Gentoo ebuild for qmail with JMS1 combined patch

Brandon — Thu, 16 Apr 2009 05:07:00 +0000

In a previous post, I introduced a patch to add DKIM and DomainKeys support to Qmail with John Simpson’s combined patch. In this post I’ll introduce the ebuild I wrote (well, modified) to allow easily installing qmail-jms1 on a Gentoo system.

Though this ebuild makes installing qmail with John’s patch a little easier, it doesn’t make administering a qmail system child’s play. Before merging this ebuild, you should read through John’s website. You may also want to read about netqmail on Gentoo. While this ebuild has nothing to do with netqmail, it does borrow some the conventions presented in the Gentoo doc concerning starting, stopping and controlling qmail.

I didn’t include any of John’s run scripts or configuration files. Only the combined patch is applied to the base qmail image. I’ve also included some additional patches I’ve found useful. They are described in more detail on my qmail patches page. Most of my extra patches are controlled by use flags (dkim, ipv6) and not applied by default.

For the impatient, here is a direct link to the ebuild:
http://svn.bltweb.net/repos/public/gentoo_overlay/mail-mta/qmail-jms1/qmail-jms1-7.08-r1.ebuild

Install my portage overlay

The easiest way to use the qmail-jms1 ebuild is to use my Gentoo Portage Overlay. Please see the overlay page for instructions on how to set it up.

You will need the following ebuilds from my overlay:

virtual/qmail
mail-mta/qmail-jms1
sys-apps/ucspi-tcp
mail-filter/libdkim (only needed if using the dkim use flag)

Install Qmail

Once the overlay is set up, installing qmail-jms1 is easy.

Add the following to your /etc/portage/package.keywords file:

mail-mta/qmail-jms1
sys-apps/ucspi-tcp
mail-filter/libdkim
# You may also need these:
net-mail/dot-forward
sys-process/daemontools
sys-apps/ucspi-ssl
virtual/checkpassword
net-mail/checkpassword-pam

Now install qmail-jms1:

$ emerge -pv qmail-jms1
$ sudo emerge qmail-jms1

Configure Qmail

Yeah right… There is plenty of documentation elsewhere for this. Try John’s website.

Start Qmail

# ln -s /var/qmail/supervise/qmail-send /service/qmail-send
# ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd
# rc-update add svscan default
# /etc/init.d/svscan start

That’s all I have for now. Installing, configuring and administering qmail should not be taken lightly. This ebuild has made it easier for me to set up and maintain my servers, however you should only consider using it if you are already familiar with setting up a qmail server.

Feel free to leave any comments, suggestions or problems below!

Scan for Conficker with Nmap 4.85 beta5 Gentoo ebuild

Brandon — Tue, 31 Mar 2009 22:31:36 +0000

On Monday Dan Kaminsky, along with the Honeynet Project’s Tillmann Werner and Felix Lede announced they discovered the ability to detect if a machine is infected with the Conficker worm by scanning a network. See Dan’s post for more information. Shortly thereafter, version 4.85BETA5 of the nmap tool was released to allow remote scanning for the Conficker worm.

As April 1st is just a few hours away (I guess it’s already here in some parts of the world), I wanted to scan my network using the latest version of the nmap tool. As Gentoo doesn’t have an ebuild yet, I quickly created one and thought I’d share it.

This file contains everything you need:
Nmap 4.85BETA5 ebuild

Installing Nmap 4.85BETA5

$ cd ~
$ wget http://www.brandonturner.net/blog/wp-content/uploads/2009/03/nmap-485_beta5ebuild.tgz
$ sudo mkdir -p /usr/local/portage
$ cd /usr/local/portage
$ sudo tar -xzf ~/nmap-485_beta5ebuild.tgz
$ echo '=net-analyzer/nmap-4.85_beta5' | sudo tee -a /etc/portage/package.keywords
$ echo 'net-analyzer/nmap lua' | sudo tee -a /etc/portage/package.use
$ emerge -pv nmap
(If emerge doesn’t show that it will emerge nmap-4.85_beta5, ensure you have PORTDIR_OVERLAY="/usr/local/portage" in your /etc/make.conf file)
$ sudo emerge nmap

Scanning for Conficker

insecure.org has some instructions on how to scan for Conficker. Basically, here is what I did to scan a 192.168.1.0/24 network:

$ cd ~
$ nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 192.168.1.0/24 | tee conficker_scan.txt | grep -P 'Host \d|Conficker' | grep -B 1 'Conficker'

This stores the complete output of the nmap command in conficker_scan.txt, but displays a quick-and-dirty summary to stdout. Your milage may vary. Obviously you should edit the network address (in green above) for your network.

You should see something like:

Host 192.168.1.101 appears to be up ... good.
|  Conficker: Likely CLEAN
--
Host 192.168.1.102 appears to be up ... good.
|  Conficker: Likely CLEAN
--
Host 192.168.1.103 appears to be up ... good.
|  Conficker: Likely CLEAN
--
Host 192.168.1.104 appears to be up ... good.
|  Conficker: Likely INFECTED
--

Linux boxes usually return something like Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND.

Brandon's Blog » ebuild