Archive

Posts Tagged ‘qmail’

IPv6 support for qmail-jms1

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

IPv6 support in qmail

Supporting IPv6 in qmail largely revolves around DNS lookups. Patches for tcpserver and sslserver allow incoming connections over IPv6. In order to support IPv6 in qmail:

  • DNS lookups should prefer AAAA records, falling back to A records only if AAAA records are not available
  • All code referencing IP addresses should support IPv4 and IPv6 addresses
  • SPF queries should support IPv6 addresses

The fujiwara patch

A qmail IPv6 patch has existed since 2002 that covers the first two issues above. It is written to apply cleanly on the base qmail-1.03 distributed on Daniel Bernstein’s site. It does not include support for SPF queries as SPF is not included in the original version of qmail.

Server Admin ,

IPv6 support for jgreylist

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

jgreylist Changes

jgreylist is a program provided by John Simpson to allow greylisting in qmail. John provides two versions, one written in Perl, and one written in C. I chose to only patch the C version.

jgreylist works by using the unix timestamps of empty files to track when individual IP address or class C blocks last visited your qmail server. John does a great job of explaining how this works on his jgreylist page. You should understand how his program, especially the C version, works and is configured before continuing.

Server Admin ,

IPv6 support for sslserver

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-ssl

The ucspi-ssl package provides the sslserver program. sslserver accepts incoming SSL connections and passes them to another program such as qmail-smtpd. sslserver is almost identical to tcpserver except that it deals with encrypted SSL traffic rather than clear text.

I could not find an IPv6 patch for sslserver, however I was able to port the tcpserver patch to sslserver. You can easily apply my ucspi-ssl-0.70-ipv6.patch:

$ wget http://www.superscript.com/ucspi-ssl/ucspi-ssl-0.70.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-ssl-0.70-ipv6.patch
$ tar -xzf ucspi-ssl-0.70.tar.gz
$ cd host/superscript.com/net/ucspi-ssl-0.70
$ patch -p1 < ../../../../ucspi-ssl-0.70-ipv6.patch
$ package/compile
$ sudo package/install

sslserver

To understand what the sslserver portion of the IPv6 patch does, you should be familiar with the sslserver man page and read about how tcpserver handles IPv6 on Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, sslserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “SSL6” instead of “SSL“.

Server Admin ,

IPv6 support for tcpserver and rblsmtpd

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-tcp

The ucspi-tcp package provides the tcpserver and rblsmtpd programs. tcpserver accepts incoming TCP connections and passes them to another program such as qmail-smtpd. rblsmtpd blocks connections from RBL listed IPs.

Thanks to Fefe, a patch has been around for a while that adds IPv6 support to tcpserver. Fefe’s patch does not touch rblsmtpd, however.

I’ve modified Fefe’s patch to patch rblsmtpd as well. You can easily apply my ucspi-tcp-0.88-ipv6.patch:

$ wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-tcp-0.88-ipv6.patch
$ tar -xzf ucspi-tcp-0.88.tar.gz
$ cd ucspi-tcp-0.88
$ patch -p1 < ../ucspi-tcp-0.88-ipv6.patch
$ make
$ sudo make install

tcpserver

To understand what the tcpserver portion of the IPv6 patch does, you should read Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, tcpserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “TCP6“.

Server Admin ,

Qmail IPv6

August 7th, 2009

Adding IPv6 support to qmail can be a daunting task. A modern qmail system includes several different components, with various patches and configuration options for each. There are a few patches on the internet that claim to add IPv6 support for a specific component, but I had trouble finding patches for every piece of my qmail install.

I’m not trying to defend IPv6. I realize there are many people with strong feelings towards the subject, including qmail’s author. Switching to IPv6 is a monumental task. It may never happen, but something needs to – we can’t keep NATing forever.

Many software projects have already added support for IPv6. My Gentoo box has been on an IPv6 network, via Hurricane Electric’s free tunnel broker service for a while now. Mac OS X has support for IPv6, as do the latest versions of Windows. Even Windows XP can support IPv6 if enabled. Postfix, Exim, and Sendmail all support IPv6.

Server Admin , ,

Gentoo ebuild for qmail with JMS1 combined patch

April 16th, 2009

In a previous post, I introduced a patch to add DKIM and DomainKeys support to Qmail with John Simpson’s combined patch. In this post I’ll introduce the ebuild I wrote (well, modified) to allow easily installing qmail-jms1 on a Gentoo system.

Though this ebuild makes installing qmail with John’s patch a little easier, it doesn’t make administering a qmail system child’s play. Before merging this ebuild, you should read through John’s website. You may also want to read about netqmail on Gentoo. While this ebuild has nothing to do with netqmail, it does borrow some the conventions presented in the Gentoo doc concerning starting, stopping and controlling qmail.

I didn’t include any of John’s run scripts or configuration files. Only the combined patch is applied to the base qmail image. I’ve also included some additional patches I’ve found useful. They are described in more detail on my qmail patches page. Most of my extra patches are controlled by use flags (dkim, ipv6) and not applied by default.

Gentoo , , , ,

DKIM and DomainKeys for qmail

March 19th, 2009

DomainKeys and its successor DomainKeys Identified Mail (DKIM) are technologies that allow organizations to take responsibility for a message. This is done by cryptographically signing an email as it leaves an organization in route to its destination. The signature can be verified using the DNS system to establish trust. In theory the technologies help cut down on spam by proving a message originated from the domain it says it does.

Support for DomainKeys in qmail has existed for a while thanks to a patch by Russel Nelson. Kyle Wheeler created a set of wrapper scripts that can be used to provide support for DKIM and DomainKeys. Mihai Secasiu has some wrapper scripts similar to Kyle’s that provide support for DKIM via the libdkim library instead of Perl’s Mail::DKIM module.

Server Admin , , , ,