(Note: This dates back to 2000 and has not been touched since 2005)

What's available?

This page is meant to hold my IPv6 patches for qmail when I finally get around to actually doing them. For now, I have qmail-1.03-netqmail-1.05-fefe3.diff.bz2 (read README.antispam, enclosed in the patch; NEW! now also with p0f interface and inline signature check), qmail-remote-outgoingip.diff.gz (qmail-remote will bind to the IP given in /var/qmail/control/outgoingip), qmail-1.03-preline.diff (adds a -p option telling preline to ignore EPIPE) and qmail-1.03-fefe-jumbodiff4.bz2, which actually is a combination of other people's patches (all of which I downloaded from qmail.org) that won't apply cleanly over each other:

  1. tls.patch
  2. tarpit.patch
  3. antispam4-b1.diff [domain was grabbed]
  4. netscape-progress.patch
  5. qmail-103.big-dns.patch
  6. qmail-1.03-mfcheck.3.patch augmented to also check the envelope sender against domain based RLBs (like the ones from rfc-ignorant.org).

(From memory. I hope I didn't forget to mention or actually include any).

Any user visible changes?

  1. After "make setup", don't forget to "make cert" (as root) to create the OpenSSL certificate. The patch assumes you have openssl installed under /usr/local/ssl.
  2. /var/qmail/control/tlshosts/ can hold certs to force TLS from different domains.
  3. /var/qmail/control/tlsclients lists names from client certs that grant relaying permission.
  4. /var/qmail/control/rsa512.pem can contain a static RSA key. If this file doesn't exist, a new RSA key is created on the fly for each connection which can waste a lot of CPU time. Use a cron job to update this file every hour or once a day or so.
  5. /var/qmail/control/clientca.pem is used to verify client certs. Please read the documentation for details.
  6. /var/qmail/control/badrcptto lists recipient addresses that should be rejected. This can save bandwidth as qmail otherwise will accept the whole message and then bounce it all back, this files makes qmail-smtpd reject the message before it is transferred.
  7. Have tcpserver set $DENYMAIL to SPAM to reject all mails. Have it set $DENYMAIL to NOBOUNCE to reject empty envelopes, to DNSCHECK to reject mails with invalid envelope sender (no A or MX records) (i.e. mails you couldn't bounce). If $DENYMAIL is set at all (no matter to what), envelope senders do not contain an '@', contain '!@' or don't contain a '.' or whose top level domain is not 2 or 3 characters long.

See Also

If you like this, you should probably also go to:

  1. www.qmail.org, which contains a list of many many qmail patches to choose from.
  2. An antispam relay checker similar to my patch for Postfix
  3. my djbdns ipv6 patches
  4. bzip2, the compressor I used to compress the diff.