https://youtu.be/Qr3zIwW5IU8
In questa seconda puntata andiamo a vedere altri due importantissimi ed utilissimi tools per linux!

Link utili:
- https://flathub.org/it/apps/org.kde.dolphin
- https://flathub.org/it/apps/com.github.qarmin.czkawka
- https://magnetimo.blogspot.com/
- https://open....

Oggi esistono centinaia di distribuzioni Linux mantenute attivamente. Per distinguersi, alcune sono progettate per scopi molto specifici e pensate per esigenze particolari.

Trovi notizie, approfondimenti e nuove distro Linux seguendo il gruppo FediLUG su @linux@diggita.com

Qui alcune delle più note distribuzioni Linux specia...

AUR colpito da una nuova ondata di attacchi malware
#archlinux #Aur #sicurezza #linux
Quella che inizialmente sembrava un’infezione contenuta si è trasformata, nel giro di quarantotto ore, in una crisi sistemica che ha costretto gli amministratori di Arch Linux a misure di emergenza straordinarie. E quando il peggio sembrava pass...

Quella che inizialmente sembrava un’infezione contenuta si è trasformata, nel giro di quarantotto ore, in una crisi sistemica che ha costretto gli amministratori di Arch Linux a misure di emergenza straordinarie. E quando il peggio sembrava passato, una seconda ondata di malware ancora più sofisticata ha colpito AUR. La crisi è iniziata venerdì 12 giugno […]

L'articolo AUR colpito da una nuova ondata di attacchi malware proviene da Marco's Box.

Mi dicono spesso che #Debian è una #distro lenta.
Noiosa.
Poco innovativa.
Poco “spaziale”.

Ma per me, questo è il suo superpotere!

Non ci credi? Ascolta tutta la disanima nel mio ultimo video!

https://youtu.be/YcIoLCo54kA

@linux

Per millenni, i prati della Toscana e le campagne del Lazio sono rimasti incontaminati, cullati dal belato fiero e rigorosamente autoctono delle nostre storiche greggi. Poi, il dramma. Nel giro di pochi decenni, i nostri pasc...

We get into the process of working on and with formal protocol specifications, something Andy is familiar with from his work on Matrix.

Support us on Patreon and get an ad-free RSS feed with early episodes sometimes

See our contact page for ways to get in touch.

Subscribe to the RSS feed

We get into the process of working on and with formal protocol specifications, something Andy is familiar with from his work on Matrix.

Support us on Patreon and get an ad-free RSS feed with early episodes sometimes

See our contact page for ways to get in touch.

Subscribe to the RSS feed

Una vulnerabilità nel kernel Linux causata da un controllo invertito che permette a utenti senza privilegi di diventare root e evadere da container. https://www.hwupgrade.it/news/sicurezza-software/linux-un-punto-esclamativo-di-troppo-per-sbloccare-i-permessi-di-root/_154552.html #unoLinux @linux La vulnerabilità può essere risolta aggiorn...

Oggi siamo saliti a 1935 pacchetti AUR coinvolti

https://md.archlinux.org/s/SxbqukK6IA

@linux

Dati i recenti sviluppi sulle distro Arch mi è venuta voglia di provare sul mio portatile da gioco (pc secondario) PikaOS!
Allora, per il momento direi che sembra fare il suo… ma ho qualche problema a capire come cabbo funzionano i driver nvidia—intel sulle debian based… inoltre sembra essere preimpostata su un paio di cose c...

🚨 Visti i recenti e preoccupanti alert di sicurezza che stanno interessando diversi sistemi Linux basati su Arch, vi ricordiamo i nostri spazi dedicati dove seguire gli aggiornamenti, confrontarvi con la community e ricevere supporto per la risoluzione dei problemi.

:telegram: Telegram
https://t.me/fedilug

💬 Matrix

Se anche tu hai il disagio che scorre potente in te… Leggi!

https://kerberos.archathome.eu/gestire-un-server-arch-btw-con-android/
@linux @linux@diggita.com @linuxeasy #android #server #arch #archBTW #termux

💥 Incident AUR: supply chain attack

È in corso una campagna contro AUR con centinaia (poi >1000) PKGBUILD compromessi, associata a payload infostealer/rootkit distribuiti via pacchetti community.

Impatto potenziale su Arch e tutte le Arch-based che consumano AUR; i repo ufficiali non sono coinvolti.

Si può a...

salve a tutti
pubblico la versione video della puntata odierna di Radiolinux ai seguenti indirizzi

https://peertube.uno/w/xchJEpjVTwvNtkg2WSkDKY

https://youtu.be/4BhEqPUc358

torniamo sulla distribuzione
4Os utilissima per computer datati che possiamo utilizzare anche
per fini aziendali.
inoltre...

