QMail - SPF-Patch

[Becks]

Due to spam several bigger companies are working on a solution of this. One meight be spf - sender permitted from (more info: google).

On heise.de someone posted a link of a patch for qmail smtpd:
http://www.saout.de/misc/qmail-spf-latest.patch


Alex

[chtephan]

I've set up a web page:

http://www.saout.de/misc/spf/

If anyone needs a patch for gentoo qmail, feel free to ask.

(actually, I've go one here that combines spf + mfcheck on top of qmail-1.03-r15 *and* fixes the broken TLS_BEFORE_AUTH #ifdefs...)

The patch is fully functional and can be configured to do nothing or to just add headers. So it's safe for integration into an official package.
It's mentioned as one of the "official" qmail patches on the SPF download site.

Probably interesting with logging and statistics.

Please look at http://spf.pobox.com/ and the spf-discuss@v2.listbox.com list archive.

Meng Weng Wong wants to start the experimental phase where as much feedback should be gathered as possible.

[chtephan]

Ok, I rediffed the patch:

http://www.saout.de/misc/spf/qmail-1.03 ... pre2.patch

applies on top of qmail-1.03-r15

and

http://www.saout.de/assets/qmail-1.03-r ... -fix.patch

makes USE=notlsbeforeauth actually work

(#ifdef TLS && TLS_BEFORE_AUTH doesn't work, but this does: #if defined(TLS) && defined(TLS_BEFORE_AUTH))

€: It's the one that works now.

[robbat2]

thanks guys. I'm the qmail maintainer, and these will definetly go in, i just traced the TLS_BEFORE_AUTH problem today, as I've been quite busy with schoolwork etc. lately.

does that qmail-1.03-r15-spf-pre1.patch you posted only have SPF and _not_ mfcheck or does it include the mfcheck that you mentioned?

also, would you mind if your URLs for the patches is placed directly into the SRC_URI (it will be mirrored on the gentoo mirrors, but we're trying to make sure things have clean external sources in case of data loss somewhere.)?

the #ifdef thing comes from a much older GCC, where it got treated as an expression and evaluted before the define check kicked in, so it worked there.

[chtephan]

I rediffed it without mfcheck, it's only SPF.

And sure, you can use the URL, I can let the files stay around.

€: In case you want to have the patch elsewhere in the patch chain, just tell me so I can rediff it.

[robbat2]

thanks.
it will probably go into -r16 on sunday or monday evening (got a few exams and assignments due before then).

[chtephan]

Can I ask two more questions?

diff -Nur /var/qmail/supervise/qmail-pop3d/run supervise/qmail-pop3d/run
--- /var/qmail/supervise/qmail-pop3d/run 2004-01-31 22:57:14.000000000 +0100
+++ supervise/qmail-pop3d/run 2004-02-02 19:55:54.000000000 +0100
@@ -9,6 +9,7 @@
SERVICE=pop3
source /var/qmail/bin/qmail-config-system && \
exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \
+ ${QMAIL_TCPSERVER_PRE} \
/usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \
-c ${MAXCONN} \
${TCPSERVER_HOST} ${TCPSERVER_PORT} \

Forgot this one?


diff -Nur /var/qmail/supervise/qmail-smtpd/run supervise/qmail-smtpd/run
--- /var/qmail/supervise/qmail-smtpd/run 2004-01-31 22:57:14.000000000 +0100
+++ supervise/qmail-smtpd/run 2004-02-02 19:55:54.000000000 +0100
@@ -8,7 +8,7 @@
# modification can be make possible via the configuration files
SERVICE=smtp
source /var/qmail/bin/qmail-config-system && \
-exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \
+eval exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \
${QMAIL_TCPSERVER_PRE} \
/usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \
-c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \

I need this so that I can use brackets around arguments in QMAIL_SMTP_PRE, because I do this:

QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd \
-a rbl.intern \
-b -r 'bl.spamcop.net:Spam blocked see: http://spamcop.net/bl.shtml?%IP%' \
-b -r 'relays.ordb.org:Blackholed by ORDB -- see http://ordb.org/lookup/?host=%IP%' \
"

Is there something that can be done about it?

[robbat2]

yeah, i missed the first item there. my bad.

for the second item however, i'll look up a better solution than eval exec as that's not very clean.

