diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..f087b42 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.tar.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1534ba5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.rpm +*.log +*spec-20* diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..7eb8e5d --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: qmail +# $Id: Makefile,v 1.1 2016/02/04 12:14:55 vip-ire Exp $ +NAME := qmail +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index c9c002e..0a88583 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ # qmail -3rd Party (Maintained by Koozali) git repo for qmail smeserver \ No newline at end of file +3rd Party (Maintained by Koozali) git repo for qmail smeserver + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
+ +Qmail is a mail transfer agent (MTA) used to deliver and receive email from the Internet. It is an open source software package released under the GPL license. Qmail offers features such as spam filtering, virus scanning, and multidomain support. It is used by many ISPs and web hosting companies to provide reliable email service to their customers. diff --git a/any-to-cname.patch b/any-to-cname.patch new file mode 100644 index 0000000..1853b32 --- /dev/null +++ b/any-to-cname.patch @@ -0,0 +1,11 @@ +--- qmail-1.03-original/dns.c Mon Jun 15 10:53:16 1998 ++++ qmail-1.03/dns.c Wed Mar 5 11:31:13 2003 +@@ -196,7 +196,7 @@ + if (!sa->len) return loop; + if (sa->s[sa->len - 1] == ']') return loop; + if (sa->s[sa->len - 1] == '.') { --sa->len; continue; } +- switch(resolve(sa,T_ANY)) ++ switch(resolve(sa,T_CNAME)) + { + case DNS_MEM: return DNS_MEM; + case DNS_SOFT: return DNS_SOFT; diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..ef36a67 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +sme10 diff --git a/moreipme.README b/moreipme.README new file mode 100644 index 0000000..df98a3a --- /dev/null +++ b/moreipme.README @@ -0,0 +1,154 @@ +########### +### WHO ### +########### + +This patch was written by Scott Gifford . +The design and much of the code for supporting "notipme" was +contributed by Charles Cazabon . + + +############ +### WHAT ### +############ + +This patch may be necessary in some configurations that involve network +address translation or port forwarding. It prevents a problem caused +by an MX or other mail routing directive instructing qmail to connect to +itself without realizing it's connecting to itself. When this happens, +it accepts the message, finds out where to deliver it to (itself), and +promptly reconnects to itself to deliver the message. Eventually, when +it has done this 20 or 30 times, it will give up and bounce the message, +but not before sucking up all of your CPU while it's happening. + +It may also be useful in some configurations that have multiple qmail +servers configured on different interfaces of the same system. qmail +will normally refuse to deliver mail by SMTP to the machine it's +running on, but with multiple copies of qmail, you may want to prevent +this behavior. + +Normally, qmail can detect what IP addresses refer to itself by getting +a list of all network interfaces with IP addresses from the operating +system. It uses this list to determine whether connecting to an address +will cause it to connect to itself, and avoid the situation (it calls +the perm_ambigmx() function, which prints the message: + + Sorry. Although I'm listed as a best-preference MX or A for that host, + it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) + +But in situations where the OS is not aware of all IP addresses that +connect back to itself, this detection fails, causing the CPU-sucking +phenomenon described above. This can happen if there is a network +address translation device in front of the qmail server, such as a +load-balancer or a router which allows you to share one IP address among +several machines; if there is a port forwarder forwarding connections +from some other machine to the SMTP server on the qmail server; or in +configurations where a "dumb" mailserver is configured to use your qmail +server as a "smarthost", delivering all mail to it without inspection. + +To solve this, other IP addresses which will ultimately connect back to +your machine can be added to the file "control/moreipme", one per line. +qmail will treat all addresses in this file exactly as if they were +local, and if it finds an MX record or other mail routing information +which would cause it to connect to any of these addresses, it will call +perm_ambigmx(), and print the above error message. + +Additionally, IP addresses which the system detects but which should +*not* be treated as local can be removed from qmail's ipme list by +adding them to the file "control/notipme". + +IP addresses can be specified as individual addresses in the usual +dotted-quad format, or as entire networks using a slash followed by +the full dotted-quad netmask: + + 127.0.0.1 + 127.0.0.1/255.255.255.255 + 127.0.0.0/255.0.0.0 + 10.0.0.0/255.255.255.0 + +An individual address is treated exactly like a network with a mask of +255.255.255.255. Addresses of interfaces found on the system are +added with their individual addresses. In addition, these addresses +are implicitly added: + + 0.0.0.0 + 127.0.0.0/255.0.0.0 + +So the list of system addresses (the "ipme" list) is, in order, +127.0.0.0/255.0.0.0, 0.0.0.0, then all actual interfaces on the system +in the order they are reported, then the contents of the "moreipme" +file. The list of excluded addresses (the "notipme" list) is just the +contents of the "notipme" file. + +If an address appears in both the ipme list and the notipme list, the +entry with the longest netmask wins. If the netmask lengths are the +same, notipme wins. + +For example, if the ipme list has 127.0.0.0/255.0.0.0 and notipme has +127.0.0.2, then 127.0.0.2 will not be considered me because the entry +in notipme has a 32-bit mask. If the notipme list has +127.0.0.0/255.0.0.0, all of 127.* will not be considered me. + +You can run the program "ipmeprint" from the source directory to see +what interfaces qmail is detecting or finds in moreipme. + +You can run the program "ipmetest" from the source directory to test +your configuration. It takes as its first and only parameter an IP +address to test, and prints either "me" or "not me". + +########### +### HOW ### +########### + +To apply the patch, download and save it somewhere, then cd into your +qmail source directory. + +For stock qmail, download qmail-1.03-moreipme-0.6.patch then run: + + cd qmail-1.03 + patch -p1 20190517 +http://inoa.net/qmail-tls/ + +This patch implements RFC 3207 in qmail. +This means you can get SSL or TLS encrypted and +authenticated SMTP between the MTAs and from MUA to MTA. +The code is considered experimental (but has worked for +many since its first release on 1999-03-21). + +Usage: - install OpenSSL-1.1.0 http://www.openssl.org/ or later + (any version since 0.9.8 is presumed to work) + - apply patch to netqmail-1.06 http://qmail.org/netqmail + The patches to qmail-remote.c and qmail-smtpd.c can be applied + separately. + - provide a server certificate in /var/qmail/control/servercert.pem. + "make cert" makes a self-signed certificate. + "make cert-req" makes a certificate request. + Note: you can add the CA certificate and intermediate + certs to the end of servercert.pem. + - replace qmail-smtpd and/or qmail-remote binary + - verify operation (header information should show + something like + "Received [..] with (DHE-RSA-AES256-SHA encrypted) SMTP;") + +Optional: - when DEBUG is defined, some extra TLS info will be logged + - qmail-remote will authenticate with the certificate in + /var/qmail/control/clientcert.pem. By preference this is + the same as servercert.pem, where nsCertType should be + == server,client or be a generic certificate (no usage specified). + - when a 2048 bit RSA key is provided in /var/qmail/control/rsa2048.pem, + this key will be used instead of (slow) on-the-fly generation by + qmail-smtpd. Idem for 2048 DH param in control/dh2048.pem. + `make tmprsadh` does this. + Periodical replacement can be done by crontab: + 01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1 + - server authentication: + qmail-remote requires authentication from servers for which + /var/qmail/control/tlshosts/host.dom.ain.pem exists. + The .pem file contains the validating CA certificates. + One of the dNSName or the CommonName attributes have to match. + WARNING: this option may cause mail to be delayed, bounced, + doublebounced, and lost. + If /var/qmail/control/tlshosts/exhaustivelist is present, + the lists of hosts in /var/qmail/control/tlshosts is + an exhaustive list of hosts TLS is tried on. + If /var/qmail/control/notlshosts/host.dom.ain is present, + no TLS is tried on this host. + - client authentication: + when relay rules would reject an incoming mail, + qmail-smtpd can allow the mail based on a presented cert. + Certs are verified against a CA list in + /var/qmail/control/clientca.pem (eg. from + http://curl.haxx.se/ca/cacert.pem) + and the cert email-address has to match a line in + /var/qmail/control/tlsclients. This email-address is logged + in the headers. CRLs can be provided through + /var/qmail/control/clientcrl.pem. + - cipher selection: + qmail-remote: + openssl cipher string (`man ciphers`) read from + /var/qmail/control/tlsclientciphers + qmail-smtpd: + openssl cipher string read from TLSCIPHERS environment variable + (can vary based on client IP address e.g.) + or if that is not available /var/qmail/control/tlsserverciphers + - smtps (deprecated SMTP over TLS via port 465): + qmail-remote: when connecting to port 465 + qmail-smtpd: when SMTPS environment variable is not empty + +Caveats: - do a `make clean` after patching + - binaries dynamically linked with current openssl versions need + recompilation when the shared openssl libs are upgraded. + - this patch could conflict with other patches (notably those + replacing \n with \r\n, which is a bad idea on encrypted links). + - needs working /dev/urandom (or EGD for openssl versions >0.9.7) + for seeding random number generator. + - packagers should make sure that installing without a valid + servercert is impossible + - when applied in combination with AUTH patch, AUTH patch + should be applied first and first part of this patch + will fail. This error can be ignored. Packagers should + cut the first 12 lines of this patch to make a happy + patch + - `make tmprsadh` is recommended (or should I say required), + otherwise DH generation can be unpredictably slow + - some need "-I/usr/kerberos/include" to be added in conf-cc + +Copyright: GPL + Links with OpenSSL + Inspiration and code from examples in SSLeay (E. Young + and T. Hudson ), + stunnel (M. Trojnara ), + Postfix/TLS (L. Jaenicke ), + modssl (R. Engelschall ), + openssl examples of E. Rescorla . + +Bug reports: mailto: + + +>----< Cut the next 12 lines if applying over AUTH server patch >---< +--- qmail-1.03/qmail-smtpd.c Mon Jun 15 03:53:16 1998 ++++ qmail-1.03-tls/qmail-smtpd.c Tue Jun 18 09:49:38 2002 +@@ -229,7 +229,8 @@ + } + void smtp_ehlo(arg) char *arg; + { +- smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n"); ++ smtp_greet("250-"); ++ out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n"); + seenmail = 0; dohelo(arg); + } + void smtp_rset() +>----< Cut previous 12 lines if applying over AUTH server patch >---< + + + +>----< The next 89 lines are the qmail-remote EHLO patch >---< +--- qmail-1.03/qmail-remote.c Mon Jun 15 03:53:16 1998 ++++ qmail-1.03-tls/qmail-remote.c Sun Nov 24 13:05:20 2002 +@@ -163,6 +163,59 @@ unsigned long smtpcode() + return code; + } + ++#ifdef EHLO ++saa ehlokw = {0}; /* list of EHLO keywords and parameters */ ++int maxehlokwlen = 0; ++ ++unsigned long ehlo() ++{ ++ stralloc *sa; ++ char *s, *e, *p; ++ unsigned long code; ++ ++ if (ehlokw.len > maxehlokwlen) maxehlokwlen = ehlokw.len; ++ ehlokw.len = 0; ++ ++# ifdef MXPS ++ if (type == 's') return 0; ++# endif ++ ++ substdio_puts(&smtpto, "EHLO "); ++ substdio_put(&smtpto, helohost.s, helohost.len); ++ substdio_puts(&smtpto, "\r\n"); ++ substdio_flush(&smtpto); ++ ++ code = smtpcode(); ++ if (code != 250) return code; ++ ++ s = smtptext.s; ++ while (*s++ != '\n') ; /* skip the first line: contains the domain */ ++ ++ e = smtptext.s + smtptext.len - 6; /* 250-?