Mailing List Archive: indimail-mta on FreeBSD and Darwin

indimail-mta on FreeBSD and Darwin

Oct 7, 2020, 9:28 AM

Post #1 of 4 (814 views)

Stuck at home amidst Covid19 lockdown at my place gave me the
opportunity to try out FreeBSD & Mac OSX. indimail-mta
(qmail+ucspi-tcp+daemontools+serialmail) now compiles/works on
FreeBSD & OSX. Have also spent some decent time on documentation.

The source installation on Linux, FreeBSD, OSX has a script
default.configure for each & every package. This script has to be run
once before make. This script hides the complexities & vagaries of
various UNIX distributions. The steps have been tested on

a) All (suse, redhat, debian) Linux distributions
b) FreeBSD 12.1-RELEASE-p10
c) Darwin 19.6.0; root:xnu-6153.141.2~1/RELEASE_X86_64
d) raspberry pi (2,3,4) (aarch64 and armv7l)
e) banana pi (armv7l) Debian 10
f) Sparky (armv7l) Debian 9 https://www.allo.com/sparky/sparky-sbc.html
(my music player that plays music using mpd and selects music
as per my taste, based on mpdev using the libqmail library).

There are however differences between the Linux & FreeBSD/OSX
versions. The difference between Linux, FreeBSD & OSX are

1. For a wildcard address, tcpserver on FreeBSD has to open two sockets
(ipv4 + ipv6). This is to address the limitation of FreeBSD not routing
ipv4 traffic to AF_INET6 sockets) - (output of netstat -an)
FreeBSD: tcp4 0 0 *.25 *.* LISTEN
tcp6 0 0 *.25 *.* LISTEN
Mac OSX: tcp46 0 0 *.25 *.* LISTEN
Linux : tcp6 0 0 :::25 :::* LISTEN

2. tcpserver uses dlmopen(3) on Linux to load qmail-smtpd, rblsmtpd shared
library objects. Since FreeBSD/OSX doesn't have dlmopen(3), dlopen(3) is
used instead.

3. Mac OSX has a crippled crypt(3) function. So, on OSX, indimail-mta uses
internal crypt functions from libqmail (md5, sha256, sha512) for SMTP,
IMAP, POP3 authentication & user account password management.

4. The linux setup uses alternatives command to set aliases for sendmail,
mailq, newaliases. The FreeBSD setup (mailwrapper) uses
/etc/mail/mailer.conf. Mac OSX however is broken. It doesn't allow
/usr/sbin/sendmail to be replaced with System Integrity Protection
enabled. Program/Scripts will have to use /usr/bin/sendmail or
qmail-inject

5. Linux setup uses /usr as the prefix. FreeBSD, OSX setup uses /usr/local.
On OSX, development files/libs go to /opt/local/include, /opt/local/lib

6. Linux uses systemctl, FreeBSD uses /usr/local/etc/rc.d/svscan. On
FreeBSD, rc startup uses daemon(8) to start svscan in supervised mode.
Additionally, svscan does a setsid(2) to become a session leader.
OSX uses launchctl unit file /Library/LaunchDaemons/org.indimail.svsan

7. FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581)
Apple clang version 12.0.0 on Mac OSX 19.6.0.
Linux gcc version 10.2.1 20200723 (Red Hat 10.2.1-1)

8. syscall deprecated on OSX, hence for Bruce Guenter's syncdir a new
syncdir.h included in qmail-local.c, qmail-queue.c, qmail-send/todo to
wrap open(), link(), unlink(), rename() syscalls

9. Mac OSX doesn't have a Name Service Switch (NSS). Hence on OSX,
indimail-mta cannot wrap calls like getpwnam, getpwent, getgrent to get
data from the IndiMail's MySQL database. Hence one has to write specific
auth modules for any IMAP/POP3 server that you may want to use with
indimail. On Linux & FreeBSD, you can use any IMAP/POP3 server without
modifying any code. No need to write code for creating authentication
modules. If your IMAP/POP3 has a PAM module that works, it will work
transparently with IndiMail users in MySQL database. On OSX you will be
restricted to use system accounts for IMAP/POP3 if you don't use
courier-imap. For courier-imap, indimail has a authmodule that works
on all platforms without PAM support.

10. On raspberry pi aarch64, the syscalls open, link, unlink, rename
had to be replaced with openat, linkat, unlinkat, renameat (syncdir.c)

Link to github source. The README.md comes with installation & setup
instructions.

https://github.com/mbhangui/libqmail
https://github.com/mbhangui/indimail-mta

Both indimail-mta & indimail-virtualdomains use libqmail for common
functions.

