Qmail Project

Links to patches at the end of this page

First of all, please read all the following lines. I am sorry about my bad english, will do my best.

Well this patch I got here is a simple merge of quite useful patches with a few touch of mine. Let me tell you that all the code was converted from select() to poll() and I have no plans to convert to epoll() as its not quite ok for FreeBSD yet. Well the actual conversion is quite a change for all this amount of code. If you're not a programmer, it means performance improvements. This patch is pretty acceptable to run a smtp server with 50.000 users or more.

If you are not experienced with qmail, I suggest you to read and get more used to the environment before applying qmail patches yourself. I am not saying that you can't use it, I am just trying to say that you might get lost and loose precious time with it.

If you indeed have qmail backgrounds and you read all this page with care, you will be able to implement a really good and customisable qmail based smtp server, it's a huge list of merged patches that will reduce your work time. I do not earn a penny with this page and patch, so please: be polite with me and other people that works for free to help you.

NOTE: Applying my patch, qmail wont compile without vpopmail installed, and vpopmail does not compile without qmail installed as well, so I suggest you to compile a simple qmail version, after vpopmail full version, then you can compile qmail with my patch.
My vpopmail works with ldap, so if you got mysql for auth, you need to edit the file conf-libraries lines where you find -lldap -llbder to -lmysqlclient and maybe you'll need -L/usr/local/lib/mysql too, if you got cdb, please use the correct libraries and you can find it at vpopmail/etc/lib_deps file, so pay attention.

This Patch is for qmail not and NEVER netqmail!

Useful list of triggers to control features:

NOTE: those triggers could be set in control/filename where the filename is the same name of the trigger, or inside tcp.smtp configuration as example bellow:

mfcheck=1

Check if sender has a proper a/mx domain dns entry

authreq=1

Will require auth for relay, won't relay with no authenticantion

chkuser=1

Turns on chkuser features like real user validation even when chkuser V2 own triggers are set:this trigger is still needed

heloreq=1

Will always ask for a string after EHLO/HELO

dnsblskip=1

Disables RBL verifications on sender domain. To enable it, put rlb lists at control/dnsbllist file

maxrcpt=n

Where n is the max numer of recipients allowed for: control/maxrcptusers where you list users that would be restricted. no values will disable this feature

tlsreq=1

Will only accept starttls (TLS) events in smtp (need more tests)

logregex=1

Will log qregex patch matches, very useful

nobadhelo=1

Wont check for control/badhelo patterns, disables this trigger

Ex: 10.10.10.10:allow,RELAYCLIENT="",DNSRLSKIP='1',CHKUSER='1',HELOREQ='0',NOBADHELO='0'

This example is just to illustrate the use of those triggers, use your own configuration

NOTE: the next triggers should be only set in control files:

control/concurrencyremotedomain

Will control remote concurrency by domain: best set is 10 per domain

NOTE: This file is now mandatory, you need to create it, beware

control/badhostfrom

Will block hosts from regex patterns to get smtp access

QREGEX patch has a lot of more triggers like:

control/badhelo control/badmailfrom control/badmailto control/badmailfromnorelay control/badmailtonorelay

Read README.qregex for more information about those trigger files.

For more info about regex block files, read README.qregex, the feature above was created by me to help block .*dsl.* hosts.

Also, don't forget to read the file chkuser_settings.h, there are many features avaliable that might be useful for your environment.

NOTE: If you need CRAM-MD5 auth, you need too edit qmail-smtpd.c and change from #undef AUTHCRAM to #define AUTHCRAM

PS: CRAM-MD5 is not supported in most popular mail clients

Bellow follows all my comments and explanations about all patches included, please consider reading them all, there might be some useful information for best settings. The chronological modification order stands bellow.

NEW

qmail-dk.patch

I decided to turn things easy for those who wants domainkeys support in my combo patch, it's an optional patch, enjoy it. There is a README.domainkeys for you to be read in case you need help how to setup qmail-dk

concurrencyremote-domain.patch

I found a deadlock in qmail-send, it was fixed, I am sorry. Hope you did not mess your site. Feel free to complain about it in my personal e-mail.

concurrencyremote-domain.patch

Adds per domain remote concurrency, Thanks to floyd

chkuser-2.0.8b-release

Fixed compatibility with qmail-smtpd-relay-reject.patch Thanks to Erdem

qregex.patch

Fixed problem with badhostfrom rejecting user before smtp auth, now dsl users can send proper e-mails, thanks to vinao

qmail-1.05-tls-20060104.patch

Fixed some problems with STARTTLS always requiring the damn command, fixed now, this feature should be able to be used just fine

qmail-smtpd-auth-0.31.tar.gz

Fixed some problems with descriptors and chkuser V2 patch where chkuser logging were messing around with stfout/stderr

chkuser-2.0.8b-release

Migrated to V2 of chkuser that has tons of new features I suggest you to check the page at: http://www.interazioni.it/opensource/chkuser/ ATENTION: I kept the conf-vpopmail and conf-library insted of chkuser V2 Makefile settings, so you don't need to look at Makefile, and I also suggest you to look at chkuser_settings.h before compile it, there are some useful triggers you might want to. I also kept my old trigger for chkuser V1 so you're still able to turn off chkuser patch whenever you want to. enjoy it. Thanks for tortinho for driving me mad until I had it done.