Ciao Google!
https://kerberos.archathome.eu/ho-abbandonato-google-per-360-giorni-ecco-cosa-e-andato-storto/
#homeserver #linux #selfhosting #arch #nextcloud #immich
@linux @linux@diggita.com

ATTENZIONE: analizzare prima di eseguirle anche le soluzioni proposte per mitigare il recente attacco subito da AUR.
Situazione in continua evoluzione, agite a VOSTRO RISCHIO E PERICOLO.

Dal forum di CachyOS sembra che la soluzione più aggiornata (adesso si parla di 1500 pacchetti compromessi) e senza la necessità di eseguir...

AUR Malware
siamo saliti a 1619 i pacchetti compromessi mentre scrivo

qui uno script aggiornato per controllare il sistema

https://github.com/lenucksi/aur-malware-check

@linux

T_T
Piu di 1500…

https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500

@linux

Buongiorno così,
una distro di Microslop basata su Fedora…
clamoroso, non ne sapevo niente.
🤡
@linux

Aurora OS: La Migliore Stazione di Sviluppo Linux?🤔🐋

Ecco un sistema che ti garantisca stabilità assoluta, aggiornamenti atomici e un ecosistema container-first. Esaminiamo tecnicamente la sua architettura, le prestazioni e la sua integrazione profonda con Podman e Flatpak, senza tralasciare l’aspetto dell’interfaccia KDE...

AUR: a fine giornata scoperti oltre 1500 pacchetti compromessi

#archlinux #linux #aur

Quella che era iniziata come una grave violazione circoscritta si è trasformata, nel giro di poche ore, in uno dei più vasti e preoccupanti incidenti di sicurezza nella storia di Arch Linux.

https://www.marcosbox.com/2026/06/13/aur-a-fin...

Quella che era iniziata come una grave violazione circoscritta si è trasformata, nel giro di poche ore, in uno dei più vasti e preoccupanti incidenti di sicurezza nella storia di Arch Linux. Nella giornata di ieri vi avevo segnalto della compromissione di più di 400 pacchetti presenti nel repository AUR (Arch User Repository). A fine […]

L'articolo AUR: a fine giornata scoperti oltre 1500 pacchetti compromessi proviene da Marco's Box.

In questa puntata di Radiolinux su http://www.radiostart.it/ ore 12,30
torniamo sulla distribuzione Q4OS utilissima per computer datati che possiamo utilizzare anche per fini aziendali. Si parla inoltre di Sovranita’ tecnologica, delle
lotte delle varie suite office nel mondo linux, di Euro Office, A.I e
legislatore am...

Chi si sta cagando addosso alzi la mano!

https://kerberos.archathome.eu/pacchetti-aur/
@linux @linux@diggita.com
#linux #arch #archBTW #aur #security

RefreshOS 3.0: la distribuzione GNU/Linux basata su Debian 13 con KDE Plasma 6
RefreshOS è una distribuzione GNU/Linux sviluppata e mantenuta da eXybit Technologies, pensata per chi desidera la stabilità di Debian unita a un ambiente desktop moderno e funzionale. Nata come progetto indipendente, si propone come una soluzione pronta a...

È notizia di queste ore di un attacco malware all AUR, se usate arch o derivate informatevi in merito e controllate di non essere infetti
@linux

Linux ti offre un controllo estremamente dettagliato sul funzionamento del tuo sistema: puoi automatizzare attività ripetitive, programmare operazioni in orari specifici e persino decidere quali processi devono avere la priorità nell’utilizzo della CPU.

Ecco alcuni dei comandi #Linux più utili per pianificare attività e gestir...

Comprehensive measures adopted by the European Commission aim to reduce dependency on non-EU countries.

Having recently moved house, Gary wonders how to reconfigure his homelab and network setup. Plus Shane is fed up with GitHub’s outages and formulates a plan to move away… somewhere…

Support us on patreon and get an ad-free RSS feed with early episodes sometimes

Subscribe to the RSS feed.

Se utilizzate Arch Linux o una delle sue celebri derivate (come EndeavourOS o CachyOS) e attingete regolarmente ad AUR (Arch User Repository), questo è il momento di prestare la massima attenzione. Nelle ultime 24 ore è emersa una massiccia campagna di attacco coordinata che ha visto la compromissione di oltre 400 pacchetti all’interno del noto […]

L'articolo AUR sotto attacco: scoperti oltre 400 pacchetti compromessi da un malware proviene da Marco's Box.

Buone notizie in arrivo per gli scontenti dell’interfaccia grafica di LibreOffice. A partire dal LibreOffice 26.8, il cui rilascio è previsto per il prossimo mese di agosto, sarà possibile personalizzare dando un tocco di colore all’interfaccia a schede (la Notebookbar). L’anteprima ci arriva dal profilo Mastodon del Design Team di Libreoffice. Come potete vedere è […]

L'articolo LibreOffice si colora proviene da Marco's Box.

