Mailing List Archive: qmail-103.patch how to install

qmail-103.patch how to install

Jul 8, 2014, 5:35 AM

Post #1 of 5 (4480 views)

Hallo,

From my production qmali server i have a lot of CNAME error like this:

Hi. This is the qmail-send program at xxxx.xxxx.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<xxxxxxx@libero.it>:
CNAME lookup failed temporarily. (#4.4.3)
I'm not going to try again; this message has been in the queue too long.

usually with the domain libero.it, this is the results for
"dig -t mx libero.it":

; <<>> DiG 9.7.0-P1 <<>> -t mx libero.it
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61612
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;libero.it. IN MX

;; ANSWER SECTION:
libero.it. 19731 IN MX 10 liberomx1.libero.it.
libero.it. 19731 IN MX 10 liberomx3.libero.it.
libero.it. 19731 IN MX 10 liberomx4.libero.it.
libero.it. 19731 IN MX 10 liberomx2.libero.it.

;; ADDITIONAL SECTION:
liberomx1.libero.it. 1709 IN A 212.52.84.177
liberomx1.libero.it. 1709 IN A 212.52.84.171
liberomx1.libero.it. 1709 IN A 212.52.84.173
liberomx1.libero.it. 1709 IN A 212.52.84.179
liberomx1.libero.it. 1709 IN A 212.52.84.172
liberomx1.libero.it. 1709 IN A 212.52.84.181
liberomx1.libero.it. 1709 IN A 212.52.84.182
liberomx1.libero.it. 1709 IN A 212.52.84.174
liberomx1.libero.it. 1709 IN A 212.52.84.176
liberomx1.libero.it. 1709 IN A 212.52.84.183
liberomx1.libero.it. 1709 IN A 212.52.84.170
liberomx1.libero.it. 1709 IN A 212.52.84.180
liberomx1.libero.it. 1709 IN A 212.52.84.178
liberomx1.libero.it. 1709 IN A 212.52.84.175

;; Query time: 4 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Tue Jul 8 13:50:54 2014
;; MSG SIZE rcvd: 355

I think it's ok, (libero.it is one of the biggest provider in Italy) so the
problem should be in qmail!!

I have installed qmail using the "life with qmail" quide some years ago
(11/2008), on a ubuntu server 8.x now upgraded to 10.04.

I have a /usr/local/src/qmail-1.03 directory but i can't understand if the
103 patch is installed, nor what version qmail is running!!

so please help me to avoid this error!!

Thanks, Marco

Re: qmail-103.patch how to install [ In reply to ]

qmail-09 at jeremykister

Jul 8, 2014, 1:08 PM

Post #2 of 5 (4395 views)

Permalink

On 7/8/2014 8:35 AM, Marco wrote:
> <xxxxxxx@libero.it>:
> CNAME lookup failed temporarily. (#4.4.3)
> I'm not going to try again; this message has been in the queue too long.

Unless whomever installed your qmail did something smart (like modifying
"qmail version" in qmail-showctl) there's no good way to tell what
patches are installed without observation.

That being said, we can be rather sure that your installation does not
have the oversize dns patch (at
http://www.ckdhr.com/ckd/qmail-103.patch) installed.

if you're sure the /usr/local/src/qmail-1.03 is actually what is
installed on your system, you can:
cd /usr/local/src
wget http://www.ckdhr.com/ckd/qmail-103.patch
patch qmail-1.03/dns.c < qmail-103.patch
cd qmail-1.03
make setup check
svc -d /service/qmail-send
svc -u /service/qmail-send

--

Jeremy Kister
http://jeremy.kister.net./

Re: qmail-103.patch how to install [ In reply to ]

feh at fehcom

Jul 8, 2014, 1:57 PM

Post #3 of 5 (4421 views)

Permalink

Hi Marco,

according to the DNS information, Jeremy's advise is the one you should
follow.

Under most circumstances, it would not interfere with other patches.