\n */ ++ while (s <= e) ++ { ++ if (!saa_readyplus(&ehlokw, 1)) temp_nomem(); ++ sa = ehlokw.sa + ehlokw.len++; ++ if (ehlokw.len > maxehlokwlen) *sa = sauninit; else sa->len = 0; ++ ++ /* smtptext is known to end in a '\n' */ ++ for (p = (s += 4); ; ++p) ++ if (*p == '\n' || *p == ' ' || *p == '\t') { ++ if (!stralloc_catb(sa, s, p - s) || !stralloc_0(sa)) temp_nomem(); ++ if (*p++ == '\n') break; ++ while (*p == ' ' || *p == '\t') ; ++ s = p; ++ } ++ s = p; ++ /* keyword should consist of alpha-num and '-' ++ * broken AUTH might use '=' instead of space */ ++ for (p = sa->s; *p; ++p) if (*p == '=') { *p = 0; break; } ++ } ++ ++ return 250; ++} ++#endif ++ + void outsmtptext() + { + int i; +@@ -224,12 +277,26 @@ void smtp() + + if (smtpcode() != 220) quit("ZConnected to "," but greeting failed"); + ++#ifdef EHLO ++ code = ehlo(); ++ ++ if (code == 250) { ++ /* add EHLO response checks here */ ++ ++ /* and if EHLO failed, use HELO */ ++ } else { ++#endif ++ + substdio_puts(&smtpto,"HELO "); + substdio_put(&smtpto,helohost.s,helohost.len); + substdio_puts(&smtpto,"\r\n"); + substdio_flush(&smtpto); + if (smtpcode() != 250) quit("ZConnected to "," but my name was rejected"); + ++#ifdef EHLO ++ } ++#endif ++ + substdio_puts(&smtpto,"MAIL FROM:<"); + substdio_put(&smtpto,sender.s,sender.len); + substdio_puts(&smtpto,">\r\n"); +>----< Previous 89 lines are the qmail-remote EHLO patch >---< + + + + +--- netqmail-1.06-orig/qmail-remote.c 2019-04-08 15:26:13.100123364 +0000 ++++ netqmail-1.06/qmail-remote.c 2019-04-02 08:01:50.176790637 +0000 +@@ -48,6 +48,17 @@ saa reciplist = {0}; + + struct ip_address partner; + ++#ifdef TLS ++# include ++# include "tls.h" ++# include "ssl_timeoutio.h" ++# include ++# define EHLO 1 ++ ++int tls_init(); ++const char *ssl_err_str = 0; ++#endif ++ + void out(s) char *s; { if (substdio_puts(subfdoutsmall,s) == -1) _exit(0); } + void zero() { if (substdio_put(subfdoutsmall,"\0",1) == -1) _exit(0); } + void zerodie() { zero(); substdio_flush(subfdoutsmall); _exit(0); } +@@ -99,6 +110,9 @@ void dropped() { + outhost(); + out(" but connection died. "); + if (flagcritical) out("Possible duplicate! "); ++#ifdef TLS ++ if (ssl_err_str) { out((char *)ssl_err_str); out(" "); } ++#endif + out("(#4.4.2)\n"); + zerodie(); + } +@@ -110,6 +124,12 @@ int timeout = 1200; + int saferead(fd,buf,len) int fd; char *buf; int len; + { + int r; ++#ifdef TLS ++ if (ssl) { ++ r = ssl_timeoutread(timeout, smtpfd, smtpfd, ssl, buf, len); ++ if (r < 0) ssl_err_str = ssl_error_str(); ++ } else ++#endif + r = timeoutread(timeout,smtpfd,buf,len); + if (r <= 0) dropped(); + return r; +@@ -117,6 +137,12 @@ int saferead(fd,buf,len) int fd; char *b + int safewrite(fd,buf,len) int fd; char *buf; int len; + { + int r; ++#ifdef TLS ++ if (ssl) { ++ r = ssl_timeoutwrite(timeout, smtpfd, smtpfd, ssl, buf, len); ++ if (r < 0) ssl_err_str = ssl_error_str(); ++ } else ++#endif + r = timeoutwrite(timeout,smtpfd,buf,len); + if (r <= 0) dropped(); + return r; +@@ -194,19 +220,25 @@ unsigned long ehlo() + e = smtptext.s + smtptext.len - 6; /* 250-?\n */ + while (s <= e) + { ++ int wasspace = 0; ++ + if (!saa_readyplus(&ehlokw, 1)) temp_nomem(); + sa = ehlokw.sa + ehlokw.len++; + if (ehlokw.len > maxehlokwlen) *sa = sauninit; else sa->len = 0; + +- /* smtptext is known to end in a '\n' */ +- for (p = (s += 4); ; ++p) +- if (*p == '\n' || *p == ' ' || *p == '\t') { +- if (!stralloc_catb(sa, s, p - s) || !stralloc_0(sa)) temp_nomem(); +- if (*p++ == '\n') break; +- while (*p == ' ' || *p == '\t') ; +- s = p; +- } +- s = p; ++ /* smtptext is known to end in a '\n' */ ++ for (p = (s += 4); ; ++p) ++ if (*p == '\n' || *p == ' ' || *p == '\t') { ++ if (!wasspace) ++ if (!stralloc_catb(sa, s, p - s) || !stralloc_0(sa)) temp_nomem(); ++ if (*p == '\n') break; ++ wasspace = 1; ++ } else if (wasspace == 1) { ++ wasspace = 0; ++ s = p; ++ } ++ s = ++p; ++ + /* keyword should consist of alpha-num and '-' + * broken AUTH might use '=' instead of space */ + for (p = sa->s; *p; ++p) if (*p == '=') { *p = 0; break; } +@@ -232,6 +264,17 @@ void quit(prepend,append) + char *prepend; + char *append; + { ++#ifdef TLS ++ /* shouldn't talk to the client unless in an appropriate state */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ OSSL_HANDSHAKE_STATE state = ssl ? SSL_get_state(ssl) : TLS_ST_BEFORE; ++ if (state & TLS_ST_OK || (!smtps && state & TLS_ST_BEFORE)) ++ ++#else ++ int state = ssl ? ssl->state : SSL_ST_BEFORE; ++ if (state & SSL_ST_OK || (!smtps && state & SSL_ST_BEFORE)) ++#endif ++#endif + substdio_putsflush(&smtpto,"QUIT\r\n"); + /* waiting for remote side is just too ridiculous */ + out(prepend); +@@ -239,6 +282,30 @@ char *append; + out(append); + out(".\n"); + outsmtptext(); ++ ++#if defined(TLS) && defined(DEBUG) ++ if (ssl) { ++ X509 *peercert; ++ ++ out("STARTTLS proto="); out(SSL_get_version(ssl)); ++ out("; cipher="); out(SSL_get_cipher(ssl)); ++ ++ /* we want certificate details */ ++ if (peercert = SSL_get_peer_certificate(ssl)) { ++ char *str; ++ ++ str = X509_NAME_oneline(X509_get_subject_name(peercert), NULL, 0); ++ out("; subject="); out(str); OPENSSL_free(str); ++ ++ str = X509_NAME_oneline(X509_get_issuer_name(peercert), NULL, 0); ++ out("; issuer="); out(str); OPENSSL_free(str); ++ ++ X509_free(peercert); ++ } ++ out(";\n"); ++ } ++#endif ++ + zerodie(); + } + +@@ -267,6 +334,206 @@ void blast() + substdio_flush(&smtpto); + } + ++#ifdef TLS ++char *partner_fqdn = 0; ++ ++# define TLS_QUIT quit(ssl ? "; connected to " : "; connecting to ", "") ++void tls_quit(const char *s1, const char *s2) ++{ ++ out((char *)s1); if (s2) { out(": "); out((char *)s2); } TLS_QUIT; ++} ++# define tls_quit_error(s) tls_quit(s, ssl_error()) ++ ++int match_partner(const char *s, int len) ++{ ++ if (!case_diffb(partner_fqdn, len, s) && !partner_fqdn[len]) return 1; ++ /* we also match if the name is *.domainname */ ++ if (*s == '*') { ++ const char *domain = partner_fqdn + str_chr(partner_fqdn, '.'); ++ if (!case_diffb(domain, --len, ++s) && !domain[len]) return 1; ++ } ++ return 0; ++} ++ ++/* don't want to fail handshake if certificate can't be verified */ ++int verify_cb(int preverify_ok, X509_STORE_CTX *ctx) { return 1; } ++ ++int tls_init() ++{ ++ int i; ++ SSL *myssl; ++ SSL_CTX *ctx; ++ stralloc saciphers = {0}; ++ const char *ciphers, *servercert = 0; ++ ++ if (partner_fqdn) { ++ struct stat st; ++ stralloc tmp = {0}; ++ if (!stralloc_copys(&tmp, "control/tlshosts/") ++ || !stralloc_catb(&tmp, partner_fqdn, str_len(partner_fqdn)) ++ || !stralloc_catb(&tmp, ".pem", 5)) temp_nomem(); ++ if (stat(tmp.s, &st) == 0) ++ servercert = tmp.s; ++ else { ++ if (!stralloc_copys(&tmp, "control/notlshosts/") ++ || !stralloc_catb(&tmp, partner_fqdn, str_len(partner_fqdn)+1)) ++ temp_nomem(); ++ if ((stat("control/tlshosts/exhaustivelist", &st) == 0) || ++ (stat(tmp.s, &st) == 0)) { ++ alloc_free(tmp.s); ++ return 0; ++ } ++ alloc_free(tmp.s); ++ } ++ } ++ ++ if (!smtps) { ++ stralloc *sa = ehlokw.sa; ++ unsigned int len = ehlokw.len; ++ /* look for STARTTLS among EHLO keywords */ ++ for ( ; len && case_diffs(sa->s, "STARTTLS"); ++sa, --len) ; ++ if (!len) { ++ if (!servercert) return 0; ++ out("ZNo TLS achieved while "); out((char *)servercert); ++ out(" exists"); smtptext.len = 0; TLS_QUIT; ++ } ++ } ++ ++ SSL_library_init(); ++ ctx = SSL_CTX_new(SSLv23_client_method()); ++ if (!ctx) { ++ if (!smtps && !servercert) return 0; ++ smtptext.len = 0; ++ tls_quit_error("ZTLS error initializing ctx"); ++ } ++ ++ /* POODLE vulnerability */ ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ++ ++ if (servercert) { ++ if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) { ++ SSL_CTX_free(ctx); ++ smtptext.len = 0; ++ out("ZTLS unable to load "); tls_quit_error(servercert); ++ } ++ /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ ++ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_cb); ++ } ++ ++ /* let the other side complain if it needs a cert and we don't have one */ ++# define CLIENTCERT "control/clientcert.pem" ++ if (SSL_CTX_use_certificate_chain_file(ctx, CLIENTCERT)) ++ SSL_CTX_use_RSAPrivateKey_file(ctx, CLIENTCERT, SSL_FILETYPE_PEM); ++# undef CLIENTCERT ++ ++ myssl = SSL_new(ctx); ++ SSL_CTX_free(ctx); ++ if (!myssl) { ++ if (!smtps && !servercert) return 0; ++ smtptext.len = 0; ++ tls_quit_error("ZTLS error initializing ssl"); ++ } ++ ++ if (!smtps) substdio_putsflush(&smtpto, "STARTTLS\r\n"); ++ ++ /* while the server is preparing a response, do something else */ ++ if (control_readfile(&saciphers, "control/tlsclientciphers", 0) == -1) ++ { SSL_free(myssl); temp_control(); } ++ if (saciphers.len) { ++ for (i = 0; i < saciphers.len - 1; ++i) ++ if (!saciphers.s[i]) saciphers.s[i] = ':'; ++ ciphers = saciphers.s; ++ } ++ else ciphers = "DEFAULT"; ++ SSL_set_cipher_list(myssl, ciphers); ++ alloc_free(saciphers.s); ++ ++ SSL_set_fd(myssl, smtpfd); ++ ++ /* read the response to STARTTLS */ ++ if (!smtps) { ++ if (smtpcode() != 220) { ++ SSL_free(myssl); ++ if (!servercert) return 0; ++ out("ZSTARTTLS rejected while "); ++ out((char *)servercert); out(" exists"); TLS_QUIT; ++ } ++ smtptext.len = 0; ++ } ++ ++ ssl = myssl; ++ if (ssl_timeoutconn(timeout, smtpfd, smtpfd, ssl) <= 0) ++ tls_quit("ZTLS connect failed", ssl_error_str()); ++ ++ if (servercert) { ++ X509 *peercert; ++ STACK_OF(GENERAL_NAME) *gens; ++ int found_gen_dns = 0; ++ int matched_gen_dns = 0; ++ ++ int r = SSL_get_verify_result(ssl); ++ if (r != X509_V_OK) { ++ out("ZTLS unable to verify server with "); ++ tls_quit(servercert, X509_verify_cert_error_string(r)); ++ } ++ alloc_free(servercert); ++ ++ peercert = SSL_get_peer_certificate(ssl); ++ if (!peercert) { ++ out("ZTLS unable to verify server "); ++ tls_quit(partner_fqdn, "no certificate provided"); ++ } ++ ++ /* RFC 2595 section 2.4: find a matching name ++ * first find a match among alternative names */ ++ gens = X509_get_ext_d2i(peercert, NID_subject_alt_name, 0, 0); ++ if (gens) { ++ for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) ++ { ++ const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); ++ if (gn->type == GEN_DNS){ ++ found_gen_dns = 1; ++ if (match_partner(gn->d.ia5->data, gn->d.ia5->length)){ ++ matched_gen_dns = 1; ++ break; ++ } ++ } ++ } ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ } ++ ++ /* no SubjectAltName of type DNS found, look up commonName */ ++ if (!found_gen_dns) { ++ stralloc peer = {0}; ++ X509_NAME *subj = X509_get_subject_name(peercert); ++ i = X509_NAME_get_index_by_NID(subj, NID_commonName, -1); ++ if (i >= 0) { ++ const ASN1_STRING *s = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subj, i)); ++ if (s) { peer.len = s->length; peer.s = s->data; } ++ } ++ if (peer.len <= 0) { ++ out("ZTLS unable to verify server "); ++ tls_quit(partner_fqdn, "certificate contains no valid commonName"); ++ } ++ if (!match_partner(peer.s, peer.len)) { ++ out("ZTLS unable to verify server "); out(partner_fqdn); ++ out(": received certificate for "); outsafe(&peer); TLS_QUIT; ++ } ++ } else if (!matched_gen_dns) { ++ out("ZTLS unable to verify server "); ++ tls_quit(partner_fqdn, "certificate contains no matching dNSNnames"); ++ } ++ ++ X509_free(peercert); ++ } ++ ++ if (smtps) if (smtpcode() != 220) ++ quit("ZTLS Connected to "," but greeting failed"); ++ ++ return 1; ++} ++#endif ++ + stralloc recip = {0}; + + void smtp() +@@ -274,12 +541,37 @@ void smtp() + unsigned long code; + int flagbother; + int i; ++ ++#ifndef PORT_SMTP ++ /* the qmtpc patch uses smtp_port and undefines PORT_SMTP */ ++# define port smtp_port ++#endif ++ ++#ifdef TLS ++# ifdef MXPS ++ if (type == 'S') smtps = 1; ++ else if (type != 's') ++# endif ++ if (port == 465) smtps = 1; ++ if (!smtps) ++#endif + + if (smtpcode() != 220) quit("ZConnected to "," but greeting failed"); + + #ifdef EHLO ++# ifdef TLS ++ if (!smtps) ++# endif + code = ehlo(); + ++# ifdef TLS ++ if (tls_init()) ++ /* RFC2487 says we should issue EHLO (even if we might not need ++ * extensions); at the same time, it does not prohibit a server ++ * to reject the EHLO and make us fallback to HELO */ ++ code = ehlo(); ++# endif ++ + if (code == 250) { + /* add EHLO response checks here */ + +@@ -484,6 +776,9 @@ char **argv; + if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) port,timeoutconnect) == 0) { + tcpto_err(&ip.ix[i].ip,0); + partner = ip.ix[i].ip; ++#ifdef TLS ++ partner_fqdn = ip.ix[i].fqdn; ++#endif + smtp(); /* does not return */ + } + tcpto_err(&ip.ix[i].ip,errno == error_timeout); +--- netqmail-1.06-orig/qmail-remote.8 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/qmail-remote.8 2015-12-01 15:54:59.029940779 +0000 +@@ -114,6 +114,10 @@ arguments. + always exits zero. + .SH "CONTROL FILES" + .TP 5 ++.I clientcert.pem ++SSL certificate that is used to authenticate with the remote server ++during a TLS session. ++.TP 5 + .I helohost + Current host name, + for use solely in saying hello to the remote SMTP server. +@@ -123,6 +127,16 @@ if that is supplied; + otherwise + .B qmail-remote + refuses to run. ++ ++.TP 5 ++.I notlshosts/ ++.B qmail-remote ++will not try TLS on servers for which this file exists ++.RB ( ++is the fully-qualified domain name of the server). ++.IR (tlshosts/.pem ++takes precedence over this file however). ++ + .TP 5 + .I smtproutes + Artificial SMTP routes. +@@ -156,6 +170,8 @@ may be empty; + this tells + .B qmail-remote + to look up MX records as usual. ++.I port ++value of 465 (deprecated smtps port) causes TLS session to be started. + .I smtproutes + may include wildcards: + +@@ -195,6 +211,33 @@ Number of seconds + .B qmail-remote + will wait for each response from the remote SMTP server. + Default: 1200. ++ ++.TP 5 ++.I tlsclientciphers ++A set of OpenSSL client cipher strings. Multiple ciphers ++contained in a string should be separated by a colon. ++ ++.TP 5 ++.I tlshosts/.pem ++.B qmail-remote ++requires TLS authentication from servers for which this file exists ++.RB ( ++is the fully-qualified domain name of the server). One of the ++.I dNSName ++or the ++.I CommonName ++attributes have to match. The file contains the trusted CA certificates. ++ ++.B WARNING: ++this option may cause mail to be delayed, bounced, doublebounced, or lost. ++ ++.TP 5 ++.I tlshosts/exhaustivelist ++if this file exists ++no TLS will be tried on hosts other than those for which a file ++.B tlshosts/.pem ++exists. ++ + .SH "SEE ALSO" + addresses(5), + envelopes(5), +--- netqmail-1.06-orig/qmail-control.9 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/qmail-control.9 2015-12-08 00:33:06.248714330 +0000 +@@ -43,11 +43,14 @@ control default used by + .I badmailfrom \fR(none) \fRqmail-smtpd + .I bouncefrom \fRMAILER-DAEMON \fRqmail-send + .I bouncehost \fIme \fRqmail-send ++.I clientca.pem \fR(none) \fRqmail-smtpd ++.I clientcert.pem \fR(none) \fRqmail-remote + .I concurrencylocal \fR10 \fRqmail-send + .I concurrencyremote \fR20 \fRqmail-send + .I defaultdomain \fIme \fRqmail-inject + .I defaulthost \fIme \fRqmail-inject + .I databytes \fR0 \fRqmail-smtpd ++.I dh2048.pem \fR(none) \fRqmail-smtpd + .I doublebouncehost \fIme \fRqmail-send + .I doublebounceto \fRpostmaster \fRqmail-send + .I envnoathost \fIme \fRqmail-send +@@ -61,11 +64,17 @@ control default used by + .I qmqpservers \fR(none) \fRqmail-qmqpc + .I queuelifetime \fR604800 \fRqmail-send + .I rcpthosts \fR(none) \fRqmail-smtpd ++.I rsa2048.pem \fR(none) \fRqmail-smtpd ++.I servercert.pem \fR(none) \fRqmail-smtpd + .I smtpgreeting \fIme \fRqmail-smtpd + .I smtproutes \fR(none) \fRqmail-remote + .I timeoutconnect \fR60 \fRqmail-remote + .I timeoutremote \fR1200 \fRqmail-remote + .I timeoutsmtpd \fR1200 \fRqmail-smtpd ++.I tlsclients \fR(none) \fRqmail-smtpd ++.I tlsclientciphers \fR(none) \fRqmail-remote ++.I tlshosts/FQDN.pem \fR(none) \fRqmail-remote ++.I tlsserverciphers \fR(none) \fRqmail-smtpd + .I virtualdomains \fR(none) \fRqmail-send + .fi + .RE +--- netqmail-1.06-orig/dns.c 2007-11-30 20:22:54.000000000 +0000 ++++ netqmail-1.06/dns.c 2019-04-08 15:22:04.390598941 +0000 +@@ -267,12 +267,14 @@ stralloc *sa; + int pref; + { + int r; +- struct ip_mx ix; ++ struct ip_mx ix = {0}; + + if (!stralloc_copy(&glue,sa)) return DNS_MEM; + if (!stralloc_0(&glue)) return DNS_MEM; + if (glue.s[0]) { ++#ifndef IX_FQDN + ix.pref = 0; ++#endif + if (!glue.s[ip_scan(glue.s,&ix.ip)] || !glue.s[ip_scanbracket(glue.s,&ix.ip)]) + { + if (!ipalloc_append(ia,&ix)) return DNS_MEM; +@@ -291,9 +293,16 @@ int pref; + ix.ip = ip; + ix.pref = pref; + if (r == DNS_SOFT) return DNS_SOFT; +- if (r == 1) ++ if (r == 1) { ++#ifdef IX_FQDN ++ ix.fqdn = glue.s; ++#endif + if (!ipalloc_append(ia,&ix)) return DNS_MEM; + } ++ } ++#ifdef IX_FQDN ++ glue.s = 0; ++#endif + return 0; + } + +@@ -313,7 +322,7 @@ unsigned long random; + { + int r; + struct mx { stralloc sa; unsigned short p; } *mx; +- struct ip_mx ix; ++ struct ip_mx ix = {0}; + int nummx; + int i; + int j; +@@ -325,7 +334,9 @@ unsigned long random; + if (!stralloc_copy(&glue,sa)) return DNS_MEM; + if (!stralloc_0(&glue)) return DNS_MEM; + if (glue.s[0]) { ++#ifndef IX_FQDN + ix.pref = 0; ++#endif + if (!glue.s[ip_scan(glue.s,&ix.ip)] || !glue.s[ip_scanbracket(glue.s,&ix.ip)]) + { + if (!ipalloc_append(ia,&ix)) return DNS_MEM; +--- netqmail-1.06-orig/hier.c 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/hier.c 2015-12-01 15:54:59.033940812 +0000 +@@ -143,6 +143,9 @@ void hier() + c(auto_qmail,"bin","qail",auto_uido,auto_gidq,0755); + c(auto_qmail,"bin","elq",auto_uido,auto_gidq,0755); + c(auto_qmail,"bin","pinq",auto_uido,auto_gidq,0755); ++#ifdef TLS ++ c(auto_qmail,"bin","update_tmprsadh",auto_uido,auto_gidq,0755); ++#endif + + c(auto_qmail,"man/man5","addresses.5",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/cat5","addresses.0",auto_uido,auto_gidq,0644); +--- netqmail-1.06-orig/ipalloc.h 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/ipalloc.h 2015-12-01 15:54:59.033940812 +0000 +@@ -3,7 +3,15 @@ + + #include "ip.h" + ++#ifdef TLS ++# define IX_FQDN 1 ++#endif ++ ++#ifdef IX_FQDN ++struct ip_mx { struct ip_address ip; int pref; char *fqdn; } ; ++#else + struct ip_mx { struct ip_address ip; int pref; } ; ++#endif + + #include "gen_alloc.h" + +--- netqmail-1.06-orig/tls.c 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/tls.c 2019-04-08 15:17:31.924930725 +0000 +@@ -0,0 +1,27 @@ ++#ifdef TLS ++#include "exit.h" ++#include "error.h" ++#include ++#include ++ ++int smtps = 0; ++SSL *ssl = NULL; ++ ++void ssl_free(SSL *myssl) { SSL_shutdown(myssl); SSL_free(myssl); } ++void ssl_exit(int status) { if (ssl) ssl_free(ssl); _exit(status); } ++ ++const char *ssl_error() ++{ ++ int r = ERR_get_error(); ++ if (!r) return NULL; ++ SSL_load_error_strings(); ++ return ERR_error_string(r, NULL); ++} ++const char *ssl_error_str() ++{ ++ const char *err = ssl_error(); ++ if (err) return err; ++ if (!errno) return 0; ++ return (errno == error_timeout) ? "timed out" : error_str(errno); ++} ++#endif +--- netqmail-1.06-orig/tls.h 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/tls.h 2015-12-01 15:54:59.033940812 +0000 +@@ -0,0 +1,16 @@ ++#ifndef TLS_H ++#define TLS_H ++ ++#include ++ ++extern int smtps; ++extern SSL *ssl; ++ ++void ssl_free(SSL *myssl); ++void ssl_exit(int status); ++# define _exit ssl_exit ++ ++const char *ssl_error(); ++const char *ssl_error_str(); ++ ++#endif +--- netqmail-1.06-orig/ssl_timeoutio.c 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/ssl_timeoutio.c 2019-04-08 15:17:14.324823036 +0000 +@@ -0,0 +1,114 @@ ++#ifdef TLS ++#include "select.h" ++#include "error.h" ++#include "ndelay.h" ++#include "now.h" ++#include "ssl_timeoutio.h" ++ ++int ssl_timeoutio(int (*fun)(), ++ int t, int rfd, int wfd, SSL *ssl, char *buf, int len) ++{ ++ int n; ++ const datetime_sec end = (datetime_sec)t + now(); ++ ++ do { ++ fd_set fds; ++ struct timeval tv; ++ ++ const int r = buf ? fun(ssl, buf, len) : fun(ssl); ++ if (r > 0) return r; ++ ++ t = end - now(); ++ if (t < 0) break; ++ tv.tv_sec = (time_t)t; tv.tv_usec = 0; ++ ++ FD_ZERO(&fds); ++ switch (SSL_get_error(ssl, r)) ++ { ++ default: return r; /* some other error */ ++ case SSL_ERROR_WANT_READ: ++ FD_SET(rfd, &fds); n = select(rfd + 1, &fds, NULL, NULL, &tv); ++ break; ++ case SSL_ERROR_WANT_WRITE: ++ FD_SET(wfd, &fds); n = select(wfd + 1, NULL, &fds, NULL, &tv); ++ break; ++ } ++ ++ /* n is the number of descriptors that changed status */ ++ } while (n > 0); ++ ++ if (n != -1) errno = error_timeout; ++ return -1; ++} ++ ++int ssl_timeoutaccept(int t, int rfd, int wfd, SSL *ssl) ++{ ++ int r; ++ ++ /* if connection is established, keep NDELAY */ ++ if (ndelay_on(rfd) == -1 || ndelay_on(wfd) == -1) return -1; ++ r = ssl_timeoutio(SSL_accept, t, rfd, wfd, ssl, NULL, 0); ++ ++ if (r <= 0) { ndelay_off(rfd); ndelay_off(wfd); } ++ else SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); ++ ++ return r; ++} ++ ++int ssl_timeoutconn(int t, int rfd, int wfd, SSL *ssl) ++{ ++ int r; ++ ++ /* if connection is established, keep NDELAY */ ++ if (ndelay_on(rfd) == -1 || ndelay_on(wfd) == -1) return -1; ++ r = ssl_timeoutio(SSL_connect, t, rfd, wfd, ssl, NULL, 0); ++ ++ if (r <= 0) { ndelay_off(rfd); ndelay_off(wfd); } ++ else SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); ++ ++ return r; ++} ++ ++int ssl_timeoutrehandshake(int t, int rfd, int wfd, SSL *ssl) ++{ ++ int r=0; ++ ++ SSL_renegotiate(ssl); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ char buf[1]; /* dummy read buffer */ ++ struct timeval tv; ++ fd_set fds; ++ r = ssl_timeoutio(SSL_do_handshake, t, rfd, wfd, ssl, NULL, 0); ++ if (r <=0) return r; ++ ++ tv.tv_sec = (time_t)t; tv.tv_usec = 0; ++ FD_ZERO(&fds); FD_SET(rfd, &fds); ++ if ((r = select(rfd + 1, &fds, NULL, NULL, &tv)>0) && FD_ISSET(rfd, &fds)){ ++ r = SSL_read(ssl, buf, 1); ++ if (SSL_get_error(ssl, r) == SSL_ERROR_WANT_READ) r = 1; /*ignore */ ++ } ++ if (r <=0) return r; ++#else ++ r = ssl_timeoutio(SSL_do_handshake, t, rfd, wfd, ssl, NULL, 0); ++ if (r <= 0 || ssl->type == SSL_ST_CONNECT) return r; ++ ++ /* this is for the server only */ ++ ssl->state = SSL_ST_ACCEPT; ++#endif ++ return ssl_timeoutio(SSL_do_handshake, t, rfd, wfd, ssl, NULL, 0); ++} ++ ++int ssl_timeoutread(int t, int rfd, int wfd, SSL *ssl, char *buf, int len) ++{ ++ if (!buf) return 0; ++ if (SSL_pending(ssl)) return SSL_read(ssl, buf, len); ++ return ssl_timeoutio(SSL_read, t, rfd, wfd, ssl, buf, len); ++} ++ ++int ssl_timeoutwrite(int t, int rfd, int wfd, SSL *ssl, char *buf, int len) ++{ ++ if (!buf) return 0; ++ return ssl_timeoutio(SSL_write, t, rfd, wfd, ssl, buf, len); ++} ++#endif +--- netqmail-1.06-orig/ssl_timeoutio.h 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/ssl_timeoutio.h 2019-03-22 21:11:16.610440636 +0000 +@@ -0,0 +1,21 @@ ++#ifndef SSL_TIMEOUTIO_H ++#define SSL_TIMEOUTIO_H ++ ++#include ++ ++/* the version is like this: 0xMNNFFPPS: major minor fix patch status */ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++# error "Need OpenSSL version at least 0.9.8" ++#endif ++ ++int ssl_timeoutconn(int t, int rfd, int wfd, SSL *ssl); ++int ssl_timeoutaccept(int t, int rfd, int wfd, SSL *ssl); ++int ssl_timeoutrehandshake(int t, int rfd, int wfd, SSL *ssl); ++ ++int ssl_timeoutread(int t, int rfd, int wfd, SSL *ssl, char *buf, int len); ++int ssl_timeoutwrite(int t, int rfd, int wfd, SSL *ssl, char *buf, int len); ++ ++int ssl_timeoutio( ++ int (*fun)(), int t, int rfd, int wfd, SSL *ssl, char *buf, int len); ++ ++#endif +--- netqmail-1.06-orig/TARGETS 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/TARGETS 2015-12-01 15:54:59.033940812 +0000 +@@ -168,6 +168,8 @@ control.o + constmap.o + timeoutread.o + timeoutwrite.o ++tls.o ++ssl_timeoutio.o + timeoutconn.o + tcpto.o + dns.o +@@ -320,6 +322,7 @@ binm2 + binm2+df + binm3 + binm3+df ++Makefile-cert + it + qmail-local.0 + qmail-lspawn.0 +@@ -385,3 +388,4 @@ forgeries.0 + man + setup + check ++update_tmprsadh +--- netqmail-1.06-orig/Makefile-cert.mk 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/Makefile-cert.mk 2015-12-01 15:54:59.033940812 +0000 +@@ -0,0 +1,21 @@ ++cert-req: req.pem ++cert cert-req: QMAIL/control/clientcert.pem ++ @: ++ ++QMAIL/control/clientcert.pem: QMAIL/control/servercert.pem ++ ln -s $< $@ ++ ++QMAIL/control/servercert.pem: ++ PATH=$$PATH:/usr/local/ssl/bin \ ++ openssl req -new -x509 -nodes -days 366 -out $@ -keyout $@ ++ chmod 640 $@ ++ chown `head -2 conf-users | tail -1`:`head -1 conf-groups` $@ ++ ++req.pem: ++ PATH=$$PATH:/usr/local/ssl/bin openssl req \ ++ -new -nodes -out $@ -keyout QMAIL/control/servercert.pem ++ chmod 640 QMAIL/control/servercert.pem ++ chown `head -2 conf-users | tail -1`:`head -1 conf-groups` QMAIL/control/servercert.pem ++ @echo ++ @echo "Send req.pem to your CA to obtain signed_req.pem, and do:" ++ @echo "cat signed_req.pem >> QMAIL/control/servercert.pem" +--- netqmail-1.06-orig/conf-cc 1998-06-15 10:53:16.000000000 +0000 ++++ netqmail-1.06/conf-cc 2019-04-08 15:25:56.312020413 +0000 +@@ -1,3 +1,3 @@ +-cc -O2 ++cc -O2 -DTLS=20190517 -I/usr/local/ssl/include + + This will be used to compile .c files. +--- netqmail-1.06-orig/Makefile 2007-11-30 20:22:54.000000000 +0000 ++++ netqmail-1.06/Makefile 2015-12-01 15:54:59.033940812 +0000 +@@ -808,7 +808,7 @@ dnsptr dnsip dnsmxip dnsfq hostname ipme + forward preline condredirect bouncesaying except maildirmake \ + maildir2mbox maildirwatch qail elq pinq idedit install-big install \ + instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \ +-binm3 binm3+df ++binm3 binm3+df update_tmprsadh + + load: \ + make-load warn-auto.sh systype +@@ -1444,6 +1444,7 @@ ndelay.a case.a sig.a open.a lock.a seek + substdio.a error.a str.a fs.a auto_qmail.o dns.lib socket.lib + ./load qmail-remote control.o constmap.o timeoutread.o \ + timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \ ++ tls.o ssl_timeoutio.o -L/usr/local/ssl/lib -lssl -lcrypto \ + ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \ + lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \ + str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib` +@@ -1539,6 +1540,7 @@ open.a sig.a case.a env.a stralloc.a all + fs.a auto_qmail.o socket.lib + ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ + timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ ++ tls.o ssl_timeoutio.o ndelay.a -L/usr/local/ssl/lib -lssl -lcrypto \ + received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ + datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ + alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ +@@ -1827,7 +1829,8 @@ date822fmt.h date822fmt.c dns.h dns.c tr + ipalloc.h ipalloc.c select.h1 select.h2 trysysel.c ndelay.h ndelay.c \ + ndelay_off.c direntry.3 direntry.h1 direntry.h2 trydrent.c prot.h \ + prot.c chkshsgr.c warn-shsgr tryshsgr.c ipme.h ipme.c trysalen.c \ +-maildir.5 maildir.h maildir.c tcp-environ.5 constmap.h constmap.c ++maildir.5 maildir.h maildir.c tcp-environ.5 constmap.h constmap.c \ ++update_tmprsadh + shar -m `cat FILES` > shar + chmod 400 shar + +@@ -2108,6 +2111,19 @@ timeoutwrite.o: \ + compile timeoutwrite.c timeoutwrite.h select.h error.h readwrite.h + ./compile timeoutwrite.c + ++qmail-smtpd: tls.o ssl_timeoutio.o ndelay.a ++qmail-remote: tls.o ssl_timeoutio.o ++qmail-smtpd.o: tls.h ssl_timeoutio.h ++qmail-remote.o: tls.h ssl_timeoutio.h ++ ++tls.o: \ ++compile tls.c exit.h error.h ++ ./compile tls.c ++ ++ssl_timeoutio.o: \ ++compile ssl_timeoutio.c ssl_timeoutio.h select.h error.h ndelay.h ++ ./compile ssl_timeoutio.c ++ + token822.o: \ + compile token822.c stralloc.h gen_alloc.h alloc.h str.h token822.h \ + gen_alloc.h gen_allocdefs.h +@@ -2139,3 +2155,26 @@ compile wait_nohang.c haswaitp.h + wait_pid.o: \ + compile wait_pid.c error.h haswaitp.h + ./compile wait_pid.c ++ ++cert cert-req: \ ++Makefile-cert ++ @$(MAKE) -sf $< $@ ++ ++Makefile-cert: \ ++conf-qmail conf-users conf-groups Makefile-cert.mk ++ @cat Makefile-cert.mk \ ++ | sed s}QMAIL}"`head -1 conf-qmail`"}g \ ++ > $@ ++ ++update_tmprsadh: \ ++conf-qmail conf-users conf-groups update_tmprsadh.sh ++ @cat update_tmprsadh.sh\ ++ | sed s}UGQMAILD}"`head -2 conf-users|tail -1`:`head -1 conf-groups`"}g \ ++ | sed s}QMAIL}"`head -1 conf-qmail`"}g \ ++ > $@ ++ chmod 755 update_tmprsadh ++ ++tmprsadh: \ ++update_tmprsadh ++ echo "Creating new temporary RSA and DH parameters" ++ ./update_tmprsadh +--- netqmail-1.06-orig/update_tmprsadh.sh 2019-04-08 15:26:13.112123436 +0000 ++++ netqmail-1.06/update_tmprsadh.sh 2015-12-08 00:32:33.936474103 +0000 +@@ -0,0 +1,19 @@ ++#!/bin/sh ++ ++# Update temporary RSA and DH keys ++# Frederik Vermeulen 2004-05-31 GPL ++ ++umask 0077 || exit 0 ++ ++export PATH="$PATH:/usr/local/bin/ssl:/usr/sbin" ++ ++openssl genrsa -out QMAIL/control/rsa2048.new 2048 && ++chmod 600 QMAIL/control/rsa2048.new && ++chown UGQMAILD QMAIL/control/rsa2048.new && ++mv -f QMAIL/control/rsa2048.new QMAIL/control/rsa2048.pem ++echo ++ ++openssl dhparam -2 -out QMAIL/control/dh2048.new 2048 && ++chmod 600 QMAIL/control/dh2048.new && ++chown UGQMAILD QMAIL/control/dh2048.new && ++mv -f QMAIL/control/dh2048.new QMAIL/control/dh2048.pem diff --git a/qmail-1.03-echouser.patch b/qmail-1.03-echouser.patch new file mode 100644 index 0000000..c2475b1 --- /dev/null +++ b/qmail-1.03-echouser.patch @@ -0,0 +1,41 @@ +diff -Nur -x '*.orig' -x '*.rej' qmail-1.03/Makefile mezzanine_patched_qmail-1.03/Makefile +--- qmail-1.03/Makefile 1998-06-15 04:53:16.000000000 -0600 ++++ mezzanine_patched_qmail-1.03/Makefile 2007-05-03 10:28:43.000000000 -0600 +@@ -112,16 +112,27 @@ + + auto_uids.c: \ + auto-uid auto-gid conf-users conf-groups +- ( ./auto-uid auto_uida `head -1 conf-users` \ +- &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \ +- &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \ +- &&./auto-uid auto_uido `head -4 conf-users | tail -1` \ +- &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \ +- &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \ +- &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \ +- &&./auto-uid auto_uids `head -8 conf-users | tail -1` \ +- &&./auto-gid auto_gidq `head -1 conf-groups` \ +- &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \ ++# ( ./auto-uid auto_uida `head -1 conf-users` \ ++# &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \ ++# &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \ ++# &&./auto-uid auto_uido `head -4 conf-users | tail -1` \ ++# &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \ ++# &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \ ++# &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \ ++# &&./auto-uid auto_uids `head -8 conf-users | tail -1` \ ++# &&./auto-gid auto_gidq `head -1 conf-groups` \ ++# &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \ ++# ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c ++ ( echo -e "int auto_uida = 400;\n" \ ++ "int auto_uidd = 401;\n" \ ++ "int auto_uidl = 402;\n" \ ++ "int auto_uido = 0;\n" \ ++ "int auto_uidp = 403;\n" \ ++ "int auto_uidq = 404;\n" \ ++ "int auto_uidr = 405;\n" \ ++ "int auto_uids = 406;\n" \ ++ "int auto_gidq = 401;\n" \ ++ "int auto_gidn = 400;\n" \ + ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c + + auto_uids.o: \ diff --git a/qmail-1.03-moreipme-0.6.patch b/qmail-1.03-moreipme-0.6.patch new file mode 100644 index 0000000..56db88f --- /dev/null +++ b/qmail-1.03-moreipme-0.6.patch @@ -0,0 +1,397 @@ +diff -ur --new-file qmail-1.03/Makefile qmail-1.03-moreipme-0.6/Makefile +--- qmail-1.03/Makefile Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/Makefile Sat May 22 18:38:48 2004 +@@ -783,20 +783,31 @@ + + ipme.o: \ + compile ipme.c hassalen.h byte.h ip.h ipalloc.h ip.h gen_alloc.h \ +-stralloc.h gen_alloc.h ipme.h ip.h ipalloc.h ++stralloc.h gen_alloc.h ipme.h ip.h ipalloc.h readwrite.h + ./compile ipme.c + + ipmeprint: \ +-load ipmeprint.o ipme.o ip.o ipalloc.o stralloc.a alloc.a substdio.a \ ++load ipmeprint.o ipme.o ip.o ipalloc.o auto_qmail.o open.a getln.a stralloc.a alloc.a substdio.a \ + error.a str.a fs.a socket.lib +- ./load ipmeprint ipme.o ip.o ipalloc.o stralloc.a alloc.a \ ++ ./load ipmeprint ipme.o ip.o ipalloc.o auto_qmail.o open.a getln.a stralloc.a alloc.a \ + substdio.a error.a str.a fs.a `cat socket.lib` + + ipmeprint.o: \ + compile ipmeprint.c subfd.h substdio.h substdio.h ip.h ipme.h ip.h \ +-ipalloc.h ip.h gen_alloc.h exit.h ++ipalloc.h ip.h gen_alloc.h