Testing qmail, SMTP and auth

Hi Roberto , 

I am getting the following error  when I  on  my installation which is on Rocky Linux 8 , I have followed your guide point to point. Strangely the services are working but below message shows when I do 

ps axfww

135277 ? S 0:00 \_ readproctitle service errors: ...fatal: unable to acquire vusaged/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-submission/supervise/lock: temporary failure supervise: fatal: unable to acquire vusaged/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-submission/supervise/lock: temporary failure supervise: fatal: unable to acquire vusaged/supervise/lock: temporary failure

What I have observed is the server works fine after a fresh reboot of the entire OS . But when I try and issue the command 

qmailctl reboot 

I get the above error 

Can you guide me what might be going wrong. 

Thanks in advance

you are handling your daemontools via systemd, therefore you cannot use qmailctl to start/stop/boot the services. Use systemctl instead

A lot of people is asking me how to solve this... I think I have to remove the systemd notes as they are throwing people into confusion...

Thanks buddy for the quick reply.  I have been using your guide and qmail server ever since 2018 on centos 6 , and finally took the leap to upgade and migrate it to Rocky Linux 8 . 

Thanks a lot for all the good work that you do to keep qmail alive . 

Regard

Shailendra

Roberto,

First, thanks for being patient with me regarding my earlier attempt to install this monster of code.

I have it up and running but still a few things are not working but I am not sure why.

My "ps awxff" looks perfect.

I can receive email to my account and I can log in and view my emails using Roundcube.  However, I cannot send emails from Roundcube.  SMTP Authorization error.

I can send emails from Thunderbird but it will not receive emails.  If sending emails, it tells me it could not store the email in the "sent" directory.  It will also not sync directories between my server and Thunderbird.

I can telnet in on 25, 143 and 587 and send emails but not from Roundcube.

Hi Jeffrey,

can you post the Roundcube configuration concerning the SMTP part? also post the roundcube/logs/errors.log or sendmail.log (just the errors if you find anyone, not the entire log)

I have this configuration and it works well

$config['smtp_debug'] = true; 
$config['smtp_host'] = 'localhost:25'; 
//$config['smtp_auth_type'] = 'PLAIN'; 
$config['smtp_user'] = ''; 
// SMTP password (if required) 
// Note: When set to '%p' current user's password will be used 
$config['smtp_pass'] = '';

You can activate the smtp_debug flag to show everything. Be aware that if you leave empty user and password you won't be required to do the authentication while sending and things are easier

Evening Roberto,

I can send and receive emails through Roundcube, ezmlm is working fine (even without the ##L@##H feature) but my problem is with external email programs.

I use Thunderbird on my desktop and the standard email app on my iPhone.  I never changed the setting in Thunderbird from the earlier version.  However, I can neither send or receive emails through it.  Always tells me "Sending of the message failed.  The message could not be sent because connecting to Outgoing server (SMTP) mail.studylight.org failed.  The server may be unavailabel or is refusing SMTP connections.

The setting are 587 STARTTLS with normal password.

The same is with the iPhone mail app.  Cannot connect to the SMTP server.

This search  "sudo netstat -tulnp | grep -E ':(143|587)' results in:

tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1316/dovecot 
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 10071/tcpserver 
tcp6 0 0 :::143 :::* LISTEN 1316/dovecot

What am I missing? 

Hi Jeffrey,

before testing the remote client I would repeat all the telnet tests but this time from remote. You should protect ports 143 and 110 with a firewall, to avoid that your users use them. Did you configure ports 993 and 995?

This is my current UFW report:

Status: active

To Action From
-- ------ ----
Apache Full ALLOW Anywhere 
69.162.65.51 25/tcp ALLOW Anywhere 
69.162.65.51 110/tcp ALLOW Anywhere 
69.162.65.51 143/tcp ALLOW Anywhere 
69.162.65.51 587/tcp ALLOW Anywhere 
69.162.65.51 465/tcp ALLOW Anywhere 
69.162.65.51 993/tcp ALLOW Anywhere 
69.162.65.51 22/tcp ALLOW Anywhere 
Apache Full (v6) ALLOW Anywhere (v6)

My understanding from UFW documentation, if it is not listed it is closed.

What would you suggest?

I will redo the test tomorrow and let you know the results.

110 and 143 shouldn't be allowed for the outnet. Protect them with a firewall or configure dovecot in order to listen to localnet only

Ports 110 and 143 are no longer available.

I was able to pass all the tests on this page.

However, I really do need to be able to get my email through my iPhone and Thunderbird (or similar) on my desktop.  How can I do that?

If you passed the tests and rouncube is able to send and receive, then it's a client configuration issue...

After six years on a old server, I am having to port things over to a new ubuntu server.  Basically, I have everything but the mailserver working.

The mailserver is driving me crazy.  I chose not to do the "each domain its own table" route.  But I am at the point where I can telnet into the mail server and it will accept my login but promtly close the connection.

The user and domain are properly set in vpopmail but if I send an email from an external domain I receive back that the mailbox doesn't exist.

HELP!

Hi, it's impossible to guess what's happening with no details... If I understand well you are disconnected from the ssh session. In this case it's not a mailserver only issue and I would check the firewall and the net in general. Do you have any other option to login into the server with a recovery console or whatever?

I have deleted the /var/qmail/ directory and reinstalled the whole thing but the queue still fills up and will not send anything.

I understand it must be a permissions thing.

I have tried doing qmailctl doqueue over and over but it does not move them out of the queue.

I have tried running the queue-repair -r and it says it fixed everything but when I then run queue-repair -t it shows me thing that need to be fixed.  Even if I repeat the -r it will still show me those as needing to be repaired.  Mainly it is chmod from 600 to 644 or 644

In addition, I have faithfull installed the supervise zip file and made the corrections you mentioned but still contstantly get:

readproctitle service errors: ... fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure
readproctitle service errors: ...ailure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire vusaged/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpsd/supervise/lock: temporary failure

I do a qmailctl clear and they still come right back.

It is so frustrating.

Which OS are you running? Are you starting daemontools via systemd or you are running it manually via rc.local? I strongly suggest to uninstall the systemd service and start it with /command/svscanboot

Can you post the content of "ps axfu" please?

THis is the "ps axfu | grep qmail"

root 345403 0.0 0.0 7076 2048 pts/3 S+ 18:11 0:00 \_ grep qmail
root 164052 0.0 0.0 2548 1024 ? S 16:00 0:00 \_ readproctitle service errors: ...lure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure
root 164069 0.0 0.0 2548 1024 ? S 16:00 0:00 \_ readproctitle service errors: ...ary failure supervise: fatal: unable to acquire clear/supervise/lock: temporary failure supervise: fatal: unable to acquire vusaged/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpsd/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure
root 164183 0.0 0.0 2560 1280 pts/3 S 16:00 0:00 | \_ supervise qmail-smtpd
vpopmail 245681 0.0 0.0 2860 1536 pts/3 S 17:01 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.smtp.cdb -c 200 -u 2012 -g 2007 0 25 /var/qmail/bin/qmail-smtpd /bin/true
qmaill 164196 0.0 0.0 2708 1280 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog
root 164185 0.0 0.0 2560 1280 pts/3 S 16:00 0:00 | \_ supervise qmail-submission
root 245686 0.0 0.0 2860 1536 pts/3 S 17:01 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.submission.cdb -c 200 -u -g 2007 0 587 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
qmaill 164197 0.0 0.0 2708 1536 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/submission
qmaill 164201 0.0 0.0 2708 1280 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vpopmail
qmaill 164205 0.0 0.0 2576 1024 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/dovecot
qmaill 164206 0.0 0.0 2708 1280 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vusaged
root 164195 0.0 0.0 2560 1280 pts/3 S 16:00 0:01 | \_ supervise qmail-send
qmails 345387 0.0 0.0 0 0 pts/3 Z 18:11 0:00 | | \_ [qmail-send] 
qmaill 164208 0.0 0.0 2708 1280 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
qmaill 164211 0.0 0.0 2576 1024 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpsd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpsd/qlog
root 164307 0.0 0.0 2560 1280 pts/3 S 16:00 0:02 | \_ supervise qmail-smtpsd

this is the result of "ps axfu | grep dovecot"

root 346269 0.0 0.0 7076 2048 pts/3 S+ 18:11 0:00 \_ grep dovecot
root 164246 0.0 0.0 2560 1280 ? S 16:00 0:00 | \_ supervise dovecot
root 245702 0.0 0.0 6336 3840 ? S 17:01 0:00 | | \_ /usr/local/dovecot/sbin/dovecot -F
root 245703 0.0 0.0 5412 3328 ? S 17:01 0:00 | | \_ dovecot/anvil
root 245704 0.0 0.0 5520 3072 ? S 17:01 0:00 | | \_ dovecot/log
root 245705 0.0 0.0 8588 5120 ? S 17:01 0:00 | | \_ dovecot/config
dovecot 246289 0.0 0.0 6504 3328 ? S 17:01 0:00 | | \_ dovecot/stats
dovenull 276425 0.0 0.0 13224 9216 ? S 17:24 0:00 | | \_ dovecot/imap-login
vpopmail 276485 0.0 0.0 49328 10496 ? S 17:24 0:00 | | \_ dovecot/imap postlogin
dovecot 345150 0.0 0.0 20156 10240 ? S 18:10 0:00 | | \_ dovecot/auth
qmaill 164205 0.0 0.0 2576 1024 pts/3 S 16:00 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/dovecot
root 164182 0.0 0.0 2548 1024 pts/3 S 16:00 0:00 \_ readproctitle service errors: ...unexpected ./run: 87: Syntax error: newline unexpected ./run: 87: Syntax error: newline unexpected ./run: 87: Syntax error: newline unexpected supervise: fatal: unable to acquire dovecot/supervise/lock: temporary failure ./run: 87: Syntax error: newline unexpected ./run: 87: Syntax error: newline unexpected ./run: 87: Syntax error: newline unexpected ./run: 87: Syntax error: newline unexpected

Please answer also the other question: how are you starting qmail? Is systemd involved? Do you have defunct qmail processes? Please post again the entire content of ps axfu, but without doing any grep use. Just cut and paste the content of all qmail related processes.

In addition I would like to know if you have a rc.local service and, if yes, what is the content of rc.lcal

#  how are you starting qmail? Is systemd involved? Do you have defunct qmail processes?

rc.local file using the systemd  as shown below the results of the ps axfu command.

# Please post again the entire content of ps axfu, but without doing any grep use. Just cut and paste the content of all qmail related processes.

root 919 0.0 0.0 2800 1536 ? Ss 19:33 0:00 /bin/sh /usr/bin/svscanboot /etc/service/
root 935 0.0 0.0 2728 1280 ? S 19:33 0:00 \_ svscan /etc/service
root 942 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise qmail-smtpd
root 943 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise log
qmaill 953 0.0 0.0 2708 1024 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog
root 945 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise qmail-send
root 946 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise log
qmaill 952 0.0 0.0 2708 1024 ? S 19:33 0:00 | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
root 936 0.0 0.0 2548 768 ? S 19:33 0:00 \_ readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................
root 921 0.0 0.0 2800 1536 ? Ss 19:33 0:00 /bin/sh /command/svscanboot
root 961 0.0 0.0 2728 1024 ? S 19:33 0:00 \_ svscan /service
root 969 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise qmail-submission
root 970 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise log
qmaill 981 0.0 0.0 2708 1280 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/submission
root 971 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise vpopmaild
root 972 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise log
qmaill 985 0.0 0.0 2708 1280 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vpopmail
root 973 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise clear
root 974 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise dovecot
root 975 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise log
qmaill 987 0.0 0.0 2708 1280 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/dovecot
root 976 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise vusaged
root 977 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise log
qmaill 986 0.0 0.0 2708 1280 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vusaged
root 982 0.0 0.0 2560 1024 ? S 19:33 0:00 | \_ supervise qmail-smtpsd
root 983 0.0 0.0 2560 1280 ? S 19:33 0:00 | \_ supervise log
qmaill 993 0.0 0.0 2708 768 ? S 19:33 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpsd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpsd/qlog
root 4548 0.0 0.0 0 0 ? Z 19:35 0:00 | \_ [supervise] 
root 4549 0.0 0.0 0 0 ? Z 19:35 0:00 | \_ [supervise] 
root 4550 0.0 0.0 0 0 ? Z 19:35 0:00 | \_ [supervise] 
root 4551 0.0 0.0 0 0 ? Z 19:35 0:00 | \_ [supervise] 
root 962 0.0 0.0 2548 1024 ? S 19:33 0:00 \_ readproctitle service errors: ...lure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure 

# In addition I would like to know if you have a rc.local service and, if yes, what is the content of rc.lcal

Contents of the /etc/rc.local file:

#!/bin/bash -e

/usr/local/bin/dovecotctl start &
/usr/local/bin/spamdctl start &
/usr/local/bin/freshclamctl start &
/usr/local/bin/clamdctl start &
/usr/local/bin/fail2ban start &
/usr/local/bin/qmailctl start &

Contents of the /etc/systemd/system/rc-local.service:

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
# SysVStartPriority=99 This was commented out since Ubuntu didn't like it.

[Install]
WantedBy=multi-user.target

I rebooted again and this was the result of the qmailctl -stat:

qmailctl stat
qmail-smtpd: [ down ] 27 seconds,
qmail-smtpd/log: [ up ] (pid 953)
qmail-smtpsd: [ down ] 19 seconds,
qmail-smtpsd/log: [ up ] (pid 993)
qmail-submission: [ down ] 28 seconds,
qmail-submission/log: [ up ] (pid 981)
qmail-send: [ down ] 19 seconds,
qmail-send/log: [ up ] (pid 952)
vpopmaild: [ down ] 27 seconds,
vpopmaild/log: [ up ] (pid 985)
vusaged: [ down ] 29 seconds,
vusaged/log: [ up ] (pid 986)
dovecot: [ down ] 29 seconds,
dovecot/log: [ up ] (pid 987)

clamd status: [ up ]
freshclam status: [ up ]
spamd status: [ up ]
httpd status: [ down ]
solr status: [ up ]
mariadb status: [ up ]
fail2ban status: [ down ]

messages in queue: 20
messages in queue but not yet preprocessed: 26

As you can see, most didn't start up 

you are starting the qmail services twice, one by systemd, which has a daemontools service, and another one by rc.local.

