Mailing List Archive

s/qmail (3.0.0)
Hi,

for those folks, who want to upgrading their qmail site to include IPv6 (and other topics) in the next year, I finished my development:

s/qmail (3.0.0)

See: http://www.fehcom.de/sqmail.html

I would be glad to receive some feedback.

Best regards and happy holidays + 2016.

--eh.


Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de <http://www.fehcom.de/> | PGP Key-Id: EE00CF65
Re: s/qmail (3.0.0) [ In reply to ]
Hi Erwin,

Am 25.12.2015 um 17:00 schrieb Erwin Hoffmann:
> for those folks, who want to upgrading their qmail site to include IPv6
> (and other topics) in the next year, I finished my development:
>
> s/qmail (3.0.0)

This looks like a really nice christmas present - might you help me (and
perhaps other "movers") understanding how to solve some common issues.

1) You say "Antivirus" is now supported OOTB - for now, I run the
qmail-queue patch with qmail-scanner and Spam-Assassin attached. I'd
assume you included the queue-patch and I can kept the rest, right?

2) The validrcptto patch from JMS is a must to stop NDR Bounces - do you
have any "build-in" features for this or do you at least know if the
patch will still work?

3) I use the qmail-spp (SMTP Plugin Interface) for a bunch of tasks:
* block users after to many auth fails
* block users after sending to many mails
* greylisting (still doing a nice job here)

Sidenote: Do you plan to distribute ready-made packages for any distro?

thank you for keeping qmail alive!

best regards

Oliver


--
Protect your environment - close windows and adopt a penguin!
Re: s/qmail (3.0.0) [ In reply to ]
Hi together and have a Great 2016!

> Am 26.12.2015 um 09:31 schrieb Oliver Welter <mail@oliwel.de>:
>
> Hi Erwin,
>
> Am 25.12.2015 um 17:00 schrieb Erwin Hoffmann:
>> for those folks, who want to upgrading their qmail site to include IPv6
>> (and other topics) in the next year, I finished my development:
>>
>> s/qmail (3.0.0)
>

You questions fall in the category 'FAQ'; thus lets explain them in some detail:


> 1) You say "Antivirus" is now supported OOTB - for now, I run the qmail-queue patch with qmail-scanner and Spam-Assassin attached. I'd assume you included the queue-patch and I can kept the rest, right?
>

s/qmail support three kinds of virus/spam (actually mail content) checks:

a) The QMAIL_QUEUE_EXTRA: Which means, any method depending on this feature will work natively with s/qmail.
I ship the script 'qmail-queue.scan' with the source code which allows both virus and spam scanning on a RAM disk concurrently.

b) The QHPSI interface is available for 'fast scanning'.

c) In case of massive 0-days, one may try the 'warlord' feature included in qmail-smtpd.

See:

http://fehcom.de/sqmail/man/qmail-smtpd.html

http://fehcom.de/sqmail/man/qmail-queue.html



> 2) The validrcptto patch from JMS is a must to stop NDR Bounces - do you have any "build-in" features for this or do you at least know if the patch will still work?
>

I'm not to familiar with the 'validrcpto' patch, but since 2007 I have published my own 'Recipients' mechanism which is part of qmail-smtpd.

http://fehcom.de/sqmail/man/qmail-recipients.html

This mechanism may use a local database or a PAM to query some kind of database.
For the future, I would like to combine email address lookups and Auth to have a uniform method applicable for any kind of 'Identity Provider' (IP). This is may next task regarding s/qmail.


> 3) I use the qmail-spp (SMTP Plugin Interface) for a bunch of tasks:
> * block users after to many auth fails
> * block users after sending to many mails
> * greylisting (still doing a nice job here)

I never made the attempt to include a 'special purpose' filter like qmail-spp in one of my developments. Rather, I follow DJB's idea to stay as generic as possible.
In particular, I never found the needs for the first two items, where as 'greylisting' is useful. However, the 'greetdelay' I introduced in rblsmtpd does the same job:

https://www.fehcom.net/qmail/smtp-connection.html

To implement greylisting generically into qmail-smtpd (or rblsmtpd) is not to difficult (future option ??).


>
> Sidenote: Do you plan to distribute ready-made packages for any distro?
>

Well, for Spamcontrol I have a package maintainer for FreeBSD -- maybe he is interested to prepare the s/qmail package.
Personally, I would be interested to have a MacOS X package to get rid of the Postfix here.
Systemd integration would be great.

I hope, to get some Bachelor students interested in this task.

Best regards.
--eh.




> thank you for keeping qmail alive!
>
> best regards
>
> Oliver
>
>
>
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de <http://www.fehcom.de/> | PGP Key-Id: EE00CF65
Re: s/qmail (3.0.0) [ In reply to ]
Hi Erwin,

a warm welcome to 2016 to all, too and thanks to Erwin for the extensive
answer. Comments btl..

Am 04.01.2016 um 21:48 schrieb Erwin Hoffmann:

> s/qmail support three kinds of virus/spam (actually mail content) checks:

This looks like it will work "drop in" with some config tweaks.

> I'm not to familiar with the 'validrcpto' patch, but since 2007 I have
> published my own 'Recipients' mechanism which is part of qmail-smtpd.

Same here, looks like the CDB uses the same approach, does your solution
respect VERP addresses (or does qmail already split them up)?

>> 3) I use the qmail-spp (SMTP Plugin Interface) for a bunch of tasks:
>> * block users after to many auth fails
>> * block users after sending to many mails
>> * greylisting (still doing a nice job here)
>
> I never made the attempt to include a 'special purpose' filter like
> qmail-spp in one of my developments. Rather, I follow DJB's idea to stay
> as generic as possible.

> In particular, I never found the needs for the first two items, where as
> 'greylisting' is useful. However, the 'greetdelay' I introduced in
> rblsmtpd does the same job:

Well - I had some posts here on the list regarding 1+2 as there are a
severe issue for me due to sniffed or "guessed due to stupidity"
passwords. Can you think of any hook we can use for this, e.g. are AUTH
and Envelope are passed on to the Scanner called by QHPSI?
Otherwise I might just try to apply the plugins patch on top of sqmail.

I guess I will just give it a try on a test box (just need to strip away
some spare time :|)

best regards

Oliver

--
Protect your environment - close windows and adopt a penguin!