Wiki for indimail-mta, indimail
https://github.com/mbhangui/indimail-mta/wiki/IndiMail

Binary packages for Redhat/CentOS/Debian/Ubuntu
https://software.opensuse.org/download.html?project=home%3Aindimail&package=indimail-mta

Docker Image Repository
https://hub.docker.com/r/cprogrammer/indimail-mta

Also updated for FreeBSD/Darwin is the indimail-virtualdomains,
indimail-auth, indimail-access, indimail-spamfilter all available
at https://github.com/mbhangui/indimail-virtualdomains

If you try it and find bugs, let me know. I can say that I will spare no
efforts to fix them. Feel free to email me directly. If you have a Unix,
Linux distro that you like, I would love to make indimail-mta work on it.

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C

Re: indimail-mta on FreeBSD and Darwin [ In reply to ]

feh at fehcom

Oct 7, 2020, 10:29 AM

Post #2 of 4 (814 views)

Permalink

Hallo Manvendra,

very many thanks for the careful investigation and porting the qmail++ sources to indimail.

Actually, I'm on equivalent project with s/qmail (and other djb packages), thus let's share some experiences despite the differences.

a)

> 2. tcpserver uses dlmopen(3) on Linux to load qmail-smtpd, rblsmtpd shared
> library objects. Since FreeBSD/OSX doesn't have dlmopen(3), dlopen(3) is
> used instead.

Could you explain about the benefit?

b)

>
> 8. syscall deprecated on OSX, hence for Bruce Guenter's syncdir a new
> syncdir.h included in qmail-local.c, qmail-queue.c, qmail-send/todo to
> wrap open(), link(), unlink(), rename() syscalls

Hm, on my root server (Debian) and running vmailmgr, I occasionally see 'link' problems (the server uses mirrored disks):

@400000005e13c9d832d4ee8c.s.send:@400000005e1303dc25ac4f5c delivery 848: deferral: vdeliver:_Error_linking_the_temp_file_to_the_new_file./

Maybe this needs some improvements; vmailmgr is written in C++ and I can't tell about any dependencies here.

c)

>
> 6. Linux uses systemctl, FreeBSD uses /usr/local/etc/rc.d/svscan. On
> FreeBSD, rc startup uses daemon(8) to start svscan in supervised mode.
> Additionally, svscan does a setsid(2) to become a session leader.
> OSX uses launchctl unit file /Library/LaunchDaemons/org.indimail.svsan

I would like to enhance daemontools such, a binary to be called is verified against it's hash (while initially registered).
If you are interested, we could collaborate on this feature. Not too difficult.

Good job done!

Regards.
--eh.

