Roundcube webmail

24 maggio 2026 by Roberto Puzzanghera 4 commenti

• Info: https://roundcube.net
• Versione: 1.7.1

Roundcube è una webmail avanzata con una bella interfaccia grafica.

Changelog

• May 24, 2026
  - version 1.7.1 (security release)
• Mar 9, 2025
  added $config['quota_zero_as_unlimited'] = true; to show quota unlimited instead of unknown for accounts with unlimited quota

Installazione di Dovecot e sieve su qmail + vpopmail

14 maggio 2026 by Roberto Puzzanghera 7 commenti

Changelog

• May 14, 2026
  - dovecot 2.4.3 released. Changed dovecot_config_version and dovecot_storage_version in dovecot.conf
  - the new version has lua as a dependency. Added --without-lua at configure command
• Feb 25, 2026
  - Added Server Name Indication (SNI) settings in sni.conf.template, imported from local.conf commit
  - userdb iterate query nor orders by domain and username commit
  - 15-mailboxes.conf: fts_autoindex = no added to Trash and Junk folders commit
  - 10-auth.conf: + character added to auth_username_chars commit
• Nov 24, 2025
  - dropped 'enforce = no' from 90-quota.conf to enforce quota limits (commit)
• Nov 22, 2025
  - quota driver switched to 'count' (commit). 'count' is the recommended way of calculating quota on recent Dovecot installations.
• Oct 30, 2025
  - dovecot ugraded to v. 2.4.2
• Mar 29, 2025
  - dovecot updated to v. 2.4.1-4
• Mar 15, 2025 (config version 2.4.0.1 diff) 
  - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here)
  - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included from local.conf
• Mar 9, 2025
  - fixed quota calculation in sql queries (tx Hakan Cakiroglu)
• Feb 22, 2025
  - Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Bug fix in move-spam.sieve: erroneously matches "YES" if "BAYES" is in the header
• Feb 15, 2025
  - added support for vpopmail configured with --disable-many-domains
  - 90-sieve.conf: global script move-spam.sieve called correctly
• Feb 8, 2025
  - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko)
  - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
• Jan 29, 2025
  - dovecot upgraded to v 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
• Nov 15, 2024
  - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Dec 29, 2023
  default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default
• Feb 10, 2023
  - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)