You have to switch off one of the two, then kill all qmail processes and reboot qmail

I removed the line from the rc.local file, then rebooted my server.

After rebooting the first thing I did was a "qmailctl stat" which showed:

What am I still missing?

I'm sorry but your previous post was hardly understandable. Please post *only* the qmail section without the rest showing the process hierarchy in this way

ps axfu

(you forgot the f)

Please, again: do not post all these 10000 rows of not usefull data (I have cut them). It will make this page unreadable to others. Just cut & paste the qmail part without using grep. I need the "f" parameter in your ps process:

ps axf

In addition, if you decided to use systemd for starting qmail, you don't have to run it via qmailctl. When you type

qmailctl start

you have 2 qmail running and you get the issues that you see in the processes.

I strongly suggest to throw away that systemd daemontools service and use qmailctl only

I remove the daemontools.service and rebooted the server.

Here is the "ps axf" results:

PID TTY STAT TIME COMMAND
912 ? Ss 0:00 /bin/sh /usr/bin/svscanboot /etc/service/
928 ? S 0:00 \_ svscan /etc/service
940 ? S 0:00 | \_ supervise qmail-smtpd
941 ? S 0:00 | \_ supervise log
950 ? S 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog
942 ? S 0:00 | \_ supervise qmail-send
943 ? S 0:00 | \_ supervise log
949 ? S 0:00 | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
929 ? S 0:00 \_ readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................

I'm not sure that systemd is not driving daemontools. In fact the above is systemd running daemontools

Be aware that you are starting dovecot by daemotools and by rc.local, so you have the same issue there.

I took a look through /etc/systemd/system/ and removed things that shouldn't be there.  Then I rebooted.

On reboot this is my "ps afx":

PID TTY STAT TIME COMMAND
918 ? Ss 0:00 /bin/sh /usr/bin/svscanboot /etc/service/
941 ? S 0:00 \_ svscan /etc/service
949 ? S 0:00 | \_ supervise qmail-smtpd
954 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.smtp.cdb -c 200 -u 2012 -g 2007 0 25 /var/qmail/bin/qmail-smtpd /bin/true
950 ? S 0:00 | \_ supervise log
956 ? S 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog
951 ? S 0:00 | \_ supervise qmail-send
4202 ? Z 0:00 | | \_ [qmail-send] 
952 ? S 0:00 | \_ supervise log
955 ? S 0:00 | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
942 ? S 0:00 \_ readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................
1055 ? Ss 0:00 /usr/local/bin/freshclam -d
1097 ? Ssl 0:00 /usr/sbin/opendkim
1123 ? S 0:00 /usr/sbin/chronyd -F 1
1148 ? S 0:00 \_ /usr/sbin/chronyd -F 1
1124 ? SLsl 0:00 /usr/sbin/rngd -r /dev/hwrng
1149 ? Ss 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
3490 ? Ss 0:00 \_ sshd: jgarrison [priv]
3524 ? S 0:00 \_ sshd: jgarrison@pts/0
3535 pts/0 Ss 0:00 \_ -bash
3938 pts/0 S+ 0:00 \_ sudo su -
3963 pts/1 Ss 0:00 \_ sudo su -
3964 pts/1 S 0:00 \_ su -
3981 pts/1 S 0:00 \_ -bash
4213 pts/1 R+ 0:00 \_ ps afx
1214 ? Ss 0:00 /usr/local/dovecot/sbin/dovecot
1217 ? S 0:00 \_ dovecot/anvil
1218 ? S 0:00 \_ dovecot/log
1222 ? S 0:00 \_ dovecot/config
1280 ? Sl 0:00 /usr/bin/python3 /usr/local/bin/fail2ban-server --async -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x --loglevel INFO --logtarget /var/log/fail2ban.log --syslogsocket auto
1530 ? Ss 0:00 spamd
3370 ? S 0:00 \_ spamd child
3371 ? S 0:00 \_ spamd child
1613 ? S 0:00 /usr/bin/python3 /opt/iredapd/iredapd.py
3376 ? Ssl 0:06 /usr/sbin/clamd --foreground=true
3968 ? Ss 0:00 /usr/lib/systemd/systemd --user
3969 ? S 0:00 \_ (sd-pam)

However, the weird part is when I ran "qmailctl stat":

qmail-smtpd: [ up ] (pid 954) 0 day(s), 00:04:03
qmail-smtpd/log: [ up ] (pid 956) 0 day(s), 00:04:03
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
qmail-smtpsd: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
qmail-smtpsd/log: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
qmail-submission: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
qmail-submission/log: s[ up ]ervise not running 0 day(s), 00:00:00
qmail-send: [ up ] (pid 6547) 0 seconds
qmail-send/log: [ up ] (pid 955) 0 day(s), 00:04:03
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
vpopmaild: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
vpopmaild/log: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
vusaged: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
vusaged/log: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
dovecot: s[ up ]ervise not running 0 day(s), 00:00:00
/usr/local/bin/qmailctl: line 38: [: not: integer expression expected
dovecot/log: s[ up ]ervise not running 0 day(s), 00:00:00

clamd status: [ up ]
freshclam status: [ up ]
spamd status: [ up ]
httpd status: [ down ]
solr status: [ up ]
mariadb status: [ up ]
fail2ban status: [ up ]

messages in queue: 69
messages in queue but not yet preprocessed: 74

Notice allthe "/usr/local/bin/qmailctl: line 38: [: not: integer expression exected"

918 ? Ss 0:00 /bin/sh /usr/bin/svscanboot /etc/service/

How did you install daemontools?

My daemontools is not in /usr/bin and has nothing to do with etc/service. Of course qmailctl goes into errors if you are not running it properly.

I removed every reference to daemontools on my server and reinstalled it from your site.

I noticed one thing.  The thing I noticed is that your script for supervise/qmail-smtpd/run has 

>&1

at the end but the supervise/qmail-smtpsd/run doesn't and it was throwing an error.

My biggest issue right now is "readproctitle service errors: ...lure supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-send/supervise/lock"

my current "ps afx"

926 ? Ss 0:00 /bin/sh /usr/bin/svscanboot /etc/service/
942 ? S 0:00 \_ svscan /etc/service
952 ? S 0:00 | \_ supervise qmail-smtpd
959 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.smtp.cdb -c 200 -u 2012 -g 2007 0 25 /var/qmail/bin/qmail-smtpd /bin/true
953 ? S 0:00 | \_ supervise log
962 ? S 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog
954 ? S 0:00 | \_ supervise qmail-send
16202 ? Z 0:00 | | \_ [qmail-send] 
955 ? S 0:00 | \_ supervise log
961 ? S 0:00 | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
943 ? S 0:00 \_ readproctitle service errors: ..........................................................................................................................................................................................................................................................................................................
928 ? Ss 0:00 /bin/sh /command/svscanboot
964 ? S 0:00 \_ svscan /service
973 ? S 0:00 | \_ supervise qmail-submission
987 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.submission.cdb -c 200 -u -g 2007 0 587 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
974 ? S 0:00 | \_ supervise log
989 ? S 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/submission
976 ? S 0:00 | \_ supervise vpopmaild
993 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -H -R -l 0 -u 0 -g 0 0 2007 /home/vpopmail/bin/vpopmaild
978 ? S 0:00 | \_ supervise log
994 ? S 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vpopmail
979 ? S 0:00 | \_ supervise clear
980 ? S 0:00 | \_ supervise dovecot
1028 ? S 0:00 | | \_ /usr/local/dovecot/sbin/dovecot -F
1196 ? S 0:00 | | \_ dovecot/anvil
1197 ? S 0:00 | | \_ dovecot/log
1205 ? S 0:00 | | \_ dovecot/config
11737 ? S 0:00 | | \_ dovecot/imap-login
11738 ? S 0:00 | | \_ dovecot/stats
11739 ? S 0:00 | | \_ dovecot/auth
11760 ? S 0:00 | | \_ dovecot/imap postlogin
13019 ? S 0:00 | | \_ dovecot/imap-login
13039 ? S 0:00 | | \_ dovecot/imap postlogin
14480 ? S 0:00 | | \_ dovecot/imap-login
14481 ? S 0:00 | | \_ dovecot/imap-login
981 ? S 0:00 | \_ supervise log
997 ? S 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/dovecot

But this is not the daemontools as per my notes :-)

PS and you are still booting daemontools twice

I reinstalled daemontools according to your instructions.

With the correction to the /var/qmail/supervise/qmail-smtpsd/run file (adding the >&1) I now have SMTP access to my server from outside.

However, my message que and proprocessed queue are 220 and 225 respectively.  They are not delivering the emails to my Mailbox.

What are my next steps?  Oh, and after I redid the qmail, my qmailadmin states all passwords are incorrect for postmaster.  Nothing changed in the passwords.  

I have finally achieved this after a reboot:

917 ? Ss 0:00 /bin/sh /usr/bin/svscanboot /etc/service/
952 ? S 0:00 \_ svscan /etc/service
957 ? S 0:00 | \_ supervise qmail-smtpd
974 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.smtp.cdb -c 200 -u 2012 -g 2007 0 25 /var/qmail/bin/qmai
958 ? S 0:00 | \_ supervise log
989 ? S 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/sm
959 ? S 0:00 | \_ supervise qmail-submission
976 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l mail.studylight.org -x /var/qmail/control/tcp.submission.cdb -c 200 -u -g 2007 0 587 /var/qmail/bin/q
960 ? S 0:00 | \_ supervise log
995 ? S 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/submission
961 ? S 0:00 | \_ supervise vpopmaild
985 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -H -R -l 0 -u 0 -g 0 0 2007 /home/vpopmail/bin/vpopmaild
962 ? S 0:00 | \_ supervise log
986 ? S 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vpopmail
963 ? S 0:00 | \_ supervise clear
964 ? S 0:00 | \_ supervise dovecot
981 ? S 0:00 | | \_ /usr/local/dovecot/sbin/dovecot -F
1196 ? S 0:00 | | \_ dovecot/anvil
1197 ? S 0:00 | | \_ dovecot/log
1202 ? S 0:00 | | \_ dovecot/config
966 ? S 0:00 | \_ supervise log
979 ? S 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/dovecot
967 ? S 0:00 | \_ supervise vusaged
987 ? Sl 0:00 | | \_ /home/vpopmail/bin/vusaged
968 ? S 0:00 | \_ supervise log
990 ? S 0:00 | | \_ /usr/local/bin/multilog d /var/log/qmail/vusaged
969 ? S 0:00 | \_ supervise qmail-pop3d
983 ? S 0:00 | | \_ /usr/local/bin/tcpserver -l 0 -R -H -v -u 2012 -g 2007 0 17998 /var/qmail/bin/qmail-popup mail.studylight.org /home/vpopmail/bin/vchkpw 
970 ? S 0:00 | \_ supervise log
984 ? S 0:00 | | \_ multilog d /var/log/qmail/pop3d
971 ? S 0:00 | \_ supervise qmail-send
994 ? S 0:00 | | \_ qmail-send
1050 ? S 0:00 | | \_ qmail-lspawn | ~vpopmail/bin/vdelivermail '' delete
1051 ? S 0:00 | | \_ qmail-rspawn
1052 ? S 0:00 | | \_ qmail-clean
1053 ? S 0:00 | | \_ qmail-todo
1054 ? S 0:00 | | \_ qmail-clean
1055 ? S 0:00 | | \_ qmail-rspawn
1056 ? S 0:00 | | \_ qmail-rspawn
972 ? S 0:00 | \_ supervise log
988 ? S 0:00 | | \_ /usr/local/bin/multilog d s16000000 n200 /var/log/qmail/send
973 ? S 0:00 | \_ supervise qmail-smtpsd
991 ? S 0:00 | | \_ /usr/local/bin/sslserver -seV -Rp -l mail.studylight.org -Xx /var/qmail/control/tcp.smtp.cdb -c 200 -u 2012 -g 2007 0 smtps /var/qmail/b
975 ? S 0:00 | \_ supervise log
992 ? S 0:00 | | \_ /usr/local/bin/multilog d n5 s16777215 /var/log/qmail/smtpsd n5 s16777215 -* +*qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/s
980 ? S 0:00 | \_ supervise qmail-pop3ds
4812 ? Z 0:00 | | \_ [tcpserver] 
982 ? S 0:00 | \_ supervise log
998 ? S 0:00 | \_ multilog d /var/log/qmail/pop3ds
953 ? S 0:00 \_ readproctitle service errors: ..................................................................................................................

