Vista elenco

Ricevuto — 21 Maggio 2026 Linux

Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces

✇Linux.com
di: Linux.com Editorial Staff
4 Aprile 2025 ore 20:16

OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting.

Read More at Causely

The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.

Installazione di Dovecot e sieve su qmail + vpopmail

✇notes.sagredo.eu
6 Giugno 2026 ore 13:31

Changelog

  • May 14, 2026
    - dovecot 2.4.3 released. Changed dovecot_config_version and dovecot_storage_version in dovecot.conf
    - the new version has lua as a dependency. Added --without-lua at configure command
  • Feb 25, 2026
    - Added Server Name Indication (SNI) settings in sni.conf.template, imported from local.conf commit
    - userdb iterate query nor orders by domain and username commit
    - 15-mailboxes.conf: fts_autoindex = no added to Trash and Junk folders commit
    - 10-auth.conf: + character added to auth_username_chars commit
  • Nov 24, 2025
    - dropped 'enforce = no' from 90-quota.conf to enforce quota limits (commit)
  • Nov 22, 2025
    - quota driver switched to 'count' (commit). 'count' is the recommended way of calculating quota on recent Dovecot installations.
  • Oct 30, 2025
    - dovecot ugraded to v. 2.4.2
  • Mar 29, 2025
    - dovecot updated to v. 2.4.1-4
  • Mar 15, 2025 (config version 2.4.0.1 diff
    - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here)
    - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included from local.conf
  • Mar 9, 2025
    - fixed quota calculation in sql queries (tx Hakan Cakiroglu)
  • Feb 22, 2025
    - Bug fix in 90-sieve.conf: global script to move spam into Junk now working
    - Bug fix in move-spam.sieve: erroneously matches "YES" if "BAYES" is in the header
  • Feb 15, 2025
    - added support for vpopmail configured with --disable-many-domains
    - 90-sieve.conf: global script move-spam.sieve called correctly
  • Feb 8, 2025
    - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko)
    - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
  • Jan 29, 2025
    - dovecot upgraded to v 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
  • Nov 15, 2024
    - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
  • Dec 29, 2023
    default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default
  • Feb 10, 2023
    - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)

Aggiornare qmail

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Changelog

  • Apr 7, 2026
    - (security) Remote Code Execution via Shell Injection in qmail-remote TLS Error Handler in #42 (tx Diep Pham)
  • Apr 2, 2026
    - qmail-remote auth improvements by pierluigi in #39
    - Fixed DKIM ed25519-sha256 signing and verification to conform to RFC8463 by @agerstla in #40
    - Updated qmail-qfilter to support filters defined in control/qfilters by @agerstla in #41
  • Feb 25, 2026
    - Improved DKIM status handling by @agerstla in #35
    - Ported over DKIM_BAD_IDENTITY support from Indimail (tx Manvendra Bhangui and Andreas Gerstlauer 1299b55)
    - SNI support for qmail-smtpd by @agerstla in #37
    - Added qmail-qfilter by @agerstla in #38
  • Feb 3, 2026
    - Bug fix for verifying multiple DKIM signatures (second one always failed due to a DNS lookup bug). tx Andreas Gerstlaurer #31
    - config-all.sh upgrade #33
    * config-all.sh: moreipme is now populated with IPs in separate lines
    * config-all.sh: rsa dh keys can be created even if the certificate creation is skipped
    * config-all requires to accept overwriting with y/N/a=all options
  • Jan 8, 2026
    - bug fixed in helodnscheck: it allowed domains with only one dot #30
  • Jan 5, 2026
    - helodnscheck.cpp    : PCRE dependency avoided, to make happy Debian 13 d987ec4
    - config-all now grabs the correct network interface c60d3fa
    - config-all will now prompt for 1024/2048 key length for DKIM c842cea
    - Fixed typo in qmailctl 3f1ea75
    - Makefile: Fixed incorrect rule syntax for 'make cert' 80222cc
  • Sep 8, 2025
    - Fixes in SPP handling and support for [pass] plugins after RCPT accept. Support for RBLRESULT environment variable and RBL ignore ('=') option. (tx Andreas Gerstlauer)
    - Added -std=gnu17 to conf-cc, fixed some other issues and now it compiles on gcc-15.2 in #28
    - scripts/qmail-pop3d and qmail/pop3sd: ports changed to 110 and 995
    - Received: email header now hides the sender's hostname when the sender is RELAYCLIENT or is authenticated. 785e84b
  • Apr 30, 2025
    qmailctl    , qmHandle, queue_repair and all scripts installed in QMAIL/bin and not in /usr/local/bin by config-all.sh
  • Apr 25, 2025
    - added a configuration script config-all, which configure and installs the control files (as per the original config-fast script), aliases, SRS (uses control/me as the srs_domain), log dirs in /var/log/qmail, tcprules (basic, just to make initial tests), supervise scripts, qmailctl script, DKIM control/filterargs and control/domainkeys dir, SURBL, smtpplugins, helodnscheck spp plugin, svtools, qmHandle, queue-repair, SSL key file (optional).
    Consider this feature as "testing"
  • Feb 11, 2025
    - Several adjustments to get freeBSD and netBSD compatibility. More info in the commit history. Hints/comments are welcome.
    - freeBSD users have to erase the very 1st line of the file "conf-lib", as libresolv.so in not needed on freeBSD.
    - Dropped files install-big.c, idedit.c and BIN.* files.
    - Dropped files byte_diff.c, str_cpy.c, str_diff.c, str_diffn.c and str_len.c, which break compilation on clang and can be replaced by the functions shipped by the compiler (tx notqmail).
    - Old documentation moved to the "doc" dir. install.c and hier.c modified accordingly
    - conf-cc and conf-ld now have -L/usr/local/lib and -I/usr/local/include to look for srs2 library
    - conf-cc and conf-ld now have -L/usr/pkg/lib and -I/usr/pkg/include to satisfy netBSD
    - vpopmail-dir.sh: minor correction to vpopmail dir existence check
    - srs.c: #include <srs2.h> now without path