> Am 07.10.2020 um 18:28 schrieb Manvendra Bhangui <mbhangui@gmail.com>:
>
> Stuck at home amidst Covid19 lockdown at my place gave me the
> opportunity to try out FreeBSD & Mac OSX. indimail-mta
> (qmail+ucspi-tcp+daemontools+serialmail) now compiles/works on
> FreeBSD & OSX. Have also spent some decent time on documentation.
>
> The source installation on Linux, FreeBSD, OSX has a script
> default.configure for each & every package. This script has to be run
> once before make. This script hides the complexities & vagaries of
> various UNIX distributions. The steps have been tested on
>
> a) All (suse, redhat, debian) Linux distributions
> b) FreeBSD 12.1-RELEASE-p10
> c) Darwin 19.6.0; root:xnu-6153.141.2~1/RELEASE_X86_64
> d) raspberry pi (2,3,4) (aarch64 and armv7l)
> e) banana pi (armv7l) Debian 10
> f) Sparky (armv7l) Debian 9 https://www.allo.com/sparky/sparky-sbc.html
> (my music player that plays music using mpd and selects music
> as per my taste, based on mpdev using the libqmail library).
>
> There are however differences between the Linux & FreeBSD/OSX
> versions. The difference between Linux, FreeBSD & OSX are
>
> 1. For a wildcard address, tcpserver on FreeBSD has to open two sockets
> (ipv4 + ipv6). This is to address the limitation of FreeBSD not routing
> ipv4 traffic to AF_INET6 sockets) - (output of netstat -an)
> FreeBSD: tcp4 0 0 *.25 *.* LISTEN
> tcp6 0 0 *.25 *.* LISTEN
> Mac OSX: tcp46 0 0 *.25 *.* LISTEN
> Linux : tcp6 0 0 :::25 :::* LISTEN
>
> 2. tcpserver uses dlmopen(3) on Linux to load qmail-smtpd, rblsmtpd shared
> library objects. Since FreeBSD/OSX doesn't have dlmopen(3), dlopen(3) is
> used instead.
>
> 3. Mac OSX has a crippled crypt(3) function. So, on OSX, indimail-mta uses
> internal crypt functions from libqmail (md5, sha256, sha512) for SMTP,
> IMAP, POP3 authentication & user account password management.
>
> 4. The linux setup uses alternatives command to set aliases for sendmail,
> mailq, newaliases. The FreeBSD setup (mailwrapper) uses
> /etc/mail/mailer.conf. Mac OSX however is broken. It doesn't allow
> /usr/sbin/sendmail to be replaced with System Integrity Protection
> enabled. Program/Scripts will have to use /usr/bin/sendmail or
> qmail-inject
>
> 5. Linux setup uses /usr as the prefix. FreeBSD, OSX setup uses /usr/local.
> On OSX, development files/libs go to /opt/local/include, /opt/local/lib
>
> 6. Linux uses systemctl, FreeBSD uses /usr/local/etc/rc.d/svscan. On
> FreeBSD, rc startup uses daemon(8) to start svscan in supervised mode.
> Additionally, svscan does a setsid(2) to become a session leader.
> OSX uses launchctl unit file /Library/LaunchDaemons/org.indimail.svsan
>
> 7. FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581)
> Apple clang version 12.0.0 on Mac OSX 19.6.0.
> Linux gcc version 10.2.1 20200723 (Red Hat 10.2.1-1)
>
> 8. syscall deprecated on OSX, hence for Bruce Guenter's syncdir a new
> syncdir.h included in qmail-local.c, qmail-queue.c, qmail-send/todo to
> wrap open(), link(), unlink(), rename() syscalls
>
> 9. Mac OSX doesn't have a Name Service Switch (NSS). Hence on OSX,
> indimail-mta cannot wrap calls like getpwnam, getpwent, getgrent to get
> data from the IndiMail's MySQL database. Hence one has to write specific
> auth modules for any IMAP/POP3 server that you may want to use with
> indimail. On Linux & FreeBSD, you can use any IMAP/POP3 server without
> modifying any code. No need to write code for creating authentication
> modules. If your IMAP/POP3 has a PAM module that works, it will work
> transparently with IndiMail users in MySQL database. On OSX you will be
> restricted to use system accounts for IMAP/POP3 if you don't use
> courier-imap. For courier-imap, indimail has a authmodule that works
> on all platforms without PAM support.
>
> 10. On raspberry pi aarch64, the syscalls open, link, unlink, rename
> had to be replaced with openat, linkat, unlinkat, renameat (syncdir.c)
>
> Link to github source. The README.md comes with installation & setup
> instructions.
>
> https://github.com/mbhangui/libqmail
> https://github.com/mbhangui/indimail-mta
>
> Both indimail-mta & indimail-virtualdomains use libqmail for common
> functions.
>
> Wiki for indimail-mta, indimail
> https://github.com/mbhangui/indimail-mta/wiki/IndiMail
>
> Binary packages for Redhat/CentOS/Debian/Ubuntu
> https://software.opensuse.org/download.html?project=home%3Aindimail&package=indimail-mta
>
> Docker Image Repository
> https://hub.docker.com/r/cprogrammer/indimail-mta
>
> Also updated for FreeBSD/Darwin is the indimail-virtualdomains,
> indimail-auth, indimail-access, indimail-spamfilter all available
> at https://github.com/mbhangui/indimail-virtualdomains
>
> If you try it and find bugs, let me know. I can say that I will spare no
> efforts to fix them. Feel free to email me directly. If you have a Unix,
> Linux distro that you like, I would love to make indimail-mta work on it.
>
> --
> Regards Manvendra - http://www.indimail.org
> GPG Pub Key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE

Re: indimail-mta on FreeBSD and Darwin [ In reply to ]

mbhangui at gmail

Oct 7, 2020, 10:47 AM

Post #3 of 4 (814 views)

Permalink

On Wed, 7 Oct 2020 at 22:59, Erwin Hoffmann <feh@fehcom.de> wrote:
>
> Actually, I'm on equivalent project with s/qmail (and other djb packages), thus let's share some experiences despite the differences.
>
Yes. In fact, I love your code. I use your QHPSI code in indimail-mta
(qmail-queue.c). It does inline scanning and very well written.