chkuser.patch

Added log support for both checks (mailfrom/rcptto). Thanks to tortinho

qmail-1.05-tls-20060104.patch

Updated to the last SSL/TLS patch to fit linux needs. Thanks to tortinho

qmail-maxrcpt.2.patch

Added to support max rcpt per user control, you can enable it with: echo 1 > control/maxrcpt then put user@domain at control/maxrcptusers. Thanks to tortinho

qmail-dnsbl-20060130.patch

Modified by me to skip rbl check when auth was provided, it sounds quite. Obvious... Thanks to tortinho

qregex.patch

Modified by me to include a new regex file called badhostfrom where you could add regex expressions to deny a host like .*dsl.* Thanks to Seko for asking about this feature

chkuser.patch

Fixed to look for mail from also, it works with the same env variable above. Thanks to xmauricio
Fixed some issues with authreq and null mail from addreses also Thanks to xmauricio.
Fixed patch structure

qmail-dnsbl-20060130.patch

Adds suport for rbl check into qmail-smtpd with log support and whitelist to enable this feature add rbl lists to the control/dnsbllist file if you don't want to use it, just add and environment variable called DNSBLSKIP and rbl check will be skipped. Thanks to xmauricio

bad-helo.patch

I decided that HELO/EHLO without any string should be denied but I have included an environment variable HELOREQ="1" to activate it just like the others above

qmail-custom.patch

Enable simscan to return apropriated messages for each e-mail it refuses

tls-require.patch

Modified by me to look for a control/tlsreq with then content of "1" inside, or an environment variable like TLSREQ=1;export TLSREQ or even an 127.:allow,TLSREQ="1" at the tcp.smtp
NOTE: once you enable this feature, your smtpd will only accept starttls sessions

qregex-20040725.patch

Updated Qregex patch for new features

qmail-smtpd-log-badmailfrom.patch

logs badmailfrom hits

qmail-canonical.rcpt.patch

qmaill-remote log only show the RCPT TO address before canonicalisation. This patch adds real name logging

qmail-doublebounce-trim.patch

To make qmail discard double bounce messages to avoid spam replies at your qmail queue directory

chkuser.patch

Modified by me to look for a control/authreq and the content of "1" inside or an environment variable like CHKUSER=1;export CHKUSER or even an 127.:allow,CHKUSER="1" at the tcp.smtp
NOTE: once you enable this feature, all smtpd sessions will be checked for valid recipients (user/domain/maillist/forwards/robots)

qmail-smtpd-auth-0.31.tar.gz

Modified by me to look for a control/authreq and the content of "1" inside or an environment variable like AUTHREQ=1;export AUTHREQ or even an 127.:allow,AUTHREQ="1" at the tcp.smtp
NOTE: once you enable this feature your smtpd will always require auth when relay matches your rcpthosts

qmail-tap.diff

qmail provides the ability to make a copy of each email that flows through the system. This is done using the QUEUE_EXTRA code

qmail-spf-rc5.patch

Add SPF support for qmail

qmail-1.03-glibc-2.3.1-errno

yep, linux people really need that, god bless you linux users *I use FreeBSD, and linux people start to send boring mails telling *me that "with" my patch, qmail wont compile. Here you are, lazy ones. Thanks to snap

qmail-1.03-rfc1652.diff

removes 8BITMIME because qmail does not implement 8BITMIME properly

qmail-1.03-rfc2821.diff

adds qmail support to retry all listed MX servers in order of preference

qmail-1.03-4.3BSD-ipalias.diff

adds qmail support to retrieve all local ip addresses

qmail-1.03-mfcheck.3.patch

check that the envelope sender has a dns entry
NOTE: this is off by default. To turn it on, do: *echo 1 > /var/qmail/control/mfcheck

chkuser.patch

Checks vpopmail recipient is valid before accepting message

sendmail-flagf.patch

fix some sendmail emulations for qmail

qmailqueue.patch

to allow for virus scanners

qregex.patch-20020129

regular expression matching in badmailfrom and badmailto

qmail-0.0.0.0.patch

adds qmail support for host 0.0.0.0

qmail-date-localtime.patch

corrects qmail's localtime issue

qmail-big-concurrency.patch

adds support for qmail to load more than 255 threads of qmail-smtpd/remote at the same time, a normal kernel setup should hit 509 threads, but setting properly FD_SIZE options you could increase it up to 2048 or even more
ATENTION: check conf-spawn for those settings, the default is 509

big-ext-todo.patch

the exttodo patch addresses a problem known as the silly qmail (queue) problem. This problem is found only on system with high injection rates.

tarpit.patch

adds queue/deliver delay for spam control

qmail-smtpd-relay-reject.patch

blocks mail with null recipient

qmail-1.03-tls.patch

adds tls support to qmail-smtpd

qmail-smtpd-auth-0.31.tar.gz

Qmail smtp auth patch with base64 support

qmail-maildir++.patch

adds maildirquota support to qmail-pop3d and qmail-local

PS: If you still use vpopmail like me, and you still pissed off that courier-imap, I mean, courier-authlib cut support to vpopmail, well I gos some good news for you. I got the Linux Patch here. Its for version 0.63.0 of courier-authlib and it is still downloadble. Another patch that I find util is to have vpopmail adding folders like Junk/Trash/Sent by default, this patch you can find here.

Currently I am using ASSP as my spam filter, it is just fantastic, I can block 96% of all spam traffic with one hand in my back. You should try it. Check it out here
DOMAINKEY special patch for my combo qmail patch is avaliable here
MD5 (qmail-delphus-DK.patch) = 39a37c39e0e0e320cce19c9dec1b8fb2