Jacky January 23, 2022 15:19
Hi Jacky, no I don't have the same problem.
What do you have in the tcpserver: status line?
PS If I understand well, you are one of the most ancient commentators of this place :-)
Reply | Permalink
qmail-smtp get 100% of CPU
Jacky Roberto Puzzanghera January 23, 2022 16:24
Hi roberto puzzanghera
Thank you for your reply ! It is my qmail-smtpd in status line.
Reply | Permalink
qmail-smtp get 100% of CPU
Roberto Puzzanghera Jacky January 23, 2022 19:10
Are the servers' date and time correct?
Secondly, I would try to see what smtpd is doing with strace
Reply | Permalink
qmail-smtp get 100% of CPU
Jacky Roberto Puzzanghera January 24, 2022 02:01
Hi roberto puzzanghera
This is my strace qmail-smtpd. I used "strace -fp 24210" command. i
Reply | Permalink
qmail-smtp get 100% of CPU
Roberto Puzzanghera Jacky January 24, 2022 10:04
you have a TLS connection failure, I guess in your submission service. Can you check your TLS certificate state in this way
Reply | Permalink
qmail-smtp get 100% of CPU
Jacky Roberto Puzzanghera January 26, 2022 12:06
Hi roberto puzzanghera
Sorry for late reply .
I added recordio command before qmail-smtpd in config file to get more detail log. but no TLS error log .
I changed qmail-smtpd/run config [/usr/local/bin/softlimit -m 10000000]->][/usr/local/bin/softlimit -m 200000].
So after 2 days everything is ok. and my server 's cpu is sage now. I think softlimit is over-spec . Thank you for your kindly support.
I am still trying to get qmail using IPv6 . Have a nice day.
Reply | Permalink
qmail-smtp get 100% of CPU
Jacky Roberto Puzzanghera January 24, 2022 10:48
Here is command 's result on my server. I am using "SMTPD_GREETDELAY" for greeting delay too.
Maybe this make server resouce is higher than normal? I will remove SMTPD_GREETDELAY option.
Reply | Permalink
qmail-smtp get 100% of CPU
Roberto Puzzanghera Jacky January 24, 2022 11:19
No, greetdelay will not engage your cpu, just absorbs spammers' resources :-)
First of all consider an update of your openssl server or disable the connections with SSL 3.0, because of the POODLE vulberability. Anyway your certificate seems ok.
Can you check the logs (both smtpd and submission) and look for those "454 TLS connection failed"? Can you do
from remote, using the port that advertise STARTTLS?
Reply | Permalink
Problem of check sender email address with ~ character
Jacky January 5, 2022 07:08
Hi roberto
Today I faced the problem with WBErbxishu_citizen~micro_205_0_0@abc.com
When i remove [~] character everything is ok. So I wonder if we can add exception of [~] character in chckuser.
I checked patch is uncommented [~] character . But it does not work . Can you please check it ?
Reply | Permalink
Problem of check sender email address with ~ character
Roberto Puzzanghera Jacky January 5, 2022 08:08
Hi Jacky, WBErbxishu_citizen~micro_205_0_0@abc.com works here...
Reply | Permalink
Problem of check sender email address with ~ character
Jacky Roberto Puzzanghera January 5, 2022 09:30
Hi roberto
I deployed newest patch but it does not work for me.
do you have any advice for me.
Reply | Permalink
Problem of check sender email address with ~ character
Roberto Puzzanghera Jacky January 5, 2022 10:00
weird... it's seems like you're not using the same chkuser...
I would check the chkuser's source code in order to verify that you are using the same patch. Check these lines https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/2021.06.19_patch.diff
Did you restart qmail after last compile/install?
Reply | Permalink
Problem of check sender email address with ~ character
Anonymous Roberto Puzzanghera January 5, 2022 13:46
hi Roberto
Thank you for your advice.
I figured out my problem. This issue is in my qmail-smtp run config is still using old qmail-smtpd file . i am terribly sorry.
Thank you very much.
Reply | Permalink
Problem with latest patch
Adebola Ajiboye October 25, 2021 21:29
Hello Roberto
Thank you for your excellent work, time and support of this patch.
The latest patch builds fine. I can send outgoing mail. However, problems with vdelivermail leaves mail in the queue, perpetually deffered with database_down errors. Have spent a day troubleshooting this new build and could not locate the issue, hoping you can point me in the right direction.
Here is what I have:
I have double-checked all the usual suspects... queue looks good, brand new build anyways, still not sure what's missing here. Any pointers is much appreciated. Thank you.
Thank you very much.
Reply | Permalink
Problem with latest patch
Roberto Puzzanghera Adebola Ajiboye October 26, 2021 18:13
Hi, I had a look at the source code
it seems that it cannot connect to your mysql. So, double check your mysql connection/priviledges and your vpopmail/mysql configuration
Reply | Permalink
qmail outgoing ip with Ipv6 support
jacky August 27, 2021 21:02
Hi all,
I search "Ipv6" keyword on this page but can not find the answer.
So qmail can send email to other mail server with IPv6 support or not?
I use tcpserver daemon to run qmail.
Reply | Permalink
qmail outgoing ip with Ipv6 support
Roberto Puzzanghera jacky August 27, 2021 21:05
Not with this qmail patch.
Edit: Only ucspi-tcp6 is ipv6 ready
Reply | Permalink
qmail outgoing ip with Ipv6 support
Anonymous Roberto Puzzanghera August 27, 2021 22:16
Hi Roberto
I will install ucspi-tcp6 and try to send and receive with IPv6
Reply | Permalink
add qmail-spp to this patch
Jaky August 27, 2021 13:47
Sorry , anyone can help me install qmail-spp http://qmail-spp.sourceforge.net/doc/ with this patch?
Reply | Permalink
add qmail-spp to this patch
Roberto Puzzanghera Jaky August 27, 2021 17:58
Hi, it should be quite easy to add the patch that was built for the old Bill Shupp's combined patch. But you should do it by hand because the qmail-smtpd.c from Shupp's patch is very different from mine
Reply | Permalink
add qmail-spp to this patch
jacky Roberto Puzzanghera August 27, 2021 20:55
Hi Roberto ,
Thank you for your reply. I will try to add by hand .
Reply | Permalink
add qmail-spp to this patch
Roberto Puzzanghera jacky August 27, 2021 21:01
Remember that those two qmail-qpp files are new and can be copied from a vanilla qmail patched with the same patch.
Then you only have to take care of the makefile, which is easy to adjust, and qmail-smtpd.c, where you just have to put those new lines in the right place
Reply | Permalink
"TLS connect failed" on netqmail-tls 1.06.20110119_1
Andreas Bachmann July 8, 2021 14:34
Hi Roberto,
My qmail installation (netqmail-tls 1.06.20110119_1 over the FreeBSD ports) can't send mails to Microsoft (and others) anymore for a few month. qmail tries to send it for a week and then give up. I read that Microsoft (and others) rejects TLSv1.0 now and accepts only TLSv1.2.
I just checked the last FreeBSD port. It uses the latest Frederik Vermeulen's patch (https://inoa.net/qmail-tls/netqmail-1.06-tls-20200107.patch). But I couldn't find any version number like TLSv1.0, TLSv1.1, TLSv1.2, etc.
Reply | Permalink
TLS connect failed
Roberto Puzzanghera Andreas Bachmann July 8, 2021 18:31
I think that the latest version will work with all TLS versions, I just remember that the SSLv3 support was removed after POODLE was spotted, but I'm not sure. You should contact the author of the patch for further informations
Or you can install the latest tls patch and test the connection against microsoft using openssl as explained in this guide
Reply | Permalink
expanding allowed characters in mail adresses
Thomas June 18, 2021 19:33
Hi Roberto,
in the patch there are a range of characters that are allowed in the mail address. The CHKUSER_ALLOW_RCPT_CHAR_* variables are used in the functions check_sender_address_format and check_rcpt_address_format in chkuser.c.
Our server with your latest patch rejects mails because of the address includes slashes. I really have no idea why people are thinking this is a good idea :)
What do you think about either replace f.e. #define CHKUSER_ALLOW_RCPT_CHAR_9 '#' (because of '#' is also declared in the 2 functions ) or (my favorite) patch the 2 functions to declare the rest of the allowed characters?
As I understand the rfc the allowed characters are: !#$%&'*+-/=?^_`.{|}~
Regards Thomas
Reply | Permalink
expanding allowed characters in mail adresses
Roberto Puzzanghera Thomas June 18, 2021 20:34
Hi Thomas,
I think we can patch to define a CHKUSER_ALLOW_RCPT/SENDER_CHAR_11 for the slash character, so that those addresses will be allowed even when CHKUSER_ALLOW_RCPT_SRS is not defined. I'll do it in the following days.
Reply | Permalink
expanding allowed characters in mail adresses
Thomas Roberto Puzzanghera June 24, 2021 18:50
This will be good. I am awaiting your patch :)
Reply | Permalink
expanding allowed characters in mail adresses
Roberto Puzzanghera Thomas June 24, 2021 18:54
The patch is already in place ;)
Reply | Permalink
expanding allowed characters in mail adresses
Thomas Roberto Puzzanghera July 8, 2021 19:00
Oh. I did not realise this. Thank you :)
Reply | Permalink
RSA/DH keys
Eric Broch June 11, 2021 01:57
Hi Roberto,
I noticed the change of RSA/DH keys (rsa4096.pem/dh4096.pem) to length 4096 created by 'update_tmprsadh.sh', but the code has not changed, qmail-smtpd.c still only opens the rsa/dh pem files (below) of 2048 and 1024 length:
This may be a stupid question by how does qmail utilize these new keys?
Eric
Reply | Permalink
RSA/DH keys
Roberto Puzzanghera Eric Broch June 11, 2021 21:04
Hi Eric,
yes, you are right. Actually I'm not using the self signed cert and didn't realized the problem.
Reply | Permalink
RSA/DH keys
Ali Erturk TURKER Roberto Puzzanghera January 30, 2023 11:39
Hi Roberto,
Thanks for your great website. I really learn a lot from you.
In your combined patch, below code from "qmail-smpt.c" looks buggy, and may cause performance issues when using TLS.
The statement "if (keylen == 2048)" will always fail and an ephemeral key will be created on every request, instead of using the static one:
Reply | Permalink
RSA/DH keys
Roberto Puzzanghera Ali Erturk TURKER January 30, 2023 13:14
Hi Ali, thanks for your comment.
I don't remember much of that piece of code, but I see that it's different from the original tls patch here
I think it was changed when there was a request to icreasethe RSA key and DH parameters to 4096 bit.
Unfortunately I'm very busy these days and I can't play with this before a couple of weeks. If you already know how to correct this, please post your solution
Reply | Permalink
RSA/DH keys
Ali Erturk TURKER Roberto Puzzanghera January 30, 2023 17:00
Hi again Roberto,
If you consider the file it tries to open is named rsa4096.pem, "keylen == 2048" is meaningless there,
and this bug will cause the creation of a temporary key in every request, which is a bad thing (TM).
The fix is pretty straightforward (build tested):
Reply | Permalink
RSA/DH keys
Roberto Puzzanghera Ali Erturk TURKER January 30, 2023 17:06
Thank you. I'll correct as soon as possible
Reply | Permalink
Key too small
Anonymous March 19, 2021 08:51
Debian 10 after update openssl have error
Reply | Permalink
Key too small
Roberto Puzzanghera Anonymous March 19, 2021 20:36
which version of openssl? what do you have in your /etc/ssl/openssl.cnf -> default_bits? do you get the error if you put default_bits=2048?
Reply | Permalink
Key too small
Anonymous Roberto Puzzanghera March 20, 2021 18:22
yes i have
default_bits = 2048
Reply | Permalink
Key too small
Roberto Puzzanghera Anonymous March 20, 2021 18:27
What openssl version? Do you have any hint to exactly reproduce the issue?
Reply | Permalink
Key too small
Martin Sluka Roberto Puzzanghera October 1, 2022 07:18
This problem is caused by target domains which do not support current encryption standards.
Some current examples for such domains are foni.net or versanet.de.
You can use https://www.checktls.com/TestReceiver to find out if a certain domain is affected; in the test output you should then see something like this:
Of course the best way to solve this would be that the administrators of the target domain update their configuration. However, since we are currently experiencing this problem with a bunch of target domains since upgrading our system, I am currently looking for a workaround how we can still/again send e-mails to them encrypted until they have done so.
I find it interesting that sending an e-mail to these domains still works when I use "swaks -tls …" on the same system. But qmail refuses to talk to them. Any hints?
Or even:
Reply | Permalink
Key too small – Workaround
Martin Sluka Martin Sluka October 1, 2022 12:32
FYI: My current workaround is now:
I'm a bit afraid, however, that this might cause TLS problems with other target servers.
Reply | Permalink
Key too small – Workaround
Roberto Puzzanghera Martin Sluka October 1, 2022 12:35
Ok, thanks for your hint. Let us know if this causes problems with other servers
Reply | Permalink
Key too small
Roberto Puzzanghera Martin Sluka October 1, 2022 09:40
I didn't checked, but I think tls won't work if you disable SSL and leave active only TLS-1.x in your openssl configuration.
Reply | Permalink
Key too small
Anonymous Roberto Puzzanghera March 22, 2021 07:33
OpenSSL 1.1.1d 10 Sep 2019
Reply | Permalink
Error in qmail recompiling
Andy_GC December 18, 2020 18:11
Hi,
I'm using Debian 10.7.0-amd64. Installation followed step-by-step with your directions.
During last recompiling (chkuser options included) I've got such errors
When chkuser all variables commented, recompilling qmail without any errors.
Reply | Permalink
Error in qmail recompiling
Roberto Puzzanghera Andy_GC December 18, 2020 18:14
please post your chkuser_settings.h somewhere (not here, 'cause it's too long), so that I can check the syntax
Reply | Permalink
Error in qmail recompiling
Andy_GC Roberto Puzzanghera December 18, 2020 19:44
I don't see my reply with link to my chkuser_settings.h so here post the part that generate errors
Reply | Permalink
Error in qmail recompiling
Roberto Puzzanghera Andy_GC December 18, 2020 20:39
You should not delete that hash # which goes before define, because in C language it's not intended as a character for comments. So it will be
If you want to comment out a line, do like this
Reply | Permalink
Error in qmail recompiling
Andy_GC Roberto Puzzanghera December 19, 2020 09:32
Thx very much.
I don't know C language, in bash # is a comment so my misunderstunding.
