ご注意下さい
この記事は3年以上前に書かれた記事ですので、内容が古い可能性があります。
Japanese version is here.
I suddenly found some mails could not be able to received my qmail-smtpd. I investigated and found the cause out.
So I made a improving patch for Brandon's combined patch and DKIM patch.
Issues
There are two problems and one improving point.
problem1: In some cases, when qmail receives the mail which did not be domainkeys signed, qmail-stmpd's process goes down. As a result, sender MTA time out.(#4.4.2)
-> line 31.
problem2: RELAYCLIENT environment variable is not set, in spite of verifying smtp auth due to author's policy. ( See below article )
-> line 52.
https://qmail.jms1.net/patches/combined.shtml
Not To-Do ListThese are patches which people suggested, and I thought about, and I have decided not to add for one reason or another.
It has been suggested that qmail-smtpd should explicitly add RELAYCLIENT="" to the environment when a client does a successful AUTH command.
Status: not going to happen.
If you need this functionality, use AUTH_RELAYCLIENT="" instead, or if you have a script which needs it, modify that script to use the SMTP_AUTH_USER variable instead, which is set in case of a successful AUTH command (and will contain the userid which was used in the AUTH command).
Also, be aware that the RELAYCLIENT environment variable is used for more than just granting permission to relay. Read the man page for qmail-smtpd (i.e. run "man qmail-smtpd" on your system) for more details.
Improving: DKVERIFY log is not output to syslog(/var/log/messages). However If you set SPF_LOG=1 environment varibale, "Received-SPF:" record is written to syslog. I want to output "Authentication-Results:" to syslog as same as SPF.
-> line 9,20,41
Solution
I made below patch. Download here.
*** qmail-smtpd.c 2014-03-17 13:58:06.000000000 +0900
--- ../../qmail.spf.dkim/qmail-1.03/qmail-smtpd.c 2014-03-17 23:04:04.000000000 +0900
***************
*** 303,308 ****
--- 303,309 ----
stralloc spfguess = {0};
stralloc spfexp = {0};
int spf_log = 0;
+ int dkverify_log = 0;
int help_version = 0;
void smtp_greet(code) char *code;
***************
*** 403,408 ****
--- 404,412 ----
x = env_get("SPF_LOG");
if(x) { scan_ulong(x,&u); spf_log = (int) u; }
+ x = env_get("DKVERIFY_LOG");
+ if(x) { scan_ulong(x,&u); dkverify_log = (int) u; }
+
x = env_get("RELAYREJ");
if(x) { scan_ulong(x,&u); relayrej = (int) u; }
***************
*** 1347,1352 ****
--- 1351,1357 ----
maybe_die_dk(dkst);
dkimst = DKIMVerifyResults(&dkim);
+ dkstatus = "none (no signature)";
switch(dkst) {
case DK_STAT_OK: dkstatus = "pass (ok)"; break;
case DK_STAT_BADSIG: dkstatus = "fail (bad sig)"; break;
***************
*** 1415,1420 ****
--- 1420,1427 ----
qmail_puts(&qqt, dkimstatus);
qmail_puts(&qqt, "\n");
+ if (dkverify_log) { strerr_warn7(title.s, "Authentication-Results: ", (hostname ? hostname : "localhost"), "; domainkeys=", dkstatus, "; dkim=", dkimstatus,0); }
+
for (;;) {
r = substdio_get(&tempio,&ch,1);
***************
*** 1910,1915 ****
--- 1917,1923 ----
if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
if (!env_unset("SMTP_AUTH_USER")) die_read();
if (!env_put2("SMTP_AUTH_USER",remoteinfo)) die_nomem();
+ if (!env_put2("RELAYCLIENT",relayclient)) die_nomem();
out("235 ok, go ahead (#2.0.0)\r\n");
break;
case 1:
Patching
The first thing you need to do is patching both qmail-1.03-jms1.7.10.patch and qmail-1.03-jms1.7.08-dkim-r1.patch.
# cd qmail-1.03
# patch < ../qmail-1.03-smtpd-dkim.patch # make setup check
Configure
If you want to write "Authentication-Results:" record to syslog, DKVERIFY_LOG variable must be set in qmail rc script.
#!/bin/sh
#
# qmail: /var/qmail
# chkconfig: 2345 80 30
# description: Qmail is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: qmail
# pidfile: /var/run/qmail
#
# Source function library.
. /etc/rc.d/init.d/functions
prog="qmail"
PATH=/var/qmail/bin:/usr/local/bin:/bin:/usr/bin
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
PORT=465; export PORT
SSL=1; export SSL
FORCE_TLS=0; export FORCE_TLS
DENY_TLS=0; export DENY_TLS
REQUIRE_AUTH=0; export REQUIRE_AUTH
ALLOW_INSECURE_AUTH=0; export ALLOW_INSECURE_AUTH
AUTH_CDB=/var/qmail/control/auth.cdb; export AUTH_CDB
SPF_LOG=1; export SPF_LOG
DKVERIFY_LOG=1; export DKVERIFY_LOG
AUTH_SET_SPF_LOG=1; export AUTH_SET_SPF_LOG
QMAILSMTPD_LOG_MAIL=1; export QMAILSMTPD_LOG_MAIL
QMAILSMTPD_LOG_RCPT=1; export QMAILSMTPD_LOG_RCPT
[ -f /var/qmail/rc ] || exit 0
case "$1" in
start)
# Start daemons.
echo "Starting qmail."
csh -cf '/var/qmail/rc &'
# STMP
tcpserver -v -R -H -l0 -c100 -u 501 -g 500 -x /etc/tcpserver/tcp.smtp.cdb \
0 smtp /var/qmail/bin/qmail-smtpd kamata-net.com /bin/cmd5checkpw /bin/true \
2>&1 | /var/qmail/bin/splogger smtpd 3 &
(snip)
Thanks
qmail Combined Patch Details is very convenient patch. Everyone who want to implement qmail on your server would better apply this patch set.