However, don't see two dovecot instances 

Here is the most recent entries in the current file in the dovecot directory:

2025-03-13 15:06:17.367198560 Mar 13 15:06:17 auth-worker(cc@studylight.org,125.121.95.131)<46091><8PvnqTowa9J9eV+D>: request [1]: Info: sql: unknown user
2025-03-13 15:06:19.671692130 Mar 13 15:06:19 imap-login: Info: Login aborted: Logged out (auth failed, 1 attempts in 2 secs) (auth_failed): user=<cc@studylight.org>, method=PLAIN, rip=125.121.95.131, lip=69.162.65.51, session=<8PvnqTowa9J9eV+D> 
2025-03-13 15:06:26.384752326 Mar 13 15:06:26 auth-worker(cc@mydomain.tld,125.121.95.131)<46091><OZonqjow+NN9eV+D>: request [2]: Info: sql: unknown user
2025-03-13 15:06:29.549278426 Mar 13 15:06:29 imap-login: Info: Login aborted: Logged out (auth failed, 1 attempts in 7 secs) (auth_failed): user=<cc@mydomain.tld>, method=PLAIN, rip=125.121.95.131, lip=69.162.65.51, session=<OZonqjow+NN9eV+D>
2025-03-13 15:08:43.548075841 Mar 13 15:08:43 auth: Warning: Weak password schemes are allowed
2025-03-13 15:08:44.199062199 Mar 13 15:08:44 imap-login: Info: Logged in: user=<jgarrison@studylight.org>, method=PLAIN, rip=31.186.220.66, lip=69.162.65.51, mpid=47172, TLS, session=<NUKjsjowm+MfutxC>
2025-03-13 15:08:45.888832360 Mar 13 15:08:45 imap-login: Info: Logged in: user=<jgarrison@studylight.org>, method=PLAIN, rip=31.186.220.66, lip=69.162.65.51, mpid=47204, TLS, session=<27y6sjownuMfutxC>
2025-03-13 15:08:47.359940029 Mar 13 15:08:47 imap-login: Info: Logged in: user=<jgarrison@studylight.org>, method=PLAIN, rip=31.186.220.66, lip=69.162.65.51, mpid=47233, TLS, session=
2025-03-13 15:15:01.339382955 Mar 13 15:15:01 auth: Warning: Weak password schemes are allowed
2025-03-13 15:15:01.346963176 Mar 13 15:15:01 imap-login: Info: Logged in: user=<revcatch-data@studylight.org>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=50482, secured, session=<zOYnyTowHoZ/AAAB>
2025-03-13 15:15:01.361366584 Mar 13 15:15:01 imap(revcatch-data@studylight.org)<50482><zOYnyTowHoZ/AAAB>: Info: Disconnected: Connection closed (UID SEARCH finished 0.000 secs ago) in=34 out=804 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
2025-03-13 15:19:04.678310231 Mar 13 15:19:04 imap(jgarrison@studylight.org)<47172><NUKjsjowm+MfutxC>: Info: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 116.932 secs, 2 B in + 10+2 B out, state=wait-input) in=490 out=2949 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
2025-03-13 15:19:04.683056312 Mar 13 15:19:04 imap(jgarrison@studylight.org)<47204><27y6sjownuMfutxC>: Info: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 76.713 secs, 2 B in + 10+2 B out, state=wait-input) in=379 out=1473 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
2025-03-13 15:19:04.688511688 Mar 13 15:19:04 imap(jgarrison@studylight.org)<47233>: Info: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 46.230 secs, 2 B in + 10+2 B out, state=wait-input) in=369 out=1380 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

in th /var/log/qmail/send/current file there are a ton of these

2025-03-13 13:19:27.493773828 warning: qmail-todo: unable to unlink suppl0/14/22153614

Can you please

Do vpopmail test on telnet 

enable the dovecot debug 

Rebuild the queue with qmail-repair

Restart services

be sure that you are not starting dovecot twice, as happened for qmail

First of all you have to repeat all tests suggested above and post here the logs, expecially the vpopmail test, which will show why you are failing the authentication

Concening the delivery, how are delivering your mails? are you using vpopmail or dovecot-lda?

can you post the relevant part of qmail-send log and, if you are using dovecot, the dovecot log?

Really hate to be a pain about this but everyone of the tests on the TEST.delivery.txt page failed because they all got stuck in the queue.  The queue is my biggest issue with everything.

I have tried using the queue-repair tools and nothing works.  I stop qmail (but it just respawns) and run the tool.  No matter how many times I run the tools in repair mode or create mode it says it repairs things but you run it again and it repairs the same things.

I am ready to give up because now have 533 messages stuck in the message queue and 538 stuck in preprocessed.

I can run all the tests you want but I will never see the results of sending an email because they will be stuck in the queue.

I am at the point of wanting to give up but still holding out hope that there is some why to unstop this queue.

[stripped all unseful logs]

I understand your frustration, but on your side you should strictly follow what I'm asking for and not bombing with lists of unuseful logs. Please understand that the log tests are priceless information on why your queue and your authentication is not working. Reread my previous message

> Concening the delivery, how are delivering your mails? are you using vpopmail or dovecot-lda?

To be honest, I am not sure.  I have assumed via dovecot but how to be sure?

what do you have in domain's .qmail-default and in recipient .qmail?

I am working on a AlmaLinux release 8.10 server with

Package openssl-1:1.1.1k-14.el8_6.x86_64

At the stage I test for connectivity on smtp (25) or submission (587), i get this TLS that isn't documented anywhere i looked:

If i try via Telnet:

STARTTLS
# telnet server.name.xxx 578
Trying 142.x.x.81...
Connected to server.name.xxx.
Escape character is '^]'.
220 server.name.xxx ESMTP
ehlo 
250-server.name.xxx
250-STARTTLS
250-PIPELINING
250-SMTPUTF8
250-8BITMIME
250 SIZE 20000000
mail from:someone@somewhere.net
530 Authorization required (#5.7.1) 
AUTH PLAIN
538 auth not available without TLS (#5.3.3)
STARTTLS
220 ready for tls

auth
454 TLS connection failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (#4.3.0)
Connection closed by foreign host.

I get the above error isntead of the tls garble.

If I try via:

openssl s_client -starttls smtp -crlf -connect severname:587

The first screens seem good, with the certificate info etc.

But this is what happens after the user name etc.:

read R BLOCK
EHLO test
250-mail.chost.ca
250-PIPELINING
250-SMTPUTF8
250-8BITMIME
250-AUTH LOGIN PLAIN
250 SIZE 20000000
AUTH LOGIN
334 VXNlcm5hbWU6
cGxxxxxxxYQ== (base64 user)
334 UGFzc3dvcmQ6
R2xxxxxNg==(base64 pwd)
RENEGOTIATING
140121503741760:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version:ssl/ssl_lib.c:2135:

When I let the server try to get emails from the outside world, this is the error in /var/log/qmail/smtpd/current:

qlogreceived: result=rejected code=451 reason=queue_delay detail=unable_to_exec_qq_(#4.3.0)

It seems there is something wrong with TLS interacting with the services although everything looks good when i start the process.

Any help would really be appreciated!

I'm in dire straigths :(

Thanks!

is the openssl-1:1.1.1k-14.el8_6.x86_64 package installed in the local server or in the remote server you are telnetting to?

which qmail version have you installed?

It seems like the remote server wants to use an ssl v3 protocol that your server is not allowing.

Concerning this issue

qlogreceived: result=rejected code=451 reason=queue_delay detail=unable_to_exec_qq_(#4.3.0)

you should provide more details in order to spot the cause of the problem. Sometime this can happen when simscan is not working because it's not installed yet or the programs that it calls are not available or are not running. In this case you can temporarily point QMAILQUEUE to qmail-queue in your qmail-smtpd run file:

export QMAILQUEUE="/var/qmail/bin/qmail-queue"

Thank you so much for the quick feedback - no sleep for 24 hours trying to fix the server on xmas day on top of it all :(

My ISP crashed my server and says the disks are dead (!) so I am doing a fresh install on a new server with the latest files you post; qmail-2024.12.01

I am runing the test from the server that hosts Qmail, so the server & the client are on the same machine.

Lmk what additional files I can post or if i can hire your services to fix the issue it would work as i am runing out of luck & energy :(( 

Thanks!

If you are in a hurry and want to hire me drop me a private message.

post your qmail-smtpd/run file and the result of 'qmailctl stat'. Also post the result of the testssl.sh test

Hi Roberto,

is it possible to change port 587 from TLS to SSL, which using the cert as IMAP and POP3 using now?

thank you

Sorry, I can't get what you mean

Hi Roberto, can you help me to investigate why qmail runs on port 25 for a while then it stops responding until I do qmailctl reboot. Pls check following logs

root@202-129-141-33:~# ps axf|grep tcpserver|grep 25
1563725 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l smtp.perfectrun.jp -x /var/qmail/control/tcp.smtp.cdb -c 200 -u 89 -g 89 0 25 /var/qmail/bin/qmail-smtpd /bin/true
root@202-129-141-33:~# netstat -pltnu | grep 25
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2508379/dovecot 
tcp 21 0 0.0.0.0:25 0.0.0.0:* LISTEN 1563725/tcpserver 
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2508379/dovecot 
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2508379/dovecot 
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2508379/dovecot 
tcp6 0 0 fe80::250:56ff:fea3::53 :::* LISTEN 1140572/named 
tcp6 0 0 fe80::250:56ff:fea3::53 :::* LISTEN 1140572/named 
udp6 0 0 fe80::250:56ff:fea3::53 :::* 1140572/named 
udp6 0 0 fe80::250:56ff:fea3::53 :::* 1140572/named 
root@202-129-141-33:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
^C
root@202-129-141-33:~# qmailctl reboot
First stopping services ... 
Now sending processes the kill signal ... 
done
Starting qmail
root@202-129-141-33:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 smtp.perfectrun.jp ESMTP
^]
telnet> Connection closed.
root@202-129-141-33:~#

Hi, which qmail version? Does the connection die after a while even after the reboot? 

Can you post the smtp log and your run file?

The issue happens also in port 587 today. I ran qmailctl reboot to fix this.

QMAIL_VERSION=2024.10.26

I followed all your notes.

Which log do you want to check since there are a lot of logs. smtpd?

Yes, qmail-smtpd log and run file

I have configured ucspi-ssl with qmail on two servers. The SSL server works without problems on the standalone server, but on the server connected to the L4 switch, I see the following error message:

sslserver: fatal: (111) unable to accept TLS from: XXX.XXX.XXX.XXX for pid: XXXXX DH lib

Despite this error, i can still connect to Outlook using port 465 and send emails. When i debug the issue, the SSL_get_error function returns the error SSL_ERROR_SYSCALL.

What is a problem? please help me.

from man sslserver I get

      sslserver: error: (111) unable to accept TLS for pid: ... system lib
      The remote socket was prematurely closed; usually because the X.509 cert was not accepted by the client.

I would check your certificate

I installed ucspi-ssl-0.12.10 and run.

But this error showded

sslserver: fatal: (111) unable to accept TLS from: XXX.XXX.XXX.XXX for pid: XXXXX DH lib

Strangely, outlook is working with 465 port.

Why this error happend?? 

Please help.

from man sslserver I get

      sslserver: error: (111) unable to accept TLS for pid: ... system lib
      The remote socket was prematurely closed; usually because the X.509 cert was not accepted by the client.

I would check your certificate

I have installed two new servers to replace our aging qmail servers.  I have them up and running and delivering mail just fine, I can telnet to port 25 on both machines and it will move mail.  These are just relay servers, there aren't any actual email accounts on them.  The servers sit in our server room and forward email on to Google for some legacy programs that we have that can't talk directly to Google.  The issue pops up when a program tries to connect to port 25 and start a TLS session (without passing a username or password) just for encryption sake.  The old servers were Cent7 and the new servers are Debian 12.  The error that I am seeing in the qmail smtpd log file is "Status 11" and then in journalctl I am getting the following error...

server1 kernel: qmail-smtpd[1642209]: segfault at 5cb577e0 ip 00007f0e3c0458dc sp 00007fff5b865bd0 error 4 in libssl.so.3[7f0e3c02f000+5e000] likely on CPU 0 (core 0, socket 0)

which qmail or qmail patch are you using? I would try to do an strace against the qmail-smtpd process to investigate what's happening in detail

I'm running 1.03

And I will admit that I don't know much about getting a stack trace together to give to you.  I have strace installed and when i run "strace -p #processnumber" it just displays...

strace: Process 1510762 attached
restart_syscall(<... resuming interrupted read ...>

and then I have to Ctrl-C to quit it.

If you are running qmail-1.03 you don't have TLS capabilities on qmail. You should patch qmail for tls using this patch http://inoa.net/qmail-tls/

To trace what qmail-smtpd is doing

strace -f -s 1024 -o strace.log -p qmail-smtpd-pid

but it's not useful at this point, until you don't have TLS enabled on qmail

i started the stack trace like you said and from another server ran the following...

openssl s_client -starttls smtp -connect server1:25 -crlf <<EOF
helo
mail from:myemail@here.com
rcpt to:myemail@here.com
DATA
From: myemail@here.com
To: myemail@here.com
Subject: test

test
.
EOF

and confirmed that no email came through.  went to the qmail server, hit Ctrl-c to exit the trace and the viewed the log file.

1510762 restart_syscall(<... resuming interrupted read ...> 

And that same openssl code works just fine if I bounce it off one of the old servers.  It connects and sends me an email.  So I'm assuming that the install I have for this version of qmail has some sort of TLS already patched in.  It just appears that the new servers are having an issue somewhere with a library.  Qmail on all the servers were installed with the exact same set of instructions and install files.  I did have to make one change to the qmail-smtpd.c file on the new servers because it was throwing an error when i was doing the inital "make"

When the process got to /usr/src/qmail/qmail-1.03/qmail-smtpd.c it was throwing an error (don't recall the exact wording) when it got to the line "ssl->state = SSL_ST_ACCEPT;".  After a lengthy Google debug session i saw a few sites that had to replace that line with "SSL_set_accept_state(ssl);".  I did that and it cleared up.  I don't know if this has anything to do with my current problem or not.  But I thought I would throw that out there.

mmmh you are in good position to have a mess in your server. I strongly suggest to use a patch that is tested. I don't think it's a good idea to modify the sources if you don't know exactly what you are doing. In addition your server certainly has an obsolete TLS support and you'll have rejects from other servers.

You can check if it already has TLS support looking at  the smtp conversation, for example

# telnet 0 25 
Trying 0.0.0.0... 
Connected to 0. 
Escape character is '^]'. 
220 smtp.sagredo.eu ESMTP 
ehlo test 
250-smtp.sagredo.eu 
250-STARTTLS 
250-PIPELINING 
250-8BITMIME 
250 SIZE 10000000

as you see my server is issuing the STARTTLS verb

you can use this patch of mine which already include TLS https://notes.sagredo.eu/qmail-notes-185/smtp-auth-qmail-tls-forcetls-patch-for-qmail-84.html

Hi Roberto,

i followed your page setup until Testing QMail, i tried to send email to external and it fail to send out.. i checked my qmail-send/current and found the error msg as below:

deferral: /var/qmail/bin/dk-filter:_(spawn-filter)_exit_code:_127:_/bin/sh:_/var/qmail/bin/dk-filter:_No_such_file_or_directory/._(#4.3.0)spawn-filter_said:_Message_deferred

i checked my /var/qmail/bin folder and found that it really no this file (dk-filter) inside there... may i know which steps i have skipped?

Thank you

Hi Kenny, dk-filter has been dropped in latest patch. You have to reconfigure your RC file. There is a warning in the change log...

Sorry, I forgot to update the configuring page. Look at the RC file example in the dkim page

Hi Roberto,

after changed the qmail/rc same like DKIM page... i checked on qmailctl-queue, got below output:

messages in queue: 1
messages in queue but not yet preprocessed: 1

i checked on /var/log/qmail/send/current, i only found this as below:

2024-01-15 14:11:27.983051040 status: qmail-todo stop processing asap
2024-01-15 14:11:27.983151610 status: exiting

i restarted the qmail also same. please advise.

thank you.