Reply | Permalink
Compilation error qmail with path and vpopmail
Bodan December 3, 2020 10:47
Hi,
I have problem with compiling vpopmail and qmail with your patchset.
I can not compile qmail with chkuser because he required vpopmail:
I can not compile vpopmail because he reqired qmail:
Reply | Permalink
Compilation error qmail with path and vpopmail
Roberto Puzzanghera Bodan December 3, 2020 14:12
Please take the time needed to read these pages.
You must compile vanilla qmail, not the patched one, and then compile vpopmail on top of it. Then patch and recompile
Reply | Permalink
Last pacth fail to compile
Ruben October 26, 2020 18:34
Hi Roberto.
I'm using your directions to build some qmail servers. Pretty good job, sure.
Now I'm trying to update one of the servers, and receive a compilation error. I only have modified the chkuser_settings.h uncommenting the setting that you have noted. I was using the patch from 26-Aug-2018 before without those modification to this file, just apply patch and compile. My system is a Centos 7.5.1804.
Reply | Permalink
Last pacth fail to compile
Roberto Puzzanghera Ruben October 26, 2020 19:12
Hi Ruben, can you post the content of line 306?
Reply | Permalink
please take this into consideration related to qmail vulnerabilities
C July 27, 2020 00:15
I am a qmail fan and i like your website ... used it to install qmailservers several times
please take this into consideration add the pach in your bundle if possible: https://cxsecurity.com/issue/WLB-2020050189
Thanks in advance
Reply | Permalink
please take this into consideration related to qmail vulnerabilities
Roberto Puzzanghera C July 27, 2020 13:15
Thank you. Patch added
Reply | Permalink
Only Single E-mail Delivered
kittonian June 16, 2020 19:55
I ran across a situation I did not know existed until yesterday when I was building an e-mail webapp and I'm hoping you can help explain and/or solve this.
When I send an e-mail to two aliases that both resolve to the same user account, only a single message gets delivered.
For example:
To: foo@bar.com
CC: foo2@bar.com
Both of these addresses are .qmail-foo and .qmail-foo2 inside the bar.com domain directory. Inside these files is the same real user's e-mail address so that they are forwarding accounts only.
If I send that e-mail to both of those aliases, only the latter gets delivered (i.e. the headers show that it was delivered to foo2@bar.com, even though qmail logs that it should be sending two e-mails and both the To and Cc headers are present).
If I change the message to send to foo@bar.com and bar@yahoo.com everything gets delivered properly. I read about someone else seeing the same thing with EXIM and while I'm sure it's a cool feature to limit bandwidth, it cause me hours of trying to nail down a problem with my code that didn't exist. So, I'd love to be able to disable this feature if possible. Thanks!
Reply | Permalink
Only Single E-mail Delivered
kittonian kittonian June 16, 2020 21:24
Never mind. This was traced out and qmail is working just fine, as is Vpopmail. It appears that Apple Mail is automatically deleting duplicate messages delivered to the same inbox.
Reply | Permalink
rcptcount in qmail-smtpd.c
Alexandre Fonceca April 24, 2020 22:28
I had some customers that create several emails in offline mode and when they connect, their outlook starts sending the emails saved in the outbox but some times gives the maxrcpt error (like when the mail has more rcpt to than "control/maxrcpt").
I noted that Outlook sends all emails sequentially, in a single connection, giving a rset after each message sending. But rcptcount is not reset.
to get around this, I had to add:
within the void smtp_rset function in qmail-smtpd.c
this solved the problem, so the maxrcpto error only occurs if you exceed the limit "control/maxrcpt" in the same email, but not in multiple messages sequentially.
regards,
Reply | Permalink
rcptcount in qmail-smtpd.c
Roberto Puzzanghera Alexandre Fonceca April 25, 2020 14:43
Thanks for the advise, I've updated my patch.
After speaking with Luca Franceschini, my italian friend who authored qlogenvelope and heavily modified the qmail-smtpd stuff, I patched as follows
Luca suggested also to add envelopepos = 1 just to set qlogenvelope as we are after an HELO/EHLO.
It's not clear WHEN outlook is going to RSET the session, hopefully not after the data has been sent, in that case we should also verify that the total size of the message is reset as well, not to exceed the 'datalimit' for multiple messages.
Reply | Permalink
Chkuser configuration
kittonian February 15, 2020 20:01
I am using your previous patch (Dec 8, 2019) and chkuser and vpopmail are playing nicely. I am not using Mysql with vpopmail, just file based.
When I installed your latest patch (Jan 11, 2020) I could send e-mails out but could not receive anything. All messages failed back to the sender with a failure notice stating "sorry, no mailbox here by that name (chkuser)"
I stopped all qmail services and installed the previous version I kept as a backup, just in case I had issues with the new patch, and everything is back and working.
So, it would be great to get this resolved.
That being said, I am having a major issue with how qmail is processing e-mails prior to sending through SpamAssassin. This is an old system and I am using Qmail-Scanner to connect SA and Qmail. It works just fine, but Qmail is apparently stripping out certain portions of the e-mail because two things are occurring:
1. None of my whitelist_from_rcvd or whitelist_auth lines work.
We tested this against a postfix system and used the entire text of the e-mail against SpamAssassin on this server, and sure enough whitelisting worked as it should. DKIM headers are missing and who knows what else.
2. Every e-mail gets tagged with no rDNS, even though obviously Yahoo, Gmail, etc. all have correct PTR entries for their domain names. Again, when the same e-mail from postfix was tested on this server, SA had no issues finding the rDNS for the sender's domain.
Thanks!
Reply | Permalink
Chkuser configuration
Roberto Puzzanghera kittonian February 15, 2020 20:42
This is strange as the latest modifications did not touch qmail-smtpd.c, where chkuser acts and concerns only ssl (diff here). Can you post your run and tcp.smtp files?
Concerning the qmail-scanner issue, I replaced it with simscan ages ago and I don't even remember how it works, I'm sorry.
Reply | Permalink
Chkuser configuration
kittonian Roberto Puzzanghera February 15, 2020 22:11
The good news is that I finally solved my whitelisting and rdns issue by removing the -H flag from my /service/qmail-smtpd/run file (i.e. /usr/bin/tcpserver -v -R -l "$LOCAL"). That re-enabled dns lookups and everything started working properly again on that front. The other issue with chkuser is still a problem of course so I'm using your previous patch as mentioned above.
This is my /service/qmail-smtpd run file
This is my /service/qmail-smtpd/tcp file
Reply | Permalink
Chkuser configuration
Roberto Puzzanghera kittonian February 15, 2020 22:21
you should run qmail-smtpd as vpopmail, not qmaild
Secondly, assigning QMAILQUEUE to qmail-scanner in your tcp.smtp certainly prevents dkim to sign your outgoing mails.
Reply | Permalink
Chkuser configuration
Anonymous Roberto Puzzanghera February 15, 2020 22:28
I use a qmail-remote wrapper script so that my outgoing messages are signed, which works perfectly.
Not sure about running as vpopmail as your previous patch works just fine. It's only the new patch that seems to break chkuser against vpopmail.
Reply | Permalink
Chkuser configuration
Roberto Puzzanghera Anonymous February 16, 2020 12:27
So how can chkuser check users' existence without vpopmail priviledges?
I guess that in your previous installation you enabled CHKUSER_ENABLE_UIDGID before compiling, in order to run qmail-smtpd with a user diffrerent from vpopmail (look here).
Reply | Permalink
Chkuser configuration
Anonymous Roberto Puzzanghera February 16, 2020 14:51
Nope. I compared the previous chkuser_settings.h with the new one and the new one has quite a bit more code in it. However, the exact same lines were commented out in both.
Here are the variables that are commented out in both:
ALWAYS_ON
ENABLE_UIDGID
SPECIFIC_BOUNCING
VGET_REAL_DOMAIN
ENABLE_VALIAS
ENABLE_USERS_EXTENSIONS
ENABLE_MAILMAN_LISTS
ACCEPT_NULL_SENDER
ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST
EXTRA_MUSTAUTH_VARIABLE
Reply | Permalink
Chkuser configuration
kittonian Anonymous June 16, 2020 20:53
My apologies that I did not come back and post the solution to this issue, which btw, is still present in your latest patch.
Here's how to solve it:
nano chkuser_settings.h
Look for the line
#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"
Comment out this line by:
/*
#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"
*/
Reply | Permalink
Chkuser configuration
Roberto Puzzanghera kittonian June 16, 2020 21:30
Not defining CHKUSER_STARTING_VARIABLE completely disables chkuser, unless you have CHKUSER_ALWAYS_ON defined. I don't think this is what we want
Reply | Permalink
Chkuser configuration
kittonian Roberto Puzzanghera June 17, 2020 21:48
Makes sense, however this is the only way I can get qmail to compile and install with your latest patches, and everything works just fine for me. If chkuser was disabled, wouldn't vpopmail fail to send and deliver messages?
Reply | Permalink
Chkuser configuration
Roberto Puzzanghera kittonian June 17, 2020 22:32
chkuser is disabled in this way, and even though qmail/vpopmail can work without it you'll get an increase of spam. chkuser and vpopmail can work together with my configuration, which is the same suggested by the author, i.e. running qmail as vpopmail
Reply | Permalink
qmail-send concurrency issue
Gabriel Torres January 7, 2020 11:26
Hi Roberto,
We have an old issue here that we were never able to understand or fix.
We have concurrencyremote set to 120
When sending out a newsletter to 400,000 subscribers, the number of concurrent connections always drops to less than 10.
Right now we are sending our newsletter and here is what we have:
See how we only have 7 concurrent connections going on.
But if we use qmailctl to check the queue, we still have a huge number of queued emails:
I was never able to understand what causes this behavior of qmail-remote not going anywhere close to the concurrencyremove limit. I did a Google search several times, found other people with the same issue, but no solution or any hint of how to debug this or what might be causing it.
If you have any pointers on how to start debugging this I'd appreciate it.
Thank you in advance!
Reply | Permalink
qmail-send concurrency issue
Roberto Puzzanghera Gabriel Torres January 8, 2020 17:43
Hi Gabriel,
I don't know exactly what can be the cause, but the CHANNELS file (CAVEATS) reminds us that <<concurrencyremote, concurrencysupplX, etc are each subject to the hard limit in conf-spawn, which in turn is bounded by per-process limits>>... anyway your concurrency seems to be very low.
Reply | Permalink
chkuser
ChangHo.Na November 30, 2019 03:21
Hi.
MariaDB log:
chkuser_settings.h:
chkuser.c:
Modify:
or
Thank you.
Reply | Permalink
chkuser
Roberto Puzzanghera ChangHo.Na November 30, 2019 20:29
Thanks for your comment.
I have CHKUSER_DB_CLEANUP defined as well, but I've never seen such an error. How can I reproduce it?
Reply | Permalink
chkuser
ChangHo.Na Roberto Puzzanghera December 2, 2019 01:38
chkuser.h
------------------
My Test
chkuser.c
check: /var/log/message
result: nothing
---------------------
Below is executed correctly.
Did I test it?
Thank you.
Reply | Permalink
chkuser
Roberto Puzzanghera ChangHo.Na December 3, 2019 12:18
while compiling I get
Reply | Permalink
chkuser
ChangHo.Na Roberto Puzzanghera December 3, 2019 16:56
add #include <syslog.h>
Reply | Permalink
chkuser
Roberto Puzzanghera ChangHo.Na December 3, 2019 18:51
I can confirm that the code inside the chkuser_cleanup function is not executed. But I don't get any mariadb error
Reply | Permalink
chkuser
ChangHo.Na Roberto Puzzanghera December 7, 2019 22:10
Hi.
I found the cause of the problem.
tls.h
chkuser.h
Solutions:
qmail-smtpd.c line 77 #ifdef block:
move to before this line.
Now works correctly.
Thank you.
Reply | Permalink
chkuser
Roberto Puzzanghera ChangHo.Na December 8, 2019 08:46
Thank you. Patch updated
Reply | Permalink
chkuser
ChangHo.Na Roberto Puzzanghera December 4, 2019 00:34
MariaDB 10.x version: log warning messages.
MariaDB version 5.X : warning messages are not logged.
Anyway, I think vclose() function should be executed
Thank You.
Reply | Permalink
chkuser
ChangHo.Na Roberto Puzzanghera December 1, 2019 14:43
Sorry ^^
Maybe it's a different matter.
I will write again if I find the cause.
Thank you.
Reply | Permalink
qlogenvelope: reason=authnotmailfrom
nic November 20, 2019 03:31
Hi Roberto,
Can you tell me what qlogenvelope: result=rejected code=503 reason=authnotmailfrom detail means?
Reply | Permalink
qlogenvelope: reason=authnotmailfrom
Roberto Puzzanghera nic November 20, 2019 14:48
It means that the user who did the authentication is different from the one in the mailfrom field. This is because you have
in your run file
Reply | Permalink
qlogenvelope: reason=authnotmailfrom
Anonymous Roberto Puzzanghera November 20, 2019 15:14
Thank you, Roberto
Reply | Permalink
Bug with Received: line
Gabriel Torres July 6, 2019 06:33
Hi Roberto,
I found a bug caused by your patch. The header from received emails are, for some reason, filling with '0' where there should be the server name. Let me explain.
In the header of receiving emails, I see:
Note the "by 0" part. It should read:
Digging this further, the function that fills that part is received() found in received.c. The variable called "local" (which is a copy of the TCPLOCALHOST variable) is somehow being deleted or misconfigured somewhere.
I made a temporary fix by hardcoding our FQDN there, but obviously we need to investigate this further to find out where exactly this variable is being transformed into a zero.
I hope you can investigate this. I will try to take a look at this myself later, even though I am not too familiar with the C language.
Thank you in advance.
Cheers,
Gabriel.
Reply | Permalink
Bug with Received: line
Roberto Puzzanghera Gabriel Torres July 7, 2019 16:01
got it! 0 was the value of TCPLOCALHOST (in this case, set using the -l option to tcpserver). For example:
Reply | Permalink
Bug with Received: line
Roberto Puzzanghera Roberto Puzzanghera July 7, 2019 18:31
it's worth to mention that djb's tcpserver documentation suggests to use "-l 0" as a choice
Btw, I modified my documentation passing the content of control/me as suggested by life with qmail
Reply | Permalink
Bug with Received: line
Gabriel Torres Roberto Puzzanghera July 10, 2019 20:35
Perfect. This makes much more sense than using using 0. By using 0, SpamCop isn't able to parse the email headers, so reporting spam to SpamCop with spamassassin -r doesn't work. Please take a look here to fully understand how I found out that this Received: line was malformed: http://forum.spamcop.net/topic/39031-resolvednbspmailhost-configuration-problem-identified-internal-ip-as-source/
Reply | Permalink
Bug with Received: line
kittonian Gabriel Torres June 16, 2020 18:48
I had this exact same issue and apparently it has to do directly with the -H option in the tcpserver line. That is what prevents reverse DNS lookups. I took out -H and all is well (at least I think so, lol).
