8 giugno 2024 by Roberto Puzzanghera 3 commenti

  • Jun 8, 2024
    qmail patch upgraded to v. 2024.06.08:
    * conf-channels: default number of channels increased to 4 (was 2). Now qmail offers 2 additional channels with respect to the 2 offered by default (local and remote). More info here
    * maxrcpt: error code changed to 452 due to RFC (was 553). If DISABLE_MAXRCPT is defined it skips the check, otherwise outgoing messages from mailing lists would be rejected. (commit)
  • Jun 7, 2024
    - vusaged: the header files of libev are now installed in /usr/local/include/libev (was /usr/local/include) to avoid conflicts with libevent (they both have an event.h header file). vusaged configure command was adjusted accordingly.
  • Jun 1, 2024
    - clamav upgraded to v. 1.3.1
  • May 26, 2024
    - Added Mailman installation howto
    - qmail patch upgraded to v. 2024.05.16 (changelog)
    - Roundcube upgraded to 1.6.7 (security fix)
    - Spamassassin upgraded to v. 4.0.1
    - Spamassassin: Razor-agents upgraded to v. 2.86 (fork of the original (dead?) project)
  • Mar 27, 2024
    qmailadmin updated to v. 1.2.21
  • Mar 4, 2024
    - Solr updated to v. 9.5.0
    - the documentation has been revised a bit
  • Feb 12, 2024 qmail update
    - DKIM patch upgraded to v. 1.48
    * fixed minor bug using filterargs for local deliveries (commit)
    - Fixed several compilation warnings (commit)
    - Fixed incompatible redeclaration of library function 'log2' in qmail-send.c qsutil.c as showed by notqmail friends here
    - removed FILES, shar target from Makefile
  • Feb 11, 2024
    clamav updated to v. 1.3.0
  • Feb 6, 2024
    qmail: DKIM patch upgraded to v. 1.47
    * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
  • Jan 27, 2024
    simscan upgraded to v 1.4.3: fixed several compilation and autotools warnings
  • Jan 21, 2024
    - qmail: liberal-lf: bare LF are no longer allowed by default due to smuggling vulnerability CVE-2023-51765. Bare LF can be allowed by defining ALLOW_BARELF in tcprules or in run file.
    - tcprules moved to /var/qmail/control
  • Jan 15, 2024
    qmail update:
    - TLS patch by F. Vermeulen upgraded to version 20231230 (more info at tx Greg Bell for the patch)
    * support to openssl 3.0.11
  • Jan 11, 2024
    - qmail: dkim patch upgraded to version 1.46
  • Jan 4, 2024
    qmail patch: DKIM patch upgraded to v. 1.44
    - fixed an issue with filterargs where spawn-filter is trying to execute remote:env xxxxx.... dk-filter. This issue happens when FILTERARGS environment variable is not defined in the qmail-send rc script.
    - dkim.c fix: 
    - dkfilter fix: correctly selects the domain to sign in case of sieve bounces
    - adjustments fo dk-filter and dknewkey man pages
  • Dec 30, 2023
    - spamassassin/DMARC filter: now DMARC_REJECT is not hit if SPF_HELO_PASS is true
  • Dec 26, 2023
    - qmailadmin upgraded to v1.2.18
    - Pyzor installed from github, as version 1.0.0 is not python3 compliant (thanks Mike)
  • Dec 11, 2023
    qmail, vpopmail, daemontools, qmailadmin, simscan and vqadmin source code moved to github
  • Nov 20, 2023
    -qmail patch updated. dkim:
    * The patch now by default excludes X-Arc-Authentication-Results
    * dkim can additionally use the environment variable EXCLUDE_DKIMSIGN to include colon separated list of headers to be excluded from signing (just like qmail-dkim). If -X option is used with dk-filter, it overrides the value of EXCLUDE_DKIMSIGN.
  • Nov 5., 2023
    -bug fix: vpopmail defaultdelivery patch: it won't create the .qmail file in case control/defaultdelivery already has vdelivermail, in order to prevent a vpopmail loop
    -qmailforward RC plugin: it won't create the copy record if $config['qmailforward_defaultdelivery'] contains 'vdelivermail'
  • Oct 13, 2023
    - vpopmail: added "s/qmail cdb" patch, which gets vpopmail to locate correctly the qmail assign.cdb for s/qmail users. s/qmail users should configure vpopmail with --enable-sqmail-cdb
  • Oct 6, 2023
    - clamav updated to v. 1.2.0
  • Sep 26, 2023
    new qmail combined patch:
    -surblfilter logs the rejected URL in the qmail-smtpd log. It can now inspect both http and https URLs.
    -Improvements in man dkim.9, qmail-dkim.9 and surblfilter.9
  • Sep 17, 2023
    - dovecot upgraded to v 2.3.21
    - pigeonhole upgraded to v 0.5.21
  • Sep 14, 2023
    - simscan now defines the maximum size of messages to be passed to spamassassin via control/simsizelimit file
  • Sep 5, 2023
    -new qmail patch and DKIM patch upgraded to v. 1.42
    * "source $envfn" has been replaced with ". $envfn" in oder to work for pure bourne shells
    *minor corrections to the man pages
    -vpopmail: changed configuration option --enable-logging=e (was p). Now failed attempts will be logged with no password shown.
  • Sep 3, 2023
    -daemontools: Buffer Overflow fixed in timestamp.c (patch multilog-readable_datetime, Ubuntu 22.04). It was causing empty log files everywhere. (thanks Bai Borko and KPC)
  • Aug 27, 2023
    - nuova patch per vpopmail e nuovo plugin qmailforward per Roundcube che vanno a risolvere diverse problematiche. Maggiori informazioni nella pagina dedicata..
  • Aug 20, 2023 (diff)
    -qmail combined patch: install a sample control/smtpplugins file in case it does not exist yet, to avoid "unable to read control" crash.
  • Aug 17, 2023
    - helodnscheck:
    * C++ version (testing).