People were locked out of their password managers to stop a brute force attack, Coreutils come to Windows, a FreeBSD PR effort backfires, and the best simple consumer WiFi gear.

Plugs

Support us on patreon and get an ad-free RSS feed with some early episodes

Why ZFS Is the Ideal Filesystem for Multi-User/Department Media Production

Webinar: June 30th @ 11am EDT: FreeBSD After Hours AMA

News/discussion

Password manager Dashlane suspends customer accounts amid brute-force attacks

Microsoft Announces Coreutils For Windows: Derived From Rust Coreutils

Coreutils for Windows

FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop

Free consulting

We were asked about the best simple consumer WiFi gear.

Within growing security and skills gaps, AI has been found to be a positive driving force behind tech hiring trends in Europe.

Late night snacks, and the books we love and hate. With Félim, Gary, Jim, and special guest Shane from Linux Lads.

Patrons got this this in their feed two weeks ago.

A new Firefox release confuses Félim, Plex makes no sense in a world where Jellyfin exists, Will considers paying for the Kagi search engine, and another small Android tablet for your wall. Plus what we learned at the recent Ubuntu Summit.

News/discussion

Firefox 151.0, See All New Features, Updates and Fixes

New Lifetime Plex Pass Pricing

Kagi

Shelly Wall Display

Ubuntu Summit

Ubuntu Summit 26.04 Timetable

Ubuntu Summit videos

A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.

GNUtrition 0.33 is now released. This marks the first release of GNUtrition since 2012, approximately 14 years ago!

GNUtrition is free nutrition analysis software. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release is a complete rewrite of GNUtrition in C rather than Python 2 with a new GTK 3 interface replacing the old GTK 2 one. The Nutrient Database of Standard Reference, which stopped getting updated in 2018, was replaced with the USDA Food and Nutrition Database for Dietary Studies. With help from some test volunteers, the build and installation process was better streamlined to resolve critical issues and difficulties so that GNUtrition can be a better program overall.

Considering the time between releases, GNUtrition currently is not available on OS package repositories (as far as I am aware). If you package software for your operating system's package manager, it would be very helpful if you could start packaging GNUtrition so that it may be even more easily used by people on said systems. If you don't, you may still request to those who do to start including GNUtrition.

Thank you to everyone who tested/used GNUtrition 0.33's release candidates and provided meaningful feedback on its functionality, design, and so on. I would also like to especially thank Jason Self for providing us with the C rewrite in the first place.

More information about GNUtrition may be found on its home page at http://gnu.org/so ... tware/gnutrition/. This release can be obtained from the ftp.gnu.org server at one of the following:

ftp://ftp.gnu.o ... gnu/gnutrition/
http://ftp.gnu.or ... g/gnu/gnutrition/
https://ftp.gnu.o ... g/gnu/gnutrition/

The FTP mirror list is available at https://gnu.or ... order/ftp.html, and https://ftpmirror ... u.org/gnutrition/ will automatically redirect you to a nearby mirror.

Please report any problems you experience to the GNUtrition bug reports mailing list: bug-gnutrition@gnu.org (https://lists.gnu ... fo/bug-gnutrition).

Happy hacking and calorie counting!!

Brave Software ha annunciato il rilascio di Brave Origin, una nuova versione a pagamento di Brave browser pensata per gli utenti che non hanno bisogno di tutte le funzionalità che supportano Brave come azienda, ma desiderano comunque la privacy che Brave offre.

L'articolo Brave Origin: il browser minimalista a pagamento di Brave (ma gratuito per Linux) proviene da Marco's Box.

Version 5.5 of GNU direvent is available for downloads. New in this version:

• All subprocesses are terminated before exit
• New configuration statement: shutdown-timeout

See the NEWS file for more details.

We revisit the topic of the dire situation with hardware prices, this time with a focus on getting the most out of machines with limited resources.

Support us on Patreon and get an ad-free RSS feed with some early episodes

See our contact page for ways to get in touch.

Subscribe to the RSS feed.

Microsoft threatens a security researcher for disclosing vulnerabilities publicly, bricks old versions of Office, and announces their version of OpenClaw. Plus keeping up with the latest technology.

Plugs

Support us on patreon and get an ad-free RSS feed with some early episodes

Which ZFS Storage Metrics Matter for Database Performance

Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS

News/discussion

Microsoft under fire for threatening security researcher with criminal investigation

The researcher is a former MS employee says Krebs

Microsoft reaches for olive branch after public dustup with 0-day researcher

Microsoft is intentionally bricking all Office for Mac 2019/2021 installations

Introducing Microsoft Scout: Your always-on personal agent

Free consulting

We were asked about keeping up with the latest technology.