Server Name Indication (SNI) per qmail e dovecot

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Server Name Indication (SNI) è una estensione del protocollo TLS che consente a un server di presentare differenti certificati a seconda dell'hostname richiesto dal client durante il saluto TLS.

In un ambiente email moderno, molti domini condividono uno stesso indirizzo IP per i servizi SMTP, IMAP, POP3 e submission. Senza SNI, un amministratore di un server email può presentare un solo certificato per ogni socket disponibile, cosa che obbliga l'aministratore ad affidarsi a certificati multi-dominio (SAN) o a certificati con wildcard. Questo approccio aumenta i problemi operativi tra gli utenti finali novelli, che spesso non sono in grado di usare la configurazione automatica del client per configurare correttamente le loro mailbox.

L'abilitazione di SNI nei serivizi mail consente al server di presentare il certificato appropriato basato sull'hostname richiesto dal client, contenuto nel suo indirizzo email.

La funzionalità SNI per la mia distribuzione qmail è stata aggiunta da Andreas Gerstlauer (commit qui e qui), che vorrei ringraziare.

  • ClamAV  
  • ↗️

ClamAV

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Changelog

  • Mar 4, 2026
    - clamav upgraded to v 1.5.2
  • Oct 11, 2025
    - clamav upgraded to v 1.5.0. A recent version of rust is needed (successfully using 1.88 here). Just reinstall as explained below. No particular change is needed in the config files.

Installare e configurare VPopMail

✇notes.sagredo.eu
2 Giugno 2026 ore 18:30

Vpopmail fornisce un modo semplice di gestire indirizzi di posta su domini virtuali e account email diversi da quelli su /etc/passwd.

Changelog

  • Feb 11, 2026
    - vlimits.c    : avoids no file found exit when .qmailadmin-limits is not existent because no limits are defined yet (a565779)
    - added sql files to be imported on upgrade to v. 5.6.x (8136480)
  • Feb 8, 2026
    - migliorata la sezione "upgrade"
    - vmysql.c changes (#10)
    • valias_create_table now check if table is already created in order to avoid warnings in dotqmail2valias
    • solved quotes issue in query in valias_insert function
  • Nov 20, 2025
    - vutil: 'isSomething' functions reviewed to satisfy qmailadmin calls in #9
    - Added definition of 'call_onchange' function and cured its calls to avoid break 97ffe38
  • Oct 30, 2025 (v. 5.6.10)
    - Added specific usage informations for s/qmail users (look here)
    - Dropped -std=gnu17 from compilation options and solved (probably) all breaks and warnings on gcc 15.2 2d8526d
    - configure.ac now looks for mariadb include and lib dir in addition to mysql dab36e8
    - configure.ac automatically looks for vanilla qmail's users/cdb and s/qmail's users/assign.cdb file 723efb3
    - Updated the usage() funcion message in vadduser.c to clarify the use of pre-hashed passwords with -e 5b5ccdb
    - control/defaultdelivery is now installed by vpopmail if --enable-defaultdelivery 77f54eb
    - vrcptcheck checks all kind of address (users, forwards, valiases) #7
    - Dropped unused functions in vpopmail.c #8
  • Sep 1, 2025 (v. 5.6.9)
    - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
    - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
  • Mar 29, 2025
    - defaultdelivery     feature (--enable-defaultdelivery) changes (more info here, commit):
    • vdelivermail is installed by default in .qmail-default of newly created domains with option 'delete' as in the previous version.
    • if no user's valiases and no .qmail are found, then the message is sent to the control/defaultdelivery file, so that dovecot-lda (or whatelse) can store the mail into inbox and execute the sieve rules.
    • if vdelivermail is found in control/defaultdelivery, then it is ignored. The delivery remains in charge to vdelivermail, to avoid loops.
    • v. 5.6.8 is backward compatible. The users having .qmail from previous versions of the defauldelivery feature are not affected by this change.

vQadmin

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

VqAdmin è un pannello di controllo su interfaccia web che consente di eseguire azioni che richiedono l'accesso a root — per esempio, aggiungere e cancellare domini.