> a)
>
> > 2. tcpserver uses dlmopen(3) on Linux to load qmail-smtpd, rblsmtpd shared
> > library objects. Since FreeBSD/OSX doesn't have dlmopen(3), dlopen(3) is
> > used instead.
>
> Could you explain about the benefit?
>

The benefit is that there is no fork exec involved if you use
dlopen/dlmopen. For every connectoin, tcpserver forks and then does
exec of qmail-smtpd. qmail-smtpd then loads each and every control
file for every connection. If you write a function (let's say
qmail_smtpd()) and put it in a shared library, tcpserver has to load
it just once. Hence control files like badrcptto, goodrcpto, etc are
loaded just once. The downside is that if you change these files, the
change does not get reflected

> b)
>
> >
> > 8. syscall deprecated on OSX, hence for Bruce Guenter's syncdir a new
> > syncdir.h included in qmail-local.c, qmail-queue.c, qmail-send/todo to
> > wrap open(), link(), unlink(), rename() syscalls
>
>
> Hm, on my root server (Debian) and running vmailmgr, I occasionally see 'link' problems (the server uses mirrored disks):
>
> @400000005e13c9d832d4ee8c.s.send:@400000005e1303dc25ac4f5c delivery 848: deferral: vdeliver:_Error_linking_the_temp_file_to_the_new_file./
>
> Maybe this needs some improvements; vmailmgr is written in C++ and I can't tell about any dependencies here.
>

I will take a look at this and the vmailmgr code. I have no idea what
could be going wrong.

> c)
>
> >
> > 6. Linux uses systemctl, FreeBSD uses /usr/local/etc/rc.d/svscan. On
> > FreeBSD, rc startup uses daemon(8) to start svscan in supervised mode.
> > Additionally, svscan does a setsid(2) to become a session leader.
> > OSX uses launchctl unit file /Library/LaunchDaemons/org.indimail.svsan
>
> I would like to enhance daemontools such, a binary to be called is verified against it's hash (while initially registered).
> If you are interested, we could collaborate on this feature. Not too difficult.
> Good job done!

Thank you Erwin. In fact, the daemontools is a lovely piece of code.
It's a shame that it is not so widely used. Let's talk about this in a
private mail so as to not create a noise on the qmail list. I too have
some thoughts on changing few things (moving the supervise directory
to /run, etc).

Re: indimail-mta on FreeBSD and Darwin [ In reply to ]

mbhangui at gmail

Oct 7, 2020, 8:16 PM

Post #4 of 4 (814 views)

Permalink

On Wed, 7 Oct 2020 at 22:59, Erwin Hoffmann <feh@fehcom.de> wrote:

> >
> > 8. syscall deprecated on OSX, hence for Bruce Guenter's syncdir a new
> > syncdir.h included in qmail-local.c, qmail-queue.c, qmail-send/todo to
> > wrap open(), link(), unlink(), rename() syscalls
>
> Hm, on my root server (Debian) and running vmailmgr, I occasionally see 'link' problems (the server uses mirrored disks):
>
> @400000005e13c9d832d4ee8c.s.send:@400000005e1303dc25ac4f5c delivery 848: deferral: vdeliver:_Error_linking_the_temp_file_to_the_new_file./
>
> Maybe this needs some improvements; vmailmgr is written in C++ and I can't tell about any dependencies here.
>
You could compile this as an object along with vmailmgr, or create a
.so file and do LD_PRELOAD when the above process vdeliver is run.
This code below is just a small hack to wrap the link call and log the
errno in /tmp/vmailmgr.log.

#include "fmt.h"
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#if defined(linux)
#include <syscall.h>
#elif defined(__FreeBSD__)
#include <sys/syscall.h>
#endif
#if defined(SYS_linkat) && defined(AT_FDCWD)
#define SYS_LINK(OLD,NEW) syscall(SYS_linkat,AT_FDCWD,OLD,AT_FDCWD,NEW,0)
#else
#define SYS_LINK(OLD,NEW) syscall(SYS_link,OLD,NEW)
#endif

int
link(const char *oldpath, const char *newpath)
{
int log_fd, i, t;
char strnum[FMT_ULONG];

if (SYS_LINK(oldpath, newpath) == -1) {
t = errno; /*- save errno */
strnum[i = fmt_ulong(strnum, errno)] = 0;
if ((log_fd = open("/tmp/vmailmgr.log",
O_CREAT|O_WRONLY|O_APPEND, 0644)) > 0) {
write(log_fd, "errno = ", 8);
write(log_fd, strnum, i);
write(log_fd, "\n", 1);
close(log_fd);
}
errno = t; /*- restore errno */
return -1;
}
return 0;
}