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.6.1, a beta release.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 34 commits by 14 people in the 37 weeks since 2.6.0.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Alexandre Janniaux (4)
  Alexey Samsonov (1)
  Anthony Mallet (1)
  Arnold (1)
  Dima Pasechnik (1)
  Frederic Berat (1)
  Ileana Dumitrescu (15)
  KO Myung-Hun (4)
  Kirill Makurin (1)
  Mintsuki (1)
  Nicolas Boulenguez (1)
  Olly Betts (1)
  Patrice Dumas (1)
  Richard J. Mathar (1)

Ileana
 [on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu. ... g/s/libtool/

Here are the compressed sources:
  https://alpha.gnu ... tool-2.6.1.tar.gz   (2.1MB)
  https://alpha.gnu ... tool-2.6.1.tar.xz   (1.1MB)

Here are the GPG detached signatures:
  https://alpha.gnu ... -2.6.1.tar.gz.sig
  https://alpha.gnu ... -2.6.1.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.o ... rg/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

  File: libtool-2.6.1.tar.gz
  SHA256 sum:   52264ab2fca9464dea9f6a0355d39e49b18f40468b9b6dbc3d151a0dba307a4b
  SHA3-256 sum: 59826fb74043179c38a393448b92dfcdfbe9046fd3b23a7079665984f22d6688

  File: libtool-2.6.1.tar.xz
  SHA256 sum:   3fb21f1e99fcdd8565c9b00fb1371db457b82a0da7cba273e1617c954b0ad1ee
  SHA3-256 sum: 614bc3ed43293be989ec3305dae42fc4e81234429477490734a40f6d3316560b

Verify the SHA256 checksum with either sha256sum, sha256, or
'shasum -a 256'.

Verify the SHA3-256 checksum with 'cksum -a sha3 -l 256 --base64'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify libtool-2.6.1.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22  B99F 6570 EA01 146F 7354
  uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>
  uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key ileanadumitrescu95@gmail.com

  gpg --recv-keys 6570EA01146F7354

  wget -q -O- 'https://savannah. ... ol&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.o ... u/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify libtool-2.6.1.tar.gz.sig

This release is based on the libtool git repository, available as

  git clone https://https.git ... g/git/libtool.git

with commit 79de7bb71bc0a1167f4c4ae8bd897976a0ff2b51 tagged as v2.6.1.

For a summary of changes and contributors, see:

  https://gitweb.gi ... shortlog;h=v2.6.1

or run this command from a git-cloned libtool directory:

  git shortlog v2.6.0..v2.6.1

This release was bootstrapped with the following tools:
  Autoconf 2.73
  Automake 1.18.1
  Gnulib 2026-05-12 722f67e9716bf914c18d468336c1f4f9e5cce915

NEWS

• Noteworthy changes in release 2.6.1 (2026-06-04) [beta]

** New features:

  - Pass 'resource-dir=*' flag for Clang.

  - Recognise explicit shared library arguments when linking dependency
    libraries to a shared library, like exists when linking a program.

  - Support OpenMP with macOS clang by processing '-Xpreprocessor
    -fopenmp' as one token.

** Bug fixes:

  - Store cygpath file path conversions correctly for MSYS2 and MSVC.

  - Fix syntax error in LT_PROG_OBJC and LT_PROG_OBJCXX.

  - Separate Objective C and C++ cache check for proper tagging support.

  - Fix in darwin to support values with spaces.

  - Limit the length of DLL name to 8.3 correctly to avoid corrupting a
    generated DLL on OS/2.

  - Remove unused variable on OS/2, which could cause issues with static
    library generation if defined.

  - Recognise more static linking options for Clang.

  - Fix emscripten CXX postdeps using non-PIC sysroot.

  - Avoid deprecated option '-o' with MSVC compilers and replace with '-Fe'.

  - Avoid overlinking of dependency libraries on ELF systems.

  - Ensure old libraries are not archived.

** Changes in supported systems or compilers:

  - Add support for SlimCC compiler.

  - Add support for *-ironclad-gnu.


Enjoy!

KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.

Il Parlamento Europeo sostituirà Google come il motore di ricerca predefinito sui suoi computer con Microsoft Edge e Mozilla Firefox in favore di Qwant.

L'articolo Il Parlamento Europeo sceglie Qwant al posto di Google proviene da Marco's Box.

Quotando la definizione di D. J. Bernstein

qmail è un mail transfer agent semplice, sicuro ed affidabile. è stato progettato per dei server UNIX connessi alla rete internet

Riferimenti

• Sito qmail di D.J. Bernstein http://cr.yp.to/qmail.html
• qmail.org (clone)
• Life with qmail
• Erwin Hoffman's "qmail support" site
• John Simpson's "qmail information" pages
• vedere anche la mia illustrazione di qmail (si veda anche l'illustrazione originale di DJB)

E' possibile reperire una introduzione più che comprensibile su come funziona un mail server in questa pagina. Anche la  "qmail newbie's guide to relaying" di Chris Johnson (copia locale... è destino che tutto quello che riguarda qmail vada piano piano sparendo) è molto chiara e la sua lettura è fondamentale all'inizio.