Reply | Permalink
Bug with Received: line
Roberto Puzzanghera kittonian June 17, 2020 17:33
Thanks for the hint. I modified my configuration accordingly
Reply | Permalink
Bug with Received: line
Gabriel Torres kittonian June 16, 2020 22:41
Many thanks, this tip of removing the -H was really helpful!
Before:
After:
Reply | Permalink
Bug with Received: line
Roberto Puzzanghera Gabriel Torres July 6, 2019 09:48
I think this is because the server IP is hidden by this patch (as you know 0 stands for localhost) https://notes.sagredo.eu/files/qmail/patches/qmail-hide-ip-headers.patch
Actually we can get rid of this patch as explained here https://lists.gt.net/qmail/users/126552
Try to revert it and please let me know.
PS did you have the time to play with my new testing patch with the qmail-channels? look here
Reply | Permalink
Bug with Received: line
Roberto Puzzanghera Roberto Puzzanghera July 6, 2019 13:07
sorry, that patch has nothing to do with it... I'll do some checks and let you know
Reply | Permalink
Bug with Received: line
Gabriel Torres Roberto Puzzanghera July 6, 2019 15:53
Hi,
Forgot to mention that the same issue happens in the SPF line as follows. I also had to manually edit and hardcode our server name in spf.c
It is showing:
Whereas it should be:
Regarding the other patch, I need some time when our server isn't sending our newsletters to try it out... :) I will probably have the time to do so during this coming week! I will let you know and appreciate your effort!
Gabriel.
Reply | Permalink
Pay attention to permissions for DKIM signing
Gabriel Torres June 24, 2019 18:51
If your outgoing emails aren't being DKIM-signed, please check permissions of the folder /usr/local/etc/domainkeys/ and below. With me, I had to change ownership manually to qmailr.
"When you create a key for a domain.net it will be stored in the /usr/local/etc/domainkeys/domain.net folder. The folder will be owned by qmailr (the user running qmail-remote) if you sign at qmail-remote level or vpopmail, which is the user who runs qmail-smtpd, if you decide to sign at qmail-smtpd level. My script changes the owner to qmailr by default"
Reply | Permalink
softlimit error message
Gabriel Torres June 19, 2019 04:38
If you get the following error at /var/log/qmail/smtpd/current
Simply increase the value present in /var/qmail/control/softlimit
Here I added 64000000 and is working fine
Reply | Permalink
qmail-channels
Gabriel Torres June 18, 2019 17:10
Hi Roberto,
Try adding this patch: http://www.thesmbexchange.com/eng/qmail-channels_patch.html
This is something we need to slow down delivery to certain ISPs, so emails will be correctly delivered. (We run a weekly newsletter.)
Cheers.
Reply | Permalink
qmail-channels
Roberto Puzzanghera Gabriel Torres June 18, 2019 19:44
nice patch, but... I don't have the time to accomplish personal requests...
Reply | Permalink
qmail-channels
Gabriel Torres Roberto Puzzanghera June 18, 2019 23:13
Hi Roberto,
Maybe this will help other people as well? Anyway, I made a donation to you earlier today via Paypal. Keep up the nice job of keeping this website up-to-date.
Cheers,
Gabe.
Reply | Permalink
qmail-channels
Roberto Puzzanghera Gabriel Torres June 19, 2019 08:13
Thank you very much for your donation and contributions. I'll take a deeper look at this patch, but it seems to me that it's too much invasive, as it completely changes the logic of the qmail queue...
Reply | Permalink
qmail-channels
Gabriel Torres Roberto Puzzanghera June 25, 2019 20:19
The thing is, we run a newsletter with 400,000 subscribers, and some email providers complain that we are sending too many emails at the same time. For example:
So it would be great to have a way to limit the number of emails sent out based on the destination domain.
It doesn't need to be this specific patch, just something to think about.
Thanks!
Reply | Permalink
qmail-channels
Roberto Puzzanghera Gabriel Torres June 26, 2019 18:29
you have a testing patch embedding qmail-channels here. Can you test the channels functionality please?
I configured it not to create additional channels, so you have to edit conf-channels and increase the number of qmail-rspawn processes to be created (it was 22 before my adjustment)
PS thanks for helping me improve this guide
Reply | Permalink
qmail-channels
Gabriel Torres Roberto Puzzanghera July 10, 2019 21:10
Hi Roberto,
I finally had the time to install this patch and configure qmail-channels. Now I need to wait until we send out our next newsletter to see if qmail is separating emails in separate queues based on the destination domain. I should have a detailed analysis for us within the next couple of days. Stay tuned!
Many thanks for integrating this patch for me! :)
After my original message, Yahoo is now also refusing our newsletters because we are sending too many emails at the same time:
So I have high hopes that this patch will fix this issue.
Cheers,
Gabriel.
Reply | Permalink
qmail-channels
miz Gabriel Torres July 11, 2019 14:22
Hello Gabriel,
delivering mails to yahoo has always been difficult. I'm not familiiar with the qmail channel patch, but you have to limit the number of mails per second in order to avoid the block.
In postfix this can be achieved in the following way: https://serverfault.com/questions/56719/postfix-stagger-rate-limit-outbound-mail
Hope this might help !
Reply | Permalink
qmail-channels
Roberto Puzzanghera miz July 11, 2019 15:21
It seems that yahoo accepts a maximum of 20 msg per connection, so this patch should do the trick... look here https://help.yahoo.com/kb/SLN3433.html
Reply | Permalink
qmail-channels
Gabriel Torres Roberto Puzzanghera July 12, 2019 15:33
Hi Roberto,
The qmail-channels patch you integrated in your patch worked like a charm to fix the yahoo issue described above. We could use the postfix solution you linked above, but it would only work in our webserver (where postfix is used to accept and send emails to our email server, which is running qmail), whereas with qmail-channels we have the solution valid for all emails sources in our setup, which is best.
The configuration of qmail-channels is quite simple. After applying the patch, and before compiling qmail, we need to edit conf-channels and add the total number of queues we want. The default is 2, meaning local and remote. As I wanted two additional queues (two group of domains we wanted to limit the delivery rate), I changed that to 4 and compiled qmail.
Then, we need to add the configuration files at /var/qmail/control:
suppls0 - the list of domains for this group. In my case:
bol.com.br
zipmail.com.br
suppls1 - the list of domains for this group. In my case:
yahoo.com
ymail.com
yahoo.co.uk
yahoo.com.br
yahoo.fr
yahoo.de
yahoo.es
yahoo.cn
yahoo.it
yahoo.co.jp
yahoo.com.au
yahoo.in
yahoo.com.ar
yahoo.com.mx
yahoo.no
yahoo.ie
yahoo.com.es
yahoo.ca
yahoo.co.nz
yahoo.gr
yahoo.com.vn
yahoogrupos.com.br
yahoo.se
yahoo.dk
yahoo.ro
yahoo.co.in
yahoomail.com
yahoo.co.id
yahoo.com.sg
yahoo.com.ph
concurrencysuppl0 - with the number of simultaneous outgoing emails for the domain group "0"
concurrencysuppl1 - with the number of simultaneous outgoing emails for the domain group "1"
Restarted qmail and voilá!
Thank you for all your help. Our qmail server is now "perfect".
Cheers.
Reply | Permalink
qmail-channels
Roberto Puzzanghera Gabriel Torres July 12, 2019 15:58
Great! Can you share your control/concurrencysuppl* files please? Suitable concurrency values could be useful to someone else...
Reply | Permalink
qmail-channels
Gabriel Torres Roberto Puzzanghera July 13, 2019 14:59
Hi Roberto,
I am still testing the numbers. I have concurrencysuppl0 with 1 and concurrencysuppl1 with 10 right now. According to what the other user posted above, we could increase the Yahoo queue up to 20.
Another note: I had to increase the softlimit configuration. Otherwise I would get the infamous "qq temporary problem" at /var/log/qmail/smtpd/current
Cheers
Reply | Permalink
ChangHo.Na April 25, 2019 06:09
Hi,
Latest stable combined patch for netqmail-1.06 v. 2019.04.09
My OpenSSL Version: 1.0.2k
Error send mail.
Modify file: qmail-smtpd.c
before:
after:
Please check!
Reply | Permalink
Roberto Puzzanghera ChangHo.Na April 25, 2019 15:43
Thank you!!! Corrected
Reply | Permalink
hardcoded llinks to /home/vpopmail
GoofY April 10, 2019 02:56
I've installled vpopmail to a different folder (in my case /var/vpopmail).
While running make in the netqmail dir I encountered an error in chkuser.c, it couldn't find the vpopmail.h file, I edited this to /var/vpopmail/include, which worked for that part.
But after continueing I got more errors:
So I ended up creating a symlink (ln -s /var/vpopmail /home) , after that 'make' succeeded.
PS THNX for ur effort with this tutorial/toaster.
Reply | Permalink
hardcoded llinks to /home/vpopmail
Roberto Puzzanghera GoofY April 10, 2019 07:36
Have you tried to modify this line on top of the Makefile?
Reply | Permalink
Still require libdomainkeys-0.69.diff
Tony Fung April 8, 2019 09:10
Hi,
I just compile libdomainkeys with patch "libdomainkeys-openssl-1.1.patch" but result with underneath error when running make:
When apply the missing patch "libdomainkeys-0.69.diff" and compile again, it did success.
Is the patch "libdomainkeys-openssl-1.1.patch" not completed or mistake to remove the patch "libdomainkeys-0.69.diff" from download and step?
Reply | Permalink
Still require libdomainkeys-0.69.diff
Roberto Puzzanghera Tony Fung April 8, 2019 12:46
Yes, we have to apply that patch as well. Thanks for letting me know
Reply | Permalink
Cant compile libdomainkeys
Madzel February 19, 2019 08:45
Any idea?
Reply | Permalink
Cant compile libdomainkeys
Roberto Puzzanghera Madzel February 19, 2019 08:55
Try to apply the patch linked on top of this page. Let me know if it solves.
Reply | Permalink
Cant compile libdomainkeys
Madzel Roberto Puzzanghera February 19, 2019 10:23
The patch was applied already.
Reply | Permalink
Cant compile libdomainkeys
Roberto Puzzanghera Madzel February 19, 2019 18:47
sorry if I ask... but this is an error which comes when you don't apply this patch https://notes.sagredo.eu/files/qmail/patches//libdomainkeys-openssl-11.patch. Can you confirm that this is the patch you applied?
Reply | Permalink
Cant compile libdomainkeys
Madzel Roberto Puzzanghera February 20, 2019 07:24
Yes, i used the linked openssl patch. I have all downloaded data deletetd and repeated the whole procedure again:
Reply | Permalink
Cant compile libdomainkeys
Roberto Puzzanghera Madzel February 27, 2019 08:46
Are you using openssl or libressl?
Reply | Permalink
Cant compile libdomainkeys
Roberto Puzzanghera Madzel February 20, 2019 19:45
I suspect that your compiler is not recognizing your openssl version.
Try to apply this patch, which is specific for openssl-1.1 without any version recognizer https://notes.sagredo.eu/en/qmail-notes-185/patching-qmail-82.html#comment1207
Reply | Permalink
So sad and disapointing :-(
Stumpi February 11, 2019 18:56
It will not compile with OpenSSL 1.0.2 and above, so Qmail will ever get TLS1.3 support. After more than 12 years of using Qmail it is now time to change to Exim or PostFix, i guess. Sad and disapointing...
Reply | Permalink
So sad and disapointing :-(
Roberto Puzzanghera Stumpi February 19, 2019 20:02
try to compile using the test patches linked on the top of this page, which should solve all the compilation breaks against openssl-1.1
Reply | Permalink
So sad and disapointing :-(
Roberto Puzzanghera Stumpi February 11, 2019 23:02
It compiles with v. 1.0.2 here. I would not say that it will **ever** get tls 1.3 support. I'm confident that someone will solve this at some point.
Other qmail distributions as s/qmail and indimail are already openssl-1.1 compliant, because they are mainteined by senior C programmers, so I would suggest to give them a chance before deciding to leave qmail
Reply | Permalink
Patch netqmail1.06
Charles January 24, 2019 09:39
Hello,
I have installed netqmail-1.06 and I found the patch qmail on your website, and interest to try but have error like this:
any idea?
thanks for the help
Reply | Permalink
Patch netqmail1.06
Roberto Puzzanghera Charles January 25, 2019 15:03
It seems like the patching process went wrong...
Reply | Permalink
TLS 1.3
Wouter de Geus December 19, 2018 09:23
Hi Robert!
Thanks a lot for your continued effort to patch up QMail!
In the past I've been very happy with John Simpson's combined patch (https://qmail.jms1.net/patches/combined-details.shtml), but that hasn't been updated for years now.
Right now I'm trying to upgrade my legacy qmail server to a new incarnation based on Docker, going with your patch this time :)
That said, I tried to compile against the latest OpenSSL and quickly ran into trouble, so I was wondering if you (or anyone else that you know of) have plans to support the new OpenSSL and with that the TLS 1.3 protocol.
I figure it's a matter of time before this becomes a necessity, alreaady I see older TLS versions being dropped on various mailservers.
Anyway, keep up the good work!
Reply | Permalink
TLS 1.3
Roberto Puzzanghera Wouter de Geus December 19, 2018 10:39
Honestly, accomplishing this task would be far over my skills but I'm confident that an upgrade to the qmail-tls patch by f.vermulen will come at a certain point
Reply | Permalink
error after update with the new patch
Bernardo Correia September 20, 2018 17:27
Hi Roberto!
I have a centos 7 working with your qmail how to. But when i try to update to the latest patch i start getting this errors on smtp log
qlogreceived: result=rejected code=451 reason=queuedelay detail=qq_temporary_problem_(#4.3.0)
Do you have any idea what can be?
Thanks,
Bernardo Correia
Reply | Permalink
error after update with the new patch
miz Bernardo Correia July 24, 2019 11:47
Hi everybody,
same old story here :-)
- brand new centos 7 64bit server
- installation and compilation went perfectly fine
- everything seems to be working, exept for:
I'm still unable to solve the problem, already tried to increased soft limit with no luck, double checked all perms on queues and qmail directory, checked all the run files, nothing.