exit.h auto_qmail.h + ./compile ipmeprint.c + ++ipmetest: \ ++load ipmetest.o ipme.o ip.o ipalloc.o auto_qmail.o open.a getln.a stralloc.a alloc.a substdio.a \ ++error.a str.a fs.a env.a socket.lib ++ ./load ipmetest ipme.o ip.o ipalloc.o auto_qmail.o open.a getln.a stralloc.a alloc.a \ ++ substdio.a error.a env.a str.a fs.a `cat socket.lib` ++ ++ipmetest.o: \ ++compile ipmetest.c subfd.h substdio.h substdio.h ip.h ipme.h ip.h \ ++ipalloc.h ip.h gen_alloc.h exit.h auto_qmail.h ++ ./compile ipmetest.c ++ + it: \ + qmail-local qmail-lspawn qmail-getpw qmail-remote qmail-rspawn \ + qmail-clean qmail-send qmail-start splogger qmail-queue qmail-inject \ +@@ -804,7 +815,7 @@ + qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \ + qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \ + qmail-smtpd sendmail tcp-env qmail-newmrh config config-fast dnscname \ +-dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \ ++dnsptr dnsip dnsmxip dnsfq hostname ipmeprint ipmetest qreceipt qsmhook qbiff \ + forward preline condredirect bouncesaying except maildirmake \ + maildir2mbox maildirwatch qail elq pinq idedit install-big install \ + instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \ +@@ -1779,7 +1790,7 @@ + qmail-qread.c qmail-qstat.sh qmail-queue.c qmail-remote.c \ + qmail-rspawn.c qmail-send.c qmail-showctl.c qmail-smtpd.c \ + qmail-start.c qmail-tcpok.c qmail-tcpto.c spawn.c dnscname.c dnsfq.c \ +-dnsip.c dnsmxip.c dnsptr.c hostname.c ipmeprint.c tcp-env.c \ ++dnsip.c dnsmxip.c dnsptr.c hostname.c ipmeprint.c ipmetest.c tcp-env.c \ + sendmail.c qreceipt.c qsmhook.c qbiff.c forward.c preline.c predate.c \ + except.c bouncesaying.c condredirect.c maildirmake.c maildir2mbox.c \ + maildirwatch.c splogger.c qail.sh elq.sh pinq.sh qmail-upq.sh \ +diff -ur --new-file qmail-1.03/TARGETS qmail-1.03-moreipme-0.6/TARGETS +--- qmail-1.03/TARGETS Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/TARGETS Sat May 22 18:38:48 2004 +@@ -276,6 +276,8 @@ + hostname + ipmeprint.o + ipmeprint ++ipmetest.o ++ipmetest + qreceipt.o + qreceipt + qsmhook.o +diff -ur --new-file qmail-1.03/ipme.c qmail-1.03-moreipme-0.6/ipme.c +--- qmail-1.03/ipme.c Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/ipme.c Sat May 22 19:04:25 2004 +@@ -14,23 +14,65 @@ + #include "ipalloc.h" + #include "stralloc.h" + #include "ipme.h" ++#include "substdio.h" ++#include "readwrite.h" + + static int ipmeok = 0; + ipalloc ipme = {0}; ++ipalloc ipme_mask = {0}; ++ipalloc notipme = {0}; ++ipalloc notipme_mask = {0}; + + int ipme_is(ip) + struct ip_address *ip; + { +- int i; + if (ipme_init() != 1) return -1; +- for (i = 0;i < ipme.len;++i) +- if (byte_equal(&ipme.ix[i].ip,4,ip)) +- return 1; +- return 0; ++ return ipme_match(&ipme,&ipme_mask,ip) > ipme_match(¬ipme,¬ipme_mask,ip); + } + ++int ipme_match(ipa, ipa_mask, ip) ++struct ipalloc *ipa, *ipa_mask; ++struct ip_address *ip; ++{ ++ int i,j; ++ struct ip_address masked; ++ int masklen, longest_masklen=-1; ++ ++ for(i=0;i < ipa->len;++i) ++ { ++ masklen = 0; ++ for(j=0;j<4;++j) ++ { ++ switch(ipa_mask->ix[i].ip.d[j]) ++ { ++ case 255: masklen += 8; break; ++ case 254: masklen += 7; break; ++ case 252: masklen += 6; break; ++ case 248: masklen += 5; break; ++ case 240: masklen += 4; break; ++ case 224: masklen += 3; break; ++ case 192: masklen += 2; break; ++ case 128: masklen += 1; break; ++ default: masklen += 0; break; ++ } ++ if (ipa->ix[i].ip.d[j] != (ip->d[j] & ipa_mask->ix[i].ip.d[j])) ++ break; ++ } ++ if ( (j == 4) && (masklen > longest_masklen) ) ++ { ++ longest_masklen = masklen; ++ } ++ } ++ return longest_masklen; ++} + static stralloc buf = {0}; + ++#define ipme_init_retclean(ret) { \ ++ if (moreipme.ix) alloc_free(moreipme.ix); \ ++ if (moreipme_mask.ix) alloc_free(moreipme_mask.ix); \ ++ if (buf.s) alloc_free(buf.s); \ ++ return ret; } ++ + int ipme_init() + { + struct ifconf ifc; +@@ -39,18 +81,45 @@ + struct sockaddr_in *sin; + int len; + int s; +- struct ip_mx ix; +- ++ struct ip_mx ix, ix_mask; ++ ipalloc moreipme = {0}; ++ ipalloc moreipme_mask = {0}; ++ int i; ++ + if (ipmeok) return 1; +- if (!ipalloc_readyplus(&ipme,0)) return 0; ++ if (!ipalloc_readyplus(&ipme,0)) ipme_init_retclean(0); ++ if (!ipalloc_readyplus(&ipme_mask,0)) ipme_init_retclean(0); ++ if (!ipalloc_readyplus(¬ipme,0)) ipme_init_retclean(0); ++ if (!ipalloc_readyplus(¬ipme_mask,0)) ipme_init_retclean(0); ++ if (!ipalloc_readyplus(&moreipme,0)) ipme_init_retclean(0); ++ if (!ipalloc_readyplus(&moreipme_mask,0)) ipme_init_retclean(0); ++ + ipme.len = 0; +- ix.pref = 0; +- +- if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1; ++ ix.pref = ix_mask.pref = 0; ++ ++ if (!ipme_readipfile(¬ipme, ¬ipme_mask, "control/notipme")) ipme_init_retclean(0); ++ ++ /* 127.0.0.0/255.0.0.0 is the localhost network. Linux will treat ++ every address in this range as a local interface, even if it ++ isn't explicitly configured. ++ */ ++ byte_copy(&ix.ip,4,"\x7f\0\0\0"); ++ byte_copy(&ix_mask.ip,4,"\xff\0\0\0"); ++ if (!ipalloc_append(&ipme,&ix)) ipme_init_retclean(0); ++ if (!ipalloc_append(&ipme_mask,&ix_mask)) ipme_init_retclean(0); ++ ++ /* 0.0.0.0 is a special address which always refers to ++ * "this host, this network", according to RFC 1122, Sec. 3.2.1.3a. */ ++ byte_copy(&ix.ip,4,"\0\0\0\0"); ++ byte_copy(&ix_mask.ip,4,"\xff\xff\xff\xff"); ++ if (!ipalloc_append(&ipme,&ix)) ipme_init_retclean(0); ++ if (!ipalloc_append(&ipme_mask,&ix_mask)) ipme_init_retclean(0); ++ ++ if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) ipme_init_retclean(-1); + + len = 256; + for (;;) { +- if (!stralloc_ready(&buf,len)) { close(s); return 0; } ++ if (!stralloc_ready(&buf,len)) { close(s); ipme_init_retclean(0); } + buf.len = 0; + ifc.ifc_buf = buf.s; + ifc.ifc_len = len; +@@ -59,7 +128,7 @@ + buf.len = ifc.ifc_len; + break; + } +- if (len > 200000) { close(s); return -1; } ++ if (len > 200000) { close(s); ipme_init_retclean(-1); } + len += 100 + (len >> 2); + } + x = buf.s; +@@ -74,7 +143,10 @@ + byte_copy(&ix.ip,4,&sin->sin_addr); + if (ioctl(s,SIOCGIFFLAGS,x) == 0) + if (ifr->ifr_flags & IFF_UP) +- if (!ipalloc_append(&ipme,&ix)) { close(s); return 0; } ++ { ++ if (!ipalloc_append(&ipme,&ix)) { close(s); ipme_init_retclean(0); } ++ if (!ipalloc_append(&ipme_mask,&ix_mask)) { close(s); ipme_init_retclean(0); } ++ } + } + #else + len = sizeof(*ifr); +@@ -84,12 +156,60 @@ + if (ifr->ifr_addr.sa_family == AF_INET) { + sin = (struct sockaddr_in *) &ifr->ifr_addr; + byte_copy(&ix.ip,4,&sin->sin_addr); +- if (!ipalloc_append(&ipme,&ix)) { close(s); return 0; } ++ if (!ipalloc_append(&ipme,&ix)) { close(s); ipme_init_retclean(0); } ++ if (!ipalloc_append(&ipme_mask,&ix_mask)) { close(s); ipme_init_retclean(0); } + } + #endif + x += len; + } + close(s); ++ ++ if (!ipme_readipfile(&moreipme, &moreipme_mask, "control/moreipme")) ipme_init_retclean(0); ++ for(i = 0;i < moreipme.len;++i) ++ { ++ if (!ipalloc_append(&ipme,&moreipme.ix[i])) ipme_init_retclean(0); ++ if (!ipalloc_append(&ipme_mask,&moreipme_mask.ix[i])) ipme_init_retclean(0); ++ } + ipmeok = 1; +- return 1; ++ ipme_init_retclean(1); + } ++ ++ ++int ipme_readipfile(ipa, ipa_mask, fn) ++ ipalloc *ipa, *ipa_mask; ++ char *fn; ++{ ++ int fd = -1; ++ char inbuf[1024]; ++ substdio ss; ++ stralloc l = {0}; ++ int match; ++ struct ip_mx ix, ix_mask; ++ int ret = 1; ++ int slash = 0; ++ ++ if ( (fd = open_read(fn)) != -1) { ++ substdio_fdbuf(&ss, read, fd, inbuf, sizeof(inbuf)); ++ while ( (getln(&ss,&l,&match,'\n') != -1) && (match || l.len) ) { ++ l.len--; ++ if (!stralloc_0(&l)) { ret = 0; break; } ++ if (l.s[slash=str_chr(l.s,'/')]!='\0') ++ { ++ l.s[slash]='\0'; ++ if (!ip_scan(l.s+slash+1,&ix_mask.ip)) ++ continue; ++ } ++ else ++ if (!ip_scan("255.255.255.255",&ix_mask.ip)) { ret = 0; break; } ++ ++ if (!ip_scan(l.s, &ix.ip)) continue; ++ if (!ipalloc_append(ipa,&ix)) { ret = 0; break; } ++ if (!ipalloc_append(ipa_mask,&ix_mask.ip)) { ret = 0; break; } ++ } ++ if (l.s) alloc_free(l.s); ++ if ( (fd >= 0) && (close(fd) == -1) ) ++ ret = 0; ++ } ++ return ret; ++} ++ +diff -ur --new-file qmail-1.03/ipme.h qmail-1.03-moreipme-0.6/ipme.h +--- qmail-1.03/ipme.h Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/ipme.h Sat May 22 18:38:48 2004 +@@ -4,7 +4,7 @@ + #include "ip.h" + #include "ipalloc.h" + +-extern ipalloc ipme; ++extern ipalloc ipme, ipme_mask, notipme, notipme_mask; + + extern int ipme_init(); + extern int ipme_is(); +diff -ur --new-file qmail-1.03/ipmeprint.c qmail-1.03-moreipme-0.6/ipmeprint.c +--- qmail-1.03/ipmeprint.c Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/ipmeprint.c Sat May 22 18:38:48 2004 +@@ -3,12 +3,15 @@ + #include "ip.h" + #include "ipme.h" + #include "exit.h" ++#include "auto_qmail.h" + + char temp[IPFMT]; + + void main() + { +- int j; ++ int j,k; ++ ++ chdir(auto_qmail); + switch(ipme_init()) + { + case 0: substdio_putsflush(subfderr,"out of memory\n"); _exit(111); +@@ -17,8 +20,18 @@ + for (j = 0;j < ipme.len;++j) + { + substdio_put(subfdout,temp,ip_fmt(temp,&ipme.ix[j].ip)); +- substdio_puts(subfdout,"\n"); ++ substdio_puts(subfdout,"/"); ++ substdio_put(subfdout,temp,ip_fmt(temp,&ipme_mask.ix[j].ip)); ++ substdio_puts(subfdout," is me\n"); ++ } ++ for (j = 0;j < notipme.len;++j) ++ { ++ substdio_put(subfdout,temp,ip_fmt(temp,¬ipme.ix[j].ip)); ++ substdio_puts(subfdout,"/"); ++ substdio_put(subfdout,temp,ip_fmt(temp,¬ipme_mask.ix[j].ip)); ++ substdio_puts(subfdout," is not me\n"); + } ++ + substdio_flush(subfdout); + _exit(0); + } +diff -ur --new-file qmail-1.03/ipmetest.c qmail-1.03-moreipme-0.6/ipmetest.c +--- qmail-1.03/ipmetest.c Wed Dec 31 19:00:00 1969 ++++ qmail-1.03-moreipme-0.6/ipmetest.c Sat May 22 18:38:48 2004 +@@ -0,0 +1,38 @@ ++#include "subfd.h" ++#include "substdio.h" ++#include "ip.h" ++#include "ipme.h" ++#include "exit.h" ++#include "auto_qmail.h" ++#include "env.h" ++ ++void main(int argc, char *argv[]) ++{ ++ struct ip_address ip; ++ ++ if (!env_get("IPMETEST_HERE")) ++ chdir(auto_qmail); ++ ++ if (argc < 2) ++ { ++ substdio_puts(subfdout,"invalid usage\n"); ++ substdio_flush(subfdout); ++ exit(1); ++ } ++ if (!ip_scan(argv[1],&ip)) ++ { ++ substdio_puts(subfdout,"invalid IP address\n"); ++ substdio_flush(subfdout); ++ exit(1); ++ } ++ if (ipme_is(&ip)) ++ { ++ substdio_puts(subfdout,"me\n"); ++ } ++ else ++ { ++ substdio_puts(subfdout,"not me\n"); ++ } ++ substdio_flush(subfdout); ++ exit(0); ++} +diff -ur --new-file qmail-1.03/qmail-showctl.c qmail-1.03-moreipme-0.6/qmail-showctl.c +--- qmail-1.03/qmail-showctl.c Mon Jun 15 06:53:16 1998 ++++ qmail-1.03-moreipme-0.6/qmail-showctl.c Sat May 22 18:38:48 2004 +@@ -230,6 +230,8 @@ + do_str("localiphost",1,"localiphost","Local IP address becomes "); + do_lst("locals","Messages for me are delivered locally.","Messages for "," are delivered locally."); + do_str("me",0,"undefined! Uh-oh","My name is "); ++ do_lst("moreipme","No additional IP addresses are me.","IP address "," is me."); ++ do_lst("notipme","All of my IP addresses are me.","IP address "," is not me."); + do_lst("percenthack","The percent hack is not allowed.","The percent hack is allowed for user%host@","."); + do_str("plusdomain",1,"plusdomain","Plus domain name is "); + do_lst("qmqpservers","No QMQP servers.","QMQP server: ","."); +@@ -283,8 +285,10 @@ + if (str_equal(d->d_name,"localiphost")) continue; + if (str_equal(d->d_name,"locals")) continue; + if (str_equal(d->d_name,"me")) continue; ++ if (str_equal(d->d_name,"moreipme")) continue; + if (str_equal(d->d_name,"morercpthosts")) continue; + if (str_equal(d->d_name,"morercpthosts.cdb")) continue; ++ if (str_equal(d->d_name,"notipme")) continue; + if (str_equal(d->d_name,"percenthack")) continue; + if (str_equal(d->d_name,"plusdomain")) continue; + if (str_equal(d->d_name,"qmqpservers")) continue; diff --git a/qmail-1.03.tar.gz b/qmail-1.03.tar.gz new file mode 100644 index 0000000..1e68155 --- /dev/null +++ b/qmail-1.03.