Avvertenze

Lo scopo di questa piccola guida NON è insegnare come funziona un server di posta, anche se alla fine si spera che uno che l'abbia seguita riesca ad avere un server funzionante. Questi appunti servono principalmente a ricordare i passi principali da seguire per avere una installazione veloce di qmail e di alcuni software correlati. Ho deciso di scriverla a causa della mancanza di ogni aggiornamento della documentazione riguardante le "distribuzioni" di qmail che mi erano familiari, nella speranza che ciò possa essere di aiuto anche a qualcun altro. Ovviamente il divertimento è stato una componente decisiva.
Pertanto, per conoscere in dettaglio come funziona un mail server, sei invitato a leggere con cura almeno i riferimenti che menzionerò in ogni pagina.

In secondo luogo, NON sono io il responsabile di quello che fai con il tuo server ;-). Usa la mia guida a tuo rischio.

Infine, i commenti, le critiche e i suggerimenti sono sempre benvenuti! :-)

Quale distribuzione?

Questa guida è stata scritta senza una particolare distribuzione Linux in mente. L'ho testata su due miei server di posta virtuali basati su  Slackware, sia a 64 che a 32 bit, e diverse persone là fuori confermano che essa funziona nelle altre distribuzioni Linux più comuni. La compilazione dei miei pacchetti è stata testata anche su piattaforme FreeBSD, OpenBSD, NetBSD.

Un altro toaster?

Se vale la definizione data da Bernstein probabilmente lo è. Tuttavia, a mio modo di vedere, un toaster dovrebbe essere una cosa alla Bill Shupp o alla qmailtoaster, che viene rilasciata insieme a tutti i pacchetti necessari, diversamente da qui. Poichè preferisco lasciare che il visitatore controlli da sè l'esistenza delle ultime versioni dei vari software, direi che questa "cosa" non dovrebbe essere classificata come un toaster. Piuttosto la chiamerei semplicemente "Roberto's qmail notes". Per la verità, sto inserendo qui un paragrafo sul toaster giusto per soddisfare i motori di ricerca, dato che molta gente arriva qui cercando un toaster per qmail.. :-) e ora che ho scritto la parola toaster 5 o 6 volte possiamo veramente iniziare... :-))

Prima di iniziare...

Questi appunti sono stati scritti in inglese e poi tradotti in italiano alla velocità della luce. Si vede, vero? Rileggendo ora, trovo degli strafalcioni e delle traduzioni letterali alla "Google translate"!. Me ne scuso, ma non ho sempre il tempo di fare le cose nel modo migliore..

Licenza

Roberto's qmail notes is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

A test release of GNUtrition, 0.33.0rc5, is now available.

GNUtrition is free nutrition analysis software. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release fixes bugs from 0.33.0rc1-rc4, removes inaccurate algorithm constants, removes additional unnecessary dependencies, improves reliability/usability on non-GNU systems, among other general improvements and bug fixes. Version 0.33.0 (the first ftp.gnu.org release of GNUtrition since 2012) is expected to be released by June 5th. Any and all testing for the upcoming release will be greatly appreciated. Please use the bug-gnutrition and help-gnutrition mailing lists for your bug reports and/or other questions.

More information about GNUtrition may be found on its home page at http://www.gnu.or ... tware/gnutrition/. This test release can be obtained from the alpha.gnu.org server at one of the following:

    ftp://alpha.gnu.o ... g/gnu/gnutrition/
    http://alpha.gnu. ... g/gnu/gnutrition/
    https://alpha.gnu ... g/gnu/gnutrition/

Please report any problems you experience to the GNUtrition bug reports mailing list: bug-gnutrition@gnu.org (https://lists.gnu ... fo/bug-gnutrition).

Carl Richell, il CEO di System76, ha postato su X una anteprima dell'effetto di COSMIC Frosted Glass, un nuovo effetto per COSMIC Desktop che introduce una trasparenza che ricorda per un certo verso l'effetto Aero introdotto con Windows Vista.

L'articolo COSMIC Frosted Glass riporta in auge Windows Aero proviene da Marco's Box.

Clement Lefebvre, patron di Linux Mint, nel suo consueto post mensile, ha annunciato alcune interessanti novità sullo sviluppo di Cinnamon e di Nemo, il file manager della distro.

L'articolo Linux Mint: Nemo diventa più veloce e arriva una nuova app per gli screenshots proviene da Marco's Box.