- there is no antivirus (no clamd, simscan, anything) installed, no qmail-scanner and no spamassassin.
- local delivery is working fine:
Any hint about ways to debug this ?
Thank you !
Reply | Permalink
error after update with the new patch
Roberto Puzzanghera miz July 24, 2019 12:36
are you using my combined patch? if yes, can you post your run file and your tcp.smtp?
Reply | Permalink
error after update with the new patch
Roberto Puzzanghera Bernardo Correia September 20, 2018 18:05
check also your clamav and spamassassin logs, because something is breaking your delivery
Reply | Permalink
error after update with the new patch
Roberto Puzzanghera Bernardo Correia September 20, 2018 18:01
Did you try to increase your softlimit already?
Reply | Permalink
Bug in logit and logit2 functions
Mirko Buffoni August 20, 2018 16:44
I found a bug in logit and logit2 functions which comes from https://notes.sagredo.eu/files/qmail/patches/logging-4.patch
It was hard to track. But I was lucky to isolate the problem with a mail client who was issuing a RSET command and closed the connection brutally after this.
To replicate the problem I did:
$ telnet localhost 25
At this point a segfault at 9220000 ip 0805d309 sp bfc5e4ac error 6 in qmail-smtpd[8048000+34000] is generated
After a RSET command, the mailfrom.len is set to 0, but mailfrom.s is still allocated.
In logit/logit2 functions, a check is done on mailfrom.s and then a
is done, but mailform.len is zero and this will cause a memory allocation fault when using softlimit.
The following is a patch to cure this issue.
Reply | Permalink
Bug in logit and logit2 functions
Roberto Puzzanghera Mirko Buffoni August 23, 2018 11:21
Thanks to Mirko this bug was fixed in the v.5 of the logging patch, which I have just included in my package
Reply | Permalink
Mess822 bug
Mirko Buffoni August 17, 2018 15:36
I found a bug in mess822-0.58 package.
You do not have a section for it, so I'm posting a patch under qmail.
You can use a tool like 822field to extract a field from headers in a mail.
However, it compares the header with string without considering that the string may be longer, after the match. So a
will give back the Subject field in any case, which is wrong.
The proposed patch will fix this, allowing, as an extreme case, to specify a colon as last character in searched header string. So a | 822field Subject: will work too giving back the searched Subject, while | 822field Subjectt won't.
Reply | Permalink
Mess822 bug
Roberto Puzzanghera Mirko Buffoni August 17, 2018 15:58
Thank you, I'll check it out when I'll be back home
Reply | Permalink
combined patches
Vahid Baboli July 5, 2018 23:08
Hi,
Great job collecting and putting together this site.
We have 50+ qmail servers mainly to send out e-mail and not receiving any.
I am wondering, what patches do i really need to have a stable sending qmail servers.
I currently have DNS and TLS patch only.
Thanks very much if you reply.
Vahid.
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli July 6, 2018 10:28
Provided that you can choose to install the complete combined patch and then use just what you need of it, this could be a subset of patches that you need to build a send server. The most important (in my opinion) are in bold text
qmail-authentication
qmail-tls
force-tls
oversize DNS
reread concurrency
big concurrency
big concurrency fix
Better qmail-smtpd logging
SMTP HELO/EHLO Greeting delay
DKIM and SURBL
EXT-TODO
BIG-TODO
qmail-inject-null-sender
qmail-taps-extended
qmail-remote CRLF
outgoingip
qmail-smtpd pid, qp log patch
any-to-cname
qmail-rfc2821
smtpd-502-to-500
qmail-moreipme
qmail-hide-ip-headers
qmail-date-localtime
qmail-smtpd liberal-lf
qmail-empf
reject-relay-test
qlog
dnscname
rcptcheck
Reply | Permalink
combined patches
Vahid Baboli Roberto Puzzanghera January 2, 2019 22:24
why am I keep getting this error while compiling qmail with a few patches (please see my other question):
more undefined references to `logit' follow collect2: error: ld returned 1 exit status
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli January 3, 2019 14:12
as you know, logit is a function which belongs to the logging patch... did you get any error while patching?
Reply | Permalink
combined patches
Vahid Baboli Roberto Puzzanghera January 3, 2019 19:02
started fresh and noticed that if I apply patches in this order:
roberto-netqmail-1.06_auth_tls_force-tls.patch-latest - fails with this error:
If I only apply roberto-netqmail-1.06.patch-latest patch, then I get
These servers are only sending mail out so I only need any-to-cname and TLS patch.
which one do you recommend?
thanks again.
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli January 3, 2019 19:25
First of all, I would recommend to apply the auth/tls/forcetls patch, which is the biggest one and the most difficult to fix if the patching went wrong, and then the others.
If your server is just sending, the logging patch is of little use, because it logs qmail-smtpd.
"any to cname" is not so important for me, while qmail-remote-CRLF and qmail-inject-null-sender are both a good choice because they fix bugs.
You can always decide to use my big patch (roberto-netqmail-1.06.patch-latest) but you have to install vpopmail, libdomainkeys and libsrs2 libraries, but it's very easy to do, otherwise you'll get compilation breaks like the one you showed above (it's complaining about the lack of vpopmail)
And I would like to return the wishes for a happy 2019 :-)
Reply | Permalink
combined patches
Vahid Baboli Roberto Puzzanghera January 3, 2019 19:43
Sorry, didnt see this post.
so, trying fresh tarball, applying the following patches in this order:
roberto-netqmail-1.06_auth_tls_force-tls.patch-latest - OK
any-to-cname.patch - OK (I need this patch since we get so much large DNS realted issues)
qmail-remote-CRLF.diff - OK
qmail-inject-null-sender.patch - OK
so i should be good for prod i guess?
We are getting lots of complains and rejections due to use of TLS 1.0 and no also no TLS so I have to upgrade.
in the current built, I used netqmail-1.05-tls-20060104.patch.
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli January 3, 2019 19:46
I would suggest to do all tests before switching to production...
Reply | Permalink
combined patches
Vahid Baboli Roberto Puzzanghera January 3, 2019 20:28
ah yeah, lots of tests...
daemontools needs to be recompiled and giving me hard time but i will figure out. thanks for your help.
Reply | Permalink
combined patches
Vahid Baboli Roberto Puzzanghera January 2, 2019 20:21
Happy New Year Roberto,
I have many qmail server to install/upgrade to include the new TLS 1.2 patch (other domains started denying TLS 1.0).
I am wondering is there is a way to make qmail-remote (we are only sending) binary static so I just package the binaries and deploy to servers rather that compile on each server. I am not sure all servers have the latest libraries.
i am installing the following patches to netqmail-1.06:
roberto-netqmail-1.06_auth_tls_force-tls.patch-latest
logging-5.patch
qmail-inject-null-sender.patch
any-to-cname.patch
qmail-remote-CRLF.diff
Thanks,
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli January 3, 2019 19:29
I would also consider building a qmail package for your linux distribution, just to save the compilation time, but you must be sure that all the libraries are the same in all your servers, of course
Reply | Permalink
combined patches
Roberto Puzzanghera Vahid Baboli January 3, 2019 14:06
Perhaps this could be possible, but I think it would be more time expensive **and not secure** than compiling the entire qmail in each server, especially if they don't share the same libraries...
Reply | Permalink
FreeBSD
Kris von Mach November 14, 2017 10:38
When compiling this patch on FreeBSD I get the following error:
Any idea on how to fix that?
Reply | Permalink
Libdomainkeys compilation error
Tocy November 8, 2017 14:42
Hello,
Libdomainkeys gives a compilation error on debian 9 as follows:
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Tocy November 8, 2017 14:52
which version of gcc?
Reply | Permalink
Libdomainkeys compilation error
Tocy Roberto Puzzanghera November 9, 2017 05:04
Here are the gcc versions installed:
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Tocy November 9, 2017 10:44
I haven't tested with gcc-6.
tests would be much appreciated
Reply | Permalink
Libdomainkeys compilation error
Tocy Roberto Puzzanghera November 9, 2017 13:22
I will gladly test but I don't know how to fix the code for this library and the qmail-remote.c and all other files that may need fixing. Sorry but I am more of a system guy than a developer:)
Cheers,
Reply | Permalink
Libdomainkeys compilation error
Tocy Tocy November 10, 2017 02:42
The issue is linked to libssl-dev 1.1 with 1.0 all works.
Cheers,
Reply | Permalink
Libdomainkeys compilation error
sa1phx Tocy November 6, 2018 10:21
Hello, i also have this issue,
Fix it by changing this lines:
domainkeys.c:123 ->
From: EVP_MD_CTX mdctx; /* the hash */
To: EVP_MD_CTX *mdctx; /* the hash */
domainkeys.c:2156 ->
From: EVP_MD_CTX_cleanup(&dk->mdctx);
To: EVP_MD_CTX_free(&dk->mdctx);
After editing source file, compilation is successfull
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera sa1phx November 6, 2018 13:16
and are you using libssl-dev 1.1?
Reply | Permalink
Libdomainkeys compilation error
Jim McNamara Roberto Puzzanghera January 25, 2019 14:36
I can confirm the changes sa1phx posted for the "domainkeys.c:123:14: error: field ‘mdctx’ has incomplete type" problem on Debian 9 with openssl-1.1. Here are my details -
Here is the resulting diff between the source with the libdomainkeys-0.69.diff applied and then the changes suggested by sa1phx. I confirm that after applying their changes, make succeeds and libdomainkeys.a is produced. I cannot yet confirm that the libdomainkeys.a file functions.
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Jim McNamara January 25, 2019 15:40
Thank you. And how are you patching qmail-remote.c?
I'm still unable to compile with openssl-1.1 and gcc-8.2, as I get this error
I'm using this patch to solve other compilation breaks
As my C skills are close to zero, some help would be really appreciated in order to make my patch openssl-1.1 compliant.
Reply | Permalink
Libdomainkeys compilation error
Jim McNamara Roberto Puzzanghera January 28, 2019 15:32
Unfortunately, qmail-remote.c won 't compile for me in any way, even when I install and use the current openssl-1.0.2.q from source. I applied the patch you showed for qmail-remote.c and ssl_timeoutio.c, that moved things along but still make ultimately ends with error 1.
When I try to make with the openssl-1.1.0 package from Debian I use this conf-cc file, the .h files are in /usr/include/openssl:
This will be used to compile .c files.
I didn't want to use openssl 1.0.2, but I saw that officially version 1.0.2 would be supported through December of 2019. I created /usr/local/special and passed, "./config --prefix=/usr/local/special --openssldir=/usr/local/special/openssl" to config, that way it would not end up in any $PATH down the road. I edit netqmail's conf-cc to read:
This will be used to compile .c files.
Then I make clean, and try to make again now using the older openssl-1.0.2 and it still errors out in the end again on qmail-remote.c:
I have even less C than you do, but am more than willing to continue testing & troubleshooting. There's apparently some deep issue with const ASN1_STRING *s = X509_NAME_get_entry(subj, i)->value; as we're both getting the same error on make, yours presumably on Slackware and mine on Debian, mine with both openssl-1.0.2 and openssl-1.1.0.
Reply | Permalink
Libdomainkeys compilation error
Eric Jim McNamara February 13, 2019 21:18
const ASN1_STRING *s = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subj, i));
instead of
const ASN1_STRING *s = X509_NAME_get_entry(subj, i)->value;
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Eric February 13, 2019 21:30
Thank you, Eric. It compiles now. qmail-smtpd.c must be modified as well
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Roberto Puzzanghera February 13, 2019 22:48
New testing patch released. Look at the top of this page. There's a patch for libdomainkeys as well. They can be used both on v. 1.0 and 1.1 of openssl
Please give me some feedback, so that I can release it as stable soon..
Reply | Permalink
Libdomainkeys compilation error
Anonymous Roberto Puzzanghera March 28, 2019 12:42
Debian 9 openssl and libssl 1.1.0j
dktest not work
log send
syslog
Reply | Permalink
Libdomainkeys compilation error
Roberto Puzzanghera Anonymous March 31, 2019 20:47
Please try the following libdomainkeys patched by Manvendra Banghui. If this will not solve feel free to write me in private so that I can provide a direct contact with him.
Reply | Permalink
Libdomainkeys compilation error
Hamersky Roberto Puzzanghera April 1, 2019 08:53
Thanks Roberto and Manvendra with libdomainkeys patched by Manvendra Banghui working :)
Reply | Permalink
Libdomainkeys compilation error
Manvendra Bhangui Anonymous March 28, 2019 16:34
Just got notified of dktest segmentation fault. I will take a look at it. It might take me some time to replicate the same openssl version on my laptop and test it out. If it helps, you can temporarily disable domainkeys and just have DKIM.
Reply | Permalink
FORCEAUTHMAILFROM not check
MARCIO RUBENS November 6, 2017 20:17
Hello.
I performed the patch installation but the mailfrom check function is not being performed.
I ran tests by thunderbird by changing from: and sending successfully.
In the smtp run I configured with export FORCEAUTHMAILFROM = 1
Any tip?
thanks
Reply | Permalink
FORCEAUTHMAILFROM not check
Roberto Puzzanghera MARCIO RUBENS November 6, 2017 20:36
Hi, I have no idea.. my tests are ok... please double check everything
Reply | Permalink
FORCEAUTHMAILFROM not check
Marcio R Roberto Puzzanghera November 7, 2017 10:28
I did the installation again and I did not succeed.
Does this patch block the email with the from field changed?
Log of test performed:
Log Gmail:
Reply | Permalink
FORCEAUTHMAILFROM not check
Roberto Puzzanghera Marcio R November 7, 2017 13:45
yes, it should block emails with a from field different from the auth-user.
can you please post a telnet session and the run file of your qmail-submission service (I suppose you use this service to authenticate)?
Reply | Permalink
FORCEAUTHMAILFROM not check
Marcio R Roberto Puzzanghera November 7, 2017 16:00
Reply | Permalink
FORCEAUTHMAILFROM not check
miz Marcio R November 7, 2017 17:22
Hi,
I might me completely wrong, but did you try adding this:
(i have these settings in my submission service file on smtp 587)
Reply | Permalink
FORCEAUTHMAILFROM not check
Roberto Puzzanghera miz November 7, 2017 17:26
but these variables have nothing to do with my patch...
Reply | Permalink
FORCEAUTHMAILFROM not check
miz Roberto Puzzanghera November 8, 2017 09:51
Yes Roberto, of course you are right, but I found a strange behaviour when I installed the run service and I had to set those variable in order to have the submission service (TLS on 587 with AUTH and CHKUSER) work correctly.
