Qmail-addons

Contents 1 Introduction 2 Recommended Patches 3 Patches for High Volume Servers 4 Headers 5 New Functions 6 Delivery, Bounces & Receiving 7 Date & Time 8 User Administration 9 Large Multi-Issue Patches 10 Control, Starting and Stopping 11 Patches For Client Programs 12 MIME 13 Encryption 14 File System 15 SQL Implementations 16 Filtering and Scanning 17 Sendmail Wrapper 18 OS or Distro Specific 19 Logging 20 Spam and things that belong elsewhere in the wiki

Introduction

These patches increase Qmail's functionality and security. To avoid applying patches manually, find an pre-packaged distribution at qmail distribution.

Recommended Patches

• errno patches for all of djb's software. The definitions of errno in qmail other DJB software do not work with the newer glibc (2.3.1). Executables compiled with older glibc's (2.3) abort on startup, and recompilation with 2.3.1 is not possible. These patches allow qmail and other DJB software to compile. By Mate Wierdl.

• .qmail processing patch in qmail-local. By Erik Sjölund

• qmail ought to recognize 0.0.0.0 as a local IP address. By Scott Gifford.

• set default From: header with sendmail type -f option. By David Phillips.

• QMAILQUEUE patch to check for a QMAILQUEUE environment variable for a replacement program to qmail-queue. This allows virus scanners or other programs to perform some action before rejecting the email or putting it into the queue with the real qmail-queue prorgram. simscan and qmail-scanner both use this method. By Bruce Guenter.

• James Craig Burley created the qmail-isoc.patch, which accommodates for rare conditions in which qmail-programs could crash on 64bit platforms.

Patches for High Volume Servers

• Big Todo Patch creates sub directories under the qmail/queue/todo directory. This helps on installations where the not yet preprocessed queue size gets large. By Dave Smith (update for qmail-1.03), Bruce Guenter (qmail-qstat update), and Russel Nelson.

• Big Concurrency Patch allows for remote and local concurrency greater than 240. For most systems this means a maxium of 509 concurrent deliveries.
  • 509 is not enough for you? Ok, here's a trick that works in Gnu/Linux:
    edit: /usr/include/bits/types.h
    Find the following: #define FD_SETSIZE 1024
    Change that to... let's say 4096. Now recompile qmail, echo "2045" > /var/qmail/control/concurrencyremote, restart qmail-send and watch your load average skyrocket! For your own and everyone else's sake, you should be careful with this.

Headers

• Jeremy Kister made an originip-field patch, implementing an idea by Charles Cazabon to add a X-Originating-IP field in an email's header.

• qmail-verh patch. This allows substitution of the recipient local/host parts into the message. Useful for inserting a customized mailto: URL for list-unsubscribe into the body of the message.

New Functions

• Paul Fox has created a getpwnam() patch for qmail which causes it to use getpwname() to get the uids of its usernames.

Delivery, Bounces & Receiving

• Evan Champion has a patch to condredirect. It allows condredirect to handle the case where the child has a permanent delivery error -- for example, when the program condredirect is asked to run doesn't exist.

• Chuck Foster implemented code (which Bill Nugent updated it to qmail 1.03) to bind the local address for smtp client sessions to an address which is mapped using the remote address as a key. This can be useful to bypass a firewall, or if you've got split routing, or if you have a better non-publicized route to the destination host.

• Andy Repton has ported the fixed IP address patch to qmail 1.03.

• Christopher K. Davis has a patch to accept oversize DNS packets which works on both qmail's dns.c and tcpserver's dns.c.

• Bernhard Graf has a fix for input buffer boundary problems.

• Frank DENIS wrote a patch to truncate bounce messages (qmail.org copy, by author's request), on the off chance that the user may have kept a copy of the email.

• Russ Nelson updated his changes to qmail-remote to send using QMTP. If you wish to receive mail via qmtp, run qmtpd.

• Klaus Reimer has code to change the appearance of bounce messages. Note that this has the potential to break QSBMF.

• Scott Gifford's moreipme patch is available. This solves the problem seen when a host has more IP addresses than it knows about. This happens in particular when you have an IP masquerading load balancer in front of a host.

• André Oppermann updated his ext-todo patch, which solves the 'silly qmail syndrome'. That's where qmail spends more time processing incoming email than scheduling deliveries. You can get it with big-todo integrated as well.

• Insist that your local users use only certain domain names on their outgoing email.

• Balazs Nagy has a concurrent IP connection limiter for ucspi-tcp.