If not done yet, can you try to force to process the queue in this way

qmailctl flush
qmailctl stat

Hi Roberto,

after run qmailctl flush... still same.. and inside /var/log/qmail/send/current no new message.

Server:/ # qmailctl flush
Sending ALRM signal to qmail-send.
Server:/ # qmailctl stat
qmail-smtpd: [ up ] (pid 22019) 0 day(s), 00:30:20
qmail-smtpd/log: [ up ] (pid 1268) 2 day(s), 22:07:44
qmail-smtpsd: [ up ] (pid 7856) 1 seconds
qmail-smtpsd/log: [ up ] (pid 1278) 2 day(s), 22:07:44
qmail-submission: [ up ] (pid 22027) 0 day(s), 00:30:20
qmail-submission/log: [ up ] (pid 1259) 2 day(s), 22:07:44
qmail-send: [ up ] (pid 7855) 1 seconds
qmail-send/log: [ up ] (pid 1274) 2 day(s), 22:07:44
vpopmaild: [ up ] (pid 22041) 0 day(s), 00:30:20
vpopmaild/log: [ up ] (pid 1273) 2 day(s), 22:07:44
vusaged: [ up ] (pid 22048) 0 day(s), 00:30:20
vusaged/log: [ up ] (pid 1276) 2 day(s), 22:07:45

dovecot status: [ down ]
clamd status: [ down ]
freshclam status: [ down ]
spamd status: [ down ]
httpd status: [ up ]
solr status: [ down ]
mariadb status: [ down ]
fail2ban status: [ down ]
Total Domains: 2

messages in queue: 1
messages in queue but not yet preprocessed: 1

What do you have in send log after flushing the queue?

Hi Roberto,

no new message inside Send Log, the last message is ...

2024-01-15 14:11:27.983051040 status: qmail-todo stop processing asap
2024-01-15 14:11:27.983151610 status: exiting

which the message i posted in my previous message

What happens to new messages? Do they remain in the queue?

Hi Roberto, Good Morning.. this morning i tried to restart the server and do a new telnet on port 25. i sent an email to external and below is the output from /var/log/qmail/smtpd/current

2024-01-16 09:50:54.868221649 tcpserver: pid 2639 from 127.0.0.1
2024-01-16 09:50:54.874304445 tcpserver: ok 2639 mail.abc.com.my:127.0.0.1:25 localhost:127.0.0.1::60032
2024-01-16 09:51:07.014754255 CHKUSER accepted sender: from <kenny@abc.com.my|remoteinfo/auth:|chkuser-identify:> remote <helo:|remotehostname:localhost|remotehostip:127.0.0.1> rcpt <> : sender accepted
2024-01-16 09:51:22.300598634 CHKUSER relaying rcpt: from <kenny@abc.com.my|remoteinfo/auth:|chkuser-identify:> remote <helo:|remotehostname:localhost|remotehostip:127.0.0.1> rcpt <chlee97@yahoo.com> : client allowed to relay
2024-01-16 09:51:22.300645295 policy_check: local kenny@abc.com.my -> remote chlee97@yahoo.com (UNAUTHENTICATED SENDER)
2024-01-16 09:51:22.300723603 policy_check: policy allows transmission
2024-01-16 09:51:22.300740038 qlogenvelope: result=accepted code=250 reason=rcptto detail=chkuserrelay helo=localhost mailfrom=kenny@abc.com.my rcptto=chlee97@yahoo.com relay=yes rcpthosts=no size= authuser= authtype= encrypted= sslverified=no localip=127.0.0.1 localport=25 remoteip=127.0.0.1 remoteport=60032 remotehost=localhost qp= pid=2639
2024-01-16 09:52:28.335890060 qlogreceived: result=accepted code=250 reason=queueaccept detail= helo=localhost mailfrom=kenny@abc.com.my rcptto=chlee97@yahoo.com relay=yes rcpthosts= size=99 authuser= authtype= encrypted= sslverified=no localip=127.0.0.1 localport=25 remoteip=127.0.0.1 remoteport=60032 remotehost=localhost qp=2936 pid=2639
2024-01-16 09:52:30.454073441 tcpserver: end 2639 status 0

but i checked on /var/log/qmail/send/current, inside really empty. then i tried to send another email to myself. and below is msg from my /var/log/qmail/smtpd/current

2024-01-16 09:56:12.894008591 tcpserver: pid 5695 from 127.0.0.1
2024-01-16 09:56:12.895127718 tcpserver: ok 5695 mail.abc.com.my:127.0.0.1:25 localhost:127.0.0.1::42092
2024-01-16 09:56:27.764718438 CHKUSER accepted sender: from <kenny@abc.com.my|remoteinfo/auth:|chkuser-identify:> remote <helo:|remotehostname:localhost|remotehostip:127.0.0.1> rcpt <> : sender accepted
2024-01-16 09:56:39.187901819 CHKUSER accepted rcpt: from <kenny@abc.com.my|remoteinfo/auth:|chkuser-identify:> remote <helo:|remotehostname:localhost|remotehostip:127.0.0.1> rcpt <kenny@abc.com.my> : found existing recipient
2024-01-16 09:56:39.187945860 policy_check: local kenny@abc.com.my -> local kenny@abc.com.my (UNAUTHENTICATED SENDER)
2024-01-16 09:56:39.187960440 policy_check: policy allows transmission
2024-01-16 09:56:39.188050835 qlogenvelope: result=accepted code=250 reason=rcptto detail=chkuser helo=localhost mailfrom=kenny@abc.com.my rcptto=kenny@abc.com.my relay=yes rcpthosts=yes size= authuser= authtype= encrypted= sslverified=no localip=127.0.0.1 localport=25 remoteip=127.0.0.1 remoteport=42092 remotehost=localhost qp= pid=5695
2024-01-16 09:57:22.559197049 qlogreceived: result=accepted code=250 reason=queueaccept detail= helo=localhost mailfrom=kenny@eg.com.my rcptto=kenny@abc.com.my relay=yes rcpthosts= size=101 authuser= authtype= encrypted= sslverified=no localip=127.0.0.1 localport=25 remoteip=127.0.0.1 remoteport=42092 remotehost=localhost qp=5972 pid=5695
2024-01-16 09:57:24.292804441 tcpserver: end 5695 status 0

but i checked again the send/current file.. inside also empty. then i run qmailctl stat and below is the msg

Server:/var/log/qmail # qmailctl stat
qmail-smtpd: [ up ] (pid 767) 0 day(s), 00:14:18
qmail-smtpd/log: [ up ] (pid 769) 0 day(s), 00:14:18
qmail-smtpsd: [ up ] (pid 9838) 1 seconds
qmail-smtpsd/log: [ up ] (pid 766) 0 day(s), 00:14:18
qmail-submission: [ up ] (pid 772) 0 day(s), 00:14:18
qmail-submission/log: [ up ] (pid 768) 0 day(s), 00:14:18
qmail-send: [ up ] (pid 9837) 1 seconds
qmail-send/log: [ up ] (pid 770) 0 day(s), 00:14:18
vpopmaild: [ up ] (pid 752) 0 day(s), 00:14:18
vpopmaild/log: [ up ] (pid 773) 0 day(s), 00:14:18
vusaged: [ up ] (pid 999) 0 day(s), 00:14:13
vusaged/log: [ up ] (pid 771) 0 day(s), 00:14:18

dovecot status: [ down ]
clamd status: [ down ]
freshclam status: [ down ]
spamd status: [ down ]
httpd status: [ up ]
solr status: [ down ]
mariadb status: [ down ]
fail2ban status: [ down ]
Total Domains: 2

messages in queue: 2
messages in queue but not yet preprocessed: 2

look like both email also pending at server, unable to deliver to users

Hi Kenny, what do you have in your RC file? Try disable dkim and restart email. 

Post the qmail-dkim test from the dkim page

Hi Roberto,

below is my qmail/rc file:

#!/bin/sh

QMAILDIR=/var/qmail

# Comment out to disable dkim sign at qmail-remote level
DKIM_ON=1

if [ -n $DKIM_ON ]; then
# DKIM sign at qmail-remote level (you have to define your variables in control/filterargs. man spawn-filterargs)
exec env - PATH="$QMAILDIR/bin:$PATH" \
QMAILREMOTE=$QMAILDIR/bin/spawn-filter \
qmail-start "`cat $QMAILDIR/control/defaultdelivery`"
else
# Use this if you are signing at qmail-smtpd level or you don't want to sign at all
exec env - PATH="$QMAILDIR/bin:$PATH" \
qmail-start "`cat $QMAILDIR/control/defaultdelivery`"
fi

anyway how to disable DKIM? thank you

Kenny, did you create the filterargs file?

echo "*:remote:/var/qmail/bin/qmail-dkim:DKIMQUEUE=/bin/cat,DKIMSIGN=/var/qmail/control/domainkeys/%/default,DKIMSIGNOPTIONS=-z 2" > /var/qmail/control/filterargs

Hi, you have to comment out that DKIM_ON variable. Then, if you want dkim active, do all tests in the dkim page as far as qmail-remote signature is concerned

Hi Roberto, i have commented out that DKIM_ON in qmail/rc and do a restart on the server. then i removed all old pending messages and tried to telnet again and send an email to myself. i check smtpd/currect and snd/currect log files.. neither one got new data inside.. and when i run qmailctl queue, i can see one email pending there

Server:/var/log/qmail/send # qmailctl queue
messages in queue: 1
messages in queue but not yet preprocessed: 1

any place went wrong?

Is there any log line or they are completely empty? If they are empty, which daemontools program version and patch are you using?

What do you have in domains .qmail-default and in user's .qmail? 

Are you using any valias?

Hi Roberto, any update on my issue?

thank you

Hi Kenny, please reply to my questions above

Hi Roberto,

when i run ps axfww, i found this error.. dont know got related?

readproctitle service errors: ...ailure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure env: ' ': No such file or directory env: use -[v]S to pass options in shebang lines env: ' ': No such file or directory env: use -[v]S to pass options in shebang lines

Hi Kenny, I think you have a broken configuration of the supervise log scripts. Double check it. Be sure you created the qmail users as well.

Do you have empty lines in both qmail-send and qmail-smtpd?

Can you do

qmailctl reboot
ps axfww

Also check that there are not zombie qmail processes

Hi Roberto, i have replied you 3 times, but still no see you reply.. please see below:

Is there any log line or they are completely empty?
no log line.. after that new telnet test, both smtpd/currect and send/send are empty

which daemontools program version and patch are you using?
the daemontools version is daemontools-0.77

What do you have in domains .qmail-default?
| /home/vpopmail/bin/vdelivermail '' delete

and in user's .qmail?
Hi, May i know where is the location of this file?

Are you using any valias?
No.

Hi Roberto, i have replied you 3 times, but still no see you reply..

Did you find an answer as to why I didn't reply in the middle of the night and during the morning? And before this one there's only another message

Hi Roberto, this is 2nd part:

What do you have in domains .qmail-default?
| /home/vpopmail/bin/vdelivermail '' delete

and in user's .qmail?
Hi, May i know where is the location of this file?

Are you using any valias?
No.

Far from the first time I've build/rebuilt a qmail toolchain, and I can't help but think something minor has been done to cause something major to go wrong. 

After using qmailctl to start svscanboot nothing appears in any of the log files (they are are 0 in size but were created) not even the startup messages. The ps command has this to say...

345721 pts/4 S 0:00 \_ readproctitle service errors: ...er overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated *** buffer overflow detected ***: terminated

Using clear will clear it, but it comes back.

Two messages have made it into the queue while I was testing, one should land locally (my test) and one should exit but they've not moved. I don't really expect anything to happen until the buffer overflow is resolved. Softlimit was increased to 90000000. 

Deeply appreciate any insight. This is a current ubuntu system (22.04 lts)

Anything else in your logs? Can you show you smtpd and send run files?

Also do an strace against the smtpd process after sending yourself a msg. Please upload it somewhere because it's very long

As mentioned, there is no logging happening. all the log files are 0. Not even the starting up messages. 

Both (all) the run files are the stock examples from here, unedited at this stage in the install/testing process. 

More than happy to run an strace, but not sure what/how it should be run to capture what would be helpful. 

Concerning strace have a look at the bottom of the testing page

Hopefully I've attached to the correct process. Two messages came in while tracing - one my test. 

Now 4 in the queue. 3 Local. 

strace of what I hope is the right stuff: https://drive.google.com/file/d/16QJi2VaWHFyFaR3hPZ5i_qFsr2Z4RFvQ/view?usp=share_link

I don't understand why you don't have anything in your logs... are the log processes running (qmailctl stat)?

The strace shows that you have SURBL active but you have the level2-tlds and level3-tlds files missing. But I'm not sure if this is the cause of the trouble.

qmail-smtpd:           [ up ] (pid 353604) 8 seconds
qmail-smtpd/log:       [ up ] (pid 354227) 7 seconds
qmail-smtpsd:          [ up ] (pid 353602) 8 seconds
qmail-smtpsd/log:      [ up ] (pid 354225) 7 seconds
qmail-submission:      [ up ] (pid 353601) 8 seconds
qmail-submission/log:  [ up ] (pid 354226) 7 seconds
qmail-send:            [ up ] (pid 353593) 8 seconds
qmail-send/log:        [ up ] (pid 354229) 6 seconds
vpopmaild:             [ up ] (pid 353597) 8 seconds
vpopmaild/log:         [ up ] (pid 354224) 7 seconds
vusaged:               [ up ] (pid 353599) 8 seconds
vusaged/log:           [ up ] (pid 353600) 8 seconds

I've not been leaving it up due to the fact it is so deeply broken. 

But yes, it all seems to start - but no logs happen, I did not do the archive log items in your process - under the impression that it was optional. 

Can you guys redownload the daemontools-0.76-readable_datetime.patch and test if the issue is solved, please? I increased the size of the buffer of a variable I defined there.

Remember to completely reboot qmail after recompiling daemontools

# cd /var/qmail 
# cd admin/daemontools
# patch -p1 < /usr/local/src/daemontools-0.76-readable_datetime.patch.1
patching file src/multilog.c
patching file src/timestamp.c
patching file src/timestamp.h
abel# package/install 
# qmailctl boot
Starting qmail
# ps auxgww | egrep readproc
root      370133  0.0  0.0   2640   960 pts/4    S    15:46   0:00 readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................
root      370643  0.0  0.0   6608  2344 pts/4    S+   15:46   0:00 grep -E readproc

Looks good. 