I was just wondering if using AUTH only on TLS (disabling the PLAIN AUTH) would show the same behaviour / error.
Reply | Permalink
FORCEAUTHMAILFROM not check
Roberto Puzzanghera miz November 8, 2017 12:47
if you "grep -r" those variables in the netqmail source code patched with my combined patch you will not find any match, so this can't be an explaination...
Reply | Permalink
FORCEAUTHMAILFROM not check
Roberto Puzzanghera Marcio R November 7, 2017 16:42
Your config seems to be correct and I have almost the same run file in my 2 servers... I've no idea at the moment, if you find a solution let me know please
Reply | Permalink
compile error qmail-remote.c
Ed Vrijmoet October 24, 2017 23:33
I am trying to setup qmail on a fresh install of Debian 9 (stretch) with openssl-1.1.0f
I followed your installation and ran in to trouble at compiling netqmail-1.06 including the roberto patches
see my error list:
Can you help me with this
greetings Ed
Reply | Permalink
look here
Roberto Puzzanghera Ed Vrijmoet October 25, 2017 09:22
try to look here https://github.com/DinoTools/dionaea/issues/90
Reply | Permalink
compile error qmail-remote.c
Ed Vrijmoet Roberto Puzzanghera October 25, 2017 10:41
I am sorry but because I am not a programmer I don't understand what is written so I think that something has changed in openssl-1.1.0
witch means that something has to change in the file qmail-remote.c the problem is that I don't know what
please help me understand what I have to change
Reply | Permalink
Re:
Roberto Puzzanghera Ed Vrijmoet October 25, 2017 13:21
Provided that I can't do the tests myself because I don't use Debian and I just have openssl-1.0.2k installed, if what reported in that is correct you miss some dependencies.
So try to install them looking below "STEPS TO REPRODUCE" and compile again
Reply | Permalink
compile error netqmail
Ed Vrijmoet Roberto Puzzanghera October 26, 2017 23:11
Finally i found out how to compile
I had to use libssl1.0.2 as in this link https://github.com/duosecurity/duo_unix/issues/90
thanks very much for your help
Reply | Permalink
compile error netqmail
Ed Vrijmoet Roberto Puzzanghera October 25, 2017 23:28
I have been trying to find out what the problem is with compiling netqmail and what i found is this, all packages related to openssl cannot be compiled with openssl-1.1.0 the syntax off most of the ssl calls is wrong because openssl has changed sinds version 0.9.
if you want to compile with openssl-1.1.0 then you have to rewrite all the .c and .h files with openssl calls in them.
qmail-remote.c ssl-timeoutio.c qmail-smtpd.c dkimsign.h dkimverify.h dkimfunc.cpp to name a few.
on debian 9 there is no old version of openssl and it is discouraged to use old versions.
so the only way to use qmail is to compile it on an old depracated linux system because all new versions will be with openssl-1.1 and higher.
thank you very much for your anwser.
Reply | Permalink
Subdomains emails errors
Marcio August 9, 2017 18:53
When sent an email to yyy@xx.domain.com the sending is performed as yyy@domain.com, returning error.
Any tips for correction?
Reply | Permalink
Never seen this error
roberto puzzanghera Marcio August 9, 2017 20:14
I've never seen this error. Are you using my combined patch?
Reply | Permalink
test erro
Marcio roberto puzzanghera August 10, 2017 13:00
Yes. I'm using it.
How do you make a submission test and see if it is occurring in your installation account?
Please send a test to gustavo.ribes@br.cobogroup.net
Reply | Permalink
It appears that your server
roberto puzzanghera Marcio August 10, 2017 13:16
It appears that your server is an exim MTA. I can't be of any help, sorry
Reply | Permalink
not Exim
Marcio roberto puzzanghera August 10, 2017 13:26
My server is a qmail and installed with your indicated patches
When I send emails to the email gustavo.ribes@br.cobogroup.net it removes br and returns errors informing that user gustavo.ribes@cobogroup.net does not exist.
Can you send a test email?
Reply | Permalink
Sending a test mail
roberto puzzanghera Marcio August 10, 2017 14:55
Sending a test mail returns an error message from mx1.cobospa.it which says that xxx@cobogroup.net does not exist.
What about that mx1.cobospa.it server? It appears to be a Sophos platform... maybe you have to check that all the MTAs that are routing your mails are configured to forward br.cobogroup.net to you
Reply | Permalink
Patched and working
John Trolinger July 19, 2017 22:44
We have the Latest stable combined patch for netqmail-1.06 v. 2017.05.14 and everything is looking good.
To compile I did have to manually kill some VPOPMAIL processes that were tying up qmail-smtp. The error was
install: fatal: unable to write .../bin/qmail-smtpd: text busy
Thank you Roberto!
Reply | Permalink
Bug in TLS patch
Eugene September 17, 2016 08:30
qmail-tls patch is buggy. qmail-remote server cert checking logic if configured through tlshosts/ is broken - it'll consider *any* valid cert even if none of the alt/common names matches.
Somthing like this should fix this:
Reply | Permalink
Missing features.h on FreeBSD 10.2
bzero November 5, 2015 14:57
Hi,
I applied latest patch for netqmail, then #make and receive error missing features.h, how could i solve this?
Also tried with older patch, and got the same error :(
i am using FreeBSD 10.2 64bit
Thank you.
Reply | Permalink
still no luck with many
bzero bzero November 5, 2015 17:58
still no luck with many attempts, google didn't return positive result on this matter :(
Reply | Permalink
Someone in the past already
roberto puzzanghera bzero November 5, 2015 19:03
Someone in the past already mentioned that my patch is not freebsd compliant. Unfortunately I don't have any freebsd machine to do tests.
Reply | Permalink
i could prepare a server for
bzero roberto puzzanghera November 6, 2015 05:27
i could prepare a server for you to test it.
I will send you an email include account shortly.
Thanks a lot.
Reply | Permalink
Hi bzero
roberto puzzanghera bzero November 6, 2015 10:36
Hi bzero, thank you but this is not that kind of thing that I can do for free..
Reply | Permalink
Ciao Roberto and hi to all
miz November 3, 2015 14:09
Ciao Roberto and hi to all the qmail users,
here I'm again with a STRANGE problem occurring. I recently upgrade to the latest patch here, and I think that this is causing a problem:
2014-11-15
-modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log. Thanks to Simone for the hint.
I have an account on my domain named log@[domain].[net]. Every single mail get copied to this account since the upgrade !
I'm basically running into this configuration (http://cr.yp.to/qmail/faq/admin.html#copies)
----------------------------
How do I keep a copy of all incoming and outgoing mail messages?
Answer: Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h. Recompile qmail. Put ./msg-log into ~alias/.qmail-log.
You can also use QUEUE_EXTRA to, e.g., record the Message-ID of every message: run
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'
from ~alias/.qmail-log.
----------------------------
I tried to remove the /var/qmail/alias/.qmail-log but nothing happens.
Is there a way to disable/reconfigure this feature without recompiling ? If not, how can I remove that extra.h declaration in order to recopile without that feature ?
Thank you !
Reply | Permalink
you have to reverse that patch
roberto puzzanghera miz November 4, 2015 21:42
you have to reverse that patch. simply replace extra.h with the original file and recompile. also remove .qmail-log
Reply | Permalink
Thank you Roberto. I was
miz roberto puzzanghera November 5, 2015 10:09
Thank you Roberto. I was looking into a solution to keep the feature and disable it run-time; I will try with:
Set QUEUE_EXTRA to "Tlogother\0" and QUEUE_EXTRALEN to 8 in extra.h
to have the logging feature ready into the "logother@domain" alias. Otherwise I will just reverse the patch as you suggest and remove the feature.
Thank you !
Reply | Permalink
extra.h
John miz July 7, 2016 00:19
It is okay to enter the entire email address. Just change the length number to the number of characters minus 1.
Reply | Permalink
Woops! Not idiot proof.
George Cooke October 1, 2015 20:51
Thanks Roberto for your hard work and excellent guide on qmail.
I am installing qmail for the first time on Debian and I got to the 'finally install and start qmail' (make setup check, qmailctl start) part on this page, but qmailctl did run as it did not exist.
So I just spent an hour stressing out trying to work out why qmailctl and supervise scripts didn't exist, and got it working on my own from LWQ, then came back here to continue and realised that you provide exact instructions for qmailctl and the supervise stuff to get it running in the next page, the configuration section!! OMG!! I am such an idiot, I know I should have read the whole guide first perhaps but I think maybe you should could indicate something around the finally install & start part to stop idiots from me wasting hours thinking their installation is messed up.
Thanks so much!
Reply | Permalink
Woops! Not idiot proof.
GoofY George Cooke April 10, 2019 02:43
THNX was fighting the same thing, because the cmd qmailctl was mentioned in the guide...
Reply | Permalink
Woops! Not idiot proof.
Roberto Puzzanghera GoofY April 10, 2019 07:48
OK, I added a warning :-)
Reply | Permalink
:-)))
roberto puzzanghera George Cooke October 1, 2015 20:52
:-)))
George, you had to be very tired, not idiot, and I think that in a normal situation this should not happen to you.
BTW I think it's not a good idea to add such obvious instructions, someone would be offended.. In addition the "install page" is just in the 4th page of the guide and the readers should consider all the following pages, as you already pointed out.
Reply | Permalink
smtproutes - smtp-auth
nic August 16, 2015 12:52
Dear Roberto,
I have a box A which was sending spams as one of the email accounts was compromised because of a weak password.
The IP was blacklisted and to prevent more undelivered emails, i had decided to use box B to relay emails.
In box B, I had created an email account relay@boxb.com with password secret.
In box A, I had created the file smtproutes in /var/qmail/control/ and added an entry like this:-
Emails from domain1.com are now relaying fine. In box A, i have about 60 domains and being lazy i decided to change the extry of smtproutes (box A) from domain1.com:smtp.boxb.com relay@boxb.com secret to :smtp.boxb.com relay@boxb.com secret
But now i started to get the below error
What is wrong with my smtproutes? And is this the best way workaround until i had removed box A's IP from the blacklists?
regards
nic
Reply | Permalink
Nic, the man page says that
roberto puzzanghera nic August 16, 2015 18:04
Nic, the man page says that the correct syntax should be
Reply | Permalink
smtproutes
nic roberto puzzanghera January 27, 2023 16:04
Hi Roberto,
Is the below syntax still working?
Thanks
Reply | Permalink
smtproutes
Roberto Puzzanghera nic January 27, 2023 19:25
Hi, I think yes. I don't think it has been modified. I'm using it just without pwd. Is it not working?
Reply | Permalink
smtproutes
nic Roberto Puzzanghera January 31, 2023 16:39
Not sure why it is not working for me. No bounce message.
Is there a command whereby certain domains uses local delivery whereas others use mulitple relays? Maybe i can troubleshoot from here.
Eg.
Thanks
Reply | Permalink
smtproutes
Roberto Puzzanghera nic February 1, 2023 10:11
Nic,
will route it to its own mx
Do you have Auth enabled on qmail-smtpd?
Reply | Permalink
smtproutes
Roberto Puzzanghera nic January 31, 2023 16:45
I don't know... I have to test it but I haven't got the time these days... sorry. Let me know if you solve
Reply | Permalink
Thanks Roberto!It is
nic roberto puzzanghera August 16, 2015 18:33
Thanks Roberto!
It is working good. Is this the best method for my case until i can get the IP delisted?
thanks again
nic
Reply | Permalink
I think is good enough. But
roberto puzzanghera nic August 16, 2015 18:42
I think is good enough. But in my opinion the most important thing is to recognize why that pwd was stolen.. was a simple multiple trial via imap or submission port? In that case use fail2ban. Or it was an sql exploit by means of a security hole in one of your hosted websites?
Reply | Permalink
The user was using 1234 as
nic roberto puzzanghera August 16, 2015 18:45
The user was using 1234 as the password. Sigh!
Many thanks again, Roberto!
Reply | Permalink
I recently published a pwd
roberto puzzanghera nic August 16, 2015 18:51
I recently published a pwd patch for qmailadmin, I think it can enforce the pwd complexity even though it is very rudimental. Are you using fail2ban as suggested?
Reply | Permalink
I saw the patch. Applying it
nic roberto puzzanghera August 16, 2015 19:20
I saw the patch. Applying it now.
Thanks
nic
Reply | Permalink
Is the patch in this
nic roberto puzzanghera August 16, 2015 18:54
Is the patch in this tutorial? Let me read through again and let me add this into my present build. And yes i am using fail2ban.
regards
nic
Reply | Permalink
can not start up qmail-send
xia0sheng March 14, 2015 14:43
dear roberto
I use centos7.0 to install the qmail,if i do not install the qmail patching netqmail-1.06, the qmail stat run properly,, but I can only sent mail to my own server and receive email from other mail server, can not sent mail to other mail server(i think it is the qmail auth problem).
But, when I installed the netqmail patch roberto-netqmail-1.06.patch-latest.gz(for qmail auth?), when i enter the commond qmailctl start , qmail-send can not up,and qmail-send PID are change(after each enter commond qmailctl stat), and if i enter the commond "top" ,i find a lot of qmail-todo process, the server becomes very slow, how can i do? Thank you.
A little summary
1, if i do not install roberto-netqmail-1.06.patch-latest.gz, i can send mail to my mail server and receive mail from other mail server(some@somemail.com to my@mymail.com),i can not send mail to other mail.
2, after the installation of roberto-netqmail-1.06.patch-latest.gz, qmail-send cannot open normally, have been varied number between 0 second and 1 second, the server CPU is very high.
Can you give me any suggestion on this matter? Thanks very much?
Reply | Permalink
Hi xia0sheng, as mentioned
roberto puzzanghera xia0sheng March 14, 2015 14:57
Hi xia0sheng,
as mentioned above, the TODO patch included in my package may require that the queue has to be rebuilt. So, if you are sure that there are no messages in your queue, because it's just a testing server, stop qmail and try to kill all your qmail-todo processes like this
if those processes are still alive kill them manually.
Then erase your queue
Now you can recompile qmail and restart
Let me know if this solved your issue
Reply | Permalink
a lot qmail-todo process problem is also resolve
xia0sheng roberto puzzanghera March 19, 2015 05:26
the server is centos7.0, if I patching "roberto-netqmail-1.06.patch-latest.gz" the qmail-send can not up
the problem is libsrs2, after install libsrs2
enter the command:
there is no result
the resove is
1. vim /etc/ld.so.conf
2. add /usr/local/lib
3. save
4. ldconfig
5. ldconfig -p|grep libsrs2
the result will be correct.
