Other email-related patches

Here are some other patches I've written:

(on this page: rblsmtpd-logmsg | serialmail-logmsg | Early Talker | errno & clean patches | NORCPTHOSTS)

rblsmtpd-logmsg: Additional logging for rblsmtpd

Overview

If you use rblsmtpd to check connections against RBLs you may like to know what the sender and intended recipient of the blocked messages are. This patch gives you this information, which is useful if you need to trace [non-receipt of] particular emails or generate statistics for your anti-spam measures.

make clean and errno tweaks are also included in this patch, no need to apply them separately.

Pre-requisites

This patch applies cleanly to ucspi-tcp-0.88.

Download

Download the patch here.

Installation

Change into your ucspi-tcp source directory and type,

patch < path_to_patch/rblsmtpd-logmsg-v1.1.patch

and compile/install ucspi-tcp as normal.

Usage

In order to log the envelope sender and recipient addresses, rblsmtpd must wait for the sending system to specify these during rblsmtpd's dummy SMTP session. You should ensure that rblsmtpd is given enough time for the remote system to send the corresponding data - so either don't use the -t option, or make sure the timeout specified with -t isn't zero (which would just terminate the session before the sender and recipient are known).

You will find that the logs now include envelope sender and recipient information for RBL-blocked connections. You may wish to use this patch in conjunction with the qmail-logmsg patch; the summary awk script for qmail-logmsg can easily be adapted to summarise the rblsmtpd log entries too.

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.

serialmail-logmsg: Additional logging for serialmail

Overview

This compact patch adds logging of the envelope sender and recipient to serialsmtp, part of the serialmail package.

make clean and errno tweaks are also included in this patch, no need to apply them separately.

Pre-requisites

This patch applies cleanly to serialmail-0.75.

Download

Download the patch here.

Installation

Change into your serialmail source directory and type,

patch < path_to_patch/serialmail-0.75_logmsg-v1.1.patch

and compile/install serialmail as normal.

Usage

Assuming serialsmtp is part of your serialmail setup (serialsmtp is used by maildirsmtp.sh for example) you'll now see the sender envelope and recipient logged as well as the result of the attempted delivery (message from remote server).

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.

Early Talker patch for qmail-smtpd

Overview

This compact patch adds a switch (via an environment variable) to qmail to enable a pause before the SMTP greeting to detect violation of the SMTP protocol: If the remote 'talker' tries to send SMTP commands prior to the SMTP greeting the connection is terminated.

Such early talking is normally associated with zombie machines tasked with sending spam, so disconnecting the session like this should reduce the amount of spam received by your system when you're getting early talkers.

The patch is a variation on greetdelay patches by Erwin Hoffmann and John Simpson.

Pre-requisites

This patch is specifically for netqmail-1.06 with the qmail-logmsg logging patch (versions 1.0 / 1.1 / 1.2 / 1.3).

Download

Download the patch here.

Installation

Change into your netqmail source directory and type,

patch < path_to_patch/earlytalker-v1.0.patch

and compile/install netqmail as normal.

Usage

The environment variable EARLYTALKERDROPTIME is used to specify the length of delay (in seconds). Typically this is set in the run file (assuming you're using daemontools) and/or in the cdb file for qmail-smtpd (assuming you're running it via tcpserver with the -x option). Disable the pause by setting it to 0 seconds: EARLYTALKERDROPTIME="0" Please see the (patched) qmail-smtpd man page for more detail.

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.

'make clean' & errno tweaks

Some of the software by Daniel Bernstein (DJB) software doesn't include a clean target in the Makefile (enabling make clean).

A frequently asked question about DJB software is compilation on Linux resulting in errors mentioning errno. I like his solution to this problem.

These trivial patches add these changes to packages where they are absent:

• For ucspi-tcp-0.88 (included in rblsmtpd-logmsg)
• For mess822-0.58 (included in ofmipd-plus)
• For serialmail-0.75 (included in serialmail-logmsg)

NORCPTHOSTS patch (deprecated)

Overview

This simple patch adds a switch (via an environment variable) to qmail to disable rcpthosts[.cdb], so qmail refuses mail until relaying is enabled, typically via an additional SMTP AUTH patch. This is useful if you're using the same machine with different ports to handle both MX traffic (mail in) and relaying (mail submission) with SMTP AUTH. Setting the NORCPTHOSTS environment variable (for mail submission) disables rcpthosts and rcpthosts.cdb. It is deprecated since a patched ofmipd provides a better way of doing SMTP AUTH, see below.

With this patch, you can use various filters such as RBL blacklists or greylisting on the MX service, whilst the mail submission service relies on authentication. Users connecting from blacklisted locations can still send mail since they authenticate to access the service.

Note that instead of using this patch, I suggest using ofmipd-plus for mail submission.

Typical Application

This patch is relevant if you want to have a single qmail installation providing an authenticated relaying service and acting as an MX for one or more domains - these two services being on separate ports or addresses.

Relay: The relaying service uses SMTP AUTH (or some other form of authentication) which enables qmail-smtpd to accept mail for delivery once authenticated. No mail is accepted prior to authentication to prevent spammers being able to use this service to spam your domains. Note that having RELAYCLIENT set overrides NORCPTHOSTS.

MX: The same instance of qmail can also be used for the MX service on the same machine - mail is accepted for domains in rcpthosts[.cdb]. To limit spam, filters can be used (rblsmtpd, greylisting etc).

Download

Download the patch here.

Installation

Change into your qmail source directory, put the patch there then type,

patch < qmail-1.03_norcpthosts.patch

The patch should apply cleanly against qmail-1.03 or netqmail-1.05.

Re. some of the popular patches, this patch shouldn't clash with any of: Dabrowski/Johnston SMTP AUTH, Hoffmann SMTP AUTH, Russ Nelson's virusscan. There's a small conflict with Paul Jarc's realrcptto patch if you use that, but this is easily fixed by hand (apply realrcptto first in this case for the minimal amount of work).

Usage

For the relaying port/address, ensure NORCPTHOSTS is set (to "") - either as part of the run script or in a cdb if you're using tcpserver's -x option.

For the MX port/address, neither NORCPTHOSTS nor RELAYCLIENT should be set.

Also please see the "Typical Application" section above.

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.

This page last updated: AR, 30th June 2011.