    * bug fix: segfault in case of no result in DNS record.
    * default action changed to GNLR
  • 5 agosto 2023
    L'installzione del certificato Let's Encrypt è ora basata su dehydrated. La vecchia documentazione basata su certbot non verrà più aggiornata.
  • Jul 18, 2023
    vqadmin: patch updated
    - Italian translation file html/it updated, following the patch by Ali Erturk TURKER
    - the vqadmin source directory has been cleaned of unnececessary files
  • Jul 15, 2023
    - fail2ban: l'installazione e la configurazione è stata rivista per funzionare su Debian, dove python2 non è presente (grazie a Gabriel Torres)
  • Jun 30, 2023
    -daemontools: added my multilog-readable_datetime patch which replace the timestamp in the log lines with a human readable datetime. Do not install it if you prefer to stick with the timestamp.
    -if you install this patch you have to download again the convert-multilog program. In case you decide to stick with the original timestamp, then use the original convert-multilog. (diff)
    -qmail combiend patch: DKIM patch upgraded to v. 1.41
    *dknewkey will allow domains in control/domainkey
    *Made a few adjustments to the man pages and dkimsign.cpp for DKIMDOMAIN to work with qmail-smtpd (in case some configures qmail-smtpd to sign instead of the usual dk-filter/qmail-remote)
    -The broken link based on in the default SPF error explanation was changed to
  • Jun 25, 2023
    - Spamassassin: The ExtractText notes have been revised and corrected by Gabriel Torres
  • Jun 18, 2023
    * qmail combined patch (diff)
    -vpopmail uid and gid are determined dinamically instead of assigning 89:89 ids by default
    -vpopmail install directory determined dinamically (was /home/vpopmail). Now the variable in the conf-cc file is determined as well.
    Feel free to post any issue in the comments as I'm not sure that /bin/sh will work in all Linux.
    * qmail run scripts:
    -defined the variable QMAILDIR in all run scripts in order to manage installations of qmail in directories different from default /var/qmail
    -/home/vpopmail is now ~vpopmail in order to manage installations of vpopmail in directories different from default /home/vpopmail
    -defined the variable TCPRULES_DIR on top of all run scripts
  • May 18, 2023
    -certbot/letsencrypt: added the option --key-type rsa to the certbot command, to avoid that certbot will silently default to ECDSA the private key format, which results not understandable by my openssl-1.1. In this way the format of the private key will be RSA. More info here.
  • May 17, 2023
    -SURBL: Top level domains URL is changed. So we have to adjust the script accordingly
  • Apr, 26, 2023
    -new combined patch and dkim patch updated to v. 1.40
    -qmail-dkim uses CUSTOM_ERR_FD as file descriptor for errors (more info here)
  • Apr 25, 2023
    - qmailadmin cracklib patch: bug fix in qmailadmin/passwd: it was changing the password also in case of cracklib alert (tx Alexandre Fonseca)
    - new qmailadmin combined patch released
  • Mar 27, 2023
    qmail combined patch (diff here)
    -chkuser.c: double hyphens "--" are now allowed also in the rcpt email (tx Ali Erturk TURKER)
    -chkuser_settings.h CHKUSER_SENDER_NOCHECK_VARIABLE commented out. Sender check is now enabled also for RELAYCLIENT
    -removed a couple of redundant log lines caused by qmail-smtpd-logging
  • Mar 18, 2023
    - new qmail combined patch
    * bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
    * redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKERdiff here
  • Mar 14, 2023
    - qmail combined patch: the split_str function in dknewkey was modified in order to work on debian 11 (tx J)
  • Mar 12, 2023
    - qmail patch updated: the mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER)
    diff here
  • Mar 1, 2023
    - qmail combined patch updated: added qmail-fastremote patch (tx Ali Erturk TURKER for the advise). qmail-remote CRLF removed (replaced by fastremote)
  • Feb 27, 2023
    - qmail combined patch updated: now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER)
  • Feb 24, 2023
    - qmail combined patch updated: several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here
  • Feb 20, 2023
    - qmail combined patch updated
    ---- dkim patch upgraded to v. 1.37
    ------ ed25519 support​ (RFC 8463)
    ------ old yahoo's domainkeys stuff removed (no longer need the libdomainkeys.a library)
  • Feb 18, 2023
    -vpopmail: added a patch by Ali Erturk TURKER which fixes several issues
    -vqadmin: added a patch by Ali Erturk TURKER which, among the other things, makes vqadmin aware of mysql-limits
  • Feb 10, 2023
    -dovecot: added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)
  • Jan 31,2023
    -bug fix in qmail-smtpd.c. 4096 bit RSA key cannot be open (tx Ali Erturk TURKER)
  • Jan 4, 2023
    -Solr upgraded to version 9.1.0
    -The SOlr page has been improved as far as configuration, security and testing are concerned
  • Jan 1, 2023
    -ClamAV upgraded to version 1.0.0
    -new qmail combined patch released. Bug fix in dk-filter. It was calling a non existent function (tx Andreas).
  • Dic 17, 2022
    -qmail combined patch release
    * chkuser receipt check won't be disabled for RELAYCLIENT
    * CHKUSER_DISABLE_VARIABLE commented out from chkuser_settings.h
  • Nov 20, 2022