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21ed6c562cbb55092a66197c35c8222b84115d1acab0854fdb1ad1f301626f88 +size 220668 diff --git a/qmail-103-dns_response_buffer.patch b/qmail-103-dns_response_buffer.patch new file mode 100644 index 0000000..dee3f06 --- /dev/null +++ b/qmail-103-dns_response_buffer.patch @@ -0,0 +1,63 @@ +--- qmail-1.03/dns.c.103 Mon Aug 17 16:06:58 1998 ++++ qmail-1.03/dns.c Wed Aug 26 16:28:56 1998 +@@ -21,10 +21,12 @@ + static unsigned short getshort(c) unsigned char *c; + { unsigned short u; u = c[0]; return (u << 8) + c[1]; } + +-static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response; ++static struct { unsigned char *buf; } response; ++static int responsebuflen = 0; + static int responselen; + static unsigned char *responseend; + static unsigned char *responsepos; ++static u_long saveresoptions; + + static int numanswers; + static char name[MAXDNAME]; +@@ -45,18 +47,33 @@ + errno = 0; + if (!stralloc_copy(&glue,domain)) return DNS_MEM; + if (!stralloc_0(&glue)) return DNS_MEM; +- responselen = lookup(glue.s,C_IN,type,response.buf,sizeof(response)); ++ if (!responsebuflen) ++ if (response.buf = (unsigned char *)alloc(PACKETSZ+1)) ++ responsebuflen = PACKETSZ+1; ++ else return DNS_MEM; ++ ++ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen); ++ if ((responselen >= responsebuflen) || ++ (responselen > 0 && (((HEADER *)response.buf)->tc))) ++ { ++ if (responsebuflen < 65536) ++ if (alloc_re(&response.buf, responsebuflen, 65536)) ++ responsebuflen = 65536; ++ else return DNS_MEM; ++ saveresoptions = _res.options; ++ _res.options |= RES_USEVC; ++ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen); ++ _res.options = saveresoptions; ++ } + if (responselen <= 0) + { + if (errno == ECONNREFUSED) return DNS_SOFT; + if (h_errno == TRY_AGAIN) return DNS_SOFT; + return DNS_HARD; + } +- if (responselen >= sizeof(response)) +- responselen = sizeof(response); + responseend = response.buf + responselen; + responsepos = response.buf + sizeof(HEADER); +- n = ntohs(response.hdr.qdcount); ++ n = ntohs(((HEADER *)response.buf)->qdcount); + while (n-- > 0) + { + i = dn_expand(response.buf,responseend,responsepos,name,MAXDNAME); +@@ -66,7 +83,7 @@ + if (i < QFIXEDSZ) return DNS_SOFT; + responsepos += QFIXEDSZ; + } +- numanswers = ntohs(response.hdr.ancount); ++ numanswers = ntohs(((HEADER *)response.buf)->ancount); + return 0; + } + diff --git a/qmail-inject-null-sender.patch b/qmail-inject-null-sender.patch new file mode 100644 index 0000000..8239069 --- /dev/null +++ b/qmail-inject-null-sender.patch @@ -0,0 +1,14 @@ +diff -Nur qmail-1.03/qmail-inject.c qmail-1.03_bz9884/qmail-inject.c +--- qmail-1.03/qmail-inject.c 1998-06-15 12:53:16.000000000 +0200 ++++ qmail-1.03_bz9884/qmail-inject.c 2016-12-05 16:47:13.607016769 +0100 +@@ -269,6 +269,10 @@ + token822_alloc *addr; + { + if (!addr->len) return; /* don't rewrite <> */ ++ if (addr->len == 1 && str_equal(addr->t[0].s,"<>")) { ++ addr->len = 0; ++ return; ++ } + if (addr->len >= 2) + if (addr->t[1].type == TOKEN822_AT) + if (addr->t[0].type == TOKEN822_LITERAL) diff --git a/qmail.spec b/qmail.spec new file mode 100644 index 0000000..cad1bee --- /dev/null +++ b/qmail.spec @@ -0,0 +1,711 @@ +# $Id: qmail.spec,v 1.8 2021/04/12 21:54:46 jpp Exp $ + +# +# RPM spec file for Dan Bernstein's qmail package +# +# $Id: qmail.spec,v 1.8 2021/04/12 21:54:46 jpp Exp $ +# +Summary: A modern, fast, secure replacement for sendmail +%define name qmail +Name: %{name} +%define version 1.03 +%define release 25 +Version: %{version} +Release: %{release}%{?dist} +#Author: Daniel J. Bernstein +License: Public Domain +Group: Networking/Daemons +Source: http://cr.yp.to/software/%{name}-%{version}.tar.gz +Source1: http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/moreipme.README +Patch0: qmail-1.03-echouser.patch +Patch1: http://homepages.tesco.net./~J.deBoynePollard/Softwares/qmail/any-to-cname.patch +Patch2: qmail-103-dns_response_buffer.patch +#Patch3: http://www.suspectclass.com/sgifford/qmail/qmail-0.0.0.0.patch +Patch4: qmail-inject-null-sender.patch +Patch5: http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/qmail-1.03-moreipme-0.6.patch +Patch6: netqmail-1.06-tls-20190517-remote.patch +#adapted from http://inoa.net/qmail-tls/netqmail-1.06-tls-20190517.patch +URL: http://cr.yp.to/%{name}.html +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +Provides: smtpdaemon +Requires: /bin/cut, /bin/grep, /usr/bin/id +Requires: /usr/sbin/useradd, /usr/sbin/groupadd +Requires: openssl +BuildRequires: groff +BuildRequires: openssl openssl-devel +Conflicts: sendmail +AutoReqProv: no + +%description +qmail is a secure, reliable, efficient, simple message transfer agent. +It is meant as a replacement for the entire sendmail-binmail system on +typical Internet-connected UNIX hosts. + +Secure: Security isn't just a goal, but an absolute requirement. Mail +delivery is critical for users; it cannot be turned off, so it must be +completely secure. (This is why I started writing qmail: I was sick of +the security holes in sendmail and other MTAs.) + +Reliable: qmail's straight-paper-path philosophy guarantees that a +message, once accepted into the system, will never be lost. qmail also +optionally supports maildir, a new, super-reliable user mailbox format. +Maildirs, unlike mbox files and mh folders, won't be corrupted if the +system crashes during delivery. Even better, not only can a user safely +read his mail over NFS, but any number of NFS clients can deliver mail +to him at the same time. + +Efficient: On a Pentium under BSD/OS, qmail can easily sustain 200000 +local messages per day---that's separate messages injected and delivered +to mailboxes in a real test! Although remote deliveries are inherently +limited by the slowness of DNS and SMTP, qmail overlaps 20 simultaneous +deliveries by default, so it zooms quickly through mailing lists. (This +is why I finished qmail: I had to get a big mailing list set up.) + +Simple: qmail is vastly smaller than any other Internet MTA. Some +reasons why: (1) Other MTAs have separate forwarding, aliasing, and +mailing list mechanisms. qmail has one simple forwarding mechanism +that lets users handle their own mailing lists. (2) Other MTAs offer a +spectrum of delivery modes, from fast+unsafe to slow+queued. qmail-send +is instantly triggered by new items in the queue, so the qmail system has +just one delivery mode: fast+queued. (3) Other MTAs include, in effect, +a specialized version of inetd that watches the load average. qmail's +design inherently limits the machine load, so qmail-smtpd can safely +run from your system's inetd. + +Replacement for sendmail: qmail supports host and user masquerading, +full host hiding, virtual domains, null clients, list-owner rewriting, +relay control, double-bounce recording, arbitrary RFC 822 address lists, +cross-host mailing list loop detection, per-recipient checkpointing, +downed host backoffs, independent message retry schedules, etc. qmail +also includes a drop-in ``sendmail'' wrapper so that it will be used +transparently by your current UAs. + +%changelog +* Fri Jul 14 2023 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + Wed Apr 17 2003 --> Wed Apr 16 2003 or Thu Apr 17 2003 or Wed Apr 23 2003 or .... + +* Mon Apr 12 2021 Jean-Philippe Pialasse 1.03-25.sme +- add remote tls transport for qmail-remote [SME: 9349] +- updated release number higher than SME9 +- now TLS and EHLO are defined to allow proper compilation +- add DEBUG flag for the moment to help configuring -DDEBUG=1 + +* Thu Apr 13 2017 Jean-Philipe Pialasse 1.03-21.sme +- added documentation [SME: 9705] +- added binaries ipmetest et ipmeprint to help configuration + +* Mon Apr 10 2017 Jean-Philipe Pialasse 1.03-20.sme +- add moreip to avoid loop [SME: 9705] +- patch from Scott Gifford +- remove qmail-0.0.0.0.patch as it is included + +* Mon Dec 5 2016 Daniel Berteaud 1.03-18 +- Consider literal <> as null sender [SME: 9884] + +* Tue May 12 2009 Filippo Carletti 1.03-17 +- Add Scott Gifford patch to treat 0.0.0.0 as a local ip [SME: 5171] + +* Mon Mar 31 2008 Shad L. Lords 1.03-16 +- Create tcpto lockfile in post script [SME: 3055] + +* Mon Jan 28 2008 Charlie Brady 1.03-15 +- Increase the buffer size for DNS responses. Patch is from + http://www.ckdhr.com./ckd/qmail-103.patch [SME: 3827] +- Update License information - qmail is now public domain: + http://cr.yp.to/qmail/dist.html : + + I hereby place the qmail package (in particular, qmail-1.03.tar.gz, + with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public + domain. + +* Mon Jan 28 2008 Charlie Brady 1.03-14 +- Use CNAME lookup, rather than ANY lookup, to reduce the risk of + oversized replies. [SME: 3827] + +* Sun Apr 29 2007 Shad L. Lords +- Clean up spec so package can be built by koji/plague + +* Thu Dec 07 2006 Shad L. Lords +- Update to new release naming. No functional changes. +- Make Packager generic + +* Wed Nov 30 2005 Gordon Rowell 1.03-13 +- Bump release number only + +* Wed Nov 10 2004 Charlie Brady 1.03-12 +- Add pre section which adds users and groups as required. We + shouldn't be trying to do that at build time, but we must do + it at install time. Change build time to just check the ids. + +* Fri Aug 27 2004 Charlie Brady 1.03-11 +- Remove require of non-existent qmail-users RPM + +* Wed Oct 29 2003 Charlie Brady 1.03-10 +- Use a compiler configuration which works around the glibc/errno + problem. + +* Mon Aug 18 2003 Charlie Brady 1.03-09 +- Change install so that no patch to the build tools is necessary. + +* Mon Apr 21 2003 Gordon Rowell +- Added Requires: qmail-users (added in modified setup RPM) [gordonr 8368] +- Removed user creation/deletion from %pre/%post/%postun [gordonr 8368] + +* Thu Apr 17 2003 Gordon Rowell + Wed Apr 17 2003 --> Wed Apr 16 2003 or Thu Apr 17 2003 or Wed Apr 23 2003 or .... +- [1.03-07] +- Added path to calls to cut to remove log noise [gordonr 8353] + +* Thu Feb 8 2001 Adrian Chung +- [1.03-06] +- Rolling release number for GPG signing. + +* Mon Feb 5 2001 Peter Samuel +- [1.03-05] +- Now installs in its own root area prior to creating binary RPM. +- Better checks for uid and gid values. + +* Fri Dec 22 2000 Peter Samuel +- [1.03-4] +- symlinks to /var/qmail/bin/sendmail are now part of the package + instead of part of the post install script. + +* Mon Dec 18 2000 Peter Samuel +- [1.03-3] +- Removed DNS patch. AOL seems to be behaving itself. +- Minor format cleanups to spec