Reply | Permalink
I had built a new toaster on
nic xia0sheng July 20, 2015 05:34
I had built a new toaster on a VPS and also got flooded by qmail-todo which Roberto had mentioned.
"Be sure that libsrs2 is actually linked, otherwise you are going to have a qmail-send infinite crash and finally an auto-DoS"
I tried xia0sheng method and it did not work, maybe this is a CentOS 6.
So i added a custom file in /etc/ld.so.conf.d/
add the location of the libsrs2 library and mine is in /usr/local/lib
save
And the result
My floodings stopped.
This might be a better because my library for libev is also in the folder /usr/local/lib
Just my $0.02
Reply | Permalink
Thanks a lot. I found the same problem
Ruben Garcia nic December 8, 2018 13:10
Thanks a lot.
Your solution worked for me.
Ruben
Reply | Permalink
Many thanx, had the same
fasu xia0sheng March 26, 2015 14:57
Many thanx, had the same qmail-todo problem
Reply | Permalink
still not work
xia0sheng roberto puzzanghera March 15, 2015 05:28
dear roberto
Thanks very much for your reply. I did as what you say, but the problem is still.
In fact , i remove the /var/qmail/queue of my installtion in my before install path.
I did as you say but when i enter the commond qmailctl stat , the qmail-send still can no up normal. and the log in /var/log/qmail/send/current has no any error log. where can i find the error log of qmail-send of the qmailctl stat?
i have another question, if i install the qmail before, but i want to delete it and rebuilt it . Is it ok just delete the /var/qmail and /usr/local/src/netqmal-1.06 folder? and then make and path /usr/local/src/netqmail-1.06? Is there anything file or folder i should delete if i want rebuilt qmail? or should i reinstall my linux server?
i think maybe it is the problem of my centos7.0 system .
i just learn qmail very little time, a lot of configure i do'not known .
can you give me some advice about what can i do?
wish you have a nice weekend!
Reply | Permalink
dear xia0sheng, I suppose
roberto puzzanghera xia0sheng March 15, 2015 09:01
dear xia0sheng, I suppose that you recompiled qmail after erasing your queue. This is very strange. If I understand well
is it right?
When you want to recompile just follow this steps. I suppose that you have a folder with a patched qmail
Reply | Permalink
use auth_tls_force-tls.patch-latest pathing is ok
xia0sheng roberto puzzanghera March 15, 2015 12:48
Dear roberto:
I did as what you say, but the problem is still. So I change use the "roberto-netqmail-1.06_auth_tls_force-tls.patch-latest" and everything is ok.
But i still cannot send mail to other email accounts?i can send email to my server and recevie mail form other email account?
the error is "Please check the email , server reply: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)" If I write 163.com to the file /var/qmail/control/tcpthosts, I can sent email to my mail.163.com account.
I known it is maybe the qmail-auth problem? but i do'not konwn how to solve it.
can you give me some addvice?
Thuanks very much!
Reply | Permalink
I can't be of much help if
roberto puzzanghera xia0sheng March 15, 2015 12:59
I can't be of much help if you don't try to provide details of what is happening to your server. You forgot to reply to my previous questions...
Concerning your new problem, your localhost must have the RELAYCLIENT flag in your tcp.smtp and tcp.submission. You should read the "tcprules" page. I suggest you to read carefully everything once again and perform all tests in the "Testing" page; I can assure that it works :)
Reply | Permalink
i'm sorry for previous question
xia0sheng roberto puzzanghera March 15, 2015 14:37
1. you stopped qmail, erased the queue and you have no more qmail-todo processes alive
I stop qmail, erased the queue, but because of i don't known i to kill the many qmail-todo process?before you tell me use qmailctl kill?, i use reboot my server to kill the qmail-todo process. I don't known why every of my reboot , I should first enter commond svscanboot & (it's can not auto startup)and then the qmail can start.(of course i enter svscanboot & after the pathing the qmail )
2. recompiled qmail
yes
3. started qmail
yes
4. you have /var/log/qmail/send/current is empty
yes
is it right?(all of right except 1)
When you want to recompile just follow this steps. I suppose that you have a folder with a patched qmail
1. qmailctl stop
2. erease the queue if it is the first time you install my patch
3. cd to the source dir
4. make clean
5 .make setup check (this will overwrite everything and rebuild the queue)
6 .qmailctl start
then i did all of you said above, but it is still have the qmail-send problem(can not up)
after pathing your full pathing"roberto-netqmail-1.06.patch-latest.gz"
the later i do is :
7. svscanboot &
8. qmailctl start
9.qmailctl stat
the status is
/service/qmail-send: up (pid 11702) 1 seconds
/service/qmail-send/log: up (pid 11592) 8 seconds
/service/qmail-smtpd: up (pid 11584) 8 seconds
/service/qmail-smtpd/log: up (pid 11587) 8 seconds
/service/qmail-submission: up (pid 11586) 8 seconds
/service/qmail-submission/log: up (pid 11591) 8 seconds
/service/vpopmaild: up (pid 11583) 8 seconds
/service/vpopmaild/log: up (pid 11585) 8 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
10. qmailctl stat again
/service/qmail-send: up (pid 11742) 1 seconds
/service/qmail-send/log: up (pid 11592) 10 seconds
/service/qmail-smtpd: up (pid 11584) 10 seconds
/service/qmail-smtpd/log: up (pid 11587) 10 seconds
/service/qmail-submission: up (pid 11586) 10 seconds
/service/qmail-submission/log: up (pid 11591) 10 seconds
/service/vpopmaild: up (pid 11583) 10 seconds
/service/vpopmaild/log: up (pid 11585) 10 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
so it can not work.
and i use your "roberto-netqmail-1.06_auth_tls_force-tls.patch-latest" every is ok except send mail to other mail server.
the /home/vpopmail/etc/tcp.smtp is
10.0.0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""
the /home/vpopmail/etc/tcp.smtp is
:allow,CHKUSER_WRONGRCPTLIMIT="3"
if i send mail to other mail acount, the error is
Please check the email <wangyouyu6@163.com>, server reply: 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)
i reread your testing carefully tomorrow to find if solve my problem.
Thanks very much.
and if you will i can give you my mail server test acount, you enter my mail server and see what happen(i have no problem about this, because the mail server is just a test server )
if you want this, i can send you the test acount and password about my mail server.(can you receive mail about your mail acountroberto.puzzanghera@sagredo.eu?) and my email acount is wangyouyu6@163.com
Reply | Permalink
i'm sorry for previous question
carlos h xia0sheng September 3, 2021 13:56
hi roberto,
I m exactly in the same point as xia0sheng in 2015, how did you resolve it?
many thanks and kind regards
Reply | Permalink
i'm sorry for previous question
Carlos carlos h September 3, 2021 15:11
I explain me better my problem. All seems fine, less when I try to send an email, it remains in the queue and lots of qmail-todo appears when I execute "top". Seems that is entered in an infinite loop.
I checked the log:
cat /var/log/qmail/smtpd/current
I believe the problem is in the part "remoteip=127.0.0.1" and "remotehost=localhost" but I dont how can I fix it.
I cleaned the queue, and patched, and recompiled qmail
Reply | Permalink
srs check
Roberto Puzzanghera Carlos September 3, 2021 16:35
can you do this and post the response please?
then check the srs.c in your source dir and check that the same dir is reported there, For example
Reply | Permalink
srs check
carlos h Roberto Puzzanghera September 4, 2021 09:04
In srs.c
Reply | Permalink
srs check
carlos h Roberto Puzzanghera September 4, 2021 08:51
I think this is fine, and for some reason is ignoring rcpthosts, because in the log shows "rcpthosts=" not "rcpthosts=yes"
Reply | Permalink
srs check
Roberto Puzzanghera carlos h September 4, 2021 10:20
rcpthost= is normal, but I agree that it should advertise that it considered the domain as rcpthost. This is eventually an issue of the log line verbosity.
Reply | Permalink
i'm sorry for previous question
Roberto Puzzanghera carlos h September 3, 2021 14:14
Hi Carlos, can you please describe what is the issue in your server, please? I read the above from xiao and it is not clear to me...
Reply | Permalink
i'm sorry for previous question
carlos h Roberto Puzzanghera September 3, 2021 15:57
I m not absolutely secure, but I think there is a bug in the patch: roberto-netqmail-1.06.patch-2021.08.22 on chkuser part (I dont know if is a part of my previous problem)
On line 456 says:
and I believe it must be:
I dont know if after in some point the variable name is toggled or not, and if it causes the mistake to loop with my qmail-todo process
Reply | Permalink
i'm sorry for previous question
Roberto Puzzanghera carlos h September 3, 2021 16:32
but CHKUSER.log_format is just an info file, which is not part of the program...
Reply | Permalink
i'm sorry for previous question
carlos Roberto Puzzanghera September 3, 2021 17:31
Yes, you are right.
Sorry I wrote above as anonymous. When I send an email from my server (autoexaming.com) to an external domain (webfutura.online) In my /var/log/qmail/smtpd/current appears a connection from 127.0.0.1 to 127.0.0.1
Reply | Permalink
i'm sorry for previous question
Roberto Puzzanghera carlos September 3, 2021 23:19
What do you have in your control/rcpthosts?
Please reply also to the other comment of mine here https://notes.sagredo.eu/en/qmail-notes-185/patching-qmail-82.html#comment2223
Reply | Permalink
i'm sorry for previous question
carlos h Roberto Puzzanghera September 4, 2021 08:42
thank you so much in advance for your great job :)
(In my case I preferred domain without smtp. prefix in all vars, and when generated cert i wrote the same)
Reply | Permalink
i'm sorry for previous question
Roberto Puzzanghera carlos h September 4, 2021 10:33
remoteip=127.0.0.1 remotehost=localhost is normal as you are connecting to localhost from localhost. If you connect to your server from another server, because you want to send an email after the auth, then you will see the remote ip in remoteip, but this is mainly for the submission service.
Concerning your rcpthosts issue... sorry if I ask... are you sure not to have changed rcpthosts and forgot to restart qmail?
Concerning the todo loop (it seems to be a separate problem) what do you have in your queue? How many msg?
Reply | Permalink
i'm sorry for previous question
carlos Roberto Puzzanghera September 4, 2021 13:09
First of all, thanks a lot for your affords :)
1) I m trying to send from my localhost to an external server (a hosting, that is working fine, not mine)
2) Concerning your rcpthosts issue... sorry if I ask... are you sure not to have changed rcpthosts and forgot to restart qmail?
Yes, indead i recompiled all, many times in the last days
3) Concerning the todo loop (it seems to be a separate problem) what do you have in your queue? How many msg?
It is half-solved for me, just enter in the loop when i do qmailctl restart. When I want restart qmail, reboot the computer.
I tried to do this test: https://notes.sagredo.eu/en/qmail-notes-185/testing-qmail-smtp-and-auth-22.html#vpopmail
In the test: "No valid MX test, mailbox syntax test" I get some strange:
in the first case according with the test example, it should be:
Reply | Permalink
i'm sorry for previous question
Roberto Puzzanghera carlos September 4, 2021 16:24
your server looks very bad as many different (apparently unrelated) issues appear
I think it's better if you write me in private and continue there the investigation. Once solved we'll post here the solution
Reply | Permalink
ok, let me know once you have
roberto puzzanghera xia0sheng March 15, 2015 15:01
ok, let me know once you have finished to double check everything
Reply | Permalink
Everything is ok, Thanks very much.
xia0sheng roberto puzzanghera March 19, 2015 04:15
dear roberto:
Thanks very much, now everything is ok. i can use roundcube to send and receive mail.
the problem is the configure of roundcube configure.inc.php file
i chose "Use the current IMAP username and password for SMTP authentication" and then i can send mail to other mail account.
thanks very much for the helps these days.
Thanks very much....
from:xia0sheng
Reply | Permalink
still have problems
xia0sheng roberto puzzanghera March 17, 2015 13:15
dear roberto:
i check everything carefully, but still have some problems.
I can use foxmail to send and receive mail to or from other mail acounts.
the setting is:
send server:smtp.wangyouyu.cn,
ssl(not select)
port is 587
and i should select use STARTTLS. If the setting is this, every is ok.
but if I don't select use STASTTLS, if i send mail the error is "538 auth not available without TLS (#5.3.3)"
and in the roundcube webmail the config.inc.php is
in the webmail if i send mail to other mail acounts
the error is "SMTP error: [553] sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)"
How can I set the roundcube use STARTTLS as foxmail setting?
thank very much.
I really don't konwn what to do now.
Reply | Permalink
qmail-smtpd: read failed: (null) only with one sender
Marc January 2, 2015 12:29
Hello Roberto,
i have a problem with mails coming from amazon. Every Mail send from amazon is not delivered because it shows the error qmail-smtpd: read failed. This error only happen with mails from the amazon mail servers, i do not have this eror with other mails. I have no clue whats wrong - do you have an idea? Output from Log File:
Regards,
Marc
Reply | Permalink
I think you should record the
roberto puzzanghera Marc January 3, 2015 11:06
I think you should record the smtp conversation enabling recordio in your run file. Let me know if you solve
Reply | Permalink
qmail-smtpd read failed - SPF Check was the problem
Marc roberto puzzanghera January 3, 2015 16:55
Hello Roberto,
thanks for the hint with recordio. I figured out that the SPF check was the problem:
When i changed the /var/qmail/control/spfbehavior entry to 1 mail from amazon get thru and i noticed, that it take some time to process the mail.
I tried a manual spfquery for the amazon mail and the check take about 70 sec. So i think that the check takes to long and the qmail-smtp process take this as an timeout and reject the mail because of that. Other spf checks to other domains are working fast. Maybe i should try to change the dns server entry? But it is strange that this happens only to amazon servers.
Thanks for helping.
Reply | Permalink
I would try a test
roberto puzzanghera Marc January 3, 2015 22:58
I would try a test like
and see if you get a timeout error or not
Reply | Permalink
qmail-send fail
huyenha December 6, 2014 17:15
Dear Roberto
I completely followed your notes, my email server can send email to another domain but cannot deliver to local account.
I've try to send from huyenha to nxhuy (2 accounts already created and loged in sucsessful) but it said:
qmail-send log:
Please help me!
Reply | Permalink
Duplicate emails
Arturo huyenha January 2, 2015 23:03
Hi,
I made the installation of a new server, I have the same problems as mentioned, for every email that incoming or outgoing a copy this email is sent to the account log@domain.com.
I revert the path and all work fine.
Any ideas???