Thank you. Not sure how much buffer would be best to store that nanoseconds array anyway. It was just 10, now it's 100.

If you guys can try 20 in nsec_buf inside timestamp.c and recompile it would be nice. 

KPC, please report if dropping that patch solves for you. Remember also to fix the SURBL missing file issue

Hi Roberto,

I confirm after your changes in the patch all is working - no buffer overflow, the loging is working as expected.
Thank you !

Roberto please tell us more about the old functionality of convert-multilog script  which is store old logs in /var/log/qmail/backup/ will continue to work as before ?
I use these logs to create jgreylist db and for me it is important to work.

Glad to here that!

I've patched convert-multilog accordingly, just download it again. Also you have to adjust your log/run file to preserve the qlog entry. Have a look at the daemontools page, under the "upgrading" section.

Are you using Ubuntu 22.04 as KPC? I'd like to reproduce myself the error

My distro is Ubuntu 22.04.3 LTS

I managed to reproduce the bug on Ubuntu 22.04. The minimum buffer needed for the nsec_buf[] array in timestamp.c is 11 (was 10, so one character more). If anyone can confirm that it's ok it would be much appreciated

Just confirming that it did indeed help at this level of the thread here.

The SURLB files I presume will come once I hit that part of the process? In times past I'm not sure if I've gone that far in the filtering process as to enable it. 

At the moment I'm getting the vdeliever error of database down. But I can properly make and query virtualusers, as well as connect to the database as vpopmail. I see someone else had this issue 2 years ago and your suggestion was to review the Mysql aspects. Which is what I'm doing. 

Hi Roberto,
I wrote you for exact the same issue few weeks ago.
The Buffer Overflow issue is related with readable datetime daemontools-0.76-readable_datetime.patch.

@KPC Recompile daemontools without this patch and all will be ok .

I remember a comment of someone, maybe you, who claimed that there where errors without providing any further information that I asked for days. If you have any reproducible steps to spot an eventual bug please post them here.

I can confirm that I've just re-compiled without the mentioned patch & qmail starts up, logs are happening. 

I've got a delivery 3: deferral: vdelivermail:_deferred,_database_down/ - which will have me chase that down but this is worlds ahead of where I was.

Thank you.

I did the following to try to track it down prior to the recompile: Had it only run one service (send) and even commented everything DKIM out of the run script for it as I was able to catch the first error of no dkimdomain set (I cp'd the contents of the 'me' file into it - which resolved the no such file error but didn't remove the buffer overflow so I proceeded to the larger comment out. I will have to undo that as I move forward. Also not certain that is the correct value for that file.) 

Thanks for sharing. It will be useful to others who face the same issue

Hi Roberto,

Mailserver is working mostly as expected but with some EMails I get the following error:

qlogenvelope: result=accepted code=250 reason=rcptto

So far everything seems to be ok but then:

qlogreceived: result=rejected code=451 reason=queuedelay detail=qq_temporary_problem_(#4.3.0)

Any ideas?

Hi Herbert, 

are you using the latest patch? Are you verifing dkim?

...after some more testing the problem is not the EMailaddress itself because the users receives "standard EMails"

The problem seems to be related to Mailinglists only.....

You should do an strace of the tcpserver process. Send yourself an email to one of your m/l and log the results in this way

strace -fF -o strace.log -p [qmail-smtpd_Process_ID]

do not post it as a comment here because it will be very long :-). Post it to pastebin or somewhere else please

Edit: before the strace, try the other solution below. If it doesn't solve do the strace

....what a stupid mistake!!! I'm really sorry!

yes - the user who runs qmail-smtpd is vpopmail and the cache directory had wrong permissions!

I was sure that I corrected permissons on the directory because I had permission problems some time ago.

But for me it was strange that everything worked except emails from mailing lists.

Now its working!

Anyway - thanks for your efforts!

great to hear that your problem is solved!

The control/cache dir is assigned to vpopmail by default. I assume that you changed its ownership...

...and another correction......make setup from qmail changes ownership to postfix! - NOT system update

Regards,

Herbert

I released a new combined patch where the IDs of vpopmail are determined dinamically

Thanks Roberto!

I think this will help some people because not all will run vpopmail:vchkpw on ID's 89:89 and then they will run into same problem like me.

Great work! As always! :-)

Regards,

Herbert

When you make setup, you change the uid/gid of control/cache to 89:89, which is vpopmail:vchkpwd in my guide, but not for you.

If you don't want to patch hier.c accordingly, you should delete your postfix user and group, assign those IDs to vpopmail and rebuild the IDs of the vpopmail directory.

Hi Roberto,

now I know why /var/qmail/control/cache had wrong owner!

I did a system update fron Rocky Linux 8.7 to 8.8 and the owner was changed from vpopmail to postfix again!

Postfix is not running and I don't know what causes this chage because UID of postfix (89) and vpopmail (3008) is different.

...and I was right when I remembered that I changed ownership of the directory before the error occured :-)  ...so - system update was the cause....

Only wanted to inform you - maybe someone has the same problem and this information is useful.

Regards,

Herbert

...sent you the download links for strace and log to your "notes-Email-address" because I can't remove private information

It is qmail with latest patch - somehow I didn't find exact error message from log in strace with the newest patch???

...and I have this in the run file but nothing changed:

# DKIM - SURBL configuration
# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
export SURBL=1 # Comment out to enable SURBL filtering
export QMAILQUEUE=/var/qmail/bin/surblqueue # executes surblfilter
export SURBLQUEUE=/var/qmail/bin/simscan # remove if below options are enabled
#export SURBLQUEUE=/var/qmail/bin/qmail-dkim # executes qmail-dkim after sublfilter
#export DKIMQUEUE=/var/qmail/bin/simscan # simscan is executed after qmail-dkim
# DKIM verification. Use carefully
#export DKIMVERIFY="FGHKLMNOQRTVWp"
# This is to allow msg without "subject" in the h= list
# export UNSIGNED_SUBJECT=1
# This is to avoid verification of outgoing messages
#export RELAYCLIENT_NODKIMVERIFY=1

Hi Roberto,

tried then new patch and the old one - same error and only with one address so far.

This is the DKIM part of my run file. Imho I am not verifying dkim but maybe I missed something:

# DKIM - SURBL configuration
# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
export SURBL=1 # Comment out to enable SURBL filtering
export QMAILQUEUE=/var/qmail/bin/surblqueue # executes surblfilter
#export SURBLQUEUE=/var/qmail/bin/qmail-dkim # executes qmail-dkim after sublfilter
export DKIMQUEUE=/var/qmail/bin/simscan # simscan is executed after qmail-dkim
# DKIM verification. Use carefully
#export DKIMVERIFY="FGHKLMNOQRTVWp"
# This is to allow msg without "subject" in the h= list
# export UNSIGNED_SUBJECT=1
# This is to avoid verification of outgoing messages
#export RELAYCLIENT_NODKIMVERIFY=1

probably you are missing this one, as your mails are not processed by simscan after SURBL

export SURBLQUEUE=/var/qmail/bin/simscan # executes simscan after SURBL

This line is useless, as dkim is not executed after SURBL

export DKIMQUEUE=/var/qmail/bin/simscan # simscan is executed after qmail-dkim

My email server works fine but for some incoming emails, qmail server simply rejects for some reason. What might be causing this?

/var/log/qmail/smtpd/current

qlogreceived: result=rejected code=451 reason=queuedelay detail=qq_internal_bug_(#4.3.0) .....
qmail-smtpd: message delayed (qq internal bug (#4.3.0)): .....

New combined patch released with fix to this issue

Hi J, another user reported the same error. I think it is a qmail-dkim issue. You should disable the verification, or downgrade the qmail patch for the time being

It is definitely a qmail-dkim issue.

The qmail-dkim.c code segfaults somewhere and the kernel issues a SIGSEGV signal which is caught by 

sigbug() functon in qmail-dkim.c (via sig_catch(SIGSEGV,f);) and then the program

terminates with die(81, 0); which is reported by "case 81: return "Zqq internal bug (#4.3.0)";"

While Manvendra Bhangui debugs this issue, people can use Kyle Wheeler's DKIM wrapper

for signing outgoing mail, if they don't want to rebuild qmail.

AET

Hi Ali, Manvendra already updated his dkim patch. The segfault happened when the signature missed the k flag. I'll update my combined patch later

I'm glad to hear that. Thanks Manvendra for the quick response.

And for the curious, segfault was due to a null pointer dereference on line 1126 of dkimverify.cpp:

if (!strcmp(values[3], "ed25519")) {

which is corrected as:

if (values[3] && !strcmp(values[3], "ed25519")) {

Regards

AET

The analysis by Ali is correct. values[3] is null because there isn't any k= tag in the DNS selector txt record. Now RFC6376 says that k= tag is optional and if not specified it should default to rsa

   k= Key type (plain-text; OPTIONAL, default is "rsa").  Signers and
      Verifiers MUST support the "rsa" key type.  The "rsa" key type
      indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey
      (see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p="
      tag.  (Note: the "p=" tag further encodes the value using the
      base64 algorithm.)  Unrecognized key types MUST be ignored.

There were two changes made to dkimverify.cpp to allow the DNS selector record not to have k= tag

First change was

    if (values[3] == NULL)
        method = DKIM_ENCRYPTION_RSA; /*- equivalent to k=rsa in selector */

Second change was to bypass string comparision

        if (values[3] && !strcmp(values[3], "ed25519")) {

instead of

        if (!strcmp(values[3], "ed25519")) {

As you know, that error code is not documented at all in the source code. I did a grep "qq internal bug" in my logs of the last 10 years and didn't find a single occurrence.

I googled a bit and found that it seems to be related to a broken queue. I would try to rebuild the queue.

I leave here what I've found (I'm sure that you already got these discussions in your googling)

https://lists.archive.carbon60.com/qmail/users/8046?do=post_view_threaded

https://www.mail-archive.com/qmail@id.wustl.edu/msg12778.html

Please let me know if you solve by rebuilding the queue

qq_internal_bug is not because of a broken queue. It happens when qmail-queue or any program executed by setting QMAILQUEUE env variable dies because of a signal like SIGBUS, SIGSEGV.

In our case qmail-dkim was segfaulting because of a null pointer access. This is what qmail-dkim and many of qmail programs do to catch signals generated becuase of doing something illegal in the code.

void
sig_bugcatch(void (*f) ())
{   
    sig_catch(SIGILL, f);
    sig_catch(SIGABRT, f);
    sig_catch(SIGFPE, f);
    sig_catch(SIGBUS, f);
    sig_catch(SIGSEGV, f);
#ifdef SIGSYS
    sig_catch(SIGSYS, f);
#endif
#ifdef SIGEMT
    sig_catch(SIGEMT, f);
#endif
}       

Hi Roberto,

I've installed qmail per your site allready a couple of times, but now I hit an issue I can't find out myself (or with google).

I've tried with Ubuntu 22.04 3 times and with Debian 11 2 times and every time I can't get past the 'telnet 127.0.0.1 25' command.

it's output is on all occasions, do you have a clou as to where to look for this issue?:

root@mail:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
421 unable to read controls (#4.3.0)
Connection closed by foreign host.
root@mail:~#

hi,

after looking at some more debuging, I found that some files aren't in the location it's supposed to be:

15251 openat(AT_FDCWD, "/usr/lib64/tls/x86_64/x86_64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
15251 stat("/usr/lib64/tls/x86_64/x86_64", 0x7ffe4ebff790) = -1 ENOENT (No such file or directory)

The file libssl.so.1.1 is available but not in that dir, also some others like cryptossl.so.1.1 and mariadb.so.3. I fixed that quick and dirty with making a symlink:

ln -s /usr/lib/x86_64-linux-gnu /usr/lib64/tls/x86_64/x86_64

That fixed that part of the errors.

The trace than only complained about certain files not being in /var/qmail/control, eg: smtpgreeting, localiphost and some more. It could find however control/me an control/maxrcpt, so my guess it's not related to that but I'm not certain.

Here is the last part of the strace, unfortunately I can't find why it's throwing the  '421 unable to read controls' ...:

15251 openat(AT_FDCWD, "control/maxrcpt", O_RDONLY|O_NONBLOCK) = 3
15251 read(3, "25\n", 64) = 3
15251 close(3) = 0
15251 openat(AT_FDCWD, "control/rcpthosts", O_RDONLY|O_NONBLOCK) = 3
15251 read(3, "my.fqdn.org\n", 64) = 16
15251 read(3, "", 64) = 0
15251 close(3) = 0
15251 openat(AT_FDCWD, "control/morercpthosts.cdb", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
15251 openat(AT_FDCWD, "control/smtpplugins", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
15251 select(3, NULL, [2], NULL, {tv_sec=1200, tv_usec=0}) = 1 (out [2], left {tv_sec=1199, tv_usec=999996})
15251 write(2, "qlogenvelope: result=rejected co"..., 265) = 265
15251 select(3, NULL, [2], NULL, {tv_sec=1200, tv_usec=0}) = 1 (out [2], left {tv_sec=1199, tv_usec=999998})
15251 write(2, "\n", 1) = 1
15251 select(3, NULL, [2], NULL, {tv_sec=1200, tv_usec=0}) = 1 (out [2], left {tv_sec=1199, tv_usec=999998})
15251 write(2, "qmail-smtpd: unable to read cont"..., 79) = 79
15251 select(2, NULL, [1], NULL, {tv_sec=1200, tv_usec=0}) = 1 (out [1], left {tv_sec=1199, tv_usec=999995})
15251 write(1, "421 unable to read controls (#4."..., 38) = 38
15251 exit_group(1) = ?
15251 +++ exited with 1 +++

Do you maybe have an idea as to why it comes with 421 unable to read controls?

I think you miss the smtpplugins control file while qmail-spp is enabled in your run file. Touch that file and it will be solved.

My fault. I modified the qmail-smtpd run file with qmail-spp enabled by default

Hi Roberto,

thanks for pointing it out. Solved!

