Mon Jan 01 12:01:24 BRST 2007

Version 2

My patch is the union of several patchs of qmail-1.03, upgraded for netqmail-1.05. To install,
get netqmail 1.05, my patch V2 and then set it up:

mkdir -p /usr/src/qmailsource/patches
cd /usr/src/qmailsource
wget http://qmail.org/netqmail-1.05.tar.gz
cd /usr/src/qmailsource/patches
wget http://www.linuxti.pro.br/patches/netqmail-1.05-but3k4-V2-20070101.patch
cd /usr/src/qmailsource
tar -xzf netqmail-1.05.tar.gz
cd netqmail-1.05
./collate.sh
cd netqmail-1.05
patch -p0 < ../../patches/netqmail-1.05-but3k4-V2-20070101.patch

Obs: edit the Makefile and change the ssl lib dir, and conf-cc and change the include ssl dir.

make setup check

Obs: You need to modify the /service/qmail-smtpd/run script to smtp_auth works, so:

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

to:

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`

and

exec /usr/local/bin/softlimit -m 5000000 \
    /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /var/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
            -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r bl.spamcop.net \
            -r relays.ordb.org /var/qmail/bin/qmail-smtpd 2>&1

to:

exec /usr/local/bin/softlimit -m 5000000 \
    /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /var/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
            -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r bl.spamcop.net \
            -r relays.ordb.org /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw true 2>&1

and:

chmod 4755 /var/vpopmail/bin/vchkpw
chown root /var/vpopmail/bin/vchkpw

now, create the certificate:

cd /usr/src/qmailsource/netqmail-1.05/netqmail-1.05/

make cert
make cert-req

run the script on crontab:

01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1

good luck!

follows below the patches list:

- big-concurrency.patch: Allows qmail to use a concurrency greater than 240 (current qmail limit). 
It has been reported to work well in almost all environments and might be handy if you are 
expecting high volumes of mail traffic.

- big-todo.103.patch: creates sub directories under the qmail/queue/todo directory. This helps on 
installations where the not yet preprocessed queue size gets large. By Dave Smith (update for qmail-1.03), 
Bruce Guenter (qmail-qstat update), and Russel Nelson.

- ext_todo-20030105.patch: André Oppermann updated his ext-todo patch which solves the 
'silly qmail syndrome'. That's where qmail spends more time processing incoming email than scheduling deliveries.

- netqmail-maildir++.patch: his patch adds maildirquota (Maildir++) support to qmail-pop3d and qmail-local. 
It was created because when vpopmail switched to maildirquotas, a user's quota usage was not decreased after 
deleting mail via qmail-pop3d.

- netqmail-1.05-heloreq.patch: I create this patch because i needed to deny empty helo and the qregex patch don't check
this. Error message by delphus. The default is off. To enable:
        Usage: echo 1 > /var/qmail/control/heloreq

- netqmail-1.05-tls-20060104.patch: Frederik Vermeulen <http://inoa.net/qmail-tls/> create this patch that implements 
RFC 3207 (was RFC 2487) in qmail. This means you can get SSL or TLS encrypted and authenticated SMTP between the MTAs 
and from MUA to MTA.

- patch-qmail-1.03-rfc2821.diff: This patch changes qmail-remote to skip over MX servers that greet with 
codes 4xx or 5xx and try the next MX for real RFC-2821 compliance (Sendmail and Postfix do that).

- qmail-1.03-dns.patch: Christopher Davis's oversize DNS patch - it makes qmail accept oversized DNS packets. 
If you do not want some of the legitimate mail to get lost, I would recommend you to use this patch.

- qmail-1.03-maxrcpt-2.patch: allows you to set a limit on how many recipients are specified for any one email message.
RFC2821 says that an MTA MUST allow at least 100 recipients for each message, but MAY elect not to allow any more than
that. I choose not to, since this is one of the favourite tricks of the spammer. I modified this patch to verify if the 
email sender exists in the /var/qmail/control/maxrcptusers file, if exist the maxrcpt limit is not applied. 
Example:
	Usage: echo "40" > /var/qmail/control/maxrcpt.
	       echo "user@domain.com" >> /var/qmail/control/maxrcptusers. The maxrcpt limit is not applied to user 
	       user@domain.com.

- qmail-1.03-mfcheck.4.patch: A lot of spammers use fake domain names in their messages - this patch checks if 
the domain in "from" field exists. If it doesn't, the email simply gets rejected. The default is off. To enable, 
usage: echo 1 > /var/qmail/control/mfcheck

- qmail-bounce.patch: Here is a little patch by Frank DENIS aka Jedi/Sector One <j@4u.net> to limit the size of 
bounces. The default limit for bounces is 50000 bytes, but you can create a file in /var/qmail/control/bouncemaxbytes 
(or wherever your control directory is) in order to change that number.

- qmail-canonical.rcpt.patch: The qmail-remote log only show the RCPT TO address before canonicalisation. 
This patch adds real name logging.

- qmail-date-localtime.patch: John Saunders has patch to date822fmt.c which causes it to emit dates in the local timezone.

- qmail-doublebounce-trim.patch: I decided to integrate this patch because I got sick of double bounce messages 
sitting in qmail queue forever. Spammers usually fake the from field with an invalid email address, which results 
in thousands of bounce messages. This patch allows you to complete discard all double bounce messages to save server 
load and traffic.

- qmail-smtpd-auth-057_tgz.bin: SMTP Authentication is a scheme which was introduced in 1999 by J. Meyers of Netscape
Communications and finally released as RFC 2554 ("SMTP Service Extension for Authentication"). It is partly based on
the SMTP Service Extensions as defined in RFC 1869. Most modern SMTP implementations support SMTP Authentication,
whereas Qmail 1.03 does not (without a patch).

- qmail-tap.diff: Qmail tap allows you to specify a control/taps file with regex style list of email addresses or 
domains that you need to keep a copy of all email. By Inter7.

Example: echo ".*@domain.com:admin@example.com" > /var/qmail/control/taps. To tap a whole domain and send a 
copy to admin@example.com
	 echo "user@domain.com:archive@example.com" >> /var/qmail/control/taps. To tap an individual email 
	 address and send a copy to archive@example.com

- qregex-20060423.patch: qregex adds the ability to match address evelopes via Regular Expressions (REs) in the
qmail-smtpd process. It has the abiltiy to match `helo/ehlo` (host name), `mail from` (envelope sender), and
`rcpt to` (envelope recipient) commands. It follows all the base rules that are set out with qmail (ie using control
files) so it makes for easy integretion into an existing setup (see the install instructions for more info).
Example:
	Usage: echo "[!%#:*^(){}]" >> /var/qmail/control/badmailto
	       echo "[!%#:*^(){}]" >> /var/qmail/control/badmailfrom

- tarpit.patch : The tarpit patch is targeted towards spammers who try to bomb your mail server with a long list of 
recipients. It inserts small delays in an smtp session for each recipient in the mail message (after some set number 
of recipients). This slows down their session, resulting in timeouts in spammer's mail software. 
	Usage: echo 60 > /var/qmail/control/tarpitcount
	       echo 60 > /var/qmail/control/tarpitdelay