    -switched all actions to nftables, as it has now replaced iptables and fail2ban has support for it.
  • Nov 18, 2022
    -fail2ban upgraded to v. 1.0.2
  • Oct 28, 2022:
    added a note on how to avoid being cutoff by spamhaus (tx Marco Varanda)
  • 2022.10.02
    -dkim patch updated to v. 1.30 and new qmail combined patch released
    * bug fix: it was returning an error in case of domains with no key.
  • Sep 29, 2022
    -bug fixed in the domainkey script: it wasn't creating the symbolic link of the selector name to the private key in case of a custom selector defined in the file control/dkimkeys
    Sep 28, 2022
    -qmail combined patch updated with new dkim patch v. 1.29. More info here
    -Roundcube webmail updated to v. 1.6.0
  • Aug 12, 2022
    -dovecot: improved the sql stuff in case of --disable-many-domains (tx kengheng).
    -dovecot-pwd_query patch for vpopmail: added a procedure for the user_query (needed for dovecot/LDA)
    -dovecot-pwd_query patch for vpopmail renamed to dovecot-sql-procedures
    -combined patch for vpopmail updated
  • Aug 08, 2022
    -qmailctl script improved. Now the script exits if services are not started with svscanboot or a supervise script is missing
    -roundcube/password plugin: the cracklib patch has been improved. Now it can retrieve the correct cracklib-check path
  • Jul 28, 2022
    -The Roundcube plugins' page has been revised and polished. A couple of plugins have been added.
  • May 22, 2022
    qmail patch: "qmail-smtpd pid, qp log" patch ( removed, as its log informations are already contained in the qlogreceived line. (diff)
    -improved a couple of read_failed error messages
  • May 12, 2022
    -clamav: updated to v. 0.105
    -qmailctl: a few modifications to avoid error strings in the service uptime when service is stopped. qmail-smtpsd was added to svclist
    -qmail-smtpsd support added
  • Apr 22, 2022
    -dovecot: added Solr support
  • Apr 17, 2022
    -dovecot/auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname).
  • Apr 9, 2022
    qmailadmin: --enable-imageurl=/files is now --enable-imageurl=/qmailadmin/files (no need to have an alias on apache config). Added --disable-catchall, which is bad for spam. Tx Gabriel Torres
  • Apr 01, 2022
    -qmailadmin: new combined patch. It now logs to stderr when qma-auth.log file can't be opened in write mode. It was returning a white screen
  • Mar 17, 2022
    -vpopmail: new combiend patch: fixed a compilation break in vmysql.c with Debian 11 / gcc-10
  • Feb 26, 2022
    -added REJECTNULLSENDERS environment variable (diff)
  • Feb 18, 2022
    -fail2ban: added a couple of new rules to the qmail-smtpd.conf filter
  • Feb 13, 2022
    -fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier. (diff here)
  • Feb 1, 2022
    -added a plugin to qmail to filter bad DNS HELOs (more info here)
    -Roundcube upgraded to v. 1.5.2
  • Jan 17, 2022
    -new qmail combined patch (diff here):
    * now qmail-smtpd logs rejects when client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
    * added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
  • Dec 19, 2021
    -new qmail combined patch: added qmail-spp patch
  • Oct 21, 2021
    roundcube updated to v. 1.5.0
  • Sep 28, 2021
    clamav updated to v. 0.104. The new version installation is based on cmake (autotools abandoned)
  • Sep 27, 2021
    -new qmail combined patch: now chkuser allows double hyphens "--" in the sender email, like in (diff here)
  • Sep 8, 2021
    fail2ban updated to v. 0.11.2 and rc.fail2ban moved to /usr/local/bin/fail2banctl. The dovecot filter has been improved
  • Sep 2, 2021
    -an issue in vusaged configure arised. I cured it with a patch, while Luca in the comments found a different solution.
  • Aug 22, 2021
    -minor fix to qmail patch/qlog: now it logs the auth-type correctly (diff)
  • Aug 15, 2021
    at the bottom of the qmail/testing page I added a note to the testssl script by Dirk Wetter, which allows you to inspect your SSL connection in detail.
  • July 28, 2021
    simscan: my attachments-size-limit patch added. It allows you to overcome a limitation where simscan doesn't pass messages over 250k to spamassassin.
  • July 16, 2021
    spamassassin: bayes_token.token database field changed to binary(5). It was char(5).
  • Jul 12, 2021
    -spamassassin/userprefe: the "preference" varchar length in the database "userprefs" table was increased to 50 (was 30) to create space for long label such as  "bayes_auto_learn_threshold_spam", which resulted truncated before the modification.
  • June 20, 2021
    -spamassassin: created a script to process the spam/ham for the learning and reporting system (more info here)
    -dovecot 15-mailboxes.conf: added mailboxes for the learning and reporting system
  • June 19, 2021
    new qmail combined patch released
    -chkuser: defined extra allowed characters in sender/rcpt addresses and added the slash to the list (tx Thomas).
    -RSA key and DH parameters are created 4096 bit long also in Makefile-cert. qmail-smtpd.c and qmail-remote.c updated accordingly (tx Eric Broch).
    -Makefile-cert: the certs will be owned by vpopmail:vchkpw
  • March 27, 2021
    - bug fixes in the vpopmail/defaultdelivery patch: increased the buffer for the .qmail-default file path, as in particular cases of long path/domain names it will result truncated. Fixed another bug where the .qmail.default file where opened twice.