Come si può vedere, VqAdmin ha una nuova versione con un nuovo aspetto mobile responsive, con tutte le mie vecchie patch incluse (compresa quella di ALI) e diverse correzioni e ripuliture del codice sorgente. Ho risolto tutti i warnings sia di autotools che di gcc e cambiato un paio di cose per poter rifare il tema html (guardare il changelog per maggiori dettagli). Come sempre i contributi nei commenti sono graditi.

PS: anche la parte apache è stata modificata e prima di fare l'aggiornamento è necessario guardare quali modifiche sono necessarie.

Have fun!

Changelog

  • Feb 18, 2026 (v. 2.4.7)
    - domain's users lists valiases too #4
    - bug fix in mod_domain.html: Mailing Lists domain limit was not copied correctly (ecce453)
  • Jan 31, 2026
    - relaylimits added to control files 4c5a859
    - disabled maintainer mode to avoid autotools regeneration on user builds #3
  • Jan 25, 2026
    - Domain's users listed alphabetically by domain and username #2 451da48
    - Dropped simsizelimit control file 868b8b2
  • Dec 06, 2024
    - added a patch to highlight users with restrictions and with admin privileges (PR #1, thanks Bai Borko)
    - added control files notlshosts_auto and tlsserverciphers

Configurazione di DKIM per qmail

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Questa pagina riguarda la patch DKIM inclusa nella mia patch combinata (maggiori informazioni qui). Questo argomento è avanzato ed è consigliabile tornare qui alla fine del tutto.

DKIM fornisce un metodo per validare l'identità di un nome a dominio associato a un messaggio con una autenticazione crittografata. La tecnica di validazione è basata sulla crittografia di una chiave pubblica: Il server che invia l'email aggiunge il nome a dominio al messaggio e vi affigge una firma digitale. Questa chiave è posta nell'intestazione DKIM-Signature: del messaggio. Colui che riceve il messaggio può controllare la validità della chiave pubblica leggendo un record TXT del DNS del dominio associato al messaggio.

Sei invitato a dare un'occhiata alle pagine man a partire da qmail-dkim(8) e spawn-filter(8).

Changelog

  • Jan 29, 2026
    - Bug fix for verifying multiple DKIM signatures (second one always failed due to a DNS lookup bug). tx Andreas Gerstlauer
  • Jul 10, 2025
    added ERROR_FD=2 in control/filterargs to send error output of qmail-dkim in stderr when acting as a qmail-remote filter (Andreas Gerstlauer)
  • Feb 12, 2024
    - v. 1.48: fixed minor bug using filterargs for local deliveries (commit)
  • Feb 6, 2024
    -DKIM patch upgraded to v. 1.47
    * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
  • Jan 11, 2024
    - version 1.46
    * dk-filter.sh has been dropped. If signing at qmail-remote level, before upgrading, you have to review the configuration as explained below.
    * The variables USE_FROM, USE_SENDER and DKIMDOMAIN have been dropped
    * when signing at qmail-remote level qmail-dkim now has to be called directly by spawn-filter in the rc file. man spawn-filter for more info
    * In case of bounces the signature will be automatically based on the from: field. This will solve issues of DMARC reject by google in case of sieve/vacation bounces.
    * In case of ordinary bounces (mailbox not found, for instance) the bounce domain will be taken from control/bouncehost and, if doesn't exist, from control/me
  • Jan 4, 2024
    - patch upgraded to v. 1.44
    * fixed an issue with filterargs where spawn-filter is trying to execute remote:env xxxxx.... dk-filter. This issue happens when FILTERARGS environment variable is not defined in the qmail-send rc script.
    * dkim.c fix: https://notes.sagredo.eu/en/qmail-notes-185/configuring-dkim-for-qmail-92.html#comment3668 
    * adjustments fo dk-filter and dknewkey man pages
  • Nov 20, 2023
    * The patch now by default excludes X-Arc-Authentication-Results
    * dkim can additionally use the environment variable EXCLUDE_DKIMSIGN to include colon separated list of headers to be excluded from signing (just like qmail-dkim). If -X option is used with dk-filter, it overrides the value of EXCLUDE_DKIMSIGN.
  • Feb 19, 2023 (v. 1.37 upgrade)
    - ed25519 support​ (RFC 8463)
    - multiple signatures/selectors via the enhanced control/dkimkeys or DKIMSIGNDKIMSIGNEXTRADKIMSIGNOPTIONS  DKIMSIGNOPTIONSEXTRA variables
    - domainkey script replaced by dknewkey in order to create ed25519 keys and rsa keys with 1024/2048/4096 bit
    - dropped yahoo's domainkeys support (no longer need the libdomainkeys.a library)
    - man pages revised and enhanced
    - domainkeys directory moved to /var/qmail/control/domainkeys
    - the documentation in this page has been revised. You can find how to sign with the rsa key together with the ed25519 key below.

