Changeset cd8630b for npl/mailserver/netqmail_conf

Timestamp:

04/26/18 17:32:02 (7 years ago)

Author:

Edwin Eefting <edwin@datux.nl>

Branches:

gcc484, master, perl-5.22

Children:

dd97a57

Parents:

a1525ed

Message:

improved logging. auth and tls support. qmail-submission on port 587 (requires both tls and auth to relay mails from the internet)

Location:

npl/mailserver/netqmail_conf

Files:

• netqmail_conf.SlackBuild.log.gz (modified) (previous)
• netqmail_conf.build (modified) (1 diff)
• netqmail_conf.md5 (modified) (2 diffs)
• netqmail_conf.pkg (modified) (previous)
• root/etc/postinst.d/post.qmail_conf (modified) (2 diffs)
• root/home/system/qmail/control/maxrcpt.new (added)
• root/home/system/qmail/control/relaylimits.new (added)
• root/home/system/qmail/control/softlimit.new (added)
• root/home/system/qmail/control/spfbehavior.new (added)
• root/home/system/qmail/tcp.smtp.new (modified) (1 diff)
• root/home/system/qmail/tcp.submission.new (added)
• root/service/qmail-submission (added)
• root/var/qmail/bin/rcptcheck-overlimit.sh (added)
• root/var/qmail/rc (modified) (1 diff)
• root/var/qmail/supervise/qmail-send/log/run (modified) (1 diff)
• root/var/qmail/supervise/qmail-send/run (modified) (1 diff)
• root/var/qmail/supervise/qmail-smtpd/log/run (modified) (1 diff)
• root/var/qmail/supervise/qmail-smtpd/run (modified) (1 diff)
• root/var/qmail/supervise/qmail-submission/log/run (added)
• root/var/qmail/supervise/qmail-submission/run (added)