Il browser Vivaldi compie un passo importante con il rilascio della versione 8.0 desktop, definita dagli sviluppatori come il più grande redesign mai realizzato nella storia del progetto. L’aggiornamento introduce una nuova interfaccia chiamata “Unified”, layout predefiniti per diversi stili di utilizzo e numerose ottimizzazioni dedicate a produttività, personalizzazione e performance. Secondo il CEO e […]

L'articolo Vivaldi 8.0 rivoluziona il browser desktop: nuovo design e layout intelligenti proviene da Marco's Box.

Mozilla ha annunciato il rilascio della versione 151.0 del browser Firefox, la quale introduce una serie di aggiornamenti significativi riguardanti l'interfaccia utente, i meccanismi di tutela della privacy e svariate ottimizzazioni prestazionali, con un occhio di riguardo a macOS.

L'articolo Firefox 151.0: Aggiornamenti relativi alla privacy, all’interfaccia utente e miglioramenti per macOS proviene da Marco's Box.

Nuova puntata del podcast di Marco’s Box, questa volta dedicata a commentare le principali notizie dal mondo di linux e del software libero e open source. Trovate la puntata su Spotity, Google Podcasts, Anchor, Apple Podcast, Castbox, TuneIn, Amazon Music, Amazon Alexa e YouTube. In alternativa, per ascoltarla sul vostro player preferito, potete aggiungere il […]

L'articolo Il podcast di Marco’s Box #218 – Kernel Linux sotto attacco proviene da Marco's Box.

Analisi della vulnerabilità Fragnesia: come un bug nel sottosistema ESP-in-TCP permette la scrittura arbitraria nella page cache di Linux per ottenere i privilegi di root.

L'articolo Fragnesia: la nuova vulnerabilità Linux che colpisce la Page Cache proviene da Marco's Box.

o Support new "altbridging" workaround in ipmi-sensors.
o Fix exploitable buffer overflows in the following ipmi-oem
  commands:
  - ipmi-oem dell get-active-directory-config
  - ipmi-oem fujitsu get-sel-entry-long-text

https://ftp.gnu.o ... pmi-1.6.18.tar.gz

Mediawiki offre la possibilità di inserire formule Tex nelle nostre pagine creando dinamicamente immagini PNG per noi..

Questa pagina vuole richiamare i pacchetti e i principali passi da seguire per far funzionare Tex con MediaWiki in una macchina Slackware. Alla fine presenterò alcune problematiche nell'installzione.

Ghostscript

• Info & download: http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl900.htm
• Mediawiki richiede il comando gs

Ghostscript è già incluso in Slackware (ap/ghostscript e ap/ghostscript-fonts-std)  ma se siamo in un server minimale potresti avere bisogno di installarlo.

libfontconfig

Questa libreria la troviamo all'interno del pacchetto x/fontconfig. E' richesta da ImageMagick.

ImageMagick

• Info: http://www.imagemagick.org/script/index.php
• Download source: http://www.imagemagick.org/script/install-source.php
• Questo packetto è anche disponibile su slackware (xap/imagemagick)
• Mediawiki richiede il supporto dela comando convert

wget http://www.imagemagick.org/download/ImageMagick-6.7.6-5.tar.bz2
tar xvfj ImageMagick-6.7.6-5.tar.bz2
cd ImageMagick-6.7.6-5
chown -R root:root .

./configure \
        --without-x \
        --with-png \
        --with-freetype \
	--with-dps \
	--with-gslib
make
make install
ldconfig 

Test

Provare a digitare, dalla linea di comando

/usr/local/bin/convert logo: logo.gif

Se viene generato il file PNG tutto funziona come si deve.

Ocaml

• Scaricare da Slackbuild (http://slackbuilds.org/result/?search=ocaml&sv=), creare il pacchetto e installare come al solito.
• Scaricare i sorgenti da qui
• Ocaml è necessario per compilare texvc

wget http://caml.inria.fr/pub/distrib/ocaml-3.12/ocaml-3.12.0.tar.bz2
tar xjf ocaml-3.12.0.tar.bz2
cd ocaml-3.12.0
chown -R root:root .
./configure
make
make install

dvipng

Download: http://sourceforge.net/projects/dvipng/

Prerequisiti:

• libgd (l/gd pkg)
• libXpm (x/libXpm pkg), libxcb (x/libxcb), libXau (x/libXau) and  libXdmcp (x/libXdmcp) che sono prerequisiti di libgd.
• Kpathsea (incluso nel pacchetto Tex, installare tutto ciò che vi è nel gruppo t/)
• FreeType (pkg in l/freetype)
• T1lib (l/t1lib)
• libpng (l/libpng) and libz (l/zlib)
• texinfo (ap/tekinfo)

PATH=$PATH:/usr/share/texmf/bin/
export PATH

Ricordare di salvare ciò anche nel profile.