Playing with qmail-spp

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

qmail-spp provides plug-in support for qmail-smtpd. It allows you to write external programs and use them to check SMTP command argument validity. The plug-in can trigger several actions, like denying a command with an error message, logging data, adding a header and much more.

  • Author: Pawel Foremski
  • More info here

Today I played for the first time with an ancient patch for qmail: qmail-spp. I was really impressed for the ease of use and the elegance of its code, which is inserted inside qmail-smtpd.c with a few touches, despite of the many things that it can do when installed and enabled.

It can run a custom plugin in any language and at any level of the smtp session, grabbing the environment variables, writing into stderr or blocking the smtp session with a return error for the sender.

In no time at all I managed to understand its logic and write a small plugin by adapting a c program I wrote for s/qmail a few months ago to check the validity of the recipient.

Of course I decided to add this patch to my combo. I've just modified the way it has to be enabled, just not to bother those who don't want to touch their run scripts. So, while the original patch is enabled by default, I modified things a little bit so that you have to manually enable it by exporting the variable ENABLE_SPP in your run scripts. Therefore the original NOSPP variable is useless.

Have fun!

Script e cronjob per il sistema di learning e reporting di Spamassassin

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Ora che abbiamo preparato i filtri antispam dobbiamo addestrare il nostro sistema bayesiano e inviare i report a Razor, Pyzor e Spamcop.

La cosa più ovvia che può venirci in mente di fare a questo punto è forse quella di lanciare sa_learn e spamassassin --report uno dopo l'altro al click sul bottone "Marca come Spam" della webmail Roundcube (vedere i driver cmd_learn e multi_driver del plugin markasjunk), ma questa scelta ha alcuni svantaggi importanti:

  • il processo di addestramento, la conseguente sincronizzazione del journal e la connessione ai vari network per il reporting può richiedere anche una decina di secondi, un tempo che i nostri utenti non sono disposti ad attendere.
  • cosa anche più grave, quando essi cliccano sul bottone "Marca come Spam" non è sempre detto che si tratti di un vero messaggo di posta indesiderata. Prendiamo ad esempio il classico caso delle newsletter a cui si sono regolarmente iscritti e che non vogliono più leggere, e che decidono di eliminare etichettandole come spamming anzichè inoltrare una regolare richiesta di cancellazione.

E' qundi più corretto eseguire questi due compiti durante la notte per mezzo di un cronjob (primo problema risolto), processando i soli messaggi di vero spam/ham che l'utente ha consapevolmente copiato in una cartella apposita (secondo problema).

Migrating from Linux-VServer to LXC (Slackware)

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Tired of the nightmares of remotely compiling the kernel with Linux-VServer, a software that I'm pleased with despite of some lack of documentation, these days I was playing with LXC, which is included and supported by Slackware and for which the Linux kernel doesn't need any patching because it already embeds the hacks for LXC containers.

To convert an existing Linux-VServer container in a (eventually unprivileged) LXC container you can follow these steps. I assume that you already know  how to create an LXC container; in case you are interested in unprivileged containers take a look to the excellent Chris Willing's guide (a big thanks to him) linked below.

More info:

Bye bye Drupal

✇notes.sagredo.eu
21 Maggio 2026 ore 04:31

Era ora che riuscissi a liberarmi della vecchia piattaforma Drupal come strumento per questo blog, ma finalmente ho trovato il tempo per migrare il database di Drupal e per riprendere qui la vecchia grafica (solo lo stile, il codice html è mio).

D'altronde, da almeno 15 anni porto avanti lo sviluppo di un mio CMS (basato su php/mariadb), che però originariamente non avevo usato per la mancanza del tempo necessario a costruirmi un tema html.

Ora il sito vive in ambiente Mobile Responsive e soprattutto mi consente di svincolarmi dagli incubi degli aggiormanti di Drupal e dei suoi pacchetti.

La parte sui commenti del presente CMS non è perfettamente collaudata e mi farebbe piacere avere eventualmente dei feedback su ogni problematica, quindi non esitate a scrivermi al riguardo.

Buon divertimento!

❌