In case you don't have access to the dns.c patch, here is my version:

--- dns.c.orig 15-06-1998
+++ dns.c 2014-53-04/28/14
--- ../qmail-1.03/dns.c 1998-06-15 12:53:16.000000000 +0200
+++ ../qmail-1.03.2731/dns.c 2011-04-17 12:30:25.000000000 +0200
@@ -1,3 +1,5 @@
+/* Includes Christopher K. Davis oversize DNS packet patch */
+/* Includes Jonathan de Boyne Pollard CNAME query patch */
#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
@@ -21,10 +23,12 @@
static unsigned short getshort(c) unsigned char *c;
{ unsigned short u; u = c[0]; return (u << 8) + c[1]; }

-static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response;
+static struct { unsigned char *buf; } response;
+static int responsebuflen = 0;
static int responselen;
static unsigned char *responseend;
static unsigned char *responsepos;
+static u_long saveresoptions;

static int numanswers;
static char name[MAXDNAME];
@@ -45,18 +49,33 @@
errno = 0;
if (!stralloc_copy(&glue,domain)) return DNS_MEM;
if (!stralloc_0(&glue)) return DNS_MEM;
- responselen = lookup(glue.s,C_IN,type,response.buf,sizeof(response));
+ if (!responsebuflen)
+ if (response.buf = (unsigned char *)alloc(PACKETSZ+1))
+ responsebuflen = PACKETSZ+1;
+ else return DNS_MEM;
+
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ if ((responselen >= responsebuflen) ||
+ (responselen > 0 && (((HEADER *)response.buf)->tc)))
+ {
+ if (responsebuflen < 65536)
+ if (alloc_re(&response.buf, responsebuflen, 65536))
+ responsebuflen = 65536;
+ else return DNS_MEM;
+ saveresoptions = _res.options;
+ _res.options |= RES_USEVC;
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ _res.options = saveresoptions;
+ }
if (responselen <= 0)
{
if (errno == ECONNREFUSED) return DNS_SOFT;
if (h_errno == TRY_AGAIN) return DNS_SOFT;
return DNS_HARD;
}
- if (responselen >= sizeof(response))
- responselen = sizeof(response);

---

Simply extract the part and safe it as dns.c.patch and continue with the
instructions.

regards.
--eh.

--On 8. Juli 2014 16:08:09 -0400 Jeremy Kister <qmail-09@jeremykister.com>
wrote:

> On 7/8/2014 8:35 AM, Marco wrote:
>> <xxxxxxx@libero.it>:
>> CNAME lookup failed temporarily. (#4.4.3)
>> I'm not going to try again; this message has been in the queue too long.
>
>
> Unless whomever installed your qmail did something smart (like modifying
> "qmail version" in qmail-showctl) there's no good way to tell what
> patches are installed without observation.
>
> That being said, we can be rather sure that your installation does not
> have the oversize dns patch (at http://www.ckdhr.com/ckd/qmail-103.patch)
> installed.
>
> if you're sure the /usr/local/src/qmail-1.03 is actually what is
> installed on your system, you can:
> cd /usr/local/src
> wget http://www.ckdhr.com/ckd/qmail-103.patch
> patch qmail-1.03/dns.c < qmail-103.patch
> cd qmail-1.03
> make setup check
> svc -d /service/qmail-send
> svc -u /service/qmail-send
>
>
> --
>
> Jeremy Kister
> http://jeremy.kister.net./
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ | PGP-Key-Id: 7E4034BE

Re: qmail-103.patch how to install [ In reply to ]

amb-sendok-1407561423.olgoifjnkmfbdhmgkjlc at bradfo

Jul 9, 2014, 10:17 PM

Post #4 of 5 (4385 views)

Permalink

Thus said Jeremy Kister on Tue, 08 Jul 2014 16:08:09 -0400:

> That being said, we can be rather sure that your
> installation does not have the oversize dns patch (at
> http://www.ckdhr.com/ckd/qmail-103.patch) installed.