file. +- Postinstall now ensures existing files have correct ownerships. + +%prep +## # Prior to building the package, ensure that the qmail users and groups +## # exist and have the correct uid and gid information. This avoids uid +## # and gid conflicts between installations. +## +## # GIDs +## nofiles=400 +## qmail=401 +## +## # UIDs +## alias=400 +## qmaild=401 +## qmaill=402 +## qmailp=403 +## qmailq=404 +## qmailr=405 +## qmails=406 +## +## group_check() +## { +## x=$(grep "^$1:" /etc/group | /usr/bin/cut -d: -f3 2>/dev/null) +## if [ "$x" != "$2" ] +## then +## echo group $1 should be $2 but is $x +## exit 1 +## fi +## } +## +## group_check nofiles $nofiles +## group_check qmail $qmail +## +## user_check() +## { +## x=$(id -u $1) +## if [ "$x" != "$2" ] +## then +## echo user $1 should be $2 but is $x +## exit 1 +## fi +## } +## +## user_check alias $alias $nofiles /var/qmail/alias /bin/false +## user_check qmaild $qmaild $nofiles /var/qmail /bin/false +## user_check qmaill $qmaill $nofiles /var/qmail /bin/false +## user_check qmailp $qmailp $nofiles /var/qmail /bin/false +## user_check qmailq $qmailq $qmail /var/qmail /bin/false +## user_check qmailr $qmailr $qmail /var/qmail /bin/false +## user_check qmails $qmails $qmail /var/qmail /bin/false + +%setup +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +#%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +%build +#echo gcc -O2 --include /usr/include/errno.h > conf-cc +#gcc -O2 -DTLS=20021228 -I/usr/local/ssl/include +echo gcc -O2 -DTLS=20021228 -I/usr/local/ssl/include -DEHLO=1 -DDEBUG=1 --include /usr/include/errno.h > conf-cc +make + +%install +rm -rf $RPM_BUILD_ROOT +make it man + +# Create the relocated installation directory. +# We can't run ./install, as it requires root, and +# dirties the build system. Instead, we just do the +# equivalent steps +mkdir -p $RPM_BUILD_ROOT/var/qmail +for i in alias control users bin boot doc man queue +do + mkdir $RPM_BUILD_ROOT/var/qmail/$i +done +for i in pid intd todo bounce mess info local remote lock +do + mkdir $RPM_BUILD_ROOT/var/qmail/queue/$i +done +for i in $(seq 0 22) +do + mkdir $RPM_BUILD_ROOT/var/qmail/queue/mess/$i + mkdir $RPM_BUILD_ROOT/var/qmail/queue/info/$i + mkdir $RPM_BUILD_ROOT/var/qmail/queue/local/$i + mkdir $RPM_BUILD_ROOT/var/qmail/queue/remote/$i +done +for i in \ + qmail-queue qmail-lspawn qmail-start qmail-getpw qmail-local \ + qmail-remote qmail-rspawn qmail-clean qmail-send splogger \ + qmail-newu qmail-newmrh qmail-pw2u qmail-inject predate \ + datemail mailsubj qmail-showctl qmail-qread qmail-qstat \ + qmail-tcpto qmail-tcpok qmail-pop3d qmail-popup qmail-qmqpc \ + qmail-qmqpd qmail-qmtpd qmail-smtpd sendmail tcp-env qreceipt \ + qsmhook qbiff forward preline condredirect \ + bouncesaying except maildirmake maildir2mbox maildirwatch \ + qail elq pinq ipmetest ipmeprint +do + mv $i $RPM_BUILD_ROOT/var/qmail/bin/ +done + +for i in \ + home home+df proc proc+df binm1 binm1+df \ + binm2 binm2+df binm3 binm3+df +do + mv $i $RPM_BUILD_ROOT/var/qmail/boot +done + +for i in \ + FAQ UPGRADE SENDMAIL INSTALL INSTALL.alias INSTALL.ctl \ + INSTALL.ids INSTALL.maildir INSTALL.mbox INSTALL.vsm \ + TEST.deliver TEST.receive REMOVE.sendmail REMOVE.binmail \ + PIC.local2alias PIC.local2ext PIC.local2local PIC.local2rem \ + PIC.local2virt PIC.nullclient PIC.relaybad PIC.relaygood \ + PIC.rem2local +do + mv $i $RPM_BUILD_ROOT/var/qmail/doc/ +done +%{__install} -Dp %{SOURCE1} %{buildroot}/var/qmail/doc/ + +for i in 1 5 7 8 +do + mkdir $RPM_BUILD_ROOT/var/qmail/man/cat$i + mkdir $RPM_BUILD_ROOT/var/qmail/man/man$i +done +for i in *.1 +do + mv $i $RPM_BUILD_ROOT/var/qmail/man/man1/ + mv $(echo $i | sed s/1/0/) $RPM_BUILD_ROOT/var/qmail/man/cat1/ +done + +for i in *.5 +do + mv $i $RPM_BUILD_ROOT/var/qmail/man/man5/ + mv $(echo $i | sed s/5/0/) $RPM_BUILD_ROOT/var/qmail/man/cat5/ +done + +for i in *.7 +do + mv $i $RPM_BUILD_ROOT/var/qmail/man/man7/ + mv $(echo $i | sed s/7/0/) $RPM_BUILD_ROOT/var/qmail/man/cat7/ +done + +for i in *.8 +do + mv $i $RPM_BUILD_ROOT/var/qmail/man/man8/ + mv $(echo $i | sed s/8/0/) $RPM_BUILD_ROOT/var/qmail/man/cat8/ +done + +mkfifo $RPM_BUILD_ROOT/var/qmail/queue/lock/trigger +dd bs=1024 count=0 if=/dev/zero of=$RPM_BUILD_ROOT/var/qmail/queue/lock/sendmutex + +# Create the relative installation directories for the symlinks. + +mkdir -p $RPM_BUILD_ROOT/usr/lib +mkdir -p $RPM_BUILD_ROOT/usr/sbin +ln -s /var/qmail/bin/sendmail $RPM_BUILD_ROOT/usr/lib/sendmail +ln -s /var/qmail/bin/sendmail $RPM_BUILD_ROOT/usr/sbin/sendmail + +%pre +# Prior to installing the package, ensure that the qmail users and groups +# exist and have the correct uid and gid information. This ensures that +# uid and gid values match the values which are compiled into the binaries + +# GIDs +nofiles=400 +qmail=401 + +# UIDs +alias=400 +qmaild=401 +qmaill=402 +qmailp=403 +qmailq=404 +qmailr=405 +qmails=406 + +group_check() +{ + if grep "^$1:" /etc/group > /dev/null 2>&1 + then + if [ $(grep "^$1:" /etc/group | /usr/bin/cut -d: -f3) != $2 ] + then + /usr/sbin/groupdel $1 + /usr/sbin/groupadd -g $2 $1 + fi + else + /usr/sbin/groupadd -g $2 $1 + fi +} + +group_check nofiles $nofiles +group_check qmail $qmail + +user_check() +{ + if grep "^$1:" /etc/passwd > /dev/null 2>&1 + then + if [ $(grep "^$1:" /etc/passwd | /usr/bin/cut -d: -f3,4) != "$2:$3" ] + then + /usr/sbin/userdel $1 + /usr/sbin/useradd -u $2 -M -g $3 -d $4 -s $5 $1 + fi + else + /usr/sbin/useradd -u $2 -M -g $3 -d $4 -s $5 $1 + fi +} + +user_check alias $alias $nofiles /var/qmail/alias /bin/false +user_check qmaild $qmaild $nofiles /var/qmail /bin/false +user_check qmaill $qmaill $nofiles /var/qmail /bin/false +user_check qmailp $qmailp $nofiles /var/qmail /bin/false +user_check qmailq $qmailq $qmail /var/qmail /bin/false +user_check qmailr $qmailr $qmail /var/qmail /bin/false +user_check qmails $qmails $qmail /var/qmail /bin/false + +%post +dd bs=1024 count=1 if=/dev/zero of=/var/qmail/queue/lock/tcpto &> /dev/null +chown qmailr:qmail /var/qmail/queue/lock/tcpto &> /dev/null +chmod 644 /var/qmail/queue/lock/tcpto &> /dev/null +exit 0 + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%attr(755,root,qmail) %dir /var/qmail +%attr(2755,alias,qmail) %dir /var/qmail/alias +%attr(755,root,qmail) %dir /var/qmail/control +%attr(755,root,qmail) %dir /var/qmail/users +%attr(755,root,qmail) %dir /var/qmail/bin +%attr(755,root,qmail) %dir /var/qmail/boot +%attr(755,root,qmail) %dir /var/qmail/doc +%attr(755,root,qmail) %dir /var/qmail/man +%attr(755,root,qmail) %dir /var/qmail/man/cat1 +%attr(755,root,qmail) %dir /var/qmail/man/cat5 +%attr(755,root,qmail) %dir /var/qmail/man/cat7 +%attr(755,root,qmail) %dir /var/qmail/man/cat8 +%attr(755,root,qmail) %dir /var/qmail/man/man1 +%attr(755,root,qmail) %dir /var/qmail/man/man5 +%attr(755,root,qmail) %dir /var/qmail/man/man7 +%attr(755,root,qmail) %dir /var/qmail/man/man8 +%attr(750,qmailq,qmail) %dir /var/qmail/queue +%attr(700,qmailq,qmail) %dir /var/qmail/queue/pid +%attr(700,qmailq,qmail) %dir /var/qmail/queue/intd +%attr(750,qmailq,qmail) %dir /var/qmail/queue/todo +%attr(700,qmails,qmail) %dir /var/qmail/queue/bounce +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/0 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/1 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/2 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/3 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/4 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/5 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/6 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/7 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/8 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/9 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/10 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/11 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/12 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/13 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/14 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/15 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/16 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/17 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/18 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/19 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/20 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/21 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/mess/22 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/0 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/1 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/2 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/3 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/4 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/5 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/6 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/7 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/8 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/9 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/10 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/11 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/12 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/13 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/14 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/15 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/16 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/17 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/18 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/19 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/20 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/21 +%attr(700,qmails,qmail) %dir /var/qmail/queue/info/22 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/0 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/1 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/2 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/3 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/4 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/5 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/6 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/7 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/8 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/9 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/10 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/11 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/12 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/13 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/14 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/15 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/16 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/17 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/18 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/19 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/20 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/21 +%attr(700,qmails,qmail) %dir /var/qmail/queue/local/22 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/0 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/1 