npl/mailserver/netqmail_conf/netqmail_conf.build

@@ -1 @@
-12
+44

npl/mailserver/netqmail_conf/netqmail_conf.md5

@@ -1 @@
-a83917f02f1e85d479845f7320f0dae7  ./netqmail_conf.pkg
+4a3ea1f245ba89dbd4c44d7b173fa573  ./netqmail_conf.pkg
 f4f9e3673e49bd56810ee75e666f51a0  ./netqmail_conf.SlackBuild
-645660c303d54a7f7bb3a8e353d1c2da  ./netqmail_conf.SlackBuild.log.gz
-2a672ffe56f6e7145f57531c29299a81  ./root/etc/postinst.d/post.qmail_conf
+9051cc6545cbb773b6a114d4d6015b3e  ./netqmail_conf.SlackBuild.log.gz
+5bdd6ee187432550f75b30b467f6d2c3  ./root/etc/postinst.d/post.qmail_conf
 efed79f2f7840be05415132dd99e005a  ./root/etc/qmail.permissions
 a781066c2d8b2e42e4eae0cd0545391b  ./root/etc/qmail.rc.config
@@ -8 +8 @@
 1dcca23355272056f04fe8bf20edfce0  ./root/home/system/qmail/control/concurrencyincoming.new
 d41d8cd98f00b204e9800998ecf8427e  ./root/home/system/qmail/control/defaultdomain.new
+919d117956d3135c4c683ff021352f5c  ./root/home/system/qmail/control/maxrcpt.new
 2909a2c64757ce93daa60e3cfc653ef1  ./root/home/system/qmail/control/qmqpservers.new
 d41d8cd98f00b204e9800998ecf8427e  ./root/home/system/qmail/control/rcpthosts.new
+063221b732091cd47898d4f4de0d3a86  ./root/home/system/qmail/control/relaylimits.new
+7f06a0bdfe40105eb7150c89ca23fe0a  ./root/home/system/qmail/control/softlimit.new
+6d7fce9fee471194aa8b5b6e47267f03  ./root/home/system/qmail/control/spfbehavior.new
 d41d8cd98f00b204e9800998ecf8427e  ./root/home/system/qmail/control/virtualdomains.new
 d41d8cd98f00b204e9800998ecf8427e  ./root/home/system/qmail/queue/lock/sendmutex
 0f343b0931126a20f133d67c2b018a3b  ./root/home/system/qmail/queue/lock/tcpto
-18b654d9240fe02239158602ca741e11  ./root/home/system/qmail/tcp.smtp.new
+5e6055ce99316030e416d8f7243e99cd  ./root/home/system/qmail/tcp.smtp.new
+0361f8191be2fc0c7a64208973181e81  ./root/home/system/qmail/tcp.submission.new
 c373bf047e4be7894e0eb539ecade81e  ./root/home/system/qmail/users/assign.new
 a85ddde2346842cfb84c449322334cf6  ./root/usr/bin/syn3-dagent
 997aa1db669e5946bc88187056e5983e  ./root/var/qmail/bin/qmailctl
-f111ffdeddc4e3608dcfe1a23aea575e  ./root/var/qmail/rc
-834dad5113515d0f00981fdc1d07fa84  ./root/var/qmail/supervise/qmail-send/log/run
-3af893d1db453aa180125cb7678d9f4c  ./root/var/qmail/supervise/qmail-send/run
-f43900d79a0aacb5e0d71b0bb6c06fea  ./root/var/qmail/supervise/qmail-smtpd/log/run
-dbafd2aadce02c19799a16ed00fc01dd  ./root/var/qmail/supervise/qmail-smtpd/run
+d219929668d14245324a90cc8889a953  ./root/var/qmail/bin/rcptcheck-overlimit.sh
+b6d113884ec042aa912297837d7e1711  ./root/var/qmail/rc
+d2264d4a1eb480b446148386491d6d96  ./root/var/qmail/supervise/qmail-send/log/run
+ce8344b9f086b8d80deedd97999af4a2  ./root/var/qmail/supervise/qmail-send/run
+664eb748dcf70763bbb8af153a60f4fc  ./root/var/qmail/supervise/qmail-smtpd/log/run
+d1b75635cf714be5a03ae4b559eabff7  ./root/var/qmail/supervise/qmail-smtpd/run
+0c00964a4500bb13bcba905b59954802  ./root/var/qmail/supervise/qmail-submission/log/run
+00df93e4a56a546880039677deb50a30  ./root/var/qmail/supervise/qmail-submission/run

npl/mailserver/netqmail_conf/root/etc/postinst.d/post.qmail_conf

@@ -37 +37 @@
 
 
+# logging via syslog in /var/log/maillog from now on
+rm -rf /var/log/qmail/
+
+
 # permissions
 . /etc/qmail.permissions
 qmail_permissions
-cd /var/log/qmail
-chown -R qmaill.nofiles .
-chgrp root .
-chmod -R og-wrx .
-chmod g+rx .
+
 
 #stuff
@@ -61 +61 @@
 #regenerate cdb
 tcprules /etc/qmail/tcp.smtp.cdb /etc/qmail/tcp.smtp.tmp < /etc/qmail/tcp.smtp
+tcprules /etc/qmail/tcp.submission.cdb /etc/qmail/tcp.submission.tmp < /etc/qmail/tcp.submission
+
+
+#TLS configuration
+if ! [ -e /var/qmail/control/dh1024.pem ]; then
+    openssl dhparam -out /var/qmail/control/dh1024.pem.tmp 1024 || exit 1
+    chown qmaild /var/qmail/control/dh1024.pem.tmp || exit 1
+    chmod 400 /var/qmail/control/dh1024.pem.tmp || exit 1
+    mv /var/qmail/control/dh1024.pem.tmp /var/qmail/control/dh1024.pem || exit 1
+fi
+
+
+
 
