Archive for the ‘qmail’ Category

Adding domainkeys support to qmail under FreeBSD

Wednesday, July 16th, 2008

Recently, I have been adding domainkeys support to qmail by following John Simpson’s manual under FreeBSD 6.3-RC2. I will not repeat installation procedure here as it’s all crystal clear from the link above. However, I faced with couple of small issues while doing domainkeys integration – I’m not sure may be it’s specific to FreeBSD only. Anyway, I think it’s worth to mention them here.


authvchkpw module is no longer supported by Courier authlib

Sunday, June 15th, 2008

Starting from 0.60.4 authvchkpw module is no longer supported by Courier authentication library.

According to message from Mr. Sam the module was dropped because of lack of support from vchkpw developers. This statement actually contradicts with what Bill Shupp says:

Interesting, Sam ignored my last bugfix that I sent him afaik. And vpopmail always seemed like an annoyance, even though Inter7 hosted all the courier stuff for years, and was an early proponent of courier- imap. Maybe it’s time to move on.

Moreover, looks like Mr. Sam is not happy with qmail in general which, most probably, means authvchkpw was dropped forever.

I’ve been using Courier-IMAP with authvchkpw for almost eight years and was quite OK with it. I don’t agree that qmail is dead and have no intentions to switch to other MTAs in the near future. Having said that I would agree with Bill – it looks like it’s time to move on and do some reconsideration. Next week I’m planning to install Dovecot in a test environment and play with migration from Courier-IMAP. If it all goes smoothly as described in Migration HOWTO I would be ready to switch at once. Not that I feel sorry for this switch (new software – new things to learn), I just don’t think support should be dropped THAT way.

validrcptto & merging two different recipient sources

Sunday, May 4th, 2008

Today I’ve been approached by one of our projects with the request to build qmail’s validrcptto.cdb from two different sources.

They use two email servers: the first one, powered by qmail and patched with great patch set by John Simpson, is providing SMTP relay services including virus/spam scanning for, the second one is powered by Exchange within AD. qmail server also serves as a mailing list server hosting subdomain.

The idea is the following. First, get the list of valid recipients from Exchange server by using the script called adexport written by Brian Landers wrapped by John Simpson’s adexport-go script. Then merge it with the local list generated by John Simpson’s mkvalidrcptto script and finally build validrcptto.cdb.


Running second instance of qmail

Tuesday, February 5th, 2008

Running several instances of qmail on one server is quite straight forward process. Although there are several ways to do it, I prefer the following one. My goal was to setup second instance of qmail serving SMTP AUTH (587/tcp) requests along with regular SMTP (25/tcp). I mean no separate queues, same dispatcher, same IP, but different ports. Note, that qmail was installed and configured using Life With Qmail (LWQ) instructions.

1. Let’s stop qmail:

  1. svc -d /var/service/qmail-*

2. Copy existing qmail-smtpd directory and call it differently – let’s say qmail-smtpdauth:

  1. cp -R /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-smtpdauth

3. Edit the run file located in the qmail-smtpdauth and make necessary changes, like changing port number and similar.

4. You may definitely want to have separate log files for the secondary instance:

  1. mkdir /var/log/qmail/qmail-smtpdauth
  2. chown qmaill /var/log/qmail/qmail-smtpdauth

5. Edit /var/qmail/supervise/qmail-smtpdauth/log/run file and make it log to /var/log/qmail/qmail-smtpdauth.

6. Fire up new instance:

  1. ln -s /var/qmail/supervise/qmail-smtpdauth /var/service

7. Check the new instance is up and running:

  1. sockstat -4 | grep 587
  2. qmaild tcpserver 2246 3 tcp4 *:*

How to rotate clamd/freshclam log files

Sunday, January 27th, 2008

At some point you may get the following message in freshclam.log file:

  1. Log size = 3701814, max = 1048576
  2. LOGGING DISABLED (Maximal log file size exceeded).

That means that you reached the maximum allowed log size defined by LogFileMaxSize parameter found in clamd.conf and basically logging was disabled.

So, how to rotate freshclam.log?

There is a way to rotate ClamAV log files using newsyslog. In order to do this edit /etc/newsyslog.conf and add the following line (all in one line), following by killall -HUP syslogd:

  1. /var/log/clamav/freshclam.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/ 1

It does look like a standard newsyslog entry with four values worth mentioning though. qscand:qscand is the one who runs clamd/freshclam (I use clamd with qmail-scanner). The second one $W0D1 means rotate every week on Sunday at 1AM. The third and the forth one /var/run/clamav/ 1 mean that the signal number 1 will be sent to the daemon’s process ID (/var/run/clamav/ which stands for HUP (hang up). In other words we just restart freshclam after each sucessfull log rotation.

Check man newsyslog.conf and man kill for more details in case interested.

PS: I beleive you can rotate clamd.log the same way assuming that you would change PID to /var/run/clamav/, not tested though.

PSS [20080528]: Confirmed. Same technique works fine with clamd.log as well.

  1. /var/log/clamav/clamd.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/ 1

ezmlm & mailing group being subscriber of another mailing group

Thursday, January 24th, 2008

Let’s say there is ezmlm created mailing group (dev at kaba1ah dot org) and it is included into another ezmlm based group (office at kaba1ah dot org). If you send a message to office at kaba1ah dot org delivery to dev at kaba1ah dot org will be rejected with the following error:

  1. failure: ezmlm-reject:_fatal:_List_address_must_be_in_To:_or_Cc:_(#5.7.0)/

In order to bypass this error check .qmail-office which is responsible for office at kaba1ah dot org mailing list. I use vpopmail so the requested file is located at /home/vpopmail/domains/ and replace

  1. |/usr/local/bin/ezmlm-reject '/home/vpopmail/domains/'


  1. |/usr/local/bin/ezmlm-reject -T '/home/vpopmail/domains/'

Note -T added after ezmlm-reject. This would do the trick. Just out of curiosity: according to man ezmlm-reject:

  1. -T Do not require the list  address in the “To:'' or “Cc:'' header(s).

Finally, here is an entry in ezmlm FAQ:

8.1 Requiring the list address in To:/Cc: headers.

SPAM or junk mail is usually sent by mailing a single message to a large number of (unwilling) recipients. As such, it usually does not contain the E-mail address of all recipients (remember, junk mailers pay for these address lists). By rejecting messages that do not have the list address in the To: or Cc: header(s) a large fraction of spam to the list can be filtered out.

This filter function is activated by default, but will work only if you specify the list directory on the ezmlm-reject(1) command line. To disable this restriction, remove the “DIR” argument from the ezmlm-reject(1) command line, or add the “-T” switch.

By default, this error is logged, and an error message is sent to the sender. Since virtually all the failures will be SPAM and virtually all spam has a faked SENDER, most of these error messages will go to the postmaster. Thus, you may want to use the ezmlm-reject “-q” switch (quiet) to suppress the sender notification.