    - now if vdelivermail is installed the "delete" option will be used instead of "bounce-no-mailbox", which is not reasonable anymore
  • March 21, 2021
    qmail combined patch updated. RSA key and DH parameters increased to 4096 bits
  • March 9, 2021
    vpopmail: the patch now installs the sql code needed for "one table per domain" (--disable-many-domains) in ~/vpopmail/etc/pwd-query_disable-many-domains.sql and creates the sql procedure if needed. Of course this add-on to vpopmail will be completely transparent when you compile with the default option --enable-many-domains
  • Feb 26, 2021
    vpopmail: added a defaultdelivery patch, which makes vpopmail to copy your preferred delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domains, overriding the default vpopmail's behaiviour, where vpopmail copies its delivery agent vdelivermail.
    Feb 5, 2021
    - vpopmail: the patch has been improved. The sql-aliasdomains stuff is now done by means of the vpopmail's C programs and functions.
    Feb 3, 2021
    - vpopmail: new patch and script released.
    Just configure --enable-sql-aliasdomains (default) and forget. The dbtable will be created the first time you will create an aliasdomain.
  • Jan 29, 2021
    - dovecot/auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
    - dovecot/dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
    - vpopmail: sql-aliasdomains and combined patch released (new aliasdomains dbtable has to be created!)
  • Jan 13, 2021
    - vpopmail/dovecot: added support for sql aliasdomains
  • Gen 5, 2021
    - dovecot upgraded to v. 2.3.13 (vpopmail-auth removed by dovecot's developers)
    - pigeonhole upgraded to v. 0.5.13
  • Gen 3, 2021
    - Roundcube: Upgraded to v. 1.4.10
    - Roundcube: disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.
  • Gen 2, 2021
    - ucspi-tcp6: upgraded to latest version
    - fehQlibs have to be installed as a prerequisite of ucspi-tcp6
  • Dec 4, 2020
    - combined patch for qmail updated to solve compatibility problems with new gcc-10
    - a patch was also released to get vpopmail compiled with gcc-10
    - Tony Fung suggested a script to expunge messages, which can be very useful in case you need to expunge differently depending on your mailboxes/domains.
  • Nov 18, 2020
    - solved some priviledge problems with the reports of the RC's markasjunk plugin, which is going to write inside the log dir and read the razor's identity file.
    - moved all log files into /var/log/spamassassin (apache group now has +w priv). spamdctl and logrotate scripts modified accordingly
  • 2020.10.30
    Clamav: added clamav-unofficial-sigs (tx Tony Fung for the suggestion). Updated clamdctl and freshclamctl scripts to allow the restart function, needed by clamav-unofficial-sigs script
  • 2020.10.28
    modified the spamassassin's DMARC rule. Now it passes emails with one between DKIM and SPF valid, according to RFC7489 (thanks Marcel Veldhuizen and Iulian for the hints)
  • 2020.10.08 bug fix (tx Tony Fung)
  • 2020.09.02
    spamassassin/DMARC: corrected the askDNS rule as it was not triggering the reject in the event that only one of DKIM or SPF failed (tx A F)
  • 2020.09.01
    qmailadmin: minor adjustments to the skin patch
  • 2020.08.12
    dovecot: upgraded to v.
    dovecot-pigeonhole: upgraded to v. 0.5.11
  • 2020.08.11
    Roundcube: upgrade to v. 1.4.8
  • 2020.08.10
    - new qmailadmin skin/combined patch released:
    mod_user.html: added the "value" attribute to the name/gecos input tag (tx Pablo Murillo)
  • 2020.08.04
    - simscan: upgraded to v. 1.4.1
  • 2020.08.02
    - several clarifications in the simscan page;
    - revised the ripMIME installation as the dev version of the program is now downloaded from github, to solve complation breaks.
  • 2020.07.29
    - new combined patch
    * dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui).
  • 2020.07.27
    - new combined patch
    * added a fix for cve-2005-1513 (tx C for the hint)
  • 2020.07.15 
    - spamassassin: added Razor2, Pyzor, Spamcop configuration
    - Roundcube/markasjunk plugin has now info about the cmd_learn and the multi_driver drivers
    (tx Gabriel Torres)
  • 2020.07.03
    Roundcube/password plugin: added a patch to make it work in combination with cracklib, to enforce password strenght (tx Tony Fung)
  • 2020.06.10
    Roundcube: upgrade to v. 1.4.5 
  • 2020.05.22
    new qmailadmin skin/combined patch released
  • 2020.05.05
    * patched qmailadmin to provide a new responsive skin for the control panel.
    * combined patch released
  • 2020.05.01
    * added qmailadmin-cracklib patch to enforce password complexity
    * pwd-strenght patch removed
  • 2020.04.25
    -combined patch updated
    * qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca)
  • 2020.04.16
    - new combined patch: qmail-remote-logging patch added (more info here)
  • 2020.04.10
    - new combined patch: DKIM patch updated to v. 1.28
    * outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
    * declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
  • 2020.03.31
    - DKIM configuration: added UNSIGNED_SUBJECT variable to the run files, which can be useful to declare if one wants to allow messages without the sign of the subject (more info here)
    dovecot: added the autoexpunge setting in 15-mailbox.conf. The expunge via cronjob in not needed anymore
  • 2020.02.26
