Changelog
- Sep 10, 2024: the original
netqmail
sources are now compatible with latestgcc
compilers.
Remove all existing MTA's
like sendmail
:
rm /usr/sbin/sendmail
For Slackware
users:
removepkg /var/log/packages/sendmail*
Create users and groups:
groupadd nofiles useradd -g nofiles -d /var/qmail/alias alias useradd -g nofiles -d /var/qmail qmaild useradd -g nofiles -d /var/qmail qmaill useradd -g nofiles -d /var/qmail qmailp groupadd qmail useradd -g qmail -d /var/qmail qmailq useradd -g qmail -d /var/qmail qmailr useradd -g qmail -d /var/qmail qmails
The original netqmail-1.06
sources won't compile with latest gcc
versions. I solved all the compilation breaks/warnings up to gcc-14.2
and loaded the final result to my github space. Let's download netqmail-1.06
from there and compile:
cd /usr/local/src git clone -b netqmail-1.06 git@github.com:sagredo-dev/qmail.git cd qmail make setup check
qmail
will be patched, recompiled and configured once vpopmail
has been installed.
Create a symbolic link of the sendmail program
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
In his book The qmail Handbook, Dave Sill explains why we need to create a symbolic link for sendmail
:
Because
Sendmail
was the de facto UnixMTA
for years, many scripts and utilities run it directly to send mail messages. For this reason,qmail
and otherUnix MTAs
provide asendmail
replacement that emulatesSendmail
’s behavior for injecting message. Qmail’ssendmail
resides in /var/qmail/bin/sendmail, so we’ll symbolically link it to the traditional location of Sendmail’ssendmail
:
Add bin dir to your PATH
and man dir to MANPATH
PATH=$PATH:/var/qmail/bin export PATH MANPATH=$MANPATH:/var/qmail/man export MANPATH
Remember to save the new PATH
and MANPATH
in your profile (usually /etc/profile) also.
Comments
Qmail + HAproxy
Flavio September 26, 2023 20:56 CET
Hi Roberto,
Firstly, I'd like to express my gratitude for the invaluable tutorials you've been providing. I've been an ardent follower for years and have found your content indispensable.
Recently, I've embarked on a project where I've positioned three qmail-submission servers (587) behind an HAPROXY. Although Haproxy integrates seamlessly with Dovecot and qmail-submission, I've run into a bit of a snag. With qmail, I'm facing challenges capturing the proxy protocol header. Consequently, all connections on port 587 appear to originate from the Haproxy's IP address. This has been a persistent issue over the past few months, and my efforts to find an SMTP level balancing solution for qmail haven't borne fruit.
I was wondering if you might have come across any resources or solutions pertaining to the use of qmail with Haproxy? Furthermore, based on your expertise, do you have any suggestions or recommendations tailored for my specific scenario?
Your insights would be invaluable, and I truly appreciate your time and assistance.
Reply | Permalink
Qmail + HAproxy
Roberto Puzzanghera Flavio September 26, 2023 21:21 CET
Hi Favio,
thanks for your appreciation. Unfortunately I'm afraid I can't be of any help as I don't use Haproxy. However, it's not very clear to me what happening whan you say that you're facing challenges capturing the proxy protocol header...
Reply | Permalink
Qmail + HAproxy
Anonymous Roberto Puzzanghera September 27, 2023 03:00 CET
Roberto,
Thanks for answering me.
When using a proxy with haproxy, the IP we have for the qmail connection is the proxy's IP and I then need to capture the real IP of the request to change the information for log, but this information is sent by haproxy in the header. I understand that qmail does not have an option to handle this in which I can inform that SMTP is receiving connections from a proxy, as is done in dovecot and postfix.
So I was wondering if you have any patch suggestions or other scalable options for qmail-smtp?
Reply | Permalink
Qmail + HAproxy
Roberto Puzzanghera Anonymous September 27, 2023 14:00 CET
Have you considered to use the dovecot submission service in front of qmail SMTP? I'm wondering if qmail will see the client IP when dovecot is behind your proxy and qmail-smtpd
Reply | Permalink
qmail-smtpd and OAUTH
Ronaldo March 1, 2021 14:22 CET
Hi Roberto, would you know if it is possible to use qmail-smtpd with OAUTH authentication?
Reply | Permalink
qmail-smtpd and OAUTH
Roberto Puzzanghera Ronaldo March 2, 2021 09:29 CET
I'm not aware of any patch to do oauth authentication
Reply | Permalink
read failed error
nic December 31, 2015 04:46 CET
Dear Roberto,
Happy New Year to you in advanced.
I have a user who is using IP 14.100.x.x sending email via my server with an internet IP of 10.10.12.10. I do not have any idea what is this IP 10.236.225.108
Do you have a clue what is going on? How can i allow this email to go through?
