(Note: This dates back to 2000 and has not been touched since 2005)
What's available?
This page is meant to hold my IPv6 patches for qmail when I finally get
around to actually doing them. For now, I have qmail-1.03-netqmail-1.05-fefe3.diff.bz2
(read README.antispam, enclosed in the patch; NEW! now also with p0f
interface and inline signature check),
qmail-remote-outgoingip.diff.gz
(qmail-remote will bind to the IP given in
/var/qmail/control/outgoingip), qmail-1.03-preline.diff (adds a -p
option telling preline to ignore EPIPE) and qmail-1.03-fefe-jumbodiff4.bz2,
which actually is a combination of other people's patches (all of which
I downloaded from qmail.org) that
won't apply cleanly over each other:
- tls.patch
- tarpit.patch
- antispam4-b1.diff [domain was grabbed]
- netscape-progress.patch
- qmail-103.big-dns.patch
- qmail-1.03-mfcheck.3.patch
augmented to also check the envelope sender against domain based RLBs
(like the ones from rfc-ignorant.org).
(From memory. I hope I didn't forget to mention or actually include any).
Any user visible changes?
- After "make setup", don't forget to "make cert" (as root) to create
the OpenSSL certificate. The patch assumes you have openssl installed
under /usr/local/ssl.
- /var/qmail/control/tlshosts/ can hold certs to force TLS from
different domains.
- /var/qmail/control/tlsclients lists names from client certs that
grant relaying permission.
- /var/qmail/control/rsa512.pem can contain a static RSA key. If this
file doesn't exist, a new RSA key is created on the fly for each
connection which can waste a lot of CPU time. Use a cron job to update
this file every hour or once a day or so.
- /var/qmail/control/clientca.pem is used to verify client certs.
Please read the
documentation for details.
- /var/qmail/control/badrcptto lists recipient addresses that should
be rejected. This can save bandwidth as qmail otherwise will accept the
whole message and then bounce it all back, this files makes qmail-smtpd
reject the message before it is transferred.
- Have tcpserver set $DENYMAIL to SPAM to reject all mails. Have it
set $DENYMAIL to NOBOUNCE to reject empty envelopes, to DNSCHECK to
reject mails with invalid envelope sender (no A or MX records) (i.e.
mails you couldn't bounce). If $DENYMAIL is set at all (no matter to
what), envelope senders do not contain an '@', contain '!@' or don't
contain a '.' or whose top level domain is not 2 or 3 characters long.
See Also
If you like this, you should probably also go to:
- www.qmail.org, which contains a
list of many many qmail patches to choose from.
- An antispam relay checker
similar to my patch for Postfix
- my djbdns ipv6 patches
- bzip2, the
compressor I used to compress the diff.