[teilo]

Thank you, gentlemen.

USE=notlsbeforeauth now works for me.

This would be the first gentoo bug (40010) in which I had active, albeit minor, participation. Here's to many more.

[chtephan]

Three minor updates:

http://www.saout.de/misc/spf/qmail-1.03 ... pre2.patch

[Q]

I apologise for tacking this on to the end of a different subject but I seem to be in distinguished company.

I have qmail r13 running with courier-imap 2.12-r1. I only use the SSL service

I have had no success in setting up relay-ctrl.I have done as specified in the conf-smtpd. When I do I can no longer login to imap-ssl.

Any help greatly appreciated

[chtephan]

I need to apologize.

My first rediff for gentoo was broken... the -pre2 actually compiles.

[chtephan]

Minor cleanups: http://www.saout.de/misc/spf/qmail-1.03 ... -rc1.patch

[BassHombre]

What's the status of the -r16 qmail ebuild? Is this SPF patch still going in? I'd love to start checking SPF records on my mail server.

[Hollow]

i changed the qmail ebuild to fit my needs, also includes the rc2 patch (i'm not able to rediff the rc3, cause i can't get failed hunks in qmail-smtp.c to work, you're welcome to help), and 3 new use flags for checkpassword, cmd5checkpw and dot-forward, for those who don't need this (virtual mail hosting etc)

Code: Select all

# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/qmail-1.03-r15.ebuild,v 1.6 2004/07/20 14:24:11 tomk Exp $

inherit gcc eutils fixheadtails

IUSE="chkpw md5 dotforward ssl noauthcram notlsbeforeauth"
DESCRIPTION="A modern replacement for sendmail which uses maildirs and includes SSL/TLS, AUTH SMTP, and queue optimization"
HOMEPAGE="http://www.qmail.org/
        http://members.elysium.pl/brush/qmail-smtpd-auth/
        http://www.jedi.claranet.fr/qmail-tuning.html"
SRC_URI="mirror://qmail/${P}.tar.gz
        mirror://qmail/qmailqueue-patch
        http://qmail.null.dk/big-todo.103.patch
        http://www.jedi.claranet.fr/qmail-link-sync.patch
        mirror://qmail/big-concurrency.patch
        http://www.suspectclass.com/~sgifford/qmail/qmail-1.03-0.0.0.0-0.2.patch
        http://david.acz.org/software/sendmail-flagf.patch
        mirror://qmail/qmail-1.03-qmtpc.patch
        mirror://qmail/qmail-smtpd-relay-reject
        mirror://gentoo/qmail-local-tabs.patch
        http://www.shupp.org/patches/qmail-maildir++.patch
        ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-date-localtime.patch.txt
        ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-limit-bounce-size.patch.txt
        http://www.ckdhr.com/ckd/qmail-103.patch
        http://www.arda.homeunix.net/store/qmail/qregex-starttls-2way-auth.patch
        http://www.soffian.org/downloads/qmail/qmail-remote-auth-patch-doc.txt
        mirror://gentoo/qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2
        http://www.dataloss.nl/software/patches/qmail-popupnofd2close.patch
        http://js.hu/package/qmail/qmail-1.03-reread-concurrency.2.patch
        http://www.mcmilk.de/qmail/dl/djb-qmail/patches/08-capa.diff
        http://www.leverton.org/qmail-hold-1.03.pat.gz
        mirror://qmail/netscape-progress.patch
        http://www-dt.e-technik.uni-dortmund.de/~ma/djb/qmail/sendmail-ignore-N.patch
        http://www.saout.de/misc/spf/qmail-1.03-r15-spf-rc2.patch
        "
# broken stuffs
#http://www.qcc.ca/~charlesc/software/misc/nullenvsender-recipcount.patch

LICENSE="as-is"
SLOT="0"
KEYWORDS="~x86 ~ppc ~sparc mips alpha arm hppa amd64 ia64"