    vqAdmin: fixed a problem which was preventing the patch to be applied (tx Marco Varanda)
  • 2020.02.25
    dovecot: modified 10-master.conf to set up stats' service priviledges and correct an error which appeared in qmail-send
  • 2020.02.11
    table spamassassin.txrep modified as the column "count" was renamed (tx Tony Fung).
  • 2020.02.06 applied a patch to make the program python3 compliant (tx Tony Fung)
  • 2020.02.04
    dovecot-sql.conf.ext: adjusted the user_query string to get compatibility with mariadb-10.3 (tx Tony Fung)
  • 2020.01.11
    - new combined patch: qmail-tls patch updated to v. 20200107
    * working client cert authentication with TLSv1.3
  • 2019.12.12
    spamassassin: upgraded to v. 3.4.3
  • 2019.12.08
    - big patch updated
    * qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na) 
    - domainkeys script improved: it now manages 2048 bit long key (tx Tatsuya Yokota)
  • 2019.12.01
    dovecot: upgraded to v. 2.3.8
    dovecot-pigeonhole: upgraded to v. 0.5.8
    Roundcube: upgraded to v. 1.4.1 (mobile responsive skin released!)
    Roundcube plugins: updated
  • 2019.09.18
    spamassassin: added a page concerning TxRep and another one concerning DMARC filter
  • 2019.09.09
    dovecot: now the SQL user_query retrieves the quota as well (tx Alexandre Fonceca, more info here)
  • 2019.08.07
    - a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
    * BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
  • 2019.07.12
    - qmail-channels patch added
    more info here 
    - improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here.
  • 2019.06.19
    - DKIM patch updated to v. 1.26
    * BUG - honor body length tag in verification
  • 2019.05.24
    - qmail-tls patch updated to v. 20190517
    * bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
  • 2019.05.23
    - DKIM patch updated to v. 1.25
    * SIGSEGV - when the txt data for domainkeys is very large exposed a bug in the way realloc() was used incorrectly.
    * On 32 bit systems, variable defined as time_t overflows. Now qmail-dkim will skip expiry check in such conditions.
  • 2019.04.25
    * bug fixed on qmail-smtpd.c: it was selecting the wrong openssl version on line 2331 (tx ChangHo.Na)
    - qmail-tls patch updated to v. 20190408
    * make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
    * compiler warnings on char * casts (Kai Peter)
  • 2019.04.03
    - libdomainkeys patch updated (tx Manvendra Banghui)
  • 2019.03.22
    - new combined patch: fixed a bug causing crashes of qmail-remote when using openssl-1.1 (tx Luca Franceschini)
  • 2019.02.27
    - port to openssl-1.1
    - DKIM patch updated to v. 1.24
    * bug fix: restored signaturedomains/nosignaturedomains functionalities.
  • 2019.02.26
    simscan: patch updated (tx Pablo Murillo)
    vQadmin: some adjustments into apache config and it's working again under apache-2.4 (tx Erald)
  • 2019.02.01
    fail2ban upgraded to v. 0.10.4
  • 2018.09.23
    spamassassin upgraded to v. 3.4.2
  • 2018.08.25
    -DKIM patch updated to v. 1.23
    * fixed a bug where including round brackets in the From: field ouside the double quotes (From: "Name Surname (My Company)" <>) results in a DKIMContext structure invalid error (tx Mirko Buffoni).
    * qmail-dkim and dkim were issuing a failure for emails which had multiple signature with at least one good signature. Now qmail-dkim and dkim will issue a success if at least one good signature is found.
  • 2018.08.23
    -logging patch updated to v. 5
    * fixed a bugin logit and logit2 functions where a RSET command and a subsequent brutal quit of the smtp conversation ^] by the client cause a segfault (tx Mirko Buffoni, more info here)
  • 2018.08.02
    ezmlm-web: Ricardo Brisighelli sent me two patches which solves compilation breaks with gcc-7
  • 2018.06.22
    -clamav updated to v. 0.100.0
  • 2018.04.06
    -added a patch to daemontools to extend the log file size limit to 100MB (tx Sam Tang)
  • 2018.04.04
    -qmailctl script updated (tx Sam Tang)
    * "qmailctl stat" now shows something like "0 days, 00 hours 16 mins"
    * can assign another service which related qmail for monitoring, like dovecot, clamd, freshclam...
    * change "up" and "down" to green and red color.
  • 2018.04.03
    -DKIM patch updated to v. 1.22
    * openssl 1.1.0 port
    * various improvements, bug fixes
  • 2018-03-21
    added a new page to explain how to install a letsencrypt certificate for qmail and dovecot here
  • 2018-02-07
    clamav updated to v. 0.99.3 (bug fix, tx to Bob Greco
  • 2018-01-10
    == combined patch updated
    * fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here and here.
    * removed, because it was causing more problems than advantages, as the domain of the log@yourdomain.tld had to match the system domain inside control/me and can't be a virtual domain as well.
    == dovecot: upgraded to v. 2.3.0
    == dovecot-pigeonhole: upgraded to v. 
  • 2017-10-24
    new patch arrived (tx Luca Franceschini)
    -qlogfix (diff here)
    * log strings should terminate with \n to avoid trailing ^M using splogger
    * bug reporting custom errors from qmail-queue in qlog
    -added dnscname patch
    -added rcptcheck patch
    added (tx Luca Franceschini)
    added a page about usage
  • 2017-09-05
    Roundcube upgraded to v. 1.3.1. The enigma plugin requires Crypt_GPG-1.6.2
  • 2017-08-24