Hi Roberto,

Thank you for this great documentation
I have a problem when RELAY client sends an e-mail to an unknown local user. Please help me to understand my problem
If .qmail-default file for domain contains:

| /home/vpopmail/bin/vdelivermail '' delete

- the message dissapears with no notification to the client
There is the record in the log that the message is delivered.
/var/log/qmail/send/current:

info msg 16520515: bytes 186 from <nobody@mydomain.tld> qp 3563 uid 89
2022-12-14 11:56:33.507987500 starting delivery 1: msg 16520515 to localmydomain.tld-nobody@mydomain.tld
2022-12-14 11:56:33.507987500 status: local 1/10 remote 0/20
2022-12-14 If .qmail_default contains: 11:56:33.512732500 delivery 1: success: did_0+0+1/

if .qmail-default file for domain contains:

|/var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -d $EXT@$USER

- the message remains in the queue
and there is the record in the dovecot.log
/var/log/dovecot/dovecot.log:

auth-worker(1233): Info: conn unix:auth-worker (pid=1232,uid=1008):
auth-worker<1>: sql(nobody@mydomain.tld) : unknown user

I can't perform tests in this moment, but chkuser should notify that the user does not exist during the SMTP session. Are you sure that you have chkuser enabled?

PS Sorry, chkuser is disabled by default for RELAYCLIENT. You can enable it via tcprules

Thank you for your answer
How can I enable CHKUSER for RELAYCLIENT via tcprules?

I don't recall now and I am out of home. Check the settings

I could not enable chkuser for relayclient via tcprules. I was forced to delete localnet from relayclient to solve the problem. Thank you for your help.

I see the problem. Actually there was an ancient modification of mine which prevented chkuser to do the receipt check also for RELAYCLIENTs provided that the variable CHKUSER_DISABLE_VARIABLE is commented out.

Try to use this new patch where I have corrected the problem and commented out that variable https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/roberto-netqmail-1.06.patch-2022.12.17.gz

Thank you so much! It is working now

Hi, if you want to have bounces change the vdelivermail option to bounce-no-mailbox instead of delete. Of course in this way the forged sender will receive tons of spam

Roberto,

In "No valid MX test, mailbox syntax test", my test looks like this:

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
mail from: unexistent@fakedomain.xxx
554 SMTP protocol violation
Connection closed by foreign host.

About the only info for SMTP protocol violation was related to large attachments or "talking before greeting", which aren't the case here.

Any ideas?

Hi, it appears that you are sending the "mail from" before the server's greeting. This is the greeting of my server, which is not received immediately because of the greetdelay feature

220 smtp.sagredo.eu ESMTP

So the "554 SMTP protocol violation" reject is normal.

When I perform telnet testing as below, I've hit a error:

telnet localhost 587
Trying 127.0.0.1...
Connected to 127.0.0.1
Escape character is '^]'.
220 localhost ESMTP
EHLO test
250-localhost
250-STARTTLS
250-PIPELINING
250-8BITMIME
250 SIZE 20000000
STARTTLS
220 ready for tls
cG9zdG1hc3RlckBjbG9jYWxob3N0LmNvbQ==
454 TLS connection failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (#4.3.0)
Connection closed by foreign host.

The telnet session is useless when you go encrypted. Try to do the same with an openssl session like this

openssl s_client -starttls smtp -crlf -connect localhost:587

swaks can do it for you as explained at the top of this page

The swak and openssl s_client with error and info below:

===start===

swaks \
> --to postmaster@abc.com \
> --from postmaster@abc.com \
> --server localhost \
> --port 587 \
> --ehlo test \
> -tls \
> --auth login \
> --auth-user postmaster@abc.com \
> --auth-password abc12345
=== Trying localhost:587...
*** Error connecting to localhost:587:
*** IO::Socket::INET6: connect: Connection refused

===end===

===start===

openssl s_client -starttls smtp -crlf -connect localhost:587
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com
verify return:1
---
Certificate chain
0 s:C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com
i:C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFsTCCA5mgAwIBAgIUG1uEYYGgzRW2hXPxPbYbYpWByV4wDQYJKoZIhvcNAQEL
BQAwaDELMAkGA1UEBhMCTVkxDjAMBgNVBAgMBUpPSE9SMRQwEgYDVQQHDAtKT0hP
UiBCQUhSVTEKMAgGA1UECgwBKjEKMAgGA1UEAwwBKjEbMBkGCSqGSIb3DQEJARYM
Y2toQG15c3FsLmNjMB4XDTIxMTAxMzEzMzM1M1oXDTMxMTAyMTEzMzM1M1owaDEL
MAkGA1UEBhMCTVkxDjAMBgNVBAgMBUpPSE9SMRQwEgYDVQQHDAtKT0hPUiBCQUhS
VTEKMAgGA1UECgwBKjEKMAgGA1UEAwwBKjEbMBkGCSqGSIb3DQEJARYUS2toQG15
c3FsLmNjMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvnwKqXvb24sz
mtcsvvKbmAfKCsGJWnFT7/f8vdzIGbJhd6FhOhZB+8tSRn9p68oo9oNZ0b0lc2ZA
TnVzljBUnlyqVXxL6bYzQcLupgITszhYtKRpsUSv93vpjWZM0re2Uj+zcsmZ0z7F
urYA43t9EFN503C25JblhvrLV9XLLol3AiY/AuQ2GpyN4rIDo/ljmk2gdQSEtO9A
rgqvkisCP48y3UAI9B6yMm72UGtBMdD7270zQcIHocJle+guN0VvSuzO5HU9rKFj
am1YwedVH/YCCM3qtX0c58cUOtAm+9X5uf10Uzrm5HDXaPXQRbtTRIdfW7uFgGat
YE2UawBGfdmqTdIk6VOKIUinPeBCkmAKMcgZKsvlZwKSmbCZx5EPvvj64hZbfOBu
LFwQHUByIsaHjoch0pSsTjjkYlkGFbKQXi88SHbGFFLgzYw2tM9akQCujz8qE4Mo
Nsg4TWvHJZdyIPtOJhe7oljdHeTx7bq7ODmvg9+dQ1UrjQc3jSG0Q0gaFZT87Y1D
A9y5tU99z+CDm5omFfFKbWWD3L1Rj8wpzF7TiAWoqO3Yz1NH6sCeONmrX+DrGbxB
WDFvwQLhoNwmF5Q3ptDrA9Jpl1LVf7W5+NjDimgpi95PyPwtlYqEAYdQDus958LN
1IIH5q2ONZ7g9S2RVGIJX/VqMcyKqo0CAwEAAaNTMFEwHQYDVR0OBBYEFAjKIGbO
rd9OG4gW1P+TPQZEdOPvMB8GA1UdIwQYMBaAFAjKIGbOrd9OG4gW1P+TPQZEdOPv
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADWb0gxwHV7pimpn
9YgpTILtQ2gwS5JF7KBbAn68zwKsN/Tk5Fpjm6ZIE0lNdpGF45yG/wiJdcvCKZ9/
rbprnuR1A8IJUzZG+35z9K7w6QPdbDdlXFfW/xhug+JdfLIyyR4HmamU0Ip9aYXx
ALtBcxZAYHm8nBVFtiQhw2l2VMA7ogcjxcylrQacKSfynAmpYMJCNXk9cXgtusNd
n5X/jgf6eDFXSm3TUVVZ2u2WSn4i2ZZ7RAwWlqsEH9i1OwQDuQ3QSNHsiGSX/6zP
YC6RgtJhUm11RDjxvORZ8Nb7oGfZNTL8RLuWT375FjaszLDnhqga0wnplU3oSR5I
43Zwnyr0kOc/lmajLC3wgC3IejTHE8X7nevJ1vznVRO2PMi5PlfL4kY9+STpZv/v
uAqPMNCw2FPcuuzskUzJulnZdnaQ8Fv576N+v8Ad814VqvGe+gvRBO/b8oHULfKk
xm9NW/8tazQKoV0p5Sn3ve9iNuhfBvuS3W0wunp/H04JhIP87t5Qeou3/ul6xDHk
1eu+nlTlD4HeY8DNwhOTXvt8AoH+wpGvChGM1NUdRZSEZhwVSQIRzDbt3eTejeoq
wzcwu9xxL6pckr1m5i0uN/04jTD15ph6D+aE+TP6Z/jueaqGllVAi6A68HnGg9NE
G9CgnmchlGrO9zgzk5mQGjBxEAL3
-----END CERTIFICATE-----
subject=C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com

issuer=C = US, ST = STATE, L = STATE LOCAL, O = *, CN = *, emailAddress = postmaster@abc.com

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2391 bytes and written 402 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
250 SIZE 20000000
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 92832980EC6FBC68F7A62D157443E10E54742F4C4E925504B5E7B0B503E79DF8
Session-ID-ctx: 
Resumption PSK: 038C9458CC32B077062FDFFF6A2F922488002A87C031559D60061794DF1E8F00191B5F222F2C71846F78584D413FDDD2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 3a 8b 30 2b 8e 40 50 d8-a8 9f 00 db 8a 52 fe d8 :.0+.@P......R..
0010 - 36 aa 1a d9 77 a5 81 db-60 a7 af af 04 82 6b 5a 6...w...`.....kZ
0020 - a0 c4 aa 47 9c fe 9a 85-c9 61 05 40 82 ff 94 27 ...G.....a.@...'
0030 - 7c 1e 25 93 f6 40 34 8a-fe 51 cf 2c 96 f0 64 a4 |.%..@4..Q.,..d.
0040 - 79 6d fb 3a f7 d8 f4 9c-5e 84 a6 95 f0 53 e3 30 ym.:....^....S.0
0050 - b4 7e 87 1f e2 3a de cb-b1 d8 cd f2 23 33 78 99 .~...:......#3x.
0060 - 23 ca 13 f8 97 df 2e 65-61 28 17 38 0f b2 f7 f3 #......ea(.8....
0070 - 2e 40 2b f6 1e bb 84 6f-25 1f 0d 88 69 f5 5b 38 .@+....o%...i.[8
0080 - cf e9 6d c3 53 e3 c3 74-3c d3 91 4e 26 01 c4 95 ..m.S..t<..N&...
0090 - 52 48 db f3 c1 a6 67 07-f1 a7 fa 49 0b 51 b2 cc RH....g....I.Q..
00a0 - 04 19 29 d0 a2 69 5c 69-37 a7 74 cd 50 a1 33 a5 ..)..i\i7.t.P.3.
00b0 - a8 e7 e6 91 e4 43 8b b9-99 8b c0 cb 27 51 4c c0 .....C......'QL.
00c0 - 93 db 87 6a 0b 15 f0 cc-f7 23 60 0f 29 8d 12 30 ...j.....#`.)..0

Start Time: 1634175480
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: BF77B20A63A7C8A431BF419B559210F85478CAF78C6373A1DE57E51973EFDCDB
Session-ID-ctx: 
Resumption PSK: 048AE90E3E16743C0F6F279664E1173EA338A90760F6E92476E8CCE5FDF9C5E71B2060F58C51ABB24C657F1F2AF0FD11
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 3a 8b 30 2b 8e 40 50 d8-a8 9f 00 db 8a 52 fe d8 :.0+.@P......R..
0010 - 22 11 b7 54 57 32 b0 50-c3 cb 18 15 29 aa f4 f2 "..TW2.P....)...
0020 - a1 fb 3f 87 ca e0 19 60-a2 a5 11 f2 37 99 bf de ..?....`....7...
0030 - 5b 6c 4c 61 0b cb d1 a5-b3 0a e1 88 33 96 f5 39 [lLa........3..9
0040 - d1 54 aa 0f 09 48 93 2c-fe af ae e6 9a b1 ff 44 .T...H.,.......D
0050 - 55 87 7d b0 c4 c5 90 94-b3 51 ad cc 3e 8f 5b d0 U.}......Q..>.[.
0060 - b0 a6 bd 5e 27 ab ce 90-60 94 5d e3 65 26 52 cf ...^'...`.].e&R.
0070 - ea 34 56 bc fc 3d 08 8e-93 fa 3f 1d da cb 83 1b .4V..=....?.....
0080 - 9a 76 b0 84 6e 44 2a b8-17 c7 f4 49 88 0f b7 55 .v..nD*....I...U
0090 - 2b b7 c7 36 aa c2 f2 83-d1 60 1f ab 86 82 4b 58 +..6.....`....KX
00a0 - 26 21 02 c4 aa e3 b6 f4-34 5f 27 bc 65 99 5c 43 &!......4_'.e.\C
00b0 - 2f 95 fd 38 83 8c 04 6e-53 b9 c6 b2 4e 5d ee 3c /..8...nS...N].<

Start Time: 1634175480
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK

===end===

Sorry for the late response.

Are you sure that it's connecting via IPv4? My patch doesn't have IPv6. 

To force ipv4 add the -4 option to swaks

Hi all.

Today I have problem with mail account with double hyphen in domain(y--s.co.jp).

So how can I disable CHKUSER_SENDER_FORMAT for special domain only?

telnet xxx.xxx.xxx.xxx 25
Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx
Escape character is '^]'.
220 xxx.xxx.xxx.xxx  ESMTP
ehlo
250-xxx.xxx.xxx.xxx Welcome to SMTP server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-AUTH LOGIN PLAIN CRAM-MD5
250 SIZE 20480000
mail from: test@y--s.co.jp
553 5.1.7 sorry, mailbox syntax not allowed (chkuser)

try to patch chkuser.c starting from line 330 in order to disable the else block like this

       if (strncmp (domain->s, "xn--", 4) == 0) { 
               if (strstr (&domain->s[4], "--") != NULL) 
                       return 0;
/*
       } else { 
               if (strstr (domain->s, "--") != NULL) 
                       return 0;
*/ 
       } 
       if (strstr (domain->s, ".-") != NULL) { 
               return 0; 
       }

This should get the program to allow double hyphens, provided that they are not in the 3rd and the 4th character of the domain

I pushed this patch into the combo

Hi, I don't think that you can disable that for a specific domain only.

But if consecutive -- are allowed (?) the regular expression behind the CHKUSER_SENDER_FORMAT check should be adjusted.

I'll check it out in the following days.

Thank you  Roberto very much.

and your patch. I patched to my mail server. it works well!!

While testing SMTP from myself to myself i got a error

421 unable to execute recipient check (#4.3.0)

Trying 94.152.212.46...
Connected to mail.zareckao.online.
Escape character is '^]'.
220 smtp.mail.zarecka.online ESMTP
from:<keeper24@mail.zareckao.online>
500 unrecognised (#5.5.2)
mail from:<keeper24@mail.zareckao.online>
250 ok
rcpt to:<keeper24@mail.zareckao.online>
421 unable to execute recipient check (#4.3.0)
Connection closed by foreign host.