• And here is concurrent IP connection limiter for ucspi-ssl and ucspi-tls based on Balasz Nagy's patch for ucspi-tcp.

• Matthew Trout checks SMTP clients to see if they are open relays before he will accept email from them.

• James Craig Burley has a smarter host patch. It causes qmail-remote to fall back to sending the email to your ISP if email cannot be sent directly to the recipient.

• John R Levine has written a SMTP AUTH patch for ofmipd in mess822-0.58.

• Tomislav Randjic has written a patch to qmail's pop3 daemon which adds 'seen' flag for messages read by clients.

• Johan Almqvist logs badmailfrom hits

• Ward Vandewege wrote a patch to implement badrcptto, in the same vein as badmailfrom.

• John Levine wrote a badrcptto patch which uses CDB and logging.

• Oliver Neubauer has a validrcptto patch, which rejects invalid addresses in the SMTP dialog. Note that you cannot use this if you have any .qmail files ending in -default, e.g. any ezmlm lists.

• Dion Sasmito wrote a goodmailfrom matching badmailfrom's functionality.

• Paul Jarc's realrcptto patch changes qmail-smtpd so it uses the same tests as qmail-send to choose a .qmail file. The email might still be bounced by the .qmail file, but if it would bounce because there is no applicable .qmail file, then the email is rejected in the smtp dialog.

• Charles Cazabon wrote a patch to enforce single recipients on bounces. The author has revoked the patch, but it's still available here. After patching, remember to edit qmail-smtpd.c and insert "recipcount = 0;" in the smtp_mail function, as described here.

Date & Time

• John Saunders has patch to date822fmt.c which causes it to emit dates in the local timezone.

User Administration

• Russell Nelson has a qmail popbull program that lets you create bulletins which get added to a user's mailbox as they log in. Equivalent to an all-customers mailing list, but takes up much less resources, and lets you withdraw bulletins.

• Bruce Guenter has a patch which causes qmail programs to http://untroubled.org/qmail+patches/sources/qmail-1.03-autouidgid.patch get their userids], not compiled in via auto_uids.c, but instead by looking at files in /var/qmail/owners.

• Mrs. Brisby has written a user/password based authentication mechanism for qmail-smtpd. This lets your microsoft's outlook express supports (outgoing mail server user name) and netscape 4.5 (and above-betas) users securely roam. Users can use a slightly modified version of their own checkpassword.c program as outlined in my own vchkpw.c that I use. Also, two very simple perl scripts to perform pop3-based authentication for qmail.
• Krzysztof Dabrowski has made some improvements to Mrs. Brisby's smtp-auth, to let it work with CRAM-MD5 and PLAIN

• Eric M. Johnston's YAQSAP (Yet Another qmail SMTP AUTH Patch)

• Dr. Erwin Hoffmann has written his own SMTP Auth package.

• Bjoern Kalkbrenner has improved the smtp-auth client patch (alternate location) so it works with multiple users. This is of most use for a desktop qmail installation which needs to relay mail through a server that requires authentication. The original author was Jay Soffian ( documentation, patch). Last person to touch that patch was Robert Sanders

• Adrian Ho has increased qmail-remote's compliance with RFC2821. Some smtp servers are now emitting 5XX responses from the get-go, and mere RFC821 behavior doesn't deal well with them.

• Ingo Rohloff has added SMTP authentication support to serialsmtp.

• Jan Knepper has a qmail virtual domain outgoing IP address patch

• Will Harris has a patch to make qmail fully RFC 1870 compliant, i.e. to support the ESMTP SIZE command. Erwin Hoffman has some corrections.

• J. de Boyne Pollard suggests that you remove the bodge that works around a BIND version 4 problem.

Large Multi-Issue Patches

• Bruce Guenter has a qmail RPM which automatically applies a number of patches found here and which comes with some scripts.

• Shupp's combined patches contain several useful patches

• EMPF Patch compatible with Shupp's Toaster

• The qmail-1.03.isp.patch makes qmail more friendly for an xSP environment.

• John Simpson's combined patch contains several useful patches written by others, and includes John's validrcptto.cdb patch (which validates recipients against a cdb file) and AUTH_CDB patch (which validates AUTH commands against a cdb file). This is also the combined patch which is used in the qmailrocks directions, although qmailrocks uses a REALLY old version of the patch (just as it uses really old versions of everything else.)

Control, Starting and Stopping

• Bruce Guenter wrote supervise-scripts,to help him start and stop supervise-managed programs in a more controlled manner.