Thanks
Reply | Permalink
This is normal, as the
roberto puzzanghera Arturo January 3, 2015 11:09
This is normal, as the log@yourdomain.xy account is used to improve the qmail-send log. What do you have in your ~alias/.qmail-log file?
Reply | Permalink
The .qmail-log contains:|
Arturo roberto puzzanghera January 3, 2015 11:40
The .qmail-log contains:
But the error is:
And log:
Thanks!
Reply | Permalink
can you confirm that
roberto puzzanghera Arturo January 3, 2015 12:25
can you confirm that domain.com (the domain inside control/me) really exists and has a valid MX record?
Reply | Permalink
Yes is correct!
Arturo roberto puzzanghera January 3, 2015 18:25
Hi,
The MX is correct and set fine in control/me file.
Reply | Permalink
and you created the
roberto puzzanghera Arturo January 3, 2015 22:51
and you created the domain with vpopmail?
Reply | Permalink
Yes
Arturo roberto puzzanghera January 3, 2015 22:55
Yes, the domain was created with vpopmail, and i delete and recreate the domain.
The domain is on another files control\files.
Reply | Permalink
what control\files is
roberto puzzanghera Arturo January 3, 2015 23:13
what control\files is needed for?
Reply | Permalink
I mean that the domain is
Arturo roberto puzzanghera January 3, 2015 23:45
I mean that the domain is automatically added to other files in the folder Control (virtualdomains, rcpthosts, etc).
Reply | Permalink
No ideas at the moment, but
roberto puzzanghera Arturo January 4, 2015 11:01
No ideas at the moment, but you can be sure that the domain was actually created trying to connect to the postmaster account, for example
Reply | Permalink
Good news, I think I've found
Arturo roberto puzzanghera January 4, 2015 12:52
Good news, I think I've found a possible motive, apparently aliases found in /var/qmail/alias not working, I created a symbolic link to /home/vpopmail/domains/domain.com/.qmail-log and this if is working now.
Any idea why I do not work the /var/qmail/alias??
Reply | Permalink
mmh... do you have your
roberto puzzanghera Arturo January 4, 2015 14:36
mmh... do you have your aliases stored in mysql db (vpopmail compiled with --enable-valias)?
Reply | Permalink
This configurator with the
Arturo roberto puzzanghera January 4, 2015 14:50
This configurator with the --disable-valias option (I followed every step of your tutorial)
Reply | Permalink
root@mail:~# telnet 0
Arturo roberto puzzanghera January 4, 2015 12:35
root@mail:~# telnet 0 89 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK login postmaster@domain.com pass +OK+ vpopmail_dir /home/vpopmail domain_dir /home/vpopmail/domains/domain.com uid 89 gid 89 name postmaster comment Postmaster quota NOQUOTA user_dir /home/vpopmail/domains/domain.com/postmaster encrypted_password pass_encrypt clear_text_password pass no_password_change 0 no_pop 0 no_webmail 0 no_imap 0 bounce_mail 0 no_relay 0 no_dialup 0 user_flag_0 0 user_flag_1 0 user_flag_2 0 user_flag_3 0 no_smtp 0 domain_admin_privileges 1 override_domain_limits 0 no_spamassassin 0 delete_spam 0 no_maildrop 0 system_admin_privileges 0 .
Reply | Permalink
I realise that in qmail-send
huyenha huyenha December 7, 2014 04:50
I realise that in qmail-send log:
must be:
So I delete the domain and re-add, now it can deliver to local account.
But that generate another error that can't deliver to "log alias" for qmail-tap function
Reply | Permalink
I think this is because my
roberto puzzanghera huyenha December 7, 2014 08:25
I think this is because my patch creates an alias /var/qmail/alias/.qmail-log which uses the same address of your tap address (http://notes.sagredo.eu/node/82#queue-extra). This alias is needed to improve the log of qmail send. You can solve by changing the tap address
Reply | Permalink
qmail-log alias
Shailendra Shukla roberto puzzanghera December 12, 2014 12:29
Hi Roberto ,
I have followed your excellent guide and installed my server. The issues is for every mail that is sent or received it is trying to send a copy to some log alias. How can I disable that . Below is the message transcript.
Request your help in this regards
Thanks
Reply | Permalink
you can revert this patch
roberto puzzanghera Shailendra Shukla December 12, 2014 13:01
you can revert this patch http://notes.sagredo.eu/node/82#queue-extra
anyway I think you have deleted the ~alias/.qmail-log alias or you don't have a valid mx for your control/me domain. Actually this is not a real mailbox but an alias created in order to improve the qmail-send log, so you may want to continue to use it
Reply | Permalink
qmail-log alias
Shailendra Shukla roberto puzzanghera December 12, 2014 13:10
ahhh now I get you , actually this is a newly created server and I have still not pointed the mx to the new servers ip . Let me check by doing point the valid MX to the server .
Thanks a lot for your precious guidance as always you are a real life saver
Reply | Permalink
I think you have a valid mx
roberto puzzanghera Shailendra Shukla December 12, 2014 13:15
I think you have a valid mx for for your domain
Reply | Permalink
and are you sure you are
roberto puzzanghera huyenha December 6, 2014 17:30
and are you sure you are using my patch? I can't see chkuser in action... is it enabled?
Reply | Permalink
Yes, chkuser in action, this
huyenha roberto puzzanghera December 6, 2014 17:52
Yes, chkuser in action, this is qmail-smtpd log:
Reply | Permalink
can you show your
roberto puzzanghera huyenha December 6, 2014 17:59
can you show your control/defaultdelivery?
Reply | Permalink
Now it
huyenha roberto puzzanghera December 6, 2014 18:09
Now it is:
|/var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -d $EXT@$USER
I also tried "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"
But the result is the same error
Reply | Permalink
the content of the
roberto puzzanghera huyenha December 6, 2014 18:20
the content of the defaultdelivery is
without quotes, right?
Reply | Permalink
dovecot issue?
roberto puzzanghera huyenha December 6, 2014 18:15
It can be a dovecot issue (you should also look for dovecot-lda errors, expecially in the sql driver).
But it's strange that you can't have it working when using vpopmail as deliver. Are there any .qmail overriding the defaultdelivery?
Let's fix vpopmail first of all.
Reply | Permalink
I've change the
huyenha roberto puzzanghera December 6, 2014 18:28
I've change the control/defaultdelivery and ~vpopmail/domains/4trust.vn/.qmail_default to | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"
But the error is still the same :(
Reply | Permalink
do you have double quotes?
roberto puzzanghera huyenha December 6, 2014 18:34
do you have double quotes at the end of that line?
Reply | Permalink
Sorry, It's my mistake, i've
huyenha roberto puzzanghera December 6, 2014 18:43
Sorry, It's my mistake, i've remove the double quote and re-test. The error is still there.
Could it be a qmail's error?
Reply | Permalink
can you send me in a private
roberto puzzanghera huyenha December 6, 2014 18:53
can you send me in a private msg an strace of smtp session?
Reply | Permalink
Hi, have you passed the
roberto puzzanghera huyenha December 6, 2014 17:27
Hi, have you passed the vpopmail login test from the command line?
Reply | Permalink
I've follow your vpopmail
huyenha roberto puzzanghera December 6, 2014 18:02
I've follow your vpopmail auth test at http://notes.sagredo.eu/node/22#vpopmail
the result is ok
Reply | Permalink
forcetls patch
Andrei August 21, 2014 21:43
Can you pls let me know how to remove the ForceTls patch from the big patch? I need the auth to work without tls.
Thank you!
Reply | Permalink
read above! :)
roberto puzzanghera Andrei August 21, 2014 22:42
read above! :)
Reply | Permalink
DKIM and SRS = fail :-(
S July 6, 2014 02:21
Hi,
if you use SRS, DKIM filter fails, as it sets original SENDER domain instead of that specified in SRS. Any suggestions how to fix it?
cheers and thanks for your patches!
S.
Reply | Permalink
Can you post how the headers
roberto puzzanghera S July 7, 2014 12:50
Can you post how the headers look like when we you use SRS?
I contacted M.Banghui, the author of the DKIM patch, and he told me that he can fix it.
Reply | Permalink
Sure :)
S roberto puzzanghera July 7, 2014 17:25
The DKIM is getting _SENDER - and SRS is providing to qmail an original Sender domain, instead of the one taken from /var/qmail/control/srs_domain
BTW, why don't you move your awesome patchset to github? It would make things much easier :)
I would declare I can work on IPv6 part, as it is the only (but big) missing thing from your patches.
cheers,
S
Reply | Permalink
Hi, can you do a cut&paste of
roberto puzzanghera S July 7, 2014 21:11
Hi, can you do a cut&paste of the headers?
Actually an help on the IPv6 patch would be appreciated, as I have not much time these days, and I'm not an IPv6 expert. As you probably know M.Banghui has merged an IPv6 patch in his DKIM/SURBL and my plan is to add it to my package soon or later :)
Reply | Permalink
qmail-todo problem
Kamal June 15, 2014 21:33
Firslty, thanks Roberto for ur efforts of creating the patch, But i'm facing a critical problem after i patched qmail 1.6 with ur patch that i have found my server load reached to 250, and when i check the process found that qmail-todo consuming cpu terribly. But i don't know why this happened and what should i do, although i have applied the steps and installed qmail successfully.
Reply | Permalink
Re: qmail-todo problem
roberto puzzanghera Kamal June 15, 2014 22:00
Hi Kamal,
I assume that you erased your queue in this way before installing the todo-patched qmail for the first time:
If yes please post a
The best way to investigate what qmail-todo is doing is using strace:
Reply | Permalink
Re: qmail-todo problem
Kamal roberto puzzanghera June 16, 2014 11:46
Hi Roberto,
Yes, I already erased the queue as you mentioned, I want to clear something i'm using the combined patch "roberto-netqmail1.06.patch-latest" NOT todo-patch. but the problem with qmail-todo process that was consuming cpu.
Kindly find output details below,
strace.log
http://www.mediafire.com/view/9ptwzxri9xpptgr/qmail-strace.log
ps-axfuww.log
http://www.mediafire.com/view/1277h6de1g80xsn/ps-axfuww
Reply | Permalink
Maybe a lbsrs problem did you
Enetcs Kamal June 16, 2014 17:57
Maybe a lbsrs problem did you successfully installed it? did you ldconfig it?
Reply | Permalink
I think it's not a libsrs
roberto puzzanghera Enetcs June 16, 2014 19:22
I think it's not a libsrs issue, as in that case the compilation itself will break
Reply | Permalink
Re: qmail-todo problem
roberto puzzanghera Kamal June 16, 2014 12:52
it seems to be an infinite loop...
when you stop qmail I would try to kill all those qmail-todo which doesn't belong to qmail-send anymore, and after that erase the existing queue, recompile and restart qmail
Reply | Permalink
Re: qmail-todo problem
kamal roberto puzzanghera June 19, 2014 16:12
I realy did that, but unfortunately still the same, the load reached to 270,and server was going to explode.
Reply | Permalink
Hi, I have the same
ruddur kamal January 31, 2015 16:27
Hi,
I have the same problem
I followed the howto line by line but nothing
You have to find the solution ?
thx
Reply | Permalink
Hi ruddur, can you describe
roberto puzzanghera ruddur January 31, 2015 19:42
Hi ruddur, can you describe the problem you have?
Reply | Permalink
Roberto, Rudi, I took a
Pierre L. roberto puzzanghera February 1, 2015 16:06
Roberto, Rudi,
I took a look at the problem..... so.... qmail-todo is launched by qmail-send. While doing an strace -f on the qmail-send supervise run file, I noticed this:
Doing an ldd /var/qmail/bin/qmail-send, I realized that your libsrs2 is already included in your Slack64 but not under /usr/lib64. Instead you have it both under /usr/lib and /usr/local/lib.
I simply symlinked your libsrs2 to /usr/lib64 and everything is now working fine :)
Good troubleshooting exercice right :)
Pierre
PS: salutations to you Roberto - always nice to hear from you my friend!
Reply | Permalink
Hi my friend, thanks for your
roberto puzzanghera Pierre L. February 2, 2015 16:24
Hi my friend, thanks for your hint!
But I expect that qmail-send will find the library provided that /usr/local/lib is in my /etc/ld.so.conf, right? So it's not clear to me the need to symlink /usr/lib64
Reply | Permalink
SRS2
NIcholas Chua May 4, 2014 19:20
Hi,
I am trying out the latest patch with the SRS2. While compiling i had an error
In the beginning it cannot find the file srs2.h so i download it from http://www.filewatcher.com/p/libsrs2-dev_1.0.18-4_amd64.deb.14658/usr/include/srs2.h.html and copied it to /usr/local/include/
I am on CentOS 6 64 bits.
Thanks for helping.
nic
Reply | Permalink
You need libsrs2
roberto puzzanghera NIcholas Chua May 4, 2014 21:25
You have to install the libsrs2 libraries, not only the srs.h, see above. Check if they are installed in this way
Reply | Permalink
ldconfig -p|grep libsrs2
RD roberto puzzanghera March 6, 2015 23:34
Hi Roberto,
Successfully compiled libsrs2 but libsrs2 is not linked.
<ends up with no results>
I'm using CentOS 5.8. Thanks.
Reply | Permalink
Re: ldconfig and libsrs2
roberto puzzanghera RD March 7, 2015 08:12
supposing that you remembered to run "ldconfig" after the compilation, where libsrs2 was installed? Check that the directory where it was installed is included in your /etc/ld.so.conf (or similar). If not, you should add it and run "ldconfig" again after that
Reply | Permalink
Hello,Yes i
NIcholas Chua roberto puzzanghera May 5, 2014 05:01
Hello,
Yes i did.
regards
nic
Reply | Permalink
did you modify srs.c?
roberto puzzanghera NIcholas Chua May 5, 2014 06:30
did you modify srs.c accordingly?
Reply | Permalink
Didnt thought of doing that.
NIcholas Chua roberto puzzanghera May 5, 2014 07:23
Didnt thought of doing that. What should i edit?
regards
nic
Reply | Permalink
Nic, read above :)
roberto puzzanghera NIcholas Chua May 5, 2014 13:00
Nic, read above :)
Reply | Permalink
SSL CERTIFICATES
Enetcs April 8, 2014 21:00
Hi roberto
I succesfully create the certificates and it works great, the only problem is that in mozilla-thunderbird, iphone, android show a warning because the certificate is not valid, configuring an exception it works. About it I have two questions.
First
Is there any chance to have differents certificates for every domain?
Second
If I buy a "valid certificate" can I just copy into the folder and it will work?
