ucspi-tcp6

January 2, 2021 Roberto Puzzanghera27 comments

ucspi-tcp6 is a fork of Bernsteins' ucspi-tcp 0.88 program, which includes, among the other things, ipv6 capabilities to the original ucspi-tcp. tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications.

fehQlibs

  • More info here
  • Version: fehQlibs-18

fehQlibs are supplementary C libraries by Erwin Hoffmann. They are needed for ucspi-tcp6.

Install as follows in /usr/local:

cd /usr/local
wget https://www.fehcom.de/ipnet/fehQlibs/fehQlibs-18.tgz
tar xzf fehQlibs-18.tgz 
chown root:root fehQlibs-18
cd fehQlibs-18

Change the installation folder modifing the file conf-build as

LIBDIR=/usr/local/lib 
HDRDIR=/usr/local/include 

Compile and install:

make 
make shared
make install 

cd .. 
ln -s fehQlibs-18 qlibs

Install ucspi-tcp6

cd /var/qmail/ 
wget https://www.fehcom.de/ipnet/ucspi-tcp6/ucspi-tcp6-1.12.3.tgz 
tar xzf ucspi-tcp6-1.12.3.tgz 
cd net/ucspi-tcp6/ucspi-tcp6-1.12.3/ 
./package/install

The tcpserver usage, as far as IPv4 is concerned, is similar to the original Bernstein's program.

Comments

Is it support under Load blance

Sorry ,  is it support to get real IP under loadblance?

LB => mail server(ucspi-tcp6).

Reply | Permalink

Is it support under Load blance

I think no, but you should ask to the author of the program

Reply | Permalink

ucspi-ssl

How about installing ucspi-ssl? https://www.fehcom.de/ipnet/ucspi-ssl.html

Reply | Permalink

ucspi-ssl

if I remember well (correct me if I am wrong) ucspi-ssl is needed to encrypt a connection on 465 port, but in my installation I already have the 587 port TLS secured (qmail-tls patch), so I think this is not needed here.

Reply | Permalink

New version: 1.10.6

Update is needed. New version available: 1.10.6. It requires the installation of fehQlibs-12.

https://www.fehcom.de/ipnet/ucspi-tcp6.html

https://www.fehcom.de/ipnet/qlibs.html

Reply | Permalink

New version: 1.10.6

Thank you, I knew about this new feqlibs based version... is it working fine for you?

Reply | Permalink

segfault

Hello ,

I have a problem with rblsmptd on Centos 7.2 and Centos 7.3. Perhaps this problem is related to ucspi-tcp6 with patch given above.

After starting /usr/local/bin/rblsmtp I got error:

kernel: rblsmtpd[27381]: segfault at 0 ip 0000000000405fe8 sp 00007fff6a8fe698 error 4 in rblsmtpd[400000+a000]

..but wiith following installation everithing works fine:

cd /usr/local/src/
tar -xzvf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch < /usr/local/src/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch
make
make setup check

Reply | Permalink

segfault

I had this problem with  ucspi-tcp6-1.12.3.tgz. When I was executing tcprules:

tcprules: error while loading shared libraries: libqlibs.so

But with your solution with 0.88 version + patch now is working ok, thanks!

Reply | Permalink

segfault

It failed in finding fehqlibs

Reply | Permalink

which version of ucspi-tcp6

which version of ucspi-tcp6 are you using?

Reply | Permalink

I tried both ucspi-tcp6-1.02

I tried both ucspi-tcp6-1.02.tgz and  ucspi-tcp6-1.04.tgz. After starting command from terminal I got this:

[root@mailsrv ucspi-tcp6-1.04]# /usr/local/bin/rblsmtpd
Segmentation fault

and in logs I had this:

kernel: rblsmtpd[27381]: segfault at 0 ip 0000000000405fe8 sp 00007fff6a8fe698 error 4 in rblsmtpd[400000+a000]

Also, I am using Centos7 x86_64.

Thank you,

Alex

Reply | Permalink

I don't think this is the

I don't think this is the proper way to test rblsmtpd from the command line, as it runs at least a prog. Take a look to the man page

Reply | Permalink

Unfortunately, this error:

Unfortunately, this error:

rblsmtpd[10523]: segfault at 0 ip 0000000000406028 sp 00007fff37919388 error 4 in rblsmtpd[400000+a000] 

still exists when is run by qmail. Server continually deny messages with 451 code.

Reply | Permalink

ok, can you share your run

ok, can you share your run file, please?