Per evitare problemi nel link di kpathsea configurare come segue

./configure LDFLAGS='-L/usr/share/texmf/lib/' CPPFLAGS='-I/usr/share/texmf/include/'
make
make install

AMS-LaTeX

• Info: http://www.ams.org/publications/authors/tex/amslatex

Senza AMS* alcune formule saranno rese correttamente mentre altre no. Il pacchetto tetex di Slackware contiene già AMS, comunque, nel caso non ce l'avessi:

cd /usr/share/texmf
wget ftp://ftp.ams.org/pub/tex/amslatex.zip
wget ftp://ftp.ams.org/pub/tex/amsrefs/amsrefs.zip
unzip amslatex.zip
unzip amsrefs.zip

dovresti trovarlo in /usr/share/texmf/tex/latex/amsmath/amsmath.sty

Abilitare Tex in Mediawiki

Cambiare directory dove è installato mediawiki, editare LocalSettings.php e decommentare questo:

$wgUseTeX = true;

Compilazione di texvc

cd /path/to/htdocs/mediawiki/math

Prima di compilare, per evitare un parse error, usare il PATH assoluto ovunque all'interno di math/render.ml in questo modo:

let cmd_dvips tmpprefix = "/usr/share/texmf/bin/dvips -q -R -E " ^ tmpprefix ^ ".dvi -f >" ^ tmpprefix ^ ".ps"
let cmd_latex tmpprefix = "/usr/share/texmf/bin/latex " ^ tmpprefix ^ ".tex >/dev/null"
(* Putting -transparent white in converts arguments will sort-of give you transperancy *)
let cmd_convert tmpprefix finalpath = "/usr/local/bin/convert -quality 100 -density 120 " ^ tmpprefix ^ ".ps " ^ finalpath ^ " >/dev/null 2>/tmp/wiki_convert_error"
(* Putting -bg Transparent in dvipng's arguments will give full-alpha transparency *)
(* Note that IE have problems with such PNGs and need an additional javascript snippet *)
(* Putting -bg transparent in dvipng's arguments will give binary transparency *)
let cmd_dvipng tmpprefix finalpath backcolor = "/usr/local/bin/dvipng -bg \'" ^ backcolor ^ "\' -gamma 1.5 -D 120 -T tight --strict " ^ tmpprefix ^ ".dvi -o " ^ finalpath ^ " >/dev/null 2>/tmp/wiki_dvipng_error"

Ora compiliamo

make

Problematiche

• Referenze: http://www.mediawiki.org/wiki/Manual:Troubleshooting_math_display_errors - http://www.mediawiki.org/wiki/Manual:Enable_TeX/problems

Provare a mettere dentro una pagina wiki qualcosa come

0

e cerchiamo di vedere cosa succede. Questo è il messaggio di errore più frequente:

Failed to parse (PNG conversion failed; check for correct installation of latex, dvips, gs, and convert)

Controlliamo se gli eseguibili sono nel path:

# ls -lH `which gs` `which latex` `which dvips` `which convert`
-rwxr-xr-x 1 root root 5977916 2008-12-05 23:36 /usr/bin/gs*
-rwxr-xr-x 1 root root   23410 2010-11-21 15:22 /usr/local/bin/convert*
-rwxr-xr-x 1 root root  209308 2007-06-28 04:51 /usr/share/texmf/bin/dvips*
-rwxr-xr-x 1 root root 1010984 2007-06-28 04:51 /usr/share/texmf/bin/latex*

Abilitiamo il log degli errori. Inserire una linea come questa in LocalSettings.php

$wgDebugLogFile = "/tmp/wiki.log";

Apriamo questo file e cerchiamo una riga come questa ;

TeX: ./math/texvc '/path/to/htdocs/mediawiki/images/tmp' '/path/to/htdocs/mediawiki/images/tmp' '0' 'UTF-8' 'transparent'
TeX output:
 Ccfcd208495d565ef66e7dff9f98764da0 0
---

Cerchiamo ora di eseguire il comando texvc dalla linea di comando come utente apache:

cd math
sudo -u apache ./texvc '../images/tmp' '../images/tmp' '0' 'UTF-8' 'transparent'

a controlliamo il PNG nella cartella images/tmp. Se si ottiene ancora un parse error, si ricontrolli il path assoluto in math/render.ml, e si ricompili. E si rileggano le referenze indicate.

Ecco come ho installato mod_tls (ftpes) e mod_sftp in proftpd. I miei tentativi di farli convivere in due demoni separati sono tutti falliti, giacchè ho registrato errori nel trasferimento che sono spariti solo quando ho provato a caricare mod_tls o mod_sftp a turno.