    -fail2ban: the qmail-smtpd.conf filter has been simplyfied and is now based on the "qlogenvelope" lines 
  • 2017-08-18
    -combined patch updated: qmail-smtpd now retains authentication upon rset (tx to Andreas)
  • 2017-07-05
    -roundcube upgraded to v. 1.3.0
  • 2017-05-14
  • Combined patch updated:
    DKIM patch updated to v. 1.20
    It now manages long TXT records, avoiding the rejection of some messages.
  • 2017-03-02
    -ucspi-tcp6 upgraded to v. 1.04 (some bug fixes
  • 2016-12-19
    -Several new patches and improvements added (thanks to Luca Franceschini)
    More info here
  • 2016-12-14
    simscan: bug fix and new combined patch (thanks to Bob Greco, more info here)
  • 2016-12-02
    -fixed BUG in qmail-remote.c: in case of remote server who doesn't allow EHLO the response for an alternative
    HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
    Patch applied:
  • 2016-09-19
    -big patch updated: qmail-tls patch updated to v. 20160918
      * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
      * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
  • 2016-08-06
    qmailadmin: added the ezmlm-idx 7 compatibility patch
  • ucspi-tcp6 upgraded to v. 1.02
  • 2016-07-20
    -roundcube: added enigma plugin
  • 2016-05-31
    -roundcube upgraded to v. 1.2.0. All plugins updated as well
  • 2016-05-15
    -force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
    the STARTTLS command was not sent by the client
  • 2016-03-09
    -combined patch updated
    * dkim patch updated to v. 1.19: verification will not fail when a dkim signature does not include the subject provided that the  UNSIGNED_SUBJECT environment variable is declared. More info here.
  • 2016-01-18
    -removed the line "DKIMKEY=/var/qmail/control/domainkeys/%/default" from the qmail rc config file, as DKIMKEY is actually ignored by dk-filter, which will look for the key in that location by default. Use DKIMSIGN instead to define yor domainkey location (thanks to Steffen for the hint)
  • 2015-12-26
    qmail-tls updated to v. 20151215
    * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
    * add ECDH to qmail-smtpd
    * increase size of RSA and DH pregenerated keys to 2048 bits
    * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
    more info here 
    -roundcube upgraded to v. 1.1.4 (security fixes, more info here)
  • 2015-12-15
    -DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
    qmail-submission/run modified: SMTPAUTH="!" to enable the submission feature (auth required). Now incoming msg can be received only on standard 25 port 
  • 2015-10-06
    -fail2ban upgraded to v. 0.9.3
  • 2015-10-03
    -new combiend patch released: qmail-authentication updated to v. 0.8.3
  • 2015-09-02
    dovecot: the user query on the auth is now able to manage pop3/imap/webmail vpopmail limits (thanks to Arturo Blanco)
  • 2015-08-29
    vQadmin: combined patch released (more info inside the patch itself)
  • 2015-08-08
    -fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
  • 2015-05-28
    qmailadmin: added a patch to log auth failures (thanks to Tony)
    fail2ban: added a filter against qmailadmin log failures
  • 2015-05-03
    spamassassin: upgraded to v. 3.4.1
  • 2015-04-25
    qmailadmin: added a patch to check for the password strenght
  • 2015-04-11
    -combined patch updated: 
    --qmail-authentication: upgraded to v. 0.8.2
    --qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
  • 2015-03-28
    -combined patch updated: added qmail-empf patch
  • 2015-02-25
    the home page graphic of qmailadmin has copyright issues as shown here (thanks to Marc for the hint)
  • 2015-02-17
    roundcube: upgraded to v. 1.1.0. All plugins have been upgraded as well
  • 2015-01-10
    roundcube: added carddav plugin
  • 2014-11-20
    combined patch updated:
    -the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian).
  • 2014-11-15
    combined patch updated:
    -modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log (thanks to Simone for the hint). Look here for details.
  • 2014-11-08
    simscan has been improved with the jms patch. The work dir is mounted as a ramdisk now
  • 2014-10-29
    fail2ban: qmail-smtp.conf filter updated to look for GREETDELAY lines
  • 2014-10-14
    SSLv3 disabled on dovecot because of security reasons (more info here)
  • 2014-10-14
    dovecot upgraded to v. 2.2.14
    dovecot-pigeonhole recompiled
  • 2014-10-04
    dovecot upgraded to v. 2.2.14.rc1
    dovecot-pigeonhole upgraded to v. 0.4.3
    the global sieve folder was moved to /usr/local/dovecot/etc/sieve/
  • 2014-09-29
    roundcube upgraded to v. 1.0.3.
    added a roundcube-auth filter to fail2ban
  • 2014-08-26
    roundcube upgraded to v. 1.0.2. Fixed some errors in the relative page, as sometime the $config variable was still $rcmail_config as in the past, and all the config files are now merged into (thanks to Otto)
  • 2014-08-24
    the log rotation of qmail is managed by the jms' Thanks to Marc for the suggestion
  • 2014-08-18
    added a page concerning fail2ban setup
  • 2014-05-13
    clamav upgraded to v. 0.98.3
    roundcube upgraded to v. 1.0.1
    ezmlm-idx upgraded to v. 7.2.2
    qmailadmin recompiled against ezmlm-idx-7.2.2
  • 2014-05-03
    ezmlm-idx upgraded to v. 7.2.0
    Bruce Guenter has released a new version of ezmlm-idx, getting the program to be compliant with the Yahoo DMARC Policy Change. You have to recompile qmailadmin against ezmlm as well.