DEPEND="virtual/libc
        sys-apps/groff
        ssl? ( >=dev-libs/openssl-0.9.6g )
        >=net-mail/queue-fix-1.4-r1"
RDEPEND="!virtual/mta
        virtual/libc
        >=sys-apps/ucspi-tcp-0.88
        >=sys-apps/daemontools-0.76-r1
        chkpw? >=net-mail/checkpassword-0.90
        md5? >=net-mail/cmd5checkpw-0.22
        forward? >=net-mail/dot-forward-0.71
        >=net-mail/queue-fix-1.4-r1"

PROVIDE="virtual/mta
         virtual/mda"

#MY_PVR=${PVR}
MY_PVR=${PV}-r14

TCPRULES_DIR=/etc/tcprules.d

src_unpack() {
        # unpack the initial stuff
        unpack ${P}.tar.gz

        # This makes life easy
        EPATCH_OPTS="-d ${S}"

        # this patch merges a few others already
        EPATCH_SINGLE_MSG="Adding SMTP AUTH (2 way), Qregex and STARTTLS support" \
        epatch ${DISTDIR}/qregex-starttls-2way-auth.patch
        # bug #30570
        EPATCH_SINGLE_MSG="Fixing a memory leak in Qregex support" \
        epatch ${FILESDIR}/${MY_PVR}/qmail-1.03-qregex-memleak-fix.patch

        # Fixes a problem when utilizing "morercpthosts"
        epatch ${FILESDIR}/${MY_PVR}/smtp-auth-close3.patch

        # patch so an alternate queue processor can be used
        # i.e. - qmail-scanner
        EPATCH_SINGLE_MSG="Adding QMAILQUEUE support" \
        epatch ${DISTDIR}/qmailqueue-patch
        EPATCH_SINGLE_MSG="Adding QMAILQUEUE info to documentation" \
        epatch ${FILESDIR}/${MY_PVR}/qmail-qmailqueue-docs.patch

        # a patch for faster queue processing
        EPATCH_SINGLE_MSG="Patching for large queues" \
        epatch ${DISTDIR}/big-todo.103.patch

        # Support for remote hosts that have QMTP
        EPATCH_SINGLE_MSG="Adding support for remote QMTP hosts" \
        epatch ${DISTDIR}/qmail-1.03-qmtpc.patch

        # Large TCP DNS replies confuse it sometimes
        EPATCH_SINGLE_MSG="Adding support for oversize DNS" \
        epatch ${DISTDIR}/qmail-103.patch

        # Fix for tabs in .qmail bug noted at
        # http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/10/msg00696.html
        # gentoo bug #24293
        epatch ${DISTDIR}/qmail-local-tabs.patch

        # Account for Linux filesystems lack of a synchronus link()
        epatch ${DISTDIR}/qmail-link-sync.patch

        # Increase limits for large mail systems
        epatch ${DISTDIR}/big-concurrency.patch

        # Treat 0.0.0.0 as a local address
        epatch ${DISTDIR}/qmail-1.03-0.0.0.0-0.2.patch

        # Let the system decide how to define errno
        epatch ${FILESDIR}/errno.patch

        # holdremote support
        # pre-process to remove the header added upstream
        zcat ${DISTDIR}/qmail-hold-1.03.pat.gz | sed '123,150d' >${T}/qmail-hold-1.03.patch
        epatch ${T}/qmail-hold-1.03.patch

        # make the qmail 'sendmail' binary behave like sendmail's for -f
        epatch ${DISTDIR}/sendmail-flagf.patch

        # Apply patch to make qmail-local and qmail-pop3d compatible with the
        # maildir++ quota system that is used by vpopmail and courier-imap
        epatch ${DISTDIR}/qmail-maildir++.patch
        # fix a typo in the patch
        # upstream has changed the patch and this isn't needed anymore
        #epatch ${FILESDIR}/${MY_PVR}/maildir-quota-fix.patch

        # Apply patch for local timestamps.
        # This will make the emails headers be written in localtime rather than GMT
        # If you really want, uncomment it yourself, as mail really should be in GMT
        epatch ${DISTDIR}/qmail-date-localtime.patch.txt

        # Apply patch to trim large bouncing messages down greatly reduces traffic
        # when multiple bounces occur (As in with spam)
        epatch ${DISTDIR}/qmail-limit-bounce-size.patch.txt

