Mailing List Archive

SRS / what next after qmail + vmailmgr ?
Hello,

I hope everybody is well even during these special times! I first sent
this message to the vmailmgr/bgware lists, but as I only got one answer
(thanks John), I thought I could also send it to the good old qmail list.

I still have a few servers with qmail/vmailmgr (netqmail-tls under
freebsd), and one of the most frequent issue now is with forwarded mails
which are rejected for whatever (SPF, DKIM, etc.) reason.

For example a mail from: <*******@gmail.com> sent to user1@domain.ext
with this setup in /home/domain.ext/vpasswd.cdb:

User Mailbox Aliases
user1 No remote1@example.org remote2@example.org

will be sent to "remote1@example.org" and "remote2@example.org" still
with <*******@gmail.com> as return-path, and it will fail on quite a
lot of servers because my server is not allowed to send mails as
@gmail.com. (SPF soft fail).

SRS could be a solution but is quite hard to implement on a
vmailmgr-based system. Something simpler maybe would be to make sure
the mails from the qmail/vmailmgr server are then sent with
<user1@domain.ext> as envelope sender / return-path.

Is this something somebody here is doing, and if yes, how ?



At the same time I am also looking for good alternative as replacement
of my old qmail/vmailmgr/omail-admin servers: at the moment I'm having
a look at mailcow (https://mailcow.email/), and if it works well (even
if not qmail-based anymore), I'll work on some migration scripts.

If you moved away from vmailmgr but you are still around on this list,
I'd be glad to read about your experiences, thanks!

Best regards & a nice end of week to you,
Olivier
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Hi Oliver,

I still use your omail here (and might be able to provide a refreshed version ...).


> Am 25.06.2020 um 22:39 schrieb Olivier Mueller <om-lists-qmail@omx.ch>:
>
> Hello,
>
> I hope everybody is well even during these special times! I first sent this message to the vmailmgr/bgware lists, but as I only got one answer (thanks John), I thought I could also send it to the good old qmail list.
>
> I still have a few servers with qmail/vmailmgr (netqmail-tls under freebsd), and one of the most frequent issue now is with forwarded mails which are rejected for whatever (SPF, DKIM, etc.) reason.
>
> For example a mail from: <*******@gmail.com> sent to user1@domain.ext with this setup in /home/domain.ext/vpasswd.cdb:
>
> User Mailbox Aliases
> user1 No remote1@example.org remote2@example.org
>
> will be sent to "remote1@example.org" and "remote2@example.org" still with <*******@gmail.com> as return-path, and it will fail on quite a lot of servers because my server is not allowed to send mails as @gmail.com. (SPF soft fail).
>
> SRS could be a solution but is quite hard to implement on a vmailmgr-based system. Something simpler maybe would be to make sure the mails from the qmail/vmailmgr server are then sent with <user1@domain.ext> as envelope sender / return-path.

Within my s/qmail, SRS is provided in a simpler case, supporting vmailmgr as well (I use it here, rather than vpopmail).

Even if you don't intend to use s/qmail, you simply could compile it and extract srsforward and srsreverse.

https://www.fehcom.de/sqmail/sqmaildoc_05.html

It will work in the same way for qmail once be included in the path.

Regards.
--eh.

PS. And thanks for omail. Saved my ass.



>
> Is this something somebody here is doing, and if yes, how ?
>
>
>
> At the same time I am also looking for good alternative as replacement of my old qmail/vmailmgr/omail-admin servers: at the moment I'm having a look at mailcow (https://mailcow.email/), and if it works well (even if not qmail-based anymore), I'll work on some migration scripts.
>
> If you moved away from vmailmgr but you are still around on this list, I'd be glad to read about your experiences, thanks!
>
> Best regards & a nice end of week to you,
> Olivier

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
I rewrote omail several years ago using the php symphony framework if you are interested. I've been thinking about redoing that and moving to a react
front end and rest api back end.