  • 2014-04-14
    combined patch updated:
    -added qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified
  • 2014-04-08
    roundcube upgraded to v. 1.0.0
  • 2014-03-10
    combined patch updated:
    -added qmail-smtpd-liberal-lf patch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
  • 2014-02-14
    spamassassin upgraded to v. 3.4.0
  • 2014-01-10
    roundcube upgraded to v. 1.0-rc. Plugins have been upgraded as well
  • 2014-01-24
    ucspi-tcp6 upgraded to v. 1.00: fixed problems when compiling with C99 compilers
  • 2013-12-30
    combined patch updated:
    -added qmail-SRS patch. You must install libsrs2 now.
    -the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
  • 2013-12-20
    combined patch update (more info here):
    -added qmail-date-localtime patch
    -added qmail-hide-ip patch
    -the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now communications trying to send commands before the greeting will be closed. Premature disconnections will be logged as well. More info here
    -modified the configuration of qmail-smtpd and qmail-submission according to the new greetdelay patch
    -updated the page concerning greetdelay
    -CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like )
    -chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
    -added qmail-moreipme patch
    -added qmail-dnsbl patch (more info here)
    -added a page concerning qmail-dnsbl patch
  • 2013-12-05
    added two patches to my combined patch to make qmail rfc2821 compliant
  • 2013-11-23
    any-to-cname patch added to the combined patch
  • 2013-10-30
    Added two contributions by Costel Balta:
    -how to avoid to be "cut off" from (read here)
    -adding the foxhole db to clamav (on the bottom of the clamav page)
  • 2013-09-27
    -DKIM patch upgraded to v. 1.17. Defined -DHAVE_SHA_256 while compiling dkimverify.cpp in the Makefile. This solved an issue while verifying signatures using sha256.
  • 2013-09-16
    Minor fixes to the DKIM patch
  • 2013-09-14
    -new combined patch released. The DKIM patch has been upgraded to v. 1.16; the signing at qmail-remote level has been revised by its author.
    -I added notes about qmail-remote signing in the DKIM page of this guide.
    -the domainkey program now gives ownership of the domainkey to qmailr, which runs qmail-remote
  • 2013-08-25
    -qmail-qmqpc.c call to timeoutconn() needed a correction because the function signature was modified by the
     outgoingip patch. Thanks to Robbie Walker
     (diff file here
  • 2013-08-22
    ucspi-tcp6: upgraded to v. 0.99. The current version includes an hack by Manvendra Bhangui from which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you install his modified qmail-spf patch (my combined patch already has this adjustment to spf).
    Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from
  • 2013-08-21
    -big patch updated: fixed a bug in hier.c which caused the installation not to build properly the queue/todo dir structure (thanks to Scott Ramshaw)
  • 2013-08-19
    -DKIM-SURBL patch by Manvendra Bhangui updated to v. 1.14
    -added a page about SURBL configuration
  • 2013-08-12
    -DKIM patch upgraded to v. 1.12. The new patch adds surblfilter functionality.
    -added qmail-smtpd pid, qp log patch
  • 2013-08-08
    -qmail-SPF modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant. In order to have it working with such addresses you have to patch tcpserver.c accordingly. You can use a patch fot ucspi-tcp6-0.98 by Manvendra Bhangui at or wait for v. 0.99 relase of ucspi-tcp6
    -added outgoingip patch
    -added qmail-bounce patch
  • 2013-05-20
    dovecot: upgraded to v. 2.2.2
    dovecot-pigeonhole: rebuilt
  • 2013-05-18
    Roundcube: upgraded to v. 0.9.1
  • 2013-05-09
    -dovecot-pigeonhole: upgraded to stable 0.4.0 version
  • 2013-05-06
    -dovecot: upgraded to v. 2.2.1 The configuration has been modified to use the sql/mysql driver in place of the vpopmail one; the password is now sended in plain text
    -dovecot-pigeonhole: upgraded to latest development version
    -RoundCube: imap_auth_type has been set to NULL to send the password in plain text and make dovecot's auth happy
    -the dovecot's expunge shell script was simplyfied. Using the sql driver solved all issues of the old vpopmail backend related to the missing iteration feature.
  • 2013-04-16
    Roundcube: upgraded to v. 0.9.0
    All rc plugins have been updated as well
  • 2013-03-31
    new combined patch: qmail-auth updated to latest v. 0.8.1 Added authentication by recipient domain for qmail-remote. Look at README.auth for further details
  • 2013-02-11
    new combined patch: some code adjustments in qmail-smtpd.c smtpd_ehlo() to restore total compatibility with esmtp-size patch
  • 2013.02.08
    new combined patch: qmail-auth has been updated to the latest v. 0.7.6. Look at README.auth for further details
    ucspi-tpc6: updated to v. 0.98
  • 2013.01.28 new combined patch released: fixed an issue on qmail-pop3d which was causing a double +OK after the pass command (thanks to Rakesh, Orbit and Simplex for helping in testing and troubleshooting)
  • 2013.01.27 ucspi-tpc6: updated to v. 0.97
  • 2013.01.06 ucspi-tpc6 0.96 by E.Hoffmann replace the ucspi-tcp 0.88 by DJB. It provides IPv6 and rblsmtpd greetdelay support