        # Apply patch to add ESMTP SIZE support to qmail-smtpd
        # This helps your server to be able to reject excessively large messages
        # "up front", rather than waiting the whole message to arrive and then
        # bouncing it because it exceeded your databytes setting
        epatch ${FILESDIR}/${MY_PVR}/qmail-smtpd-esmtp-size-gentoo.patch

        #TODO TEST
        # Reject some bad relaying attempts
        # gentoo bug #18064
        epatch ${FILESDIR}/${MY_PVR}/qmail-smtpd-relay-reject.gentoo.patch

        #TODO TEST HEAVILY AS THIS PATCH WAS CUSTOM FIXED
        # provide badrcptto support
        # as per bug #17283
        # patch re-diffed from original at http://sys.pro.br/files/badrcptto-morebadrcptto-accdias.diff.bz2
        epatch ${DISTDIR}/qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2

        # bug #31426
        # original submission by shadow@ines.ro, cleaned up by robbat2@gentoo.org
        # only allows AUTH after STARTTLS, if compiled TLS && TLS_BEFORE_AUTH defines
        epatch ${FILESDIR}/${MY_PVR}/auth-after-tls-only.patch

        EPATCH_SINGLE_MSG="Enable stderr logging from checkpassword programs" \
        epatch ${DISTDIR}/qmail-popupnofd2close.patch
        EPATCH_SINGLE_MSG="Allow qmail to re-read concurrency limits on HUP" \
        epatch ${DISTDIR}/qmail-1.03-reread-concurrency.2.patch
        EPATCH_SINGLE_MSG="Add support for CAPA in POP3d" \
        epatch ${DISTDIR}/08-capa.diff
        EPATCH_SINGLE_MSG="Fixing output bug in CAPA-enabled POP3d" \
        epatch ${FILESDIR}/${MY_PVR}/qmail-pop3d-capa-outputfix.patch
        EPATCH_SINGLE_MSG="Fixing netscape progress bar bug with POP3d" \
        epatch ${DISTDIR}/netscape-progress.patch

        EPATCH_SINGLE_MSG="Making the sendmail binary ignore -N options for compatibility" \
        epatch ${DISTDIR}/sendmail-ignore-N.patch

        # rediff of original at http://www.qmail.org/accept-5xx.patch
        epatch ${FILESDIR}/${MY_PVR}/qmail-1.03-accept-5xx.tls.patch

        # rediffed from original at http://www.qcc.ca/~charlesc/software/misc/nullenvsender-recipcount.patch
        # because of TLS
        EPATCH_SINGLE_MSG="Refuse messages from the null envelope sender if they have more than one envelope recipient" \
        epatch ${FILESDIR}/${MY_PVR}/nullenvsender-recipcount.tls.patch

        # rediffed from original at http://www.dataloss.nl/software/patches/qmail-pop3d-stat.patch
        # because of TLS
        EPATCH_SINGLE_MSG="qmail-pop3d reports erroneous figures on STAT after a DELE" \
        epatch ${FILESDIR}/${MY_PVR}/qmail-pop3d-stat.tls.patch

        EPATCH_SINGLE_MSG="Branding qmail with Gentoo identifier 'Gentoo Linux ${PF}'" \
        epatch ${FILESDIR}/${MY_PVR}/qmail-gentoo-branding.patch
        sed -e "s/__PF__/${PF}/" -i ${S}/qmail-smtpd.c

        EPATCH_SINGLE_MSG="qmail-pop3d fix for top output so Evolution doesn't barf" \
        epatch ${FILESDIR}/${PVR}/qmail-pop3d-top-outputfix.patch

        EPATCH_SINGLE_MSG="Adding SPF support" \
        epatch ${DISTDIR}/qmail-1.03-r15-spf-rc2.patch

        echo -n "$(gcc-getCC) ${CFLAGS}" >${S}/conf-cc
        if use ssl; then
                einfo "Enabling SSL/TLS functionality"
                echo -n ' -DTLS ' >>${S}/conf-cc