Thanks
nic
Reply | Permalink
Happy new year, Nic
roberto puzzanghera nic December 31, 2015 08:33 CET
Happy new year, Nic
I think 10.236.225.108 should be the helo of the client. I don't know why it is using such an ip. You can get the same log testing from command line..
Reply | Permalink
SSL3 error
nic June 10, 2015 08:43 CET
Hi Roberto,
I am begining to see bounces like this.
I'm not going to try again; this message has been in the queue too long.
May i know what is wrong? What should i do?
Many thanks
nic
Reply | Permalink
Fix TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK
Arturo nic July 1, 2015 20:33 CET
Hi,
A few days ago I notice a user of the same problem as you relate, indeed it seems that the problem is due to the version of openssl on the remote server (currently have the latest version of openssl).
Downgrading openssl, it does not seem the most appropriate, since in particular the openssl is quite important.
To resolve the issue I made an exception ssl check for these remote hots.
I leave the steps in case help someone:
(If you do not know the mx record of the domain you can use: "dig mx domain.com")
Reply | Permalink
I will update this thread,
miz Arturo October 15, 2015 14:27 CET
I will update this thread, sorry if it is the wrong place. I'm still going on with my hardening steps on my qmail server.
I'm trying to fix this output from a penetration testing scan:
- Deprecated SSLv2 and SSLv3 Protocol Detection
- Check for SSL Weak Ciphers
These two issues refer to my qmail ssl submit service running on port 465 (submission service on 587 is already ok, thanks to this line in the /var/qmail/ssl/env/tls.env file:
CIPHERS="TLSv1+HIGH:!SSLv3:!SSLv2:!MD5"
Dovecot is alreay fine with this:
10-ssl.conf:ssl_protocols = !SSLv2 !SSLv3
I tried to put this content in the /var/qmail/control/tlsserverciphers:
ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM
but this breaks all the submission services (I get an "unknown error" both on 465 and 587 ports).
Question is, how can I disable SSLv2/SSLv3 and all the weak cyphers for 465 qmail service ?
Thank you !
Reply | Permalink
I gueess it's an openssl
roberto puzzanghera nic June 10, 2015 11:21 CET
I guess it's an openssl related error, but I've never seen it...
Reply | Permalink
Dear Roberto,I realised it
nic roberto puzzanghera June 11, 2015 05:43 CET
Dear Roberto,
I realised it is the openssl package 1.0.1e-30.el6.9 is causing this. I had downgraded to 1.0.1e-30.el6.8.x86_64 and it is working fine.
Many thanks
nic
Reply | Permalink
qmail-smtpd: read failed:
Nic July 30, 2013 06:22 CET
Hi, I am getting alot of in my /var/log/qmail/smtpd/current qmail-smtpd: read failed: & qmail-smtpd read failed (null) And i realized alot of legit emails are rejected by these. Any idea what does this means and how to solve this issue? Many thanks again nic
Reply | Permalink
qmail-smtpd: read failed:
Gabriel Torres Nic July 6, 2019 19:40 CET
Hi Roberto,
I see the exact same behavior here. About 5,000 transactions listed as "read failed" in our qmail-smtpd log per day, all from legit transactional emails coming from our webserver (i.e., relay). Following the logs, I can see a corresponding entry at the qmail-send log, at about the same time, saying the email was delivered succesfully. So we can assume the emails are being delivered correctly. Why this error is being logged is something we need to investigate further, looking at the source code to understand why it is being shown. We didn't have these error messages with our previous qmail installation, following a different (outdated) guide.
Cheers!
Reply | Permalink
qmail-smtpd: read failed:
Roberto Puzzanghera Gabriel Torres July 8, 2019 09:04 CET
webserver? did you mean messages coming from your mail server?
Reply | Permalink
Hi Nic,they are rejections
roberto puzzanghera Nic July 30, 2013 07:43 CET
Hi Nic,
they are rejections due to bad smtp syntax by the client, definitely a spam or a bot bad connection attempt. Me too have tons of such lines in the log and never had a complaint for an unreceived msg :)
These days I'm looking for an additional patch just to improve the verbosity of smtpd, which would help to show more details of such rejections...
Reply | Permalink
Hi Roberto,Seem like these
Nicholas roberto puzzanghera July 30, 2013 18:34 CET
Hi Roberto,
Seem like these emails are from a copier. The user is trying to scan some documents from the copier to an email address on the server.
The email address used to send from the copier is not authenticated. It is the ISP's email address which do not need to be verifed.
Thus the emails were rejected by spamdyke. I had then added the email into whitelist_senders but still got rejected by spamdyke.
Guess i will have to check with the spamdyke mailing list
Thanks
nic
Reply | Permalink
qmail-smtpd: read failed
Tiago Oliveira de Jesus Nicholas November 5, 2014 18:27 CET
Hi Roberto!