Aggiornare qmail

7 aprile 2026 by Roberto Puzzanghera 18 commenti

• Latest version 2026.04.07 (github)
• Changelog
• Readme

Changelog

• Apr 7, 2026
  - (security) Remote Code Execution via Shell Injection in qmail-remote TLS Error Handler in #42 (tx Diep Pham)
• Apr 2, 2026
  - qmail-remote auth improvements by pierluigi in #39
  - Fixed DKIM ed25519-sha256 signing and verification to conform to RFC8463 by @agerstla in #40
  - Updated qmail-qfilter to support filters defined in control/qfilters by @agerstla in #41
• Feb 25, 2026
  - Improved DKIM status handling by @agerstla in #35
  - Ported over DKIM_BAD_IDENTITY support from Indimail (tx Manvendra Bhangui and Andreas Gerstlauer 1299b55)
  - SNI support for qmail-smtpd by @agerstla in #37
  - Added qmail-qfilter by @agerstla in #38
• Feb 3, 2026
  - Bug fix for verifying multiple DKIM signatures (second one always failed due to a DNS lookup bug). tx Andreas Gerstlaurer #31
  - config-all.sh upgrade #33
  * config-all.sh: moreipme is now populated with IPs in separate lines
  * config-all.sh: rsa dh keys can be created even if the certificate creation is skipped
  * config-all requires to accept overwriting with y/N/a=all options
• Jan 8, 2026
  - bug fixed in helodnscheck: it allowed domains with only one dot #30
• Jan 5, 2026
  - helodnscheck.cpp: PCRE dependency avoided, to make happy Debian 13 d987ec4
  - config-all now grabs the correct network interface c60d3fa
  - config-all will now prompt for 1024/2048 key length for DKIM c842cea
  - Fixed typo in qmailctl 3f1ea75
  - Makefile: Fixed incorrect rule syntax for 'make cert' 80222cc
• Sep 8, 2025
  - Fixes in SPP handling and support for [pass] plugins after RCPT accept. Support for RBLRESULT environment variable and RBL ignore ('=') option. (tx Andreas Gerstlauer)
  - Added -std=gnu17 to conf-cc, fixed some other issues and now it compiles on gcc-15.2 in #28
  - scripts/qmail-pop3d and qmail/pop3sd: ports changed to 110 and 995
  - Received: email header now hides the sender's hostname when the sender is RELAYCLIENT or is authenticated. 785e84b
• Apr 30, 2025
qmailctl, qmHandle, queue_repair and all scripts installed in QMAIL/bin and not in /usr/local/bin by config-all.sh
• Apr 25, 2025
  - added a configuration script config-all, which configure and installs the control files (as per the original config-fast script), aliases, SRS (uses control/me as the srs_domain), log dirs in /var/log/qmail, tcprules (basic, just to make initial tests), supervise scripts, qmailctl script, DKIM control/filterargs and control/domainkeys dir, SURBL, smtpplugins, helodnscheck spp plugin, svtools, qmHandle, queue-repair, SSL key file (optional).
  Consider this feature as "testing"
• Feb 11, 2025
  - Several adjustments to get freeBSD and netBSD compatibility. More info in the commit history. Hints/comments are welcome.
  - freeBSD users have to erase the very 1st line of the file "conf-lib", as libresolv.so in not needed on freeBSD.
  - Dropped files install-big.c, idedit.c and BIN.* files.
  - Dropped files byte_diff.c, str_cpy.c, str_diff.c, str_diffn.c and str_len.c, which break compilation on clang and can be replaced by the functions shipped by the compiler (tx notqmail).
  - Old documentation moved to the "doc" dir. install.c and hier.c modified accordingly
  - conf-cc and conf-ld now have -L/usr/local/lib and -I/usr/local/include to look for srs2 library
  - conf-cc and conf-ld now have -L/usr/pkg/lib and -I/usr/pkg/include to satisfy netBSD
  - vpopmail-dir.sh: minor correction to vpopmail dir existence check
  - srs.c: #include <srs2.h> now without path

Server Name Indication (SNI) per qmail e dovecot

18 marzo 2026 by Roberto Puzzanghera 0 commenti

Server Name Indication (SNI) è una estensione del protocollo TLS che consente a un server di presentare differenti certificati a seconda dell'hostname richiesto dal client durante il saluto TLS.

In un ambiente email moderno, molti domini condividono uno stesso indirizzo IP per i servizi SMTP, IMAP, POP3 e submission. Senza SNI, un amministratore di un server email può presentare un solo certificato per ogni socket disponibile, cosa che obbliga l'aministratore ad affidarsi a certificati multi-dominio (SAN) o a certificati con wildcard. Questo approccio aumenta i problemi operativi tra gli utenti finali novelli, che spesso non sono in grado di usare la configurazione automatica del client per configurare correttamente le loro mailbox.

L'abilitazione di SNI nei serivizi mail consente al server di presentare il certificato appropriato basato sull'hostname richiesto dal client, contenuto nel suo indirizzo email.

La funzionalità SNI per la mia distribuzione qmail è stata aggiunta da Andreas Gerstlauer (commit qui e qui), che vorrei ringraziare.

ClamAV

4 marzo 2026 by Roberto Puzzanghera 2 commenti

• Info: http://www.clamav.net
• Versione usata: 1.5.2

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Changelog

• Mar 4, 2026
  - clamav upgraded to v 1.5.2
• Oct 11, 2025
  - clamav upgraded to v 1.5.0. A recent version of rust is needed (successfully using 1.88 here). Just reinstall as explained below. No particular change is needed in the config files.

Installare e configurare VPopMail

11 febbraio 2026 by Roberto Puzzanghera 6 commenti

• Versione di vpopmail: 5.6.13
• github: sagredo-dev/vpopmail
• Scarica
• Changelog completo
• README.vdelivermail
• Pagina originale di Inter7

Vpopmail fornisce un modo semplice di gestire indirizzi di posta su domini virtuali e account email diversi da quelli su /etc/passwd.