Pat

On June 25, 2020 6:47:11 PM EDT, Erwin Hoffmann <feh@fehcom.de> wrote:
>Hi Oliver,
>
>I still use your omail here (and might be able to provide a refreshed
>version ...).
>
>
>> Am 25.06.2020 um 22:39 schrieb Olivier Mueller
><om-lists-qmail@omx.ch>:
>>
>> Hello,
>>
>> I hope everybody is well even during these special times! I first
>sent this message to the vmailmgr/bgware lists, but as I only got one
>answer (thanks John), I thought I could also send it to the good old
>qmail list.
>>
>> I still have a few servers with qmail/vmailmgr (netqmail-tls under
>freebsd), and one of the most frequent issue now is with forwarded
>mails which are rejected for whatever (SPF, DKIM, etc.) reason.
>>
>> For example a mail from: <*******@gmail.com> sent to
>user1@domain.ext with this setup in /home/domain.ext/vpasswd.cdb:
>>
>> User Mailbox Aliases
>> user1 No remote1@example.org remote2@example.org
>>
>> will be sent to "remote1@example.org" and "remote2@example.org" still
>with <*******@gmail.com> as return-path, and it will fail on quite a
>lot of servers because my server is not allowed to send mails as
>@gmail.com. (SPF soft fail).
>>
>> SRS could be a solution but is quite hard to implement on a
>vmailmgr-based system. Something simpler maybe would be to make sure
>the mails from the qmail/vmailmgr server are then sent with
><user1@domain.ext> as envelope sender / return-path.
>
>Within my s/qmail, SRS is provided in a simpler case, supporting
>vmailmgr as well (I use it here, rather than vpopmail).
>
>Even if you don't intend to use s/qmail, you simply could compile it
>and extract srsforward and srsreverse.
>
> https://www.fehcom.de/sqmail/sqmaildoc_05.html
>
>It will work in the same way for qmail once be included in the path.
>
>Regards.
>--eh.
>
>PS. And thanks for omail. Saved my ass.
>
>
>
>>
>> Is this something somebody here is doing, and if yes, how ?
>>
>>
>>
>> At the same time I am also looking for good alternative as
>replacement of my old qmail/vmailmgr/omail-admin servers: at the
>moment I'm having a look at mailcow (https://mailcow.email/), and if it
>works well (even if not qmail-based anymore), I'll work on some
>migration scripts.
>>
>> If you moved away from vmailmgr but you are still around on this
>list, I'd be glad to read about your experiences, thanks!
>>
>> Best regards & a nice end of week to you,
>> Olivier
>
>Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id
>7E4034BE

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Hi Erwin & List,

Le 26.06.20 à 00:47, Erwin Hoffmann a écrit :
> I still use your omail here (and might be able to provide a refreshed version ...).

Oh, this sounds interesting... :) I should definitely put my old
code on github/gitlab then, to allow pull requests. Or if you can send
me a copy directly, I would of course be glad to have a look?

> Within my s/qmail, SRS is provided in a simpler case, supporting vmailmgr as well (I use it here, rather than vpopmail).>
> Even if you don't intend to use s/qmail, you simply could compile it and extract srsforward and srsreverse.
> https://www.fehcom.de/sqmail/sqmaildoc_05.html
> It will work in the same way for qmail once be included in the path.
>

Oh^2, even more interesting! I'll give it a try asap, if I manage to
compile it under freebsd (should be fine I guess).

> PS. And thanks for omail. Saved my ass.

ucspi-ssl most probably did the same for a lot of sysadmins :) Thanks a
lot too!

Best regards,
Olivier
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Hi Pat and thanks for your answer!

Le 26.06.20 à 01:34, Pat a écrit :
> I rewrote omail several years ago using the php symphony framework if
> you are interested. I've been thinking about redoing that and moving to
> a react front end and rest api back end.

This sounds very interesting too, or does it need another rewrite to
make it work under PHP 7.3 or 7.4 for example ? If you mind sharing the
code, please don't hesitate.

After all, it looks I may be able to keep the old system running some
more time :) (and then work on replacing spamd by rspamd, or find
another more modern way, especially with a separate spam folder).

Cheers,
Olivier
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Hello Olivier,

On Thu, Jun 25, 2020 at 10:39:07PM +0200, Olivier Mueller wrote:
> SRS could be a solution but is quite hard to implement on a vmailmgr-based
> system. Something simpler maybe would be to make sure the mails from the
> qmail/vmailmgr server are then sent with <user1@domain.ext> as envelope
> sender / return-path.

SRS does not fix the problem of backscatter: You try to forward spam, it
gets rejected and you send it back to a forged sender.

Forwarding is a casualty of the war against spam - yet people don't stop
demanding it :-)

So here are the horrible, horrible things I did to make it work:

We have a zero backscatter policy. All bounces going through qmail-remote
are silently dropped by a wrapper for qmail-remote.

For forwarding I use a python-script that gets called like this in the
.qmail files of the alias directory:

|/usr/bin/spamc -e /usr/local/bin/forwarder 'user@example.com'

The python-script will silently drop any mail marked as spam and amy bounce.
Otherwise the mail gets reinjected with user@example.com as recipient and
the envelope sender rewritten from the RECIPIENT environment variable.

I can send you the source if needed.

Silently dropping mails is a thing you should never do - yet I do it because
email is so fucked up. I hope the disclaimers I present to my customers when
setting up a forwading are enough to stay out of legal trouble.

Regards,

Michael Brunnbauer

--
++ Michael Brunnbauer
++ netEstate GmbH
++ Geisenhausener Stra?e 11a
++ 81379 M?nchen
++ Tel +49 89 32 19 77 80
++ Fax +49 89 32 19 77 89
++ E-Mail brunni@netestate.de
++ https://www.netestate.de/
++
++ Sitz: M?nchen, HRB Nr.142452 (Handelsregister B M?nchen)
++ USt-IdNr. DE221033342
++ Gesch?ftsf?hrer: Michael Brunnbauer, Franz Brunnbauer
++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Le 25.06.20 ? 23:06, Marcelo Coelho a ?crit?:
> Check this:
> https://www.mco2.com.br/opensource/qmail/srs/

Thanks for your answer too Marcelo ! Good to know that it is still
supported :) As it requires qmail patching and it is not ideal with my
current setup (freebsd netqmail-tls port + vmailmgr), I'll keep it
around and will first try 1-2 things with Erwin's srsforward.