This one is the one I use:

http://marc.info/?l=qmail&m=134062672511072&w=2

Honestly though, why does libero.it, the ``biggest'' ISP in Italy, need
so many MX records? And if they were using djbdns, it would simply
return a random set of 8 for each one:

additional: liberomx1.libero.it 86040 A 212.52.84.173
additional: liberomx1.libero.it 86040 A 212.52.84.174
additional: liberomx1.libero.it 86040 A 212.52.84.175
additional: liberomx1.libero.it 86040 A 212.52.84.176
additional: liberomx1.libero.it 86040 A 212.52.84.177
additional: liberomx1.libero.it 86040 A 212.52.84.178
additional: liberomx1.libero.it 86040 A 212.52.84.179
additional: liberomx1.libero.it 86040 A 212.52.84.180
additional: liberomx1.libero.it 86040 A 212.52.84.181
additional: liberomx1.libero.it 86040 A 212.52.84.182
additional: liberomx1.libero.it 86040 A 212.52.84.183
additional: liberomx1.libero.it 86040 A 212.52.84.170
additional: liberomx1.libero.it 86040 A 212.52.84.171
additional: liberomx1.libero.it 86040 A 212.52.84.172
additional: liberomx2.libero.it 39968 A 212.52.84.93
additional: liberomx2.libero.it 39968 A 212.52.84.96
additional: liberomx2.libero.it 39968 A 212.52.84.184
additional: liberomx2.libero.it 39968 A 212.52.84.185
additional: liberomx2.libero.it 39968 A 212.52.84.190
additional: liberomx2.libero.it 39968 A 212.52.84.191
additional: liberomx2.libero.it 39968 A 212.52.84.222
additional: liberomx2.libero.it 39968 A 212.52.84.223
additional: liberomx2.libero.it 39968 A 212.52.84.66
additional: liberomx2.libero.it 39968 A 212.52.84.67
additional: liberomx2.libero.it 39968 A 212.52.84.68
additional: liberomx2.libero.it 39968 A 212.52.84.69
additional: liberomx2.libero.it 39968 A 212.52.84.70
additional: liberomx2.libero.it 39968 A 212.52.84.92
additional: liberomx3.libero.it 86040 A 212.52.84.179
additional: liberomx3.libero.it 86040 A 212.52.84.180
additional: liberomx3.libero.it 86040 A 212.52.84.181
additional: liberomx3.libero.it 86040 A 212.52.84.182
additional: liberomx3.libero.it 86040 A 212.52.84.183
additional: liberomx3.libero.it 86040 A 212.52.84.184
additional: liberomx3.libero.it 86040 A 212.52.84.185
additional: liberomx3.libero.it 86040 A 212.52.84.190
additional: liberomx3.libero.it 86040 A 212.52.84.191
additional: liberomx3.libero.it 86040 A 212.52.84.66
additional: liberomx3.libero.it 86040 A 212.52.84.67
additional: liberomx3.libero.it 86040 A 212.52.84.68
additional: liberomx3.libero.it 86040 A 212.52.84.177
additional: liberomx3.libero.it 86040 A 212.52.84.178
additional: liberomx4.libero.it 24801 A 212.52.84.171
additional: liberomx4.libero.it 24801 A 212.52.84.172
additional: liberomx4.libero.it 24801 A 212.52.84.173
additional: liberomx4.libero.it 24801 A 212.52.84.174
additional: liberomx4.libero.it 24801 A 212.52.84.175
additional: liberomx4.libero.it 24801 A 212.52.84.176
additional: liberomx4.libero.it 24801 A 212.52.84.222
additional: liberomx4.libero.it 24801 A 212.52.84.223
additional: liberomx4.libero.it 24801 A 212.52.84.69
additional: liberomx4.libero.it 24801 A 212.52.84.70
additional: liberomx4.libero.it 24801 A 212.52.84.92
additional: liberomx4.libero.it 24801 A 212.52.84.93
additional: liberomx4.libero.it 24801 A 212.52.84.96
additional: liberomx4.libero.it 24801 A 212.52.84.170

Che deficienti!