Changelog

• Feb 11, 2026
  - vlimits.c: avoids no file found exit when .qmailadmin-limits is not existent because no limits are defined yet (a565779)
  - added sql files to be imported on upgrade to v. 5.6.x (8136480)
• Feb 8, 2026
- migliorata la sezione "upgrade"
  - vmysql.c changes (#10)
  • valias_create_table now check if table is already created in order to avoid warnings in dotqmail2valias
  • solved quotes issue in query in valias_insert function
• Nov 20, 2025
  - vutil: 'isSomething' functions reviewed to satisfy qmailadmin calls in #9
  - Added definition of 'call_onchange' function and cured its calls to avoid break 97ffe38
• Oct 30, 2025 (v. 5.6.10)
  - Added specific usage informations for s/qmail users (look here)
  - Dropped -std=gnu17 from compilation options and solved (probably) all breaks and warnings on gcc 15.2 2d8526d
  - configure.ac now looks for mariadb include and lib dir in addition to mysql dab36e8
  - configure.ac automatically looks for vanilla qmail's users/cdb and s/qmail's users/assign.cdb file 723efb3
  - Updated the usage() funcion message in vadduser.c to clarify the use of pre-hashed passwords with -e 5b5ccdb
  - control/defaultdelivery is now installed by vpopmail if --enable-defaultdelivery 77f54eb
  - vrcptcheck checks all kind of address (users, forwards, valiases) #7
  - Dropped unused functions in vpopmail.c #8
• Sep 1, 2025 (v. 5.6.9)
  - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
  - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
• Mar 29, 2025
  - defaultdelivery feature (--enable-defaultdelivery) changes (more info here, commit):
  • vdelivermail is installed by default in .qmail-default of newly created domains with option 'delete' as in the previous version.
  • if no user's valiases and no .qmail are found, then the message is sent to the control/defaultdelivery file, so that dovecot-lda (or whatelse) can store the mail into inbox and execute the sieve rules.
  • if vdelivermail is found in control/defaultdelivery, then it is ignored. The delivery remains in charge to vdelivermail, to avoid loops.
  • v. 5.6.8 is backward compatible. The users having .qmail from previous versions of the defauldelivery feature are not affected by this change.

leggi tutto

vQadmin

11 febbraio 2026 by Roberto Puzzanghera 0 commenti

• Autore originale: http://www.inter7.com/vqadmin-sysadmin-webcontrol/
• Versione 2.4.7
• Changelog
• Scarica da github
• La mia vecchia patch

VqAdmin è un pannello di controllo su interfaccia web che consente di eseguire azioni che richiedono l'accesso a root — per esempio, aggiungere e cancellare domini.

Come si può vedere, VqAdmin ha una nuova versione con un nuovo aspetto mobile responsive, con tutte le mie vecchie patch incluse (compresa quella di ALI) e diverse correzioni e ripuliture del codice sorgente. Ho risolto tutti i warnings sia di autotools che di gcc e cambiato un paio di cose per poter rifare il tema html (guardare il changelog per maggiori dettagli). Come sempre i contributi nei commenti sono graditi.

PS: anche la parte apache è stata modificata e prima di fare l'aggiornamento è necessario guardare quali modifiche sono necessarie.

Have fun!

Changelog

• Feb 18, 2026 (v. 2.4.7)
  - domain's users lists valiases too #4
  - bug fix in mod_domain.html: Mailing Lists domain limit was not copied correctly (ecce453)
• Jan 31, 2026
  - relaylimits added to control files 4c5a859
  - disabled maintainer mode to avoid autotools regeneration on user builds #3
• Jan 25, 2026
  - Domain's users listed alphabetically by domain and username #2 451da48
  - Dropped simsizelimit control file 868b8b2
• Dec 06, 2024
  - added a patch to highlight users with restrictions and with admin privileges (PR #1, thanks Bai Borko)
  - added control files notlshosts_auto and tlsserverciphers

leggi tutto