In logs:

@400000006100118615a4756c qlogenvelope: result=rejected code=421 reason=rcptcheck detail=cannotexecute helo=5e98d42e.static.tld.pl mailfrom=keeper24@mail.zareckao.online rcptto=keeper24@mail.zareckao.online relay=no rcpthosts=yes size= authuser= authtype= encrypted= sslverified=no localip=94.152.212.46 localport=25 remoteip=94.152.212.46 remoteport=59430 remotehost=5e98d42e.static.tld.pl qp= pid=3688

Try without those <> chars in the from field

still same error

Trying 94.152.212.46...
Connected to mail.zareckao.online.
Escape character is '^]'.
220 smtp.mail.zarecka.online ESMTP
mail from:keeper24@mail.zareckao.online
250 ok
rcpt to:keeper24@mail.zareckao.online
421 unable to execute recipient check (#4.3.0)
Connection closed by foreign host.

I mean FROM field, not MAIL FROM

PS using swaks would be of great help in testing and trouble shooting

I tryied swaks and same error.

To: keeper24@mail.zareckao.online
*** MX Routing not available: requires Net::DNS. Using localhost as mail server
=== Trying localhost:25...
=== Connected to localhost.
<- 220 smtp.mail.zarecka.online ESMTP
-> EHLO hacked
<- 250-smtp.mail.zarecka.online
<- 250-PIPELINING
<- 250-8BITMIME
<- 250 SIZE 20000000
-> MAIL FROM:<root@hacked>
<- 250 ok
-> RCPT TO:<keeper24@mail.zareckao.online>
<** 421 unable to execute recipient check (#4.3.0)
-> QUIT
*** Remote host closed connection unexpectedly.

Qmail logs are telling that message is rejected because of rcptcheck 

how are patching qmail? the patch process went well? do you have any smtp wrapper?

>how are patching qmail? the patch process went well?

yes without errors

>do you have any smtp wrapper?

Nope

can you post your smtpd/run and tcp.smtp files?

qmail-smtpd/run

#!/bin/sh

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SOFTLIMIT=`cat /var/qmail/control/softlimit`
LOCAL=`head -1 /var/qmail/control/me`

# This enables greetdelay for qmail-smtpd
export SMTPD_GREETDELAY=20
export DROP_PRE_GREET=1

# This enables chkuser
export CHKUSER_START=ALWAYS

# DKIM - SURBL configuration
# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
#export SURBL=1 # Comment out to enable SURBL filtering
#export QMAILQUEUE=/var/qmail/bin/surblqueue # executes surblfilter
#export SURBLQUEUE=/var/qmail/bin/qmail-dkim # executes qmail-dkim after sublfil ter
#export DKIMQUEUE=/var/qmail/bin/simscan # simscan is executed after qmail-d kim
# DKIM verification. Use carefully
#export DKIMVERIFY="FGHKLMNOQRTVWp"
# This is to allow msg without "subject" in the h= list
# export UNSIGNED_SUBJECT=1
# This is to avoid verification of outgoing messages
#export RELAYCLIENT_NODKIMVERIFY=1

# This turns off TLS on port 25
export DISABLETLS="1"

# Requires that authenticated user and 'mail from' are identical
#export FORCEAUTHMAILFROM="1"

# rcptcheck-overlimit. Limits the number of emails sent by relayclients
export RCPTCHECK=/var/qmail/bin/rcptcheck-overlimit.sh
export RCPTCHECKRELAYCLIENT="1"

# This enables simscan debug
#export SIMSCAN_DEBUG=4

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" \
-x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
/var/qmail/bin/qmail-smtpd 2>&1

tcp.smtp

10.0.0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""

I think that your tcp.smtp is not recongnizing localhost as a RELAYCLIENT. Try to do the test like this

telnel 0 25

or

telnet 127.0.0.1 25

This would explain why the rcptcheck patch is going to complain...

PS I would add

:allow

at the end as well

the tcp.smtp is banning the outnet from connecting to your server, but I suppose that this is intentional

Are you doing the tests from localhost or from the outnet?

my file tcp.smtp is now:

0.0.0.0:allow,RELAYCLIENT=""
10.0.0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""
:allow

i update cdb file and still same error :(

I telnet from localhost, not from outnet

I think it is because you have this in your run file

export RCPTCHECK=/var/qmail/bin/rcptcheck-overlimit.sh
export RCPTCHECKRELAYCLIENT="1"

but you have not set the priviledges yet as explained later here https://notes.sagredo.eu/en/qmail-notes-185/limiting-the-number-of-emails-sent-by-a-given-auth-userdomainip-231.html

Can you comment out those 2 lines and restart qmail?

If this is the cause (I think yes) it's my fault, as I should have commented them initially in the docs

Yes, it worked after comment out those 2 lines

so you may have exceeded your overlimit. Check your control/relaylimits for localhost and the overlimit dir.

Check the overlimit config here https://notes.sagredo.eu/en/qmail-notes-185/limiting-the-number-of-emails-sent-by-a-given-auth-userdomainip-231.html 

still same problem.

In qmail logs message is rejected because of rcptcheck

I try on my new server the installation of qmail + your patch + vpopmail + simscan + dovecot. Now qmail is working but when I send an email to an account everything is fine except the message didn't arrive in user Maildir :)

This is the logs :

smtpd: 1625919639.832974 qlogreceived: result=accepted code=250 reason=queueaccept detail= helo=server5.radio-campus.org mailfrom=yyyyy@xxxxx.org rcptto=yyyyy@server7.xxxxxx.org relay=no rcpthosts= size=1201 authuser= authtype= encrypted= sslverified=no localip=delete localport=25 remoteip=delete remoteport=36136 remotehost=server5.xxxxx.org qp=429826 pid=429825

Jul 10 12:20:39 server7 qmail: 1625919639.924924 new msg 6029569
Jul 10 12:20:39 server7 qmail: 1625919639.924973 info msg 6029569: bytes 1753 from <yyyy@xxxx.org> qp 429831 uid 502
Jul 10 12:20:39 server7 qmail: 1625919639.924988 starting delivery 1: msg 6029569 to local yyyy@server7.xxxx.org
Jul 10 12:20:39 server7 qmail: 1625919639.924994 status: local 1/10 remote 0/20
Jul 10 12:20:39 server7 qmail: 1625919639.966971 delivery 1: success: did_1+0+0/
Jul 10 12:20:39 server7 qmail: 1625919639.967080 status: local 0/10 remote 0/20

normally the delivery success message means that the message file is inside Maildir/new/ folder but in fact there is no file.

If I do the same thing with postmaster@server7.xxxx.org the qmail server generate :

Jul 10 14:29:05 server7 qmail: 1625927345.242676 delivery 4: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/

the postmaster account exist and had been created with vadddomain command.

I am not using sql method.

Is there somewhere to search ?

Can you perform again the "telnet localhost 89" vpopmail test to check if it recognizes the yyyy@server7.xxxx.org account?

If the test succeds, what do you have in your .qmail-default file placed in server7.xxxx.org dir?

if you're delivering via dovecot, what does the dovecot-lda log say?

I installed netqmail + the latest complet patch 2021.06.19. I carefully followed the installation process and When I try to send an email to ther server I have these logs.

Jul 9 16:53:35 server7 smtpd: 1625849615.321404 qlogreceived: result=rejected code=451 reason=queuedelay detail=mail_server_temporarily_rejected_message_(#4.3.0) helo=smtpfb2-g21.free.fr mailfrom=nicolas@domain.org rcptto=ncroiset@server7.otherdomain.org relay=no rcpthosts= size=1342 authuser= authtype= encrypted= sslverified=no localip=195.xxx.1.232 localport=25 remoteip=212.27.42.10 remoteport=55346 remotehost=smtpfb2-g21.free.fr qp=167042 pid=167041
Jul 9 16:53:35 server7 smtpd: 1625849615.321432 qmail-smtpd: message delayed (mail server temporarily rejected message (#4.3.0)): nicolas@domain.org from 212.27.42.10 to ncroiset@server7.otherdomain.org helo smtpfb2-g21.free.fr

In which direction may I search ?

have you performed all the tests mentioned in this "testing" page? if yes, what do you have in your QMAILQUEUE variable?

Hi Mr Roberto,

after i touch a new file for "tcp.smtp" then run qmailctl cdb .. i start telnet to my server with 25 as below:

220 mydomain.com ESMTP
mail from: anyone@anyone.com
250 ok
rcpt to: nobody@mydomain.com
250 ok
data
354 go ahead
subject: testing mail
to: nobody@mydomain.com
from: anyone@anyone.com

Testing mail
.
250 ok 1599214681 qp 32622
quit
221 mydomain.com

Connection to host lost.

2 questions need your help:

1. why CHKUSER unable to block unknown sender while telnet?

2. i checked on Send log file, the server able to block nobody email address with "no_mailbox_here_by_that_name", but why CHKUSER unable to block while i was doing telnet that time?

Thank you

so what do you have in your tcp.smtp? you cannot have it blank

1. chkuser will block unexistent recipient and unexistent sender domains, but of course it cannot say anything about sender username (unexistent@gmail.com is good).

2. chkuser is disabled for RELAYCLIENT ip, according to your tcprules

PS be aware that such things are already mentioned in the present guide :-)

Hi Mr Roberto,

Actually i followed the steps on your "Testing chkuser", my existing tcp.smtp got info inside such as:

192.168.1.:allow,RELAYCLIENT=""
127.0.0.1:allow,RELAYCLIENT=""

after that, i moved the file to a tmp file, then touch a new empty file for tcp.smtp, then do telnet... so suppose chkuser able to rejected the messages if the MX record in the from field is non existent, right? or any settings i need to look into to start chkuser? i checked my SMTP log file, inside no have this "chkuser" word occurred. anyway is it got related to that file "chkuser_settings.h"?

Thank you

I think that this is due to the fact that you are using the wrong patch, which doesn't include chkuser.

At any rate I strongly suggest to have a look at chkuser_settings.h

Hi Roberto,

oh .. ya ... i forgot i just patched on smtp-auth + qmail-tls + forcetls only... sorry about this issue.

anyway thanks.

Hi,

I am trying to have TLSv1.3 can be used with your guide.  With openssl updated to version 1.1.1b and ucspi-tcp6 updated to vesion 1.10.2 (from www.fehcom.de), then test the SMTP connection with the underneath command:

openssl s_client -starttls smtp -crlf -connect :25

It is found that the Protocol of SSL-Session is TLSv1.3, see the following captured lines.

No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1736 bytes and written 406 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
...
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 8B9890744E8B2358F41DE448A64CB26E67F53BCEED25DB23243C8C9AD0F0503E
    Session-ID-ctx:
    Resumption PSK: 86E2265F6043E491FC629454557CF18FD844E9832FD9E4718927A8D6DAE5E779544CCA21C943465EA3481289B1FE7AF8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)

Does that mean the qmail setup is TLSv1.3 functional?

yes it does

Hello Roberto,

i have installed the qmail server on a new server with debian 9

swaks ... --tls gives me following error in subbmission/current

Any suggestion is greatly appreciated

@400000005b7031251b5788dc tcpserver: status: 1/20
@400000005b7031251b5b9fbc tcpserver: pid 3336 from 127.0.0.1
@400000005b7031251b5d5d0c tcpserver: ok 3336 0:127.0.0.1:587 :127.0.0.1::45028
@400000005b7031251b6c87dc /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libssl.so.1.1: failed to map segment from shared object
@400000005b7031251b6f71f4 tcpserver: end 3336 status 32512

honestly, I'm not sure that the qmail-tls patch is openssl-1.1 compliant. But if you upgraded your Debian over an old qmail installation you should recompile

Please let me know if you solve

Yes, qmail-tls breaks with openssl-1.1. Someone submitted some changes to the author f.v. but we have to wait. Look here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218590

I tried myself to include those changes without success, for the moment. I hope someone could help... in the meantime the DKIM part is already 1.1 compliant

needed to incrase softlimit to 6MB, no it runns with

# dpkg -l | grep ssl
ii libcrypt-ssleay-perl 0.73.04-2 amd64 OpenSSL support for LWP
ii libssl1.0-dev:amd64 1.0.2l-2+deb9u3 amd64 Secure Sockets Layer toolkit - development files
ii libssl1.0.2:amd64 1.0.2l-2+deb9u3 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.0f-3+deb9u2 amd64 Secure Sockets Layer toolkit - shared libraries
ii openssl 1.1.0f-3+deb9u2 amd64 Secure Sockets Layer toolkit - cryptographic utility

Ralph

Yes... I didn't notice that it was the qmail log and not the compilation log

I've been using this awesome guide to migrate to a new server and I certainly appreciate it! One issue I have is I have some users who have domains with a catch-all, so their vpopmail/domains/0/domain.com/.qmail-default contains something like:

| /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/0/domain.com/paul

paul@domain.com is a valid account; if I send mail to paul@domain.com it will work. However, if I send mail to samjoe@domain.com, I get: 

550 5.1.1 sorry, no mailbox here by that name (chkuser)

If I strace qmail-smtp, I see it trying to stat /home/vpopmail/domains/0/domain.com/.qmail-samjoe, then it does a mysql query, then returns the no such user - I never see it looking at /home/vpopmail/domains/0/domain.com/.qmail-default 

Do catch-alls work with chkuser? I can't figure it out..

Sorry for the late reply, I was not so well these days..

I think that chkuser breaks this functionality, because it acts at qmail-smtpd level, then before the delivery. 

Not a problem! I figured it out after reading the checkuser code. It's the CHKUSER_START variable in qmail-smtpd/run, if set to "DOMAIN" instead of "ALWAYS" it'll check the .qmail-default for each domain. If the file has 'bounce' in it, then it'll reject users who don't exist, otherwise it'll accept all.

Hello Roberto,

i have installed the qmail server on a new server - everything went fine except the STARTSSL authentification is not working well.

When i ran the command "openssl s_client -starttls smtp -crlf -connect localhost:587" i get the message "CONNECTED(00000003)" then 30 second to 60 seconds nothing happened and then i got the view of the certificate. In the meantime i see the qmail-smtp process working with 100%. Sending Mails In and Out is working but it takes the same amount of time and the qmail-smtp process working on full load. Sometimes i got a timeout with the mail client. I have tried it with 2 different certificates and it is always the same. Do you have an idea what went wrong or how i can track this? Thanks.