Questi i miei test sulla velocità (per la verità un po' frettolosi). ftpes sembra un pochino più veloce in modalità upload:

ftpes
upload: circa 22.4 K/s
download: più di 800 K/s

sftp
upload circa 18.2 K/s
download: più di 800 K/s

Le mie opzioni di configurazione:

./configure \
        --prefix=/usr/local \
        --without-pam --disable-auth-pam \
        --enable-openssl \
        --with-modules=mod_ratio:mod_readme:mod_sftp:mod_tls

file ftpes.conf

# common stuff goes here
Include /usr/local/etc/proftpd/proftpd.conf

<IfModule mod_tls.c>
 TLSEngine on
 PassivePorts 49152 65535
 #MasqueradeAddress 012.345.678.901 # se il server e' dietro un firewall
 TLSLog /var/log/proftpd/tls.log
 TLSProtocol SSLv23
 # Require protection on the control channel, but reject protection of the data channel
 TLSRequired ctrl+!data
 TLSRSACertificateFile /usr/local/etc/ssl/certs/proftpd.pem
 TLSRSACertificateKeyFile /usr/local/etc/ssl/certs/proftpd.pem
 TLSVerifyClient off
 TLSRenegotiate none
</IfModule>

file sftp.conf

# common stuff
Include /usr/local/etc/proftpd/proftpd.conf

<IfModule mod_sftp.c>
 SFTPEngine on
 SFTPLog /var/log/proftpd/sftp.log
 Port 22
 SFTPHostKey /etc/ssh/ssh_host_rsa_key
 SFTPHostKey /etc/ssh/ssh_host_dsa_key
 SFTPCompression delayed
 MaxLoginAttempts 6
</IfModule>

Infine avviare il demone richiamando il file di configurazione desiderato:

/usr/local/sbin/proftpd -c /usr/local/etc/proftpd/ftpes.conf # se si vuole ftpes
/usr/local/sbin/proftpd -c /usr/local/etc/proftpd/sftp.conf  # se si preferisce sftp

Non avviarli mai insieme.

file proftpd.conf

ServerType standalone
UseReverseDNS off
DeferWelcome off

Port 21
Umask 022
MaxInstances 30

User ftp
Group ftp

SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xferlog

<Global>

 <Directory /*>
 AllowOverwrite on
 </Directory>

</Global>

<VirtualHost 123.456.789.123>

 ServerName "ProFTPD"
 DefaultRoot ~/www
 DefaultServer on

</VirtualHost>

Startup script

#!/bin/sh
#
# /etc/rc.d/rc.proftpd
#

start() {
        /usr/local/sbin/proftpd -c /usr/local/etc/proftpd/ftpes.conf
#-n -d 20 for backup
#        /usr/local/sbin/proftpd -c /usr/local/etc/proftpd/sftp.conf
        echo "Server started."
}

stop() {
        /bin/killall proftpd
        echo "Server stopped."
}

restart() {
        stop
sleep 3
        start
#/bin/killall -HUP proftpd
        echo "Server restarted."
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac

Il progetto Pigeonhole fornisce il supporto Sieve a livello di plugin per il Local Delivery Agent (LDA) di Dovecot e anche per suo servizio LMTP. Il plugin è un interprete Sieve che filtra i messaggi in arrivo usando uno script scritto in linguaggio Sieve. Lo script Sieve è fornito dall'utente e, con il suo utilizzo, l'utente può personalizzare come i messaggi in arrivo sono trattati. I messaggi possono essere spediti a una cartella specifica, reindirizzati, rispediti al mittente, scartati, etc.

Il Server Dovecot Managesieve è un servizio per gestire la collezione di script Sieve dell'utente.

• Info: http://pigeonhole.dovecot.org/ - https://doc.dovecot.org/configuration_manual/sieve/
• Versione usata: 2.4.4
• Scarica: http://pigeonhole.dovecot.org/download.html

Se vuoi supportare i filtri per le email, devi gestire le Sieve rules per mezzo del server dovecot-pigeonhole. Quando crei un filtro con la tua webmail o il tuo client di posta, stai scrivendo uno script in linguaggio Sieve per personalizzare il modo in cui i tuoi messaggi saranno recapitati, vale a dire se saranno inoltrati a qualcun altro, scartati o salvati in delle cartelle particolari. Ma per fare questo Dovecot deve agire anche come un Local Delivery Agent  al posto di vpopmail/vdelivermail, ovvero deve essere Dovecot a salvare i messaggi nella tua cartella Maildir. Questa guida cercherà di spiegare come raggiungere questo obiettivo.

• May 10, 2026
  roundcube upgraded to v. 1.7.1 (security release)
• May 14, 2026
  - dovecot upgraded to v. 2.4.4
• May 10, 2026
  roundcube upgraded to v. 1.7.0
• Apr 7, 2026
  - qmail v. 2026.04.07
• Mar 30, 2026
  - dovecot 2.4.3 released
• Mar 4, 2026
  - clamav upgraded to v 1.5.2
• Feb 11, 2026
  - vpopmail upgraded to v. 5.6.13
  - vqadmin upgraded