                # from bug #31426
                if ! use notlsbeforeauth; then
                        einfo "Enabling STARTTLS before SMTP AUTH"
                        echo -n '-DTLS_BEFORE_AUTH ' >>${S}/conf-cc
                else
                        einfo "Disabling STARTTLS before SMTP AUTH"
                fi

        fi

        # fix bug #33818
        if use noauthcram; then
                einfo "Disabling AUTHCRAM support"
                sed -e 's,^#define AUTHCRAM$,//&,' -i ${S}/qmail-smtpd.c
        else
                einfo "Enabling AUTHCRAM support"
        fi

        echo -n "$(gcc-getCC) ${LDFLAGS}" > ${S}/conf-ld
        echo -n "500" > ${S}/conf-spawn

        # fix coreutils messup
        ht_fix_file ${S}/Makefile

}

src_compile() {
        emake it man || die
}

src_install() {

        einfo "Setting up directory hierarchy ..."

        diropts -m 755 -o root -g qmail
        dodir /var/qmail

        for i in bin boot control
        do
                dodir /var/qmail/${i}
        done

        keepdir /var/qmail/users

        diropts -m 755 -o alias -g qmail
        dodir /var/qmail/alias

        einfo "Installing the qmail software ..."

        insopts -o root -g qmail -m 755
        insinto /var/qmail/boot
        doins home home+df proc proc+df binm1 binm1+df binm2 \
                binm2+df binm3 binm3+df

        dodoc FAQ UPGRADE SENDMAIL INSTALL* TEST* REMOVE* PIC* SECURITY
        dodoc SYSDEPS TARGETS THANKS THOUGHTS TODO VERSION README* \
                ${DISTDIR}/qmail-remote-auth-patch-doc.txt

        insinto /var/qmail/bin
        insopts -o qmailq -g qmail -m 4711
        doins qmail-queue

        insopts -o root -g qmail -m 700
        doins qmail-lspawn qmail-start qmail-newu qmail-newmrh

        insopts -o root -g qmail -m 711
        doins qmail-getpw qmail-local qmail-remote qmail-rspawn \
        qmail-clean qmail-send splogger qmail-pw2u

        insopts -o root -g qmail -m 755
        doins qmail-inject predate datemail mailsubj qmail-showctl \
        qmail-qread qmail-qstat qmail-tcpto qmail-tcpok qmail-pop3d \
        qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd qmail-smtpd \
        sendmail tcp-env qreceipt qsmhook qbiff forward preline \
        condredirect bouncesaying except maildirmake maildir2mbox \
        maildirwatch qail elq pinq config-fast qmail-newbrt

        into /usr
        einfo "Installing manpages"
        doman *.[1-8]

        # use the correct maildirmake
        # the courier-imap one has some extensions that are nicer
        [ -e /usr/bin/maildirmake ] && \
                MAILDIRMAKE="/usr/bin/maildirmake" || \
                MAILDIRMAKE="${D}/var/qmail/bin/maildirmake"

        einfo "Adding env.d entry for qmail"
        dodir /etc/env.d
        insinto /etc/env.d
        doins ${FILESDIR}/99qmail

        einfo "Creating sendmail replacement ..."
        diropts -m 755
        dodir /usr/sbin /usr/lib
        dosym /var/qmail/bin/sendmail /usr/sbin/sendmail
        dosym /var/qmail/bin/sendmail /usr/lib/sendmail

        einfo "Setting up the default aliases ..."
        diropts -m 700 -o alias -g qmail
        ${MAILDIRMAKE} ${D}/var/qmail/alias/.maildir
        # for good measure
        keepdir /var/qmail/alias/.maildir/{cur,new,tmp}

        for i in mailer-daemon postmaster root
        do
                if [ ! -f ${ROOT}/var/qmail/alias/.qmail-${i} ]; then
                        touch ${D}/var/qmail/alias/.qmail-${i}
                        fowners alias:qmail /var/qmail/alias/.qmail-${i}
                fi
        done

        einfo "Setting up maildirs by default in the account skeleton ..."
        diropts -m 755 -o root -g root
        insinto /etc/skel
        newins ${FILESDIR}/dot_qmail .qmail.sample
        fperms 644 /etc/skel/.qmail.sample
        ${MAILDIRMAKE} ${D}/etc/skel/.maildir
        # for good measure
        keepdir /etc/skel/.maildir/{cur,new,tmp}

        einfo "Setting up all services (send, smtp, qmtp, qmqp, pop3) ..."
        insopts -o root -g root -m 755
        diropts -m 755 -o root -g root
        dodir /var/qmail/supervise