Issuing the command openssl s_client -starttls smtp -showcerts -connect mx-exchanger.tld:465 results in a openssl hang. Below is the relevant strace section. 175 seconds is when I interrupted the process.

What happens in the line directly above it?

18722      0.000025 read(3, "-----BEGIN RSA PRIVATE KEY-----\n[data]"..., 4096) = 4096
18722      0.000066 close(3)            = 0
18722      0.000022 munmap(0x7f1034714000, 4096) = 0
18722      0.000026 open("control/tlsserverciphers", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
18722      0.000091 fcntl(0, F_GETFL)   = 0x2 (flags O_RDWR)
18722      0.000022 fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
18722      0.000022 fcntl(1, F_GETFL)   = 0x802 (flags O_RDWR|O_NONBLOCK)
18722      0.000022 fcntl(1, F_SETFL, O_RDWR|O_NONBLOCK) = 0
18722      0.000048 read(0, 0x1f2b440, 11) = -1 EAGAIN (Resource temporarily unavailable)
18722      0.000034 select(1, [0], NULL, NULL, {1200, 0}) = 1 (in [0], left {1024, 593952})
18722    175.406256 read(0, "", 11)     = 0
18722      0.000116 fcntl(0, F_GETFL)   = 0x802 (flags O_RDWR|O_NONBLOCK)
18722      0.000083 fcntl(0, F_SETFL, O_RDWR) = 0
18722      0.000069 fcntl(1, F_GETFL)   = 0x2 (flags O_RDWR)
18722      0.000065 fcntl(1, F_SETFL, O_RDWR) = 0
18722      0.000226 select(2, NULL, [1], NULL, {1200, 0}) = 1 (out [1], left {1199, 999994})
18722      0.000108 write(1, "454 TLS connection failed (#4.3.0)\r\n", 36) = 36
18722      0.000144 select(3, NULL, [2], NULL, {1200, 0}) = 1 (out [2], left {1199, 999995})
18722      0.000081 write(2, "qmail-smtpd: read failed: (null) from 162.144.50.129 to (null) helo (null)\n", 75) = 75
18722      0.000076 exit_group(1)       = ?
18722      0.000423 +++ exited with 1 +++

strace before and after adding a separate dh2048.pem in /var/qmail/control

Before:

18332      0.000106 open("control/dh2048.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
18332     35.148926 write(1, "[data]\n\23\rLet's Encrypt1#0!\6\3U\4\3\23\32Let's Encrypt Authority X30\[data]\23\four.mx-exchanger.tld0\202"..., 3345) = 3345
18332      0.000057 read(0, 0x117a443, 5) = -1 EAGAIN (Resource temporarily unavailable)

After:

18445      0.000094 open("control/dh2048.pem", O_RDONLY) = 3
18445      0.000030 fstat(3, {st_mode=S_IFREG|0644, st_size=424, ...}) = 0
18445      0.000024 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f23450ed000
18445      0.000023 read(3, "-----BEGIN DH PARAMETERS-----\n[data]"..., 4096) = 424
18445      0.000044 close(3)            = 0
18445      0.000021 munmap(0x7f23450ed000, 4096) = 0
18445      0.007885 write(1, "[data]\n\23\rLet's Encrypt1#0!\6\3U\4\3\23\32Let's Encrypt Authority X30\[data]\23\four.mx-exchanger.tld0\202"..., 3345) = 3345
18445      0.000045 read(0, 0xb38443, 5) = -1 EAGAIN (Resource temporarily unavailable)

This seems to be new behavior (after upgrading from a 2015 install) . Why is it not using the dh parameters included in servercert.pem any longer?

if you are strictly following my guide and have my combined patch installed, and then using ucspi-tcp6, you should connect to 587 port (submission service) instead of 465, which goes with ucspi-ssl. I suppose that in your previous configuration you were using something like ucspi-ssl

Hi Marc, are you running qmail-smtpd as vpopmail?

Important: If you run qmail-submission as a user other than vpopmail, and you’re installing my combined patch, you must adjust /var/qmail/bin/update_tmprsadh accordingly. Otherwise you’ll probably exceed the connection timeout due to privilege problems, and won’t be able to send messages when connected remotely.

Hello Roberto,

i'm running qmail-smtpd as vpopmail user.

What the logs say? I would check the ownership of the certificate  and eventually try to debug with strace

I have a long time issue that is driving me crazy. I recompiled netqmail with Roberto's full patch, in order to update the qmail-auth patch and trying to secure my server as mush as possibile. I ran into the same problem occurred during the installation of the server, so I tried to gather some more infos.

The problem is related to chkuser; if I use the qmail-smtpd binary file from the compilation, chkuser is always accepting email, even if for non-existend users::

@400000005617b9e91c82f91c CHKUSER accepted sender: from <xxxx@domain.net|remoteinfo/auth:xxxx@domain.net|chkuser-identify:> remote <helo:[192.168.11.143]|remotehostname:unknown|remotehostip:192.168.11.143> rcpt <> : accepted any sender always
@400000005617b9e91c9281ac CHKUSER accepted any rcpt: from <xxxx@domanin.net|remoteinfo/auth:xxxx@domain.net|chkuser-identify:> remote <helo:[192.168.11.143]|remotehostname:unknown|remotehostip:192.168.11.143> rcpt <dsaasddsa@sinapto.net> : accepted any recipient for this domain

If I replace the qmail-smtpd binary file with the one from the qmail-1.03-26.el6.art.x86_64.rpm, WITHOUT changing anything else (NO configuration or run file change at all), chkuser is working fine:

@400000005617ba170152ef94 CHKUSER accepted sender: from <xxxx@domain.net:xxxx@domain.net:> remote <[192.168.11.143]:unknown:192.168.11.143> rcpt <> : accepted any sender always
@400000005617ba170191449c CHKUSER rejected rcpt: from <xxxx@domain.net:xxxx@domain.net:> remote <[192.168.11.143]:unknown:192.168.11.143> rcpt <dsaasddsa@sinapto.net> : not existing recipient

Any suggestion is greatly appreciated !

how do you run qmail-smtp and chkuser? are you using my configuration and running qmail-smtp as vpopmail?

Hello Roberto,

after recompliation of netqmail with your latest patch everything works fine ! I think some issues could be related to the latest qmail-authentication v. 0.8.3 fixes.

Thank you, as always !

Hi, great tutorial! thanks!

Everything worked like a charm, but i tested DKIM sending mail for sa-test@sendmail.net, and I got NO PRESENT for DKIM.

That´s someway to test it?

Thanks

Yes, read this http://notes.sagredo.eu/node/92

Hello,

I have encountered a problem with SPF checking using your qmail installation.

Every SPF check is like this:

Received: from unknown (HELO xxxxxx) (::ffff:190.249.131.119)
Received-SPF: unknown (0: No IP address in conversation)

using spfquery command, the result is OK.

Do you have any suggestions on how to fix this, so the IPv4 is detected correctly, without "::ffff:" prefix ?

Thank you!

unfortunately i've no suggestions, I think that the error is due to the prefix.. it's a very old patch. By the way it appears that the spfquery program was not written by the same author of the qmail-SPF patch

let me know if you manage to solve :)

After further research I did manage to solve the problem.

tcpserver was transforming IPv4 into IPv6 format

The fix was to add in /var/qmail/supervise/qmail-smtpd/run  "-4" at the tcpserver command. This forces the use of IPv4 IPs only.

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \    
    /usr/local/bin/tcpserver -4 -v -H -R -l 0 \ .....

Today I released a new combined patch which fixes this issue on qmail-pop3d. Many clients were tested and everything seems to be working fine now.

Hello all,

Every thing is working perfectly while I test from command line (SMTP, Auth SMTP and POP3) but while I configure in email client ie MS Outlook. I'm not able to make auth pop3 and retrieve mail from server. but Auth SMTP is work perfectly using same username and password as my incoming mail server. but while I test from command line using telnet I'm able to auth(login and access mail) pop3. I tried both /home/vpopmail/bin/vchkpw and /home/vpopmail/bin/vpopmaild on vpopmail run file can any one help me to resolve this problem.

Thanks in advance.

When Telnet  to pop3, it works but receives double +OK  +OK after entering "pass password" and other commands. See below conversition.

+OK <681.1355813384@domain.co.uk>
user postmaster@domain.co.uk
+OK
pass password
+OK
+OK
list
+OK
+OK
1  990

.
.
dele 1
+OK
+OK
quit
+OK
+OK

qmail-pop3d and vpopmail:vchkpw seems to be working via remote telnet.

When Mail Client used such as Outlook auth pop3 does hang. I have also tested it with other email clients but no avail! 

"Receiving' reported error (0x8004210A) : 'The operation timed out waiting for a response from the receiving (POP) server."

Here is below mail server side conversition between Outlook and Mail Server

@4000000050d0165622025a2c tcpserver: pid 3185 from 11.111.111.111
@4000000050d016562202a84c tcpserver: ok 3185 0:22.222.22.222:110 :11.111.111.111::3168
@4000000050d016562337869c 3185 > +OK <3185.1355814476@domain.co.uk>
@4000000050d016562468daac 3185 < USER postmaster@domain.co.uk
@4000000050d0165624699244 3185 > +OK 
@4000000050d0165625b43ab4 3185 < PASS password
@4000000050d0165626937ef4 3185 > +OK 
@4000000050d01656269386c4 3185 > +OK 
@4000000050d0165627f80c4c 3185 < STAT
@4000000050d0165627f8cbb4 3185 > +OK +OK 0  0
@4000000050d0165627f8cf9c 3185 >
@4000000050d0169227a58b34 3185 < [EOF]
@4000000050d0169227a87934 3185 > [EOF]
@4000000050d0169227a9965c tcpserver: end 3185 status 256
@4000000050d0169227a9c924 tcpserver: status: 0/10

Patching qmail-pop3d.c  with following

-void okay(arg) char *arg; { substdio_puts(&ssout,"+OK \r\n"); my_puts("+OK \r\n"); flush(); }
+void okay(arg) char *arg; { my_puts("+OK \r\n"); flush(); }

It  is tested on live qmail+vpopmail server port 110 and 995 with stunnel. it seems to be working perfectly. Thanks to Simplex and Roberto

Further my previous post

Above patch to "qmail-pop3d.c", after intensive test, is found to be not working as expected.

After auth pop3d , email moves to "cur" folder from "new" under /Maildir even though email client is configured not  to "Leave a copy of messages on server".

Regards,

I had the same issue when compiling only qmail with the patches included here

the problem is that qmail-popup.c or qmail-pop3d.c print after the pass is sent +OK twice,

If you do a diff on the original netqmail files and the patched ones you will see what i'm talking about:

The MUA expects only one +OK from pop3d.

So I think the problem is in qmail-pop3d.c

maybe this line from the patched  qmail-pop3d.c 

void okay(arg) char *arg; { substdio_puts(&ssout,"+OK \r\n"); my_puts("+OK \r\n"); flush(); }

In any case I just replaced the patched qmail files (qmail-popup.c or qmail-pop3d.c) with the original ones since the only difference I noticed was the function puts renamed to my_puts. and I recompiled. And it worked.

yes, you are right. Modifying like this

-void okay(arg) char *arg; { substdio_puts(&ssout,"+OK \r\n"); my_puts("+OK \r\n"); flush(); }
+void okay(arg) char *arg; { my_puts("+OK \r\n"); flush(); }

seems to solve.

fyi, both the dkim and maildir++ patches modifies qmail-pop3d, so I think you shouldn't replace the patched files with the original ones, because there are other changes there.

Before releasing a new patch can you make a test with this one or adjust yourself qmail-pop3d.c?

thanks for the contribution. I'm going to test qmail-pop3d as soon as possible and eventually provide a new patch :)

Unfortunately I can't be of any help as I'm not using qmail-pop3d since a long time.. anyway I would give dovecot's pop3 service a chance..

Hello, i cand not telnet on port 25 becouse i get a disconect message and no mail can arrive .

Escape character is '^]'.
Connection closed by foreign host.

here are some logs

@4000000055717f060cbd19cc tcpserver: pid 24793 from 89.137.228.94
@4000000055717f060cbecb64 tcpserver: ok 24793 0:188.241.220.26:25 :89.137.228.94::41430
@4000000055717f060d0f50ac tcpserver: end 24793 status 11
@4000000055717f060d0f604c tcpserver: status: 0/20
@4000000055717f693a003694 tcpserver: status: 1/20
@4000000055717f693a03769c tcpserver: pid 24817 from 89.137.228.94
@4000000055717f693a051894 tcpserver: ok 24817 0:188.241.220.26:25 :89.137.228.94::41431
@4000000055717f693a54461c tcpserver: end 24817 status 11
@4000000055717f693a544dec tcpserver: status: 0/20
@4000000055717f6d109527c4 tcpserver: status: 1/20
@4000000055717f6d109867cc tcpserver: pid 24818 from 89.137.228.94
@4000000055717f6d109a1194 tcpserver: ok 24818 0:188.241.220.26:25 :89.137.228.94::41432
@4000000055717f6d10e78d84 tcpserver: end 24818 status 11
@4000000055717f6d10e79d24 tcpserver: status: 0/20
@4000000055717f9129acf7dc tcpserver: status: 1/20
@4000000055717f9129b02c2c tcpserver: pid 24820 from 89.137.228.94
@4000000055717f9129b1d5f4 tcpserver: ok 24820 0:188.241.220.26:25 :89.137.228.94::41434
@4000000055717f9129fe6f54 tcpserver: end 24820 status 11
@4000000055717f9129fe7ef4 tcpserver: status: 0/20
@40000000557180d409990224 tcpserver: status: 1/20
@40000000557180d4099c74f4 tcpserver: pid 25079 from 89.137.228.94
@40000000557180d4099e3244 tcpserver: ok 25079 0:188.241.220.26:25 :89.137.228.94::41439
@40000000557180d409ec5244 tcpserver: end 25079 status 11
@40000000557180d409ec61e4 tcpserver: status: 0/20

Any ideeas?

is there any firewall? 

no, no firewall

was the IP 89.137.228.94 in your tests above the one  you were connecting from?

are you using my qmail patch and installation?

can you post a telnet session?

yes this was my ip

i redirected port 25 to 587 and now everything is working ... don`t know what was wrong with port 25