 #enable scripts (x is disble to prevent starting up after first installation of binary)
-chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run
+chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run /service/qmail-submission/run /service/qmail-submission/log/run

npl/mailserver/netqmail_conf/root/home/system/qmail/tcp.smtp.new

@@ -20 +20 @@
 192.168.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
 10.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
-:allow,QMAILQUEUE="bin/qmail-qmqpc"
+:allow,QMAILQUEUE="bin/qmail-qmqpc",CHKUSER_WRONGRCPTLIMIT="3"

npl/mailserver/netqmail_conf/root/var/qmail/rc

@@ -1 +1 @@
 #!/bin/sh
-exec env - PATH="/var/qmail/bin:$PATH" qmail-start ''  splogger qmail
+
+# Using stdout for logging
+# Using control/defaultdelivery from qmail-local to deliver messages by default
+
+# DKIM signign
+#exec env - PATH="/var/qmail/bin:$PATH" \
+#QMAILREMOTE=/var/qmail/bin/spawn-filter  \
+#FILTERARGS=/var/qmail/bin/dk-filter \
+#qmail-start "`cat /var/qmail/control/defaultdelivery`" 
+
+exec env - PATH="/var/qmail/bin:$PATH" \
+qmail-start "`cat /var/qmail/control/defaultdelivery`"

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/log/run

@@ -1 +1 @@
 #!/bin/sh
-exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-send
+exec /usr/bin/setuidgid qmaill logger -t qmail-send -p mail.info

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/run

@@ -1 +1 @@
 #!/bin/sh
+exec 2>&1
+
 #dynamic update of hostname
 hostname -f > /var/qmail/control/me

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/log/run

@@ -1 +1 @@
 #!/bin/sh
-exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-smtpd
+exec /usr/bin/setuidgid qmaill logger -t qmail-smtpd -p mail.info

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/run

@@ -1 +1 @@
 #!/bin/sh
+
+exec 2>&1
+
+##### OUD
+# QMAILDUID=`id -u qmaild`
+# NOFILESGID=`id -g qmaild`
+# MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
+# LOCAL=`head -1 /var/qmail/control/me`
+# if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
+#     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
+#     echo /var/qmail/supervise/qmail-smtpd/run
+#     exit 1
+# fi
+# if [ ! -f /var/qmail/control/rcpthosts ]; then
+#     echo "No /var/qmail/control/rcpthosts!"
+#     echo "Refusing to start SMTP listener because it'll create an open relay"
+#     exit 1
+# fi
+# exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
+######
+
 QMAILDUID=`id -u qmaild`
 NOFILESGID=`id -g qmaild`
 MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
+SOFTLIMIT=`cat /var/qmail/control/softlimit`
 LOCAL=`head -1 /var/qmail/control/me`
-if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
-    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
-    echo /var/qmail/supervise/qmail-smtpd/run
-    exit 1
-fi
-if [ ! -f /var/qmail/control/rcpthosts ]; then
-    echo "No /var/qmail/control/rcpthosts!"
-    echo "Refusing to start SMTP listener because it'll create an open relay"
-    exit 1
-fi
-exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
+
+# This enables greetdelay for qmail-smtpd
+export SMTPD_GREETDELAY=20
+export DROP_PRE_GREET=1
+
+# This enables chkuser
+export CHKUSER_START=ALWAYS
+
+# DKIM - SURBL configuration
+# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
+#export SURBL=1                               # Comment out to enable SURBL filtering
+#export QMAILQUEUE=/var/qmail/bin/surblqueue  # executes surblfilter
+#export SURBLQUEUE=/var/qmail/bin/qmail-dkim  # executes qmail-dkim afer sublfilter
+#export DKIMQUEUE=/var/qmail/bin/simscan      # simscan is executed after qmail-dkim
+# DKIM verification. Use carefully
+#export DKIMVERIFY="FGHKLMNOQRTVWjp"
+# This is to avoid verification of outgoing messages
+#export RELAYCLIENT_NODKIMVERIFY=1
+
+# This turns off TLS on port 25
+# export DISABLETLS="1"
+
+# Requires that authenticated user and 'mail from' are identical
+#export FORCEAUTHMAILFROM="1"
+
+# rcptcheck-overlimit. Limits the number of emails sent by relayclients
+export RCPTCHECK=/var/qmail/bin/rcptcheck-overlimit.sh
+export RCPTCHECKRELAYCLIENT="1"
+
+# This enables simscan debug
+#export SIMSCAN_DEBUG=4
+
+exec /usr/bin/softlimit -m "$SOFTLIMIT" \
+    /usr/bin/tcpserver -v -H -R -l "$LOCAL" \
+    -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" \
+    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
+    /var/qmail/bin/qmail-smtpd 2>&1