Reply | Permalink

Sure, here it is:

Sure, here it is:

#!/bin/sh

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SOFTLIMIT=`cat /var/qmail/control/softlimit`

# This enables chkuser

export CHKUSER_START=ALWAYS

# This turns off TLS on port 25

export DISABLETLS="1"

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \

    /usr/local/bin/tcpserver -v -H -R -l 0 \
    -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
    /usr/local/bin/rblsmtpd -W \
        -b -r zen.spamhaus.org \
        -b -r bl.spamcop.org \
    /var/qmail/bin/qmail-smtpd 2>&1

I, also tried with differnet links other than zen.spamhaus.org and bl.spamcop.org.

 

Reply | Permalink

did you define the GREETDELAY

did you define the GREETDELAY variable? This is important since you have the -W parameter and rblsmtps is looking for a non null value

Also consider that the reference page for rblsmtpd is changed like follows http://www.fehcom.de/ipnet/ucspi-tcp6/rblsmtpd.html (I'm going to correct mypage as well)

Reply | Permalink

I removed -W  and output was

I removed -W  and output was the same. I also tried with GREETDELAY variable, but without success.

I think there is some problem with my OS distribution (Centos 7) and ucspi-tcp6, because when I run command from terminal with installed ucspi-tcp-0.88 I get following message: 

[root@mailsrv ucspi-tcp-88]# /usr/local/bin/rblsmtpd
rblsmtpd: usage: rblsmtpd [ -b ] [ -R ] [ -t timeout ] [ -r base ] [ -a base ] smtpd [ arg ... ]

I also tried, qmail-rblcheck addon and it works fine, so I will switch to it until I find solution.

Thank you very much for your help,

Alex

Reply | Permalink

I also get an error like that

I also get an error like that when running rblsmtpd from command line, but I think it can be normal, as some environment variables that the program is expecting are missing.

If you decide to switch to another RBL program, I suggest you to consider qmail-dnsbl (http://notes.sagredo.eu/node/162) as qmail-rblcheck's configuration that I present here is not fully tested (I played with it ages ago) and I guess it is not even maintained these days

Reply | Permalink

Thank you very much, qmail

Thank you very much, qmail-rblcheck works excellent

Reply | Permalink

I just made some test with

I just made some test with rblsmtpd and it works as expected. 

Let me know if solve, or if you find a way to test it from the command line

Reply | Permalink

ucspi-tcp

Hi, I'm trying to secure as deeply as possible my centos 6.7 mailbox. I still have to compile the latest qmail patched version from Roberto, in the meanwhile I upgraded from ucspi-ssl-0.84 to ucspi-ssl-0.95b, in order to secure my sslserver-based submission services (465 / 587). Will let you know how it works; any other security hint is warmly welcome ;-)

Reply | Permalink

Debian Wheezy Beta 4

When doing

package/install

Install ucspi-tcp6
----
./load chkshsgr
/usr/bin/ld: cannot find crt1.o: No such file or directory
/usr/bin/ld: cannot find crti.o: No such file or directory
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc_s.so when searching for -lgcc_s /usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find -lc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.7/libgcc_s.so when searching for -lgcc_s /usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find crtn.o: No such file or directory
collect2: error: ld returned 1 exit status
make: *** [chkshsgr] Error 1
compile: fatal: cannot make it-base

Reply | Permalink

Package Install error IPV6 and ucspi-tcp6-1.00

I have solve problem with remove option  into src/conf-ld  "-m64 "

Reply | Permalink

glibc

I would try to reinstall glibc, as crti.o is part of that pkg..

take a look at this as well: http://stackoverflow.com/questions/6329887/compiling-problems-cannot-find-crt1-o, http://stackoverflow.com/questions/91576/crti-o-file-missing

Reply | Permalink

compiles ok under amd64 under

compiles ok under amd64

under i386 debian it's still giving me this:

./load chkshsgr
/usr/bin/ld: i386 architecture of input file `chkshsgr.o' is incompatible with i386:x86-64 output
collect2: error: ld returned 1 exit status
make: *** [chkshsgr] Error 1
compile: fatal: cannot make it-base

maybe the library was written with 64 bit support in mind....

Reply | Permalink

In 32bit system, you have to

In 32bit system, you have to remove the flag "-m64"  in src/conf-ld.

Then try package/install again, and it will be ok.

Reply | Permalink

I'm successfully compiling

I'm successfully compiling both on 64 and 32 bit.

In case you are not interested in the new IPv6 features of ucspi-tcp6, you can try to install the old bernstein's ucspi-tcp 0.88 program, following this page of my guide.

Reply | Permalink