• Nick Leverton wrote a patch to qmail-send to cause it to suspend remote delivery without needing to restart qmail.

Patches For Client Programs

• Ximenes Zalteca improved Dave's patch so that broken versions of Eudora which emit a CAPA command can still work with qmail's POP3 server.

• Scott Moorhouse rewrote a patch (which someone had written earlier and which I failed to publish here) to work around a Netscape bug, the symptoms of which are that it does not know how big a message is, so Netscape's download indicator doesn't progress.

MIME

• Fred Lindberg has a patch which causes qmail-send to preserving the MIME-ness when bouncing MIME messages. It requires and includes a patch to ezmlm, since it breaks QSBMF.

• Jose Luis Painceira's patch deletes the body on big bouncing messages</a>. It's based on Fred Lindberg's patch (see previous item). Note that if you use ezmlm, you may need Fred's patch for ezmlm-return, which is not included here.

• Klaus-Uwe R. Ittner wrote a patch to make serialmail enclose the bounced message as a MIME part, in analogy with qmail-mime.tar.gz. Useful for all those unfortunate people who use character sets other than us-ascii and want to be able to decipher what bounced.

Encryption

• Frederik Vermeulen has written a patch implementing RFC2487 (starttls) in qmail (qmail-smtpd as server, qmail-remote as client). This means you can get SSL or TLS encrypted and authenticated SMTP between the MTAs and between MTA and an MUA like Netscape4.5. Do you want to use starttls and smtp-auth at the same time? The above patches conflict, so you'll need this patch. Neal Groothuis combined the newest versions of the starttls and smtp-auth patches ( 20020526 and 0.31 respectively).

• Oliver Hitz wrote a small tool to manually test SMTP-AUTH CRAM-MD5 authentication

File System

• Petri Kaukasoina wrote a little shared library which should help qmail reliability on Linux. Linux does not automagically fsync metadata (information necessary tomake a file appear in the filesystem). It only fsyncs metadata when the the directory is fsynced.

• Bruce Guenter's syncdir gives qmail bsd fsync semantics on a Linux filesystem.

SQL Implementations

• takeshi at SoftAgency dot co dot jp wrote MySQL + QMAIL, including qmail-getpw-mysql and checkpassword-mysql, to look up users in a mysql database. Iain Patterson has improved on MySQL +QMAIL.

• Michael Devogelaere's qmail-sql now includes ODBC support.

Filtering and Scanning

• Bruce Guenter has written qmail-qfilter, which is a front end for qmail-queue</a> that can send the body of the message through one or more filters, such as qmail-inject or new-inject.

• LinuxMagic's "magic-smtpd" Daemon While not a 'patch' per se, if you are struggling with incorporating Valid User checking, or Anti-Spam controls at the SMTPD level, this opensource product has been well received as a drop in replacement for the qmail-smptd. It might suit your needs, while still having all the advantages of a Qmail based system. LinuxMagic has also produced other opensource tools, such qmail-remove queue cleaner and others.

• Chris Beach has written notes on automating Spam Assassin's learning process on QMail/Plesk installations, and mail filtering using procmail and QMail

Sendmail Wrapper

• Matthias Andree has a patch to allow qmail's sendmail wrapper to ignore the -N dsn option that sendmail has, for compatibility with MUAs that use the -N dsn switch (mutt can do)

• David Phillips noticed that qmail's sendmail's -f emulation doesn't set the default for the username as sendmail does.

OS or Distro Specific

• Gerrit Pape has Debian packages.

• Scott Woods has qmail running on a Cray It took some patching to make it run on UNICOS, but it's running.

• Giacomo Cariello has OpenBSD Qmail Ports, even though Theo has removed them from portstree.

• Andreas Mueller has compiled qmail for HP-UX.

Logging

• James Raftery wants the canonicalized hostname in the logfile, so he can see the real envelope recipients of messages after host name canonicalization. If you send a mail to me at lecter@www.redbroock.dcu.ie, your logs will show 'to remote lecter@www.redbrook.dcu.ie' but qmail-remote will actually use 'lecter@prodigy.redbrook.dcu.ie' in the RCPT TO command.

Spam and things that belong elsewhere in the wiki

move these elsewhere

• Chuck Foster originally wrote a patch for tcpcontrol. That functionality got subsumed into tcpserver. John Levine has updated it to the current version 0.84. It allows you to:
  • deny services based on domain names instead of IP addresses.
  • distinguish between no PTR and wrong PTR DNS records.
  • deny service to hosts whose forward and reverse DNS do not agree.