    combined patch modified. The variable GREETDELAY was renamed to SMTPD_GREETDELAY just to avoid conflicts with the GREETDELAY variable inside rblsmtpd
    qmail-smtpd/run file modified accordingly
  • 2012.11.14 Roundcube: upgraded to v. 0.8.4
  • 2012.11.10 Roundcube: upgraded to v. 0.8.3. Autologon plugin: modified
  • 2012-10-31 new combined patch: qmail-auth has been updated to the latest v. 0.7.5. Look at README.auth for further details
    The qmail-forcetls patch was simplyfied accordingly.
  • 2012.10.25 vpopmail: upgraded to v. 5.4.33 (now marked as stable). Be aware that you have to recompile netqmail, qmailadmin and vqadmin as well.
    qmailadmin: upgraded to v. 1.2.16
  • 2012.10.19 Roundcube: added context menu, autologon and logout_redirect plugins
  • 2012.10.18 Roundcube: upgraded to v. 0.8.2
  • 2012.10.11 dovecot: upgraded to v. 2.1.10
    dovecot-pigeonhole: upgraded to v.0.3.3
  • 2012.10.10 fixed vQadmin 'invalid language' issue (see vQadmin page for details
  • 2012.09.19 ClamAV: upgraded to v. 0.97.6
  • 2012.09.04 zipdownload Roundcube's plugin: modified to gain compatibility to v. 0.8.1 (thanks to taki)
  • 2012.08.31 Roundcube: upgraded to v. 0.8.1
    dovecot: upgraded to v. 2.1.9
    dovecot-pigeonhole: recompiled
  • 2012.08.11 Roundcube: upgraded to v. 0.8.0
  • 2012.05.26 dovecot-pigeonhole: upgraded to v 0.3.1
  • 2012.05.24 dovecot: upgraded to v. 2.1.6
  • 2012-04-25 new combined patch: added qmail-remote CRLF (thanks to Pierre Lauriente for the help on testing and troubleshooting)
    The qmail-remote CRLF patch solved a problem of broken headers after sieve forwarding that was caused by a bad handling of the CR (carriage return) by qmail-remote. The issue is also reported here
  • 2012.04.16
    qmail-tap added to my combined patch
  • 2012.03.03 dovecot: upgraded to v. 2.1.1
    The configuration files have been updated: the most important change was the location of auth_socket_path variable inside 10-mail.conf
  • 2012.02.17 dovecot: upgraded to v. 2.1.0
    dovecot-pigeonhole: upgraded to v.0.3.0
  • 2012.02.08: esmtp-size patch added to my combined patch
  • 2012.01.29: New combined patch released: added doublebounce-trim patch
  • 2012.01.21 Roundcube: updated to v. 0.7.1. All plugins have been updated to latest version as well.
  • 2011.12.13 is not on my RBL examples anymore, as it proved to be a bad list. It's rejecting gmail's IPs and also confusing the IP of my own server as dynamic.
  • 2011.12.12 New combined patch released.
    -modified update_tmprsadh to chown the .pem files to vpopmail to avoid hang-ups during the smtp conversation on port 587 caused by permission problems.
  • 2011.10.06 New combined patch released.
    -fixed qmail-remote.c which was not going into tls on authentication (thanks to Krzysztof Gajdemski)
    -force-tls now quits if the starttls command is not provided when required (thanks to Jacekalex)
  • 2011.09.30 Dovecot: upgraded to v. 2.0.15
    dovecot-pigeonhole: upgraded to v . 0.2.4
    ICU: upgraded to v. 4.8.1
  • 2011.09.29 RoundCube: upgraded to v. 0.6. All plugins have been updated to latest version
  • 2011.08.13 RoundCube: upgraded to v. 0.5.4 (security fix)
  • 2011.07.27: Big patch updated. My force-tls patch allows the management of STARTTLS and CRAM-MD5 variables in the run file, so that there's no need to recompile each time anymore.
    I also added the "qmail-inject-null-sender" patch by Stéphane Cottin, which addresses a bug on qmail-inject
  • 2011.07.23 The configuration of dovecot was updated to allow maildir++ (thanks to Nicolas) on files 90-quota.conf and 20-imap.conf
  • 2011.07.15 The combined patch has been updated: an issue which caused the compilation's break down of qmail on 64b platforms has been fixed
  • 2011.07.03 Added support for rblsmtpd. Added a page about the greetdelay patch.
  • 2011.06.29 New combined patch released. Added ext-todo and big-todo patches, which adress the "silly qmail syndrome" on big servers.
  • 2011.06.24 Spamassassin: updated to v. 3.3.2
  • 2011.06.02 Roundcube: updated to v. 0.5.3 (2 important bug fixes)
  • 2011.05.29 Dovecot: added a page concerning the purging of expired emails from Trash/Junk
  • 2011.05.25 RoundCube: updated to v. 0.5.2. Updated almost all roundcube's plugin to latest version.
  • 2011.05.17 Added Luca Morettoni's qmail-rblchk
  • 2011.04.19 Dovecot-2.0.12 upgrade; dovecot-pigeonhole v.0.2.3 upgrade
  • 2011.04.06 Vermulen's TLS patch updated (security fix, see
    New qmail combined patch releasead.
  • 2011.02.25 Added DKIM patch and related page


  • 2010.12.12 first release of this guide and related patch


updatedb patch

Hello Roberto,

Can I ask you to clarify a bit this:

* removed, because it was causing more problems than advantages, as the domain of the log@yourdomain.tld had to match the system domain inside control/me and can't be a virtual domain as well."

In my setup I have a log@defaultdomain.tld which is a very important mailbox that I cannot change.

The only way to avoid duplicate mail has always been to apply this fix after your patch (file extra.h)

#define QUEUE_EXTRA "Tlog\0" -> #define QUEUE_EXTRA ""

If I understand correcty with the qmail-extra patch removed this is not going to be needed, correct ?

Thank you !

Rispondi |

updatedb patch

Correct :-)

Rispondi |

updatedb patch

Thank you Roberto !

Rispondi |

Ultimi commenti
Articoli recenti

RSS feeds