Linux Server

Improving Brandon's combined patch

  

ご注意下さい

この記事は3年以上前に書かれた記事ですので、内容が古い可能性があります。

5
(1)

Japanese version is here.

I suddenly found some mails could not be able to received my qmail-smtpd. I investigated and found the cause out.
So I made a improving patch for Brandon's combined patch and DKIM patch.

Issues

There are two problems and one improving point.

problem1: In some cases, when qmail receives the mail which did not be domainkeys signed, qmail-stmpd's process goes down. As a result, sender MTA time out.(#4.4.2)
-> line 31.
problem2: RELAYCLIENT environment variable is not set, in spite of verifying smtp auth due to author's policy. ( See below article )
-> line 52.

https://qmail.jms1.net/patches/combined.shtml
Not To-Do List

These are patches which people suggested, and I thought about, and I have decided not to add for one reason or another.

It has been suggested that qmail-smtpd should explicitly add RELAYCLIENT="" to the environment when a client does a successful AUTH command.

Status: not going to happen.

If you need this functionality, use AUTH_RELAYCLIENT="" instead, or if you have a script which needs it, modify that script to use the SMTP_AUTH_USER variable instead, which is set in case of a successful AUTH command (and will contain the userid which was used in the AUTH command).

Also, be aware that the RELAYCLIENT environment variable is used for more than just granting permission to relay. Read the man page for qmail-smtpd (i.e. run "man qmail-smtpd" on your system) for more details.

Improving: DKVERIFY log is not output to syslog(/var/log/messages). However If you set SPF_LOG=1 environment varibale, "Received-SPF:" record is written to syslog. I want to output "Authentication-Results:" to syslog as same as SPF.
-> line 9,20,41

Solution

I made below patch. Download here.

 
*** qmail-smtpd.c       2014-03-17 13:58:06.000000000 +0900
--- ../../qmail.spf.dkim/qmail-1.03/qmail-smtpd.c       2014-03-17 23:04:04.000000000 +0900
***************
*** 303,308 ****
--- 303,309 ----
  stralloc spfguess = {0};
  stralloc spfexp = {0};
  int spf_log = 0;
+ int dkverify_log = 0;
  int help_version = 0;

  void smtp_greet(code) char *code;
***************
*** 403,408 ****
--- 404,412 ----
    x = env_get("SPF_LOG");
    if(x) { scan_ulong(x,&u); spf_log = (int) u; }

+   x = env_get("DKVERIFY_LOG");
+   if(x) { scan_ulong(x,&u); dkverify_log = (int) u; }
+
    x = env_get("RELAYREJ");
    if(x) { scan_ulong(x,&u); relayrej = (int) u; }

***************
*** 1347,1352 ****
--- 1351,1357 ----
      maybe_die_dk(dkst);
      dkimst = DKIMVerifyResults(&dkim);

+     dkstatus = "none (no signature)";
      switch(dkst) {
      case DK_STAT_OK:         dkstatus = "pass (ok)";                  break;
      case DK_STAT_BADSIG:     dkstatus = "fail (bad sig)";             break;
***************
*** 1415,1420 ****
--- 1420,1427 ----
      qmail_puts(&qqt, dkimstatus);
      qmail_puts(&qqt, "\n");

+     if (dkverify_log) { strerr_warn7(title.s, "Authentication-Results: ", (hostname ? hostname : "localhost"), "; domainkeys=", dkstatus, "; dkim=", dkimstatus,0); }
+

      for (;;) {
        r = substdio_get(&tempio,&ch,1);
***************
*** 1910,1915 ****
--- 1917,1923 ----
        if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
        if (!env_unset("SMTP_AUTH_USER")) die_read();
        if (!env_put2("SMTP_AUTH_USER",remoteinfo)) die_nomem();
+       if (!env_put2("RELAYCLIENT",relayclient)) die_nomem();
        out("235 ok, go ahead (#2.0.0)\r\n");
        break;
      case 1:

Patching

The first thing you need to do is patching both qmail-1.03-jms1.7.10.patch and qmail-1.03-jms1.7.08-dkim-r1.patch.

# wget https://blog.kamata-net.com/patch/qmail-1.03-smtpd-dkim.patch
# cd qmail-1.03
# patch < ../qmail-1.03-smtpd-dkim.patch # make setup check

Configure

If you want to write "Authentication-Results:" record to syslog, DKVERIFY_LOG variable must be set in qmail rc script.

 
#!/bin/sh
#
# qmail: /var/qmail
# chkconfig: 2345 80 30
# description: Qmail is a Mail Transport Agent, which is the program \
#              that moves mail from one machine to another.
# processname: qmail
# pidfile: /var/run/qmail
#
# Source function library.
. /etc/rc.d/init.d/functions

prog="qmail"

PATH=/var/qmail/bin:/usr/local/bin:/bin:/usr/bin
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE


PORT=465; export PORT
SSL=1; export SSL
FORCE_TLS=0; export FORCE_TLS
DENY_TLS=0; export DENY_TLS
REQUIRE_AUTH=0; export REQUIRE_AUTH
ALLOW_INSECURE_AUTH=0; export ALLOW_INSECURE_AUTH
AUTH_CDB=/var/qmail/control/auth.cdb; export AUTH_CDB
SPF_LOG=1; export SPF_LOG
DKVERIFY_LOG=1; export DKVERIFY_LOG
AUTH_SET_SPF_LOG=1; export AUTH_SET_SPF_LOG
QMAILSMTPD_LOG_MAIL=1; export QMAILSMTPD_LOG_MAIL
QMAILSMTPD_LOG_RCPT=1; export QMAILSMTPD_LOG_RCPT


[ -f /var/qmail/rc ] || exit 0

case "$1" in
  start)
        # Start daemons.
        echo "Starting qmail."
        csh -cf '/var/qmail/rc &'

        # STMP
        tcpserver -v -R -H -l0 -c100 -u 501 -g 500 -x /etc/tcpserver/tcp.smtp.cdb \
        0 smtp /var/qmail/bin/qmail-smtpd kamata-net.com /bin/cmd5checkpw /bin/true \
        2>&1 | /var/qmail/bin/splogger smtpd 3 &
(snip)

Thanks

qmail Combined Patch Details is very convenient patch. Everyone who want to implement qmail on your server would better apply this patch set.

DKIM and DomainKeys patch for qmail | Brandon's Blog

この記事は役に立ちましたか? | Is this article useful for you?

評価をお願いします | Please leave your rating.

平均 | Av.: 5 / 5. 投票数 | Votes: 1

最初の評価を下さい | Please vote for the first rating.

次のページへ >

< 1 2>

-Linux Server
-, ,

© 1999 - 2021 蒲田ネット