Thanks & best regards, Olivier
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Il 26/06/2020 00:47 Erwin Hoffmann ha scritto:
> Hi Oliver,
>
> I still use your omail here (and might be able to provide a refreshed
> version ...).

I also still use omail :-) 1.2ts code with few simple patches for
working under PHP7.4

--
Ciao,
Luigi
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Hi Erwin & List,

Le 26.06.20 à 00:47, Erwin Hoffmann a écrit :
> Within my s/qmail, SRS is provided in a simpler case, supporting vmailmgr as well (I use it here, rather than vpopmail).
> > Even if you don't intend to use s/qmail, you simply could compile it and extract srsforward and srsreverse.>
> https://www.fehcom.de/sqmail/sqmaildoc_05.html

So, a few days later I finally managed to compile srsforward +
srsreverse on my freebsd 12 box and I just try a few things. Everything
with a .qmail file is running great and envelope rewriting as well, nice
work!


Now I just miss a way to make it work with my standard vmailmgr-managed
users. For example, in /home/example.org/, I have this srstest1 user:

$ listvdomain srstest1

User Mailbox Aliases
srstest1 Yes remote1@example.net remote2@example.net

Mails to srstest1@example.org should be stored locally in
~/users/srstest1/ (maildir) and be forwarded to the remote1 + remote2
addresses. It is the way it works now, but without SRS.


If I want to use srsforward, it seems I need to manually create a
/home/example.org/.qmail-srstest1 with:

./users/srstest1/
|srsforward remote1@example.net remote2@example.net

(first line for the local delivery, second for the srs-forwardings).

Is it the way it is intended to work, or is there a possibility to have
an automatic lookup in the vmailmgr table (passwd.cdb) from srsforward ?
I tried to pipe the commands, but it didn't work either. How are you
doing it with your vmailmgr users if I may ask ? I probably missed
something.

Otherwise I could theoretically still use this way for some power users,
but it would require some cronjobs and/or omail-hooks generating all the
.qmail-files based on the corresponding passwd.cdb files on any change.



I will also try to use the patch from Marcelo Coelho sometime later, but
as I'm using the mail/qmail-tls freebsd port (thanks erdgeist!) based on
netqmail, it may be even more challenging because of the patching of an
already patched source tree... :)

Kind regards & nice week-end to you,
Olivier
Re: SRS / what next after qmail + vmailmgr ? [ In reply to ]
Remove from list

On Fri, Jul 17, 2020 at 6:13 PM Olivier Mueller <om-lists-qmail@omx.ch>
wrote:

> Hi Erwin & List,
>
> Le 26.06.20 à 00:47, Erwin Hoffmann a écrit :
> > Within my s/qmail, SRS is provided in a simpler case, supporting
> vmailmgr as well (I use it here, rather than vpopmail).
> > > Even if you don't intend to use s/qmail, you simply could compile it
> and extract srsforward and srsreverse.>
> > https://www.fehcom.de/sqmail/sqmaildoc_05.html
>
> So, a few days later I finally managed to compile srsforward +
> srsreverse on my freebsd 12 box and I just try a few things. Everything
> with a .qmail file is running great and envelope rewriting as well, nice
> work!
>
>
> Now I just miss a way to make it work with my standard vmailmgr-managed
> users. For example, in /home/example.org/, I have this srstest1 user:
>
> $ listvdomain srstest1
>
> User Mailbox Aliases
> srstest1 Yes remote1@example.net remote2@example.net
>
> Mails to srstest1@example.org should be stored locally in
> ~/users/srstest1/ (maildir) and be forwarded to the remote1 + remote2
> addresses. It is the way it works now, but without SRS.
>
>
> If I want to use srsforward, it seems I need to manually create a
> /home/example.org/.qmail-srstest1 with:
>
> ./users/srstest1/
> |srsforward remote1@example.net remote2@example.net
>
> (first line for the local delivery, second for the srs-forwardings).
>
> Is it the way it is intended to work, or is there a possibility to have
> an automatic lookup in the vmailmgr table (passwd.cdb) from srsforward ?
> I tried to pipe the commands, but it didn't work either. How are you
> doing it with your vmailmgr users if I may ask ? I probably missed
> something.
>
> Otherwise I could theoretically still use this way for some power users,
> but it would require some cronjobs and/or omail-hooks generating all the
> .qmail-files based on the corresponding passwd.cdb files on any change.
>
>
>
> I will also try to use the patch from Marcelo Coelho sometime later, but
> as I'm using the mail/qmail-tls freebsd port (thanks erdgeist!) based on
> netqmail, it may be even more challenging because of the patching of an
> already patched source tree... :)
>
> Kind regards & nice week-end to you,
> Olivier
>
--
Sent from Gmail Mobile