Andy
--
TAI64 timestamp: 4000000053be21f1

Re: qmail-103.patch how to install [ In reply to ]

amb-sendok-1407563036.fhgadkebfomlcfjknabe at bradfo

Jul 9, 2014, 10:43 PM

Post #5 of 5 (4383 views)

Permalink

Thus said "Andy Bradford" on 09 Jul 2014 23:17:03 -0600:

> Honestly though, why does libero.it, the ``biggest'' ISP in Italy,
> need so many MX records?

Of course I meant A records for their MX records. What's interesting,
however, is that if I ask their DNS servers directly, I get different
answers (actually half-normal).

The response is only 467 bytes so it shouldn't require any patching of
qmail, however, what's interesting to note is that it is giving a TTL
that is decreasing over time, which means they are running a caching DNS
server to publish their authoritative DNS records. This seems broken by
design:

$ dnsq ns libero.it ns2.libero.it
2 libero.it:
93 bytes, 1+2+0+2 records, response, weird ra, noerror
query: 2 libero.it
answer: libero.it 10656 NS n1.libero.it
answer: libero.it 10656 NS n2.libero.it
additional: n1.libero.it 13085 A 156.154.66.47
additional: n2.libero.it 2586 A 156.154.67.47

But if I query again:

$ dnsq ns libero.it ns2.libero.it
2 libero.it:
93 bytes, 1+2+0+2 records, response, weird ra, noerror
query: 2 libero.it
answer: libero.it 81 NS n2.libero.it
answer: libero.it 81 NS n1.libero.it
additional: n1.libero.it 20755 A 156.154.66.47
additional: n2.libero.it 13418 A 156.154.67.47

I wonder if what is happening is that their DNS resolvers are returning
different answers over time and that this is building up in DNS caches
around the world (you'll recall that in my last email that the IP
addressess for the various A records were actually being dupliated).
This build up is causing their otherwise < 512 response to bloat 3-fold
into the morass that it is.

Oh, and wow, look at this one, why are they sending me authority records
for .it?

$ dnsq mx libero.it ns2.libero.it
15 libero.it:
490 bytes, 1+4+7+14 records, response, weird ra, noerror
query: 15 libero.it
answer: libero.it 25715 MX 10 liberomx3.libero.it
answer: libero.it 25715 MX 10 liberomx1.libero.it
answer: libero.it 25715 MX 10 liberomx4.libero.it
answer: libero.it 25715 MX 10 liberomx2.libero.it
authority: it 9666 NS m.dns.it
authority: it 9666 NS r.dns.it
authority: it 9666 NS s.dns.it
authority: it 9666 NS nameserver.cnr.it
authority: it 9666 NS dns.nic.it
authority: it 9666 NS c.dns.it
authority: it 9666 NS a.dns.it
additional: liberomx1.libero.it 14059 A 212.52.84.171
additional: liberomx1.libero.it 14059 A 212.52.84.172
additional: liberomx1.libero.it 14059 A 212.52.84.173
additional: liberomx1.libero.it 14059 A 212.52.84.174
additional: liberomx1.libero.it 14059 A 212.52.84.175
additional: liberomx1.libero.it 14059 A 212.52.84.176
additional: liberomx1.libero.it 14059 A 212.52.84.177
additional: liberomx1.libero.it 14059 A 212.52.84.178
additional: liberomx1.libero.it 14059 A 212.52.84.179
additional: liberomx1.libero.it 14059 A 212.52.84.180
additional: liberomx1.libero.it 14059 A 212.52.84.181
additional: liberomx1.libero.it 14059 A 212.52.84.182
additional: liberomx1.libero.it 14059 A 212.52.84.183
additional: liberomx1.libero.it 14059 A 212.52.84.170

Someone should talk to the ``biggest'' ISP in Italy and tell them that
their DNS is broken...

Andy
--
TAI64 timestamp: 4000000053be283f