First, sorry my bad english...
I was looking for the same error, qmail-smtpd: read failed.
In may case, i see many real messages refused from server at logs, but the message is received in user account.
I think the sending server received errors and try to send again.
I received report from user when he received same message many times... and, i search logs and look this...
From he user, sender is real person using Gmail...
Looking qmail-smtp logs, i see other cases, many messages sent by Bots or spammers and others reals..
In case of spam, i see at Spam Folder at RoundCube, many copies of same message, again, i think this because sending server received errors and try to send again.
You have any idea ?
I'm look for timeout from qmail, but the default values is big at time:
[] s
Tiago
Reply | Permalink
Hi Tiago, can you show the
roberto puzzanghera Tiago Oliveira de Jesus November 5, 2014 20:09 CET
Hi Tiago, can you show the logs of those failures?
Reply | Permalink
qmail-smtpd: read failed - LOGS
Tiago Oliveira de Jesus roberto puzzanghera November 6, 2014 12:21 CET
Yes, see two cases bellow:
First:
Second:
I'm borred mails and subjects, minus @gmail.com at first
I noticed that the scan time of spamd is high at many cases... but not all
[] s
Reply | Permalink
you have to investigate about
roberto puzzanghera Tiago Oliveira de Jesus November 6, 2014 15:33 CET
you have to investigate about that read-failure... have you performed all suggested tests to your mail server? If yes, send me in private a telnet session on port 25 recorded when receiving a message from the outnet. Or you can enable recordio as explained here towards the bottom of the page http://notes.sagredo.eu/node/22
Reply | Permalink
554 Error
Nic October 22, 2012 13:18 CET
Hi,
I had installed a toaster base on your tutorial. Everything is running good. But my setup will not be able to accept mails from Yahoo. I had tested almost all the free mail available and found out that Yahoo is the only 1 with issue.
It just bounced with the error below
I had check my log, and i am very sure the server received it well.
Any idea what is going on?
Many thanks
Nic
Reply | Permalink
Hi Nic
roberto puzzanghera Nic October 22, 2012 13:59 CET
Hi Nic,
supposing that your LDA is working fine, did you test just a particular yahoo's address or you get a bounce each time you receive a message from yahoo?
If the first option is true, does the sender address contain any strange character such as + - (minus) etc.?
What LDA are you using? dovecot-lda? vpopmail delivery?
What does qmail-send say?
Reply | Permalink
Hi Roberto,Thanks for your
Nic roberto puzzanghera October 23, 2012 07:40 CET
Hi Roberto,
Thanks for your reply.
It happens to all incoming yahoo addresses and i am very sure there isnt any strange character in any of these addresses.
I am using vpopmail delivery.
/var/log/qmail/current does not contain any log from yahoo email. Where can i see the log for qmail-send ?
Many thanks
Nic
Reply | Permalink
Hi Nic,Assuming that those
roberto puzzanghera Nic October 23, 2012 08:56 CET
Hi Nic,
Assuming that those messages are not considered spam, that you are not using an rbl list and that the messages are accepted by your qmail-smtpd as shown by the logs above, the qmail-send log is /var/log/qmail/send/current (if you are following my tutorial). You should see the reason why the message is not stored and the bounce message must be shown also by qmail-smtpd log
Reply | Permalink
Hi,/var/log/qmail/send/curren
Nic roberto puzzanghera October 23, 2012 13:24 CET
Hi,
/var/log/qmail/send/current does not log the bounced from Yahoo mails. But it is loging other domains.
What other aspect should i look into?
Thanks
nic
Reply | Permalink
..in addition, if the message
roberto puzzanghera Nic October 23, 2012 13:41 CET
..in addition, if the message passed qmail-smtpd stage as shown by your log the problem should be the delivery, and this should be shown by qmail-send log as well.
Reply | Permalink
Many thanks Roberto.I got it
Nic roberto puzzanghera October 24, 2012 15:05 CET
Many thanks Roberto.
I got it to work by recompiling simscan. Now i got into another situation.
I had setup Send Vacation Auto-Response on my email account. The auto-response works great. But when 2 accounts have turn on Auto-Response and send mail to each other, both account will be disabled due to overquota.These 2 accounts do not have mail quota set.
What should i do to fix this or stop the looping.
Thanks
nic
Reply | Permalink
If I have understand well
roberto puzzanghera Nic October 23, 2012 13:30 CET
If I have understand well, all messages from yahoo are bounced from you mail server. In that case you should see a sent message looking into qmail-send log.
Reply | Permalink
Hi,I understand you well. But
Nic roberto puzzanghera October 23, 2012 13:42 CET
Hi,
I understand you well. But /var/log/qmail/send/current is not logging anything for Yahoo mails. I thought it is not working. But i try sending out mails and i can see those entries.
regards
nic
Reply | Permalink