        for i in send smtpd qmtpd qmqpd pop3d; do
                insopts -o root -g root -m 755
                diropts -m 755 -o root -g root
                dodir /var/qmail/supervise/qmail-${i}{,/log}
                diropts -m 755 -o qmaill
                keepdir /var/log/qmail/qmail-${i}
                fperms +t /var/qmail/supervise/qmail-${i}{,/log}
                insinto /var/qmail/supervise/qmail-${i}
                newins ${FILESDIR}/run-qmail${i} run
                insinto /var/qmail/supervise/qmail-${i}/log
                newins ${FILESDIR}/run-qmail${i}log run
        done

        dodir ${TCPRULES_DIR}
        insinto ${TCPRULES_DIR}
        for i in smtp qmtp qmqp pop3; do
                newins ${FILESDIR}/tcp.${i}.sample tcp.qmail-${i}
        done

        einfo "Installing the qmail startup file ..."
        insinto /var/qmail
        insopts -o root -g root -m 755
        doins ${FILESDIR}/rc

        einfo "Insalling some stock configuration files"
        insinto /var/qmail/control
        insopts -o root -g root -m 644
        doins ${FILESDIR}/conf-*
        newins ${FILESDIR}/dot_qmail defaultdelivery
        use ssl && doins ${FILESDIR}/servercert.cnf

        einfo "Configuration sanity checker and launcher"
        into /var/qmail
        insopts -o root -g root -m 644
        dobin ${FILESDIR}/config-sanity-check
        dobin ${FILESDIR}/qmail-config-system

        if use ssl; then
                einfo "SSL Certificate creation script"
                dobin ${FILESDIR}/mkservercert
                einfo "RSA key generation cronjob"
                insinto /etc/cron.hourly
                doins ${FILESDIR}/qmail-genrsacert.sh
                chmod +x ${D}/etc/cron.hourly/qmail-genrsacert.sh

                # for some files
                keepdir /var/qmail/control/tlshosts/
        fi
}

rootmailfixup() {
        # so you can check mail as root easily
        local TMPCMD="ln -sf /var/qmail/alias/.maildir/ ${ROOT}/root/.maildir"
        if [ -d "${ROOT}/root/.maildir" ] && [ ! -L "${ROOT}/root/.maildir" ] ; then
                einfo "Previously the qmail ebuilds created /root/.maildir/ but not"
                einfo "mail was every delivered there. If the directory does not"
                einfo "contain any mail, please delete it and run:"
                einfo "${TMPCMD}"
        else
                ${TMPCMD}
        fi
        chown -R alias:qmail ${ROOT}/var/qmail/alias/.maildir 2>/dev/null
}

buildtcprules() {
        for i in smtp qmtp qmqp pop3; do
                # please note that we don't check if it exists
                # as we want it to make the cdb files anyway!
                f=tcp.qmail-${i}
                src=${ROOT}${TCPRULES_DIR}/${f}
                cdb=${ROOT}${TCPRULES_DIR}/${f}.cdb
                tmp=${ROOT}${TCPRULES_DIR}/.${f}.tmp
                cat ${src} 2>/dev/null | tcprules ${cdb} ${tmp}
        done
}

pkg_postinst() {

        einfo "Setting up the message queue hierarchy ..."
        # queue-fix makes life easy!
        /var/qmail/bin/queue-fix ${ROOT}/var/qmail/queue >/dev/null

        rootmailfixup
        buildtcprules

        # for good measure
        env-update

        einfo "To setup qmail to run out-of-the-box on your system, run:"
        einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"
        echo
        einfo "To start qmail at boot you have to add svscan to your startup"
        einfo "and create the following links:"
        einfo "ln -s /var/qmail/supervise/qmail-send /service/qmail-send"
        einfo "ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd"
        echo
        einfo "To start the pop3 server as well, create the following link:"
        einfo "ln -s /var/qmail/supervise/qmail-pop3d /service/qmail-pop3d"
        echo
        einfo "Additionally, the QMTP and QMQP protocols are supported, "
        einfo "and can be started as:"
        einfo "ln -s /var/qmail/supervise/qmail-qmtpd /service/qmail-qmtpd"
        einfo "ln -s /var/qmail/supervise/qmail-qmqpd /service/qmail-qmqpd"
        echo
        einfo "Additionally, if you wish to run qmail right now, you should "
        einfo "run this before anything else:"
        einfo "source /etc/profile"
}

