Changeset cd8630b for npl/mailserver/netqmail_conf/root

Timestamp:

04/26/18 17:32:02 (7 years ago)

Author:

Edwin Eefting <edwin@datux.nl>

Branches:

gcc484, master, perl-5.22

Children:

dd97a57

Parents:

a1525ed

Message:

improved logging. auth and tls support. qmail-submission on port 587 (requires both tls and auth to relay mails from the internet)

Location:

npl/mailserver/netqmail_conf/root

Files:

• etc/postinst.d/post.qmail_conf (modified) (2 diffs)
• home/system/qmail/control/maxrcpt.new (added)
• home/system/qmail/control/relaylimits.new (added)
• home/system/qmail/control/softlimit.new (added)
• home/system/qmail/control/spfbehavior.new (added)
• home/system/qmail/tcp.smtp.new (modified) (1 diff)
• home/system/qmail/tcp.submission.new (added)
• service/qmail-submission (added)
• var/qmail/bin/rcptcheck-overlimit.sh (added)
• var/qmail/rc (modified) (1 diff)
• var/qmail/supervise/qmail-send/log/run (modified) (1 diff)
• var/qmail/supervise/qmail-send/run (modified) (1 diff)
• var/qmail/supervise/qmail-smtpd/log/run (modified) (1 diff)
• var/qmail/supervise/qmail-smtpd/run (modified) (1 diff)
• var/qmail/supervise/qmail-submission/log/run (added)
• var/qmail/supervise/qmail-submission/run (added)

npl/mailserver/netqmail_conf/root/etc/postinst.d/post.qmail_conf

@@ -37 +37 @@
 
 
+# logging via syslog in /var/log/maillog from now on
+rm -rf /var/log/qmail/
+
+
 # permissions
 . /etc/qmail.permissions
 qmail_permissions
-cd /var/log/qmail
-chown -R qmaill.nofiles .
-chgrp root .
-chmod -R og-wrx .
-chmod g+rx .
+
 
 #stuff
@@ -61 +61 @@
 #regenerate cdb
 tcprules /etc/qmail/tcp.smtp.cdb /etc/qmail/tcp.smtp.tmp < /etc/qmail/tcp.smtp
+tcprules /etc/qmail/tcp.submission.cdb /etc/qmail/tcp.submission.tmp < /etc/qmail/tcp.submission
+
+
+#TLS configuration
+if ! [ -e /var/qmail/control/dh1024.pem ]; then
+    openssl dhparam -out /var/qmail/control/dh1024.pem.tmp 1024 || exit 1
+    chown qmaild /var/qmail/control/dh1024.pem.tmp || exit 1
+    chmod 400 /var/qmail/control/dh1024.pem.tmp || exit 1
+    mv /var/qmail/control/dh1024.pem.tmp /var/qmail/control/dh1024.pem || exit 1
+fi
+
+
+
 
 #enable scripts (x is disble to prevent starting up after first installation of binary)
-chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run
+chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run /service/qmail-submission/run /service/qmail-submission/log/run

npl/mailserver/netqmail_conf/root/home/system/qmail/tcp.smtp.new

@@ -20 +20 @@
 192.168.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
 10.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
-:allow,QMAILQUEUE="bin/qmail-qmqpc"
+:allow,QMAILQUEUE="bin/qmail-qmqpc",CHKUSER_WRONGRCPTLIMIT="3"

npl/mailserver/netqmail_conf/root/var/qmail/rc

@@ -1 +1 @@
 #!/bin/sh
-exec env - PATH="/var/qmail/bin:$PATH" qmail-start ''  splogger qmail
+
+# Using stdout for logging
+# Using control/defaultdelivery from qmail-local to deliver messages by default
+
+# DKIM signign
+#exec env - PATH="/var/qmail/bin:$PATH" \
+#QMAILREMOTE=/var/qmail/bin/spawn-filter  \
+#FILTERARGS=/var/qmail/bin/dk-filter \
+#qmail-start "`cat /var/qmail/control/defaultdelivery`" 
+
+exec env - PATH="/var/qmail/bin:$PATH" \
+qmail-start "`cat /var/qmail/control/defaultdelivery`"

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/log/run

@@ -1 +1 @@
 #!/bin/sh
-exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-send
+exec /usr/bin/setuidgid qmaill logger -t qmail-send -p mail.info

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/run

@@ -1 +1 @@
 #!/bin/sh
+exec 2>&1
+
 #dynamic update of hostname
 hostname -f > /var/qmail/control/me

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/log/run

@@ -1 +1 @@
 #!/bin/sh
-exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-smtpd
+exec /usr/bin/setuidgid qmaill logger -t qmail-smtpd -p mail.info

npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/run

@@ -1 +1 @@
 #!/bin/sh
+
+exec 2>&1
+
+##### OUD
+# QMAILDUID=`id -u qmaild`
+# NOFILESGID=`id -g qmaild`
+# MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
+# LOCAL=`head -1 /var/qmail/control/me`
+# if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
+#     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
+#     echo /var/qmail/supervise/qmail-smtpd/run
+#     exit 1
+# fi
+# if [ ! -f /var/qmail/control/rcpthosts ]; then
+#     echo "No /var/qmail/control/rcpthosts!"
+#     echo "Refusing to start SMTP listener because it'll create an open relay"
+#     exit 1
+# fi
+# exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
+######
+
 QMAILDUID=`id -u qmaild`
 NOFILESGID=`id -g qmaild`
 MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
+SOFTLIMIT=`cat /var/qmail/control/softlimit`
 LOCAL=`head -1 /var/qmail/control/me`
-if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
-    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
-    echo /var/qmail/supervise/qmail-smtpd/run
-    exit 1
-fi
-if [ ! -f /var/qmail/control/rcpthosts ]; then
-    echo "No /var/qmail/control/rcpthosts!"
-    echo "Refusing to start SMTP listener because it'll create an open relay"
-    exit 1
-fi
-exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
+
+# This enables greetdelay for qmail-smtpd
+export SMTPD_GREETDELAY=20
+export DROP_PRE_GREET=1
+
+# This enables chkuser
+export CHKUSER_START=ALWAYS
+
+# DKIM - SURBL configuration
+# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
+#export SURBL=1                               # Comment out to enable SURBL filtering
+#export QMAILQUEUE=/var/qmail/bin/surblqueue  # executes surblfilter
+#export SURBLQUEUE=/var/qmail/bin/qmail-dkim  # executes qmail-dkim afer sublfilter
+#export DKIMQUEUE=/var/qmail/bin/simscan      # simscan is executed after qmail-dkim
+# DKIM verification. Use carefully
+#export DKIMVERIFY="FGHKLMNOQRTVWjp"
+# This is to avoid verification of outgoing messages
+#export RELAYCLIENT_NODKIMVERIFY=1
+
+# This turns off TLS on port 25
+# export DISABLETLS="1"
+
+# Requires that authenticated user and 'mail from' are identical
+#export FORCEAUTHMAILFROM="1"
+
+# rcptcheck-overlimit. Limits the number of emails sent by relayclients
+export RCPTCHECK=/var/qmail/bin/rcptcheck-overlimit.sh
+export RCPTCHECKRELAYCLIENT="1"
+
+# This enables simscan debug
+#export SIMSCAN_DEBUG=4
+
+exec /usr/bin/softlimit -m "$SOFTLIMIT" \
+    /usr/bin/tcpserver -v -H -R -l "$LOCAL" \
+    -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" \
+    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
+    /var/qmail/bin/qmail-smtpd 2>&1