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/2 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/3 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/4 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/5 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/6 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/7 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/8 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/9 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/10 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/11 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/12 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/13 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/14 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/15 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/16 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/17 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/18 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/19 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/20 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/21 +%attr(700,qmails,qmail) %dir /var/qmail/queue/remote/22 +%attr(750,qmailq,qmail) %dir /var/qmail/queue/lock +%attr(755,root,qmail) /var/qmail/bin/ipmetest +%attr(755,root,qmail) /var/qmail/bin/ipmeprint +%attr(4711,qmailq,qmail) /var/qmail/bin/qmail-queue +%attr(700,root,qmail) /var/qmail/bin/qmail-lspawn +%attr(700,root,qmail) /var/qmail/bin/qmail-start +%attr(711,root,qmail) /var/qmail/bin/qmail-getpw +%attr(711,root,qmail) /var/qmail/bin/qmail-local +%attr(711,root,qmail) /var/qmail/bin/qmail-remote +%attr(711,root,qmail) /var/qmail/bin/qmail-rspawn +%attr(711,root,qmail) /var/qmail/bin/qmail-clean +%attr(711,root,qmail) /var/qmail/bin/qmail-send +%attr(711,root,qmail) /var/qmail/bin/splogger +%attr(700,root,qmail) /var/qmail/bin/qmail-newu +%attr(700,root,qmail) /var/qmail/bin/qmail-newmrh +%attr(711,root,qmail) /var/qmail/bin/qmail-pw2u +%attr(755,root,qmail) /var/qmail/bin/qmail-inject +%attr(755,root,qmail) /var/qmail/bin/predate +%attr(755,root,qmail) /var/qmail/bin/datemail +%attr(755,root,qmail) /var/qmail/bin/mailsubj +%attr(755,root,qmail) /var/qmail/bin/qmail-showctl +%attr(755,root,qmail) /var/qmail/bin/qmail-qread +%attr(755,root,qmail) /var/qmail/bin/qmail-qstat +%attr(755,root,qmail) /var/qmail/bin/qmail-tcpto +%attr(755,root,qmail) /var/qmail/bin/qmail-tcpok +%attr(755,root,qmail) /var/qmail/bin/qmail-pop3d +%attr(711,root,qmail) /var/qmail/bin/qmail-popup +%attr(755,root,qmail) /var/qmail/bin/qmail-qmqpc +%attr(755,root,qmail) /var/qmail/bin/qmail-qmqpd +%attr(755,root,qmail) /var/qmail/bin/qmail-qmtpd +%attr(755,root,qmail) /var/qmail/bin/qmail-smtpd +%attr(755,root,qmail) /var/qmail/bin/sendmail +%attr(755,root,qmail) /var/qmail/bin/tcp-env +%attr(755,root,qmail) /var/qmail/bin/qreceipt +%attr(755,root,qmail) /var/qmail/bin/qsmhook +%attr(755,root,qmail) /var/qmail/bin/qbiff +%attr(755,root,qmail) /var/qmail/bin/forward +%attr(755,root,qmail) /var/qmail/bin/preline +%attr(755,root,qmail) /var/qmail/bin/condredirect +%attr(755,root,qmail) /var/qmail/bin/bouncesaying +%attr(755,root,qmail) /var/qmail/bin/except +%attr(755,root,qmail) /var/qmail/bin/maildirmake +%attr(755,root,qmail) /var/qmail/bin/maildir2mbox +%attr(755,root,qmail) /var/qmail/bin/maildirwatch +%attr(755,root,qmail) /var/qmail/bin/qail +%attr(755,root,qmail) /var/qmail/bin/elq +%attr(755,root,qmail) /var/qmail/bin/pinq +%attr(755,root,qmail) /var/qmail/boot/home +%attr(755,root,qmail) /var/qmail/boot/home+df +%attr(755,root,qmail) /var/qmail/boot/proc +%attr(755,root,qmail) /var/qmail/boot/proc+df +%attr(755,root,qmail) /var/qmail/boot/binm1 +%attr(755,root,qmail) /var/qmail/boot/binm1+df +%attr(755,root,qmail) /var/qmail/boot/binm2 +%attr(755,root,qmail) /var/qmail/boot/binm2+df +%attr(755,root,qmail) /var/qmail/boot/binm3 +%attr(755,root,qmail) /var/qmail/boot/binm3+df +%attr(644,root,qmail) /var/qmail/doc/FAQ +%attr(644,root,qmail) /var/qmail/doc/UPGRADE +%attr(644,root,qmail) /var/qmail/doc/SENDMAIL +%attr(644,root,qmail) /var/qmail/doc/INSTALL +%attr(644,root,qmail) /var/qmail/doc/INSTALL.alias +%attr(644,root,qmail) /var/qmail/doc/INSTALL.ctl +%attr(644,root,qmail) /var/qmail/doc/INSTALL.ids +%attr(644,root,qmail) /var/qmail/doc/INSTALL.maildir +%attr(644,root,qmail) /var/qmail/doc/INSTALL.mbox +%attr(644,root,qmail) /var/qmail/doc/INSTALL.vsm +%attr(644,root,qmail) /var/qmail/doc/TEST.deliver +%attr(644,root,qmail) /var/qmail/doc/TEST.receive +%attr(644,root,qmail) /var/qmail/doc/REMOVE.sendmail +%attr(644,root,qmail) /var/qmail/doc/REMOVE.binmail +%attr(644,root,qmail) /var/qmail/doc/PIC.local2alias +%attr(644,root,qmail) /var/qmail/doc/PIC.local2ext +%attr(644,root,qmail) /var/qmail/doc/PIC.local2local +%attr(644,root,qmail) /var/qmail/doc/PIC.local2rem +%attr(644,root,qmail) /var/qmail/doc/PIC.local2virt +%attr(644,root,qmail) /var/qmail/doc/PIC.nullclient +%attr(644,root,qmail) /var/qmail/doc/PIC.relaybad +%attr(644,root,qmail) /var/qmail/doc/PIC.relaygood +%attr(644,root,qmail) /var/qmail/doc/PIC.rem2local +%attr(644,root,qmail) /var/qmail/doc/moreipme.README +%attr(644,root,qmail) /var/qmail/man/cat1/forward.0 +%attr(644,root,qmail) /var/qmail/man/cat1/condredirect.0 +%attr(644,root,qmail) /var/qmail/man/cat1/bouncesaying.0 +%attr(644,root,qmail) /var/qmail/man/cat1/except.0 +%attr(644,root,qmail) /var/qmail/man/cat1/maildirmake.0 +%attr(644,root,qmail) /var/qmail/man/cat1/maildir2mbox.0 +%attr(644,root,qmail) /var/qmail/man/cat1/maildirwatch.0 +%attr(644,root,qmail) /var/qmail/man/cat1/mailsubj.0 +%attr(644,root,qmail) /var/qmail/man/cat1/qreceipt.0 +%attr(644,root,qmail) /var/qmail/man/cat1/qbiff.0 +%attr(644,root,qmail) /var/qmail/man/cat1/preline.0 +%attr(644,root,qmail) /var/qmail/man/cat1/tcp-env.0 +%attr(644,root,qmail) /var/qmail/man/cat5/addresses.0 +%attr(644,root,qmail) /var/qmail/man/cat5/envelopes.0 +%attr(644,root,qmail) /var/qmail/man/cat5/maildir.0 +%attr(644,root,qmail) /var/qmail/man/cat5/mbox.0 +%attr(644,root,qmail) /var/qmail/man/cat5/dot-qmail.0 +%attr(644,root,qmail) /var/qmail/man/cat5/qmail-control.0 +%attr(644,root,qmail) /var/qmail/man/cat5/qmail-header.0 +%attr(644,root,qmail) /var/qmail/man/cat5/qmail-log.0 +%attr(644,root,qmail) /var/qmail/man/cat5/qmail-users.0 +%attr(644,root,qmail) /var/qmail/man/cat5/tcp-environ.0 +%attr(644,root,qmail) /var/qmail/man/cat7/forgeries.0 +%attr(644,root,qmail) /var/qmail/man/cat7/qmail-limits.0 +%attr(644,root,qmail) /var/qmail/man/cat7/qmail.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-local.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-lspawn.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-getpw.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-remote.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-rspawn.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-clean.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-send.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-start.0 +%attr(644,root,qmail) /var/qmail/man/cat8/splogger.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-queue.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-inject.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-showctl.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-newmrh.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-newu.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-pw2u.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-qread.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-qstat.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-tcpok.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-tcpto.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-pop3d.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-popup.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-qmqpc.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-qmqpd.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-qmtpd.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-smtpd.0 +%attr(644,root,qmail) /var/qmail/man/cat8/qmail-command.0 +%attr(644,root,qmail) /var/qmail/man/man1/forward.1 +%attr(644,root,qmail) /var/qmail/man/man1/condredirect.1 +%attr(644,root,qmail) /var/qmail/man/man1/bouncesaying.1 +%attr(644,root,qmail) /var/qmail/man/man1/except.1 +%attr(644,root,qmail) /var/qmail/man/man1/maildirmake.1 +%attr(644,root,qmail) /var/qmail/man/man1/maildir2mbox.1 +%attr(644,root,qmail) /var/qmail/man/man1/maildirwatch.1 +%attr(644,root,qmail) /var/qmail/man/man1/mailsubj.1 +%attr(644,root,qmail) /var/qmail/man/man1/qreceipt.1 +%attr(644,root,qmail) /var/qmail/man/man1/qbiff.1 +%attr(644,root,qmail) /var/qmail/man/man1/preline.1 +%attr(644,root,qmail) /var/qmail/man/man1/tcp-env.1 +%attr(644,root,qmail) /var/qmail/man/man5/addresses.5 +%attr(644,root,qmail) /var/qmail/man/man5/envelopes.5 +%attr(644,root,qmail) /var/qmail/man/man5/maildir.5 +%attr(644,root,qmail) /var/qmail/man/man5/mbox.5 +%attr(644,root,qmail) /var/qmail/man/man5/dot-qmail.5 +%attr(644,root,qmail) /var/qmail/man/man5/qmail-control.5 +%attr(644,root,qmail) /var/qmail/man/man5/qmail-header.5 +%attr(644,root,qmail) /var/qmail/man/man5/qmail-log.5 +%attr(644,root,qmail) /var/qmail/man/man5/qmail-users.5 +%attr(644,root,qmail) /var/qmail/man/man5/tcp-environ.5 +%attr(644,root,qmail) /var/qmail/man/man7/forgeries.7 +%attr(644,root,qmail) /var/qmail/man/man7/qmail-limits.7 +%attr(644,root,qmail) /var/qmail/man/man7/qmail.7 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-local.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-lspawn.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-getpw.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-remote.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-rspawn.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-clean.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-send.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-start.8 +%attr(644,root,qmail) /var/qmail/man/man8/splogger.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-queue.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-inject.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-showctl.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-newmrh.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-newu.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-pw2u.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-qread.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-qstat.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-tcpok.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-tcpto.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-pop3d.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-popup.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-qmqpc.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-qmqpd.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-qmtpd.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-smtpd.8 +%attr(644,root,qmail) /var/qmail/man/man8/qmail-command.8 +%attr(600,qmails,qmail) /var/qmail/queue/lock/sendmutex +%attr(622,qmails,qmail) /var/qmail/queue/lock/trigger +%attr(777,root,root) /usr/lib/sendmail +%attr(777,root,root) /usr/sbin/sendmail