pkg_preinst() {
        mkdir -p ${TCPRULES_DIR}
        for proto in smtp qmtp qmqp pop3; do
                for ext in '' .cdb; do
                        old="/etc/tcp.${proto}${ext}"
                        new="${TCPRULES_DIR}/tcp.qmail-${proto}${ext}"
                        fail=0
                        if [ -f "$old" -a ! -f "$new" ]; then
                                einfo "Moving $old to $new"
                                cp $old $new || fail=1
                        else
                                fail=1
                        fi
                        if [ "${fail}" = "1" ]; then
                                eerror "Error moving $old to $new, be sure to check the"
                                eerror "configuration! You may have already moved the files,"
                                eerror "in which case you can delete $old"
                        fi
                done
        done
}

pkg_config() {

        # avoid some weird locale problems
        export LC_ALL="C"

        if [ ${ROOT} = "/" ] ; then
                if [ ! -f ${ROOT}var/qmail/control/me ] ; then
                        export qhost=`hostname --fqdn`
                        ${ROOT}var/qmail/bin/config-fast $qhost
                fi
        else
                ewarn "Skipping some configuration as it MUST be run on the final host"
        fi

        einfo "Accepting relaying by default from all ips configured on this machine."
        LOCALIPS=`/sbin/ifconfig  | grep inet | cut -d' ' -f 12 -s | cut -b 6-20`
        TCPSTRING=":allow,RELAYCLIENT=\"\",RBLSMTPD=\"\""
        for ip in $LOCALIPS; do
                myline="${ip}${TCPSTRING}"
                for proto in smtp qmtp qmqp; do
                        f="${ROOT}${TCPRULES_DIR}/tcp.qmail-${proto}"
                        egrep -q "${myline}" ${f} || echo "${myline}" >>${f}
                done
        done

        buildtcprules

        if use ssl; then
                ${ROOT}etc/cron.daily/qmail-genrsacert.sh
                einfo "Creating a self-signed ssl-certificate:"
                /var/qmail/bin/mkservercert
                einfo "If you want to have a properly signed certificate "
                einfo "instead, do the following:"
                einfo "openssl req -new -nodes -out req.pem \\"
                einfo "-config /var/qmail/control/servercert.cnf \\"
                einfo "-keyout /var/qmail/control/servercert.pem"
                einfo "Send req.pem to your CA to obtain signed_req.pem, and do:"
                einfo "cat signed_req.pem >> /var/qmail/control/servercert.pem"
        fi
}

[tecknojunky]

This new paradigm is more tha welcome.

Setting up spf TXT was easy on zoneedit.com, so at least no one can forge mails on the bahalfs of my domains.

Thanks for the ebuild. I will most certainly try it on a test box which currently is an old mirror of my current mail server.

I'll keep you posted of any woes. No news = good news.

[Gaspode]

What's the current status of SPF for Gentoo's qmail? Last time I checked (earlier today ), it was still not in qmail-1.03-r15 or r16... are there any plans to implement it, or has that idea silently died?

[radulucian]

another 9 months have passed since the last question on this thread.

any news on being able to do sometime soon something like:

Code: Select all

USE="spf" emerge qmail

??

any update at all ? is SPF an ideea that died in the meantime? if yes, any bright replacements?

[ito]

another 9 months have passed since the last question on this thread.

any news on being able to do sometime soon something like:

Code: Select all

USE="spf" emerge qmail

??

any update at all ? is SPF an ideea that died in the meantime? if yes, any bright replacements?

Spamassassin can check spf

[magic919]

I think the News page on http://www.openspf.org/news.html says it all. Nothing in 2005.

SPF has not died as an idea but suffers from a general lack of implementation. I see more use of sender callout in my SMTP logs than i used to.

[hegga]

any news when the spf patch for qmail will be available in portage?
seems that this has taken some time...

[puke]

Has anyone looked at this opinion piece? It recommends domainkeys over SPF. I've tried to get domainkeys working but it seems like I can't get qmail-dk to compile properly. Anyone had any success with this?