Thanks in advance
Reply | Permalink
Enetcs as far as I know
roberto puzzanghera Enetcs April 8, 2014 21:26
Enetcs
as far as I know the e.h. auth patch works with a global certificate.
Yes you simply have to copy the certificate into that folder, but when you buy a valid certificate you also get an "intermidiate certificate" to be copied in the same folder, which assures that your cert is valid
Reply | Permalink
CHKUSER patch - how to disable!!
Anonymous October 10, 2013 22:24
imho, chkuser patch is way more problems than it's worth. It's blocking legit emails from namecheap, comodo, godaddy and others. How does one disable chkuser permenantly????? I've tried commenting out of my qmail-submission/run, and restarting qmail, chkuser still running. grrr.
Reply | Permalink
can you please provide log
roberto puzzanghera Anonymous October 11, 2013 07:12
can you please provide log details about the rejections for such providers? thank you
Reply | Permalink
chkuser silently dropping
Anonymous roberto puzzanghera October 11, 2013 18:03
chkuser silently dropping mail ! How do I completely disable chkuser??????????????????????
2013-10-11 12:39:48.373851500 tcpserver: status: 1/20
2013-10-11 12:39:48.374029500 tcpserver: pid 28172 from 208.65.144.245
2013-10-11 12:39:48.374142500 tcpserver: ok 28172 0:::ffff:192.184.84.112:587 :208.65.144.245::35583
2013-10-11 12:39:48.621588500 CHKUSER accepted sender: from <ehip1mxb2o0kj8twj5yh0wz9nvb9wa04-b@news.columbiarestaurant.com::> remote <p02c11m083.mxlogic.net:unknown:208.65.144.245> rcpt <> : accepted any sender always
2013-10-11 12:39:48.767883500 tcpserver: end 28172 status 02013-10-11 12:39:48.767910500 tcpserver: status: 0/20
Reply | Permalink
what make you think that it's
roberto puzzanghera Anonymous October 11, 2013 20:13
what makes you think that it's a chkuser fault? this is not a rejection, and this is the log of port 587, but you said that you have some incoming legitimate email rejected, which should be received on port 25
Reply | Permalink
It blocks legitimate emails,
Anonymous roberto puzzanghera October 11, 2013 15:03
It blocks legitimate emails, it just sucks. Shouldn't be included in the net-qmail patch.
Reply | Permalink
Tried commenting out of my
Anonymous roberto puzzanghera October 11, 2013 15:02
Tried commenting out of my qmail/submission/run file, chkuser still running!
Reply | Permalink
again, this is the submission
roberto puzzanghera Anonymous October 11, 2013 20:15
again, this is the submission service, which has nothing to do with incoming emails. In any case you have an error. Correct in this way
but be aware that this should be done on standard smtpd (port 25) service.
Reply | Permalink
first of all, i think you can
roberto puzzanghera Anonymous October 10, 2013 22:33
first of all, i think you can try to take a look to the chkuser manual, to see how to fit it to your needs.
If you want to disable it, just comment it in your run file (in case you are following my configuration).
If you want to delete it from my package you have to look at the original patch and see what it modifies. I remember that it modifies only qmail-smtpd.c and the Makefile, apart from new created files. You can easily recognise the modifications because there is a comment more or less like "chkuser patch starts here"
Reply | Permalink
qmail-qmqpc.c change needed
Robbie Walker August 24, 2013 15:53
Hi Roberto,
First, thanks for the patch collection. I ran across an issue that I thought I would make you aware of: one of the patches in this collection modifies the function signature of timeoutconn.c/timeoutconn() . I assume it's one of the TLS or AUTH patches, but I haven't tried to figure it out. In any case, the patch adds an additional parameter to the signature which is not present in the original calls to timeoutconn() in qmail-qmqpc.c
None of the patches even touch qmail-qmqpc.c ( probably because very few people make use of it) but I actually use it for SMTP servers. Crypto can put quite a load on older hardware so I "spread the wealth" around with multiple smtp servers using QMQP to send the messages to my queue machine.
In any case, the fix is pretty straightforward and I am going to try and post the patch here in this comment:
Reply | Permalink
Thanks for the fix
roberto puzzanghera Robbie Walker August 24, 2013 22:37
Hi Robbie, I'm going to add your fix in the next release that will be released in a few days
Thanks for the contribution :)
Reply | Permalink
You're welcome
Robbie Walkee roberto puzzanghera August 24, 2013 23:11
Glad to contribute!
Reply | Permalink
SPF
Nicholas July 28, 2013 15:43
Hi,
I noticed that the spf is not running properly. The IP consist of 4 fs.
Received: from unknown (HELO p14g.com) (::ffff:183.240.178.142)
by 0 with SMTP; 28 Jul 2013 14:37:47 -0000
Received-SPF: unknown (0: No IP address in conversation)
Whereas my old box running on shupp toaster 0.9.4
Received: from unknown (HELO om-jetstar.rsys2.com) (12.130.139.139)
by 0 with SMTP; 26 Jul 2013 03:02:52 -0000
Received-SPF: pass (0: SPF record at envfrm.rsys2.com designates
Am i right to say that the fs infront of the IP is affecting spf?
Is there a fix or workaround?
regards
nic
Reply | Permalink
Hi Nicholas,I think you are
roberto puzzanghera Nicholas July 28, 2013 16:30
Hi Nicholas,
I think you are right. The SPF patch is very old (the same embedded in the shupp's combined patch) and is not compatible with IPv6. As far as I know there are no fix to this (but you can ask the author) or alternative spf patches.If you find something interersting let me know
Reply | Permalink
But i am not on
Nicholas roberto puzzanghera July 29, 2013 02:54
But i am not on IPv6.
regards
nic
Reply | Permalink
you are not in an IPv6 net
roberto puzzanghera Nicholas July 29, 2013 10:02
you are not in an IPv6 net but that address ::ffff:183.240.178.142 is IPv6, and the SPF patch is not able to recognize such an IP
Reply | Permalink
Understand nowThanksnic
Nicholas roberto puzzanghera July 29, 2013 20:34
Understand now
Thanks
nic
Reply | Permalink
Hi Roberto,Manvendra Bhangui
Nicholas Nicholas July 31, 2013 06:55
Hi Roberto,
Manvendra Bhangui from IndiMail get it fixed.
http://sourceforge.net/p/indimail/bugs/55/#ac98
http://sourceforge.net/projects/indimail/files/Patches/qmail-1.03.patch.gz/download
Is it possible to get it into your combined patches?
regards
nic
Reply | Permalink
Hi Nick, Manvendra Bhangui
roberto puzzanghera Nicholas July 31, 2013 15:27
Hi Nick, Manvendra Bhangui has already answered to my requests. He is kind as always and provided details to make saout's spf patch work with IPv6-mapped as well. So I modified my big patch accordingly and this is a test version:
roberto-netqmail-1.06.patch-20130731testing.gz
It is important that you have the new ucspi-tcp6 installed otherwise the filter on IPv6 clients will not work. I tested it both against the new tcpserver (ucspi-tcp6) and the original djb's ucspi-tcp-0.88 and they are both ok for IPv4 clients. Unfortunately I don't have any IPv6 net.
Test if you like and let me know :)
Reply | Permalink
Hi Roberto,I also do not have
Nicholas roberto puzzanghera August 1, 2013 09:04
Hi Roberto,
I also do not have IPv6, Tested the new patch and don't seem to be working
regards
nic
Reply | Permalink
So, if I understand well, you
roberto puzzanghera Nicholas August 1, 2013 09:10
So, if I understand well, you can't see the "Received-SPF: ...." line in the header?
Edit: Can you confirm that you are using ucspi-tcp6 or another tcpserver with IPv6 capabilities?
Reply | Permalink
Roberto,Can you send me
Cprogrammer roberto puzzanghera August 4, 2013 15:04
Roberto,
Can you send me qmail-smtpd.c as an attachment. Just want to check the call to spfcheck() function.
Regards Manvendra
Reply | Permalink
Hi Roberto,Received-SPF:
Nicholas roberto puzzanghera August 1, 2013 09:18
Hi Roberto,
Received-SPF: unknown (0: No IP address in conversation)
I am using uspi-tcp6-0.98
regards
nic
Reply | Permalink
Hi NIck, I will try to ask
roberto puzzanghera Nicholas July 31, 2013 10:01
Hi NIck, I will try to ask Manvendra Bhangui if he can provide more details. If he can I will certainly update my patch
The link to the download page is the big indimail patch and it's impossibile (for me) to extract the modifications he did.
Thanks for the contribution
Roberto
Reply | Permalink
0 instead of the server name
Gabriel Torres roberto puzzanghera July 6, 2019 15:58
Hi Roberto,
Please take a look how, in this thread, the mail server from this other user has the same issue I am discussing in another thread: the header is showing "0" instead of his server's name:
This shows that this issue isn't specific to my environment here.
With our previous qmail installation, our FQDN would show up correctly there.
Cheers.
Reply | Permalink
0 instead of the server name
Roberto Puzzanghera Gabriel Torres July 7, 2019 11:54
yes, and he reports the same bahaviour in another machine running shupp's patch, then this is not an issue of my patch's...
but let's continue the discussion in the other thread
Reply | Permalink
503_MAIL_first_(#5.5.1)
Fabiano Heringer July 26, 2013 18:58
Hi , i need some help, after applying his combined patch, i get many emails with this errors:
503_MAIL_first_(#5.5.1)
No mail that happen this error are delivering in my mailbox, make a lot of googleeing and nothing, could you help me?
Reply | Permalink
Re: 503_MAIL_first_(#5.5.1)
roberto puzzanghera Fabiano Heringer July 26, 2013 22:01
Hi Fabiano, I think this is due to improper commands entered by the client. You should enable recordio inside your smtpd run file to record the entire smtp conversation and try to find out the reason of the reject. Post here the smtp dialog if you like.
Reply | Permalink
Bounce size limitation
Nicholas July 11, 2013 06:20
Hi Everyone,
Has anyone came across a patch to limit size of any type of bounce?
I had tried qmail-bounce.patch by Frank Denis. But it will only work if databytes is enabled.
Thanks
nic
Reply | Permalink
SMTPAUTH
Nicholas May 4, 2013 21:31
Hi after apply the patch and export auth, CRAM-MD5 is not enabled
Do i need to export CRAM-MD5?
Thanks
Nic
Reply | Permalink
cram-md5 auth
roberto puzzanghera Nicholas May 4, 2013 21:34
No, take a look to README.auth for details
Reply | Permalink
Many thanks!
Nicholas roberto puzzanghera May 5, 2013 07:23
Many thanks!
Reply | Permalink
Hi, thank you very much for
GG April 18, 2013 15:40
Hi, thank you very much for your work. I was wondering if it is possible to have a combined patch including ALL the patches above, EXCEPT for the BIG-TODO one. It is mentioned somewhere, but I couldn't find it.
Thanks again!
Reply | Permalink
it should be quite simple to
roberto puzzanghera GG April 18, 2013 15:56
it should be quite simple to reverse that patch, but for me it's already very time consuming to follow one single patch, so I can't fullfil all requests for changes. anyway I'm always available as advisor :)
Reply | Permalink
Just want to say thank you
Anonymous April 7, 2013 12:23
Just wanted to say thank you for pulling this all together in one page. It has been very helpful have a single source location to get what I needed for qmail, your hard work is appreciated!
Reply | Permalink
IPv6 support?
Jacekalex March 19, 2012 17:06
Is this version netqmail, with your patch supports IPv6?
I mean SPF, setting RELAYCIENT and other variables.
I found a patch for IPv6 netqmail-1.06:
But when I tried to put it on the source of your patch, came out a lot of mistakes, which can not cope.
On my server a few weeks, turn on the full support of IPv6, I also found a patch to patch the IPv6 tcpserwer:
http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/
It remains to Spamdyke, but that's my problem;)
Cheers;)
Reply | Permalink
No, my combined patch doesn't support IPv6
roberto puzzanghera Jacekalex March 19, 2012 17:22
No, my combined patch doesn't support IPv6. Unfortunately I don't have any IPv6 network to test the patches that are around.
cheers :)
Reply | Permalink
Forcetls
Jacekalex roberto puzzanghera March 20, 2012 04:40
Hi
I improved a little patch Forcetls to Qmail did not propose an authorization when it is not possible, due to lack of TLS encryption:
http://pastebin.com/N4zBQZUu#
Still I would like to improve the correct fragment responsible for:
To properly closed the connection, such as MUSTAUTH, or SPFFAIL
But I have no idea how to do it .
Cheers ;)
Reply | Permalink
If my understanding
roberto puzzanghera Jacekalex March 20, 2012 10:38
If my understanding of you code is correct, you want to allow the auth with CRAM_MD5 when STARTTLS is not provided. So it's not clear to me why you want to close the door once you decided that it's a user's responsibity to secure the connection with TLS
In my opinion it would be a responsibility of the postmaster to forcetls. If not, you may want to rename the "forcetls" label of this patch with something like "skiptls" :)
Reply | Permalink
HI "If my understanding of
Jacekalex roberto puzzanghera March 20, 2012 11:40
HI "If my understanding of you code is correct, you want to allow the auth with CRAM_MD5 when the user does not provide STARTTLS
No, :it's not at all with CRAM-MD5:
My goal was that the server did not provide authentication, authorization when it is not possible due to lack of TLS encryption:
While the offer, when encryption is enabled:
Like this:
That was my reservation it immediately, and disconnect the test without TLS authentication constitute circumvention of the problem, but it only partially solved.
Here, not about the CRAM-MD5, but here is that the server did not provide authorization for no reason that can not be held, and that in connection with any mail client that does not try to send the password without encryption.
Made sure that the CRAM-MD5 was exclusive, as before. ;)
I meant it to be solved better than Gmail. :D
Cheers ;)
Reply | Permalink
I'm sorry but I'm not sure
roberto puzzanghera Jacekalex March 20, 2012 13:51
I'm sorry but I'm not sure I have understood what you say towards the end of your message..
Anyway, are the tests you provide made using my patch or your modified one?
This is exactly what my forcetls patch does, right?
Reply | Permalink
Hi This is exactly what my
Jacekalex roberto puzzanghera March 20, 2012 14:39
Hi
This is exactly what my forcetls patch does, right?
Exactly the point, I had to just to authorization was not offered when it is unrealistic due to lack of TLS.
This is to avoid situations where someone set the example in Outlook autoryzaj? PLAIN, then this Outlok trying to log in, and the error log.
I prefer a system where the server does not offer authorization (AUTH), if it can not be done, just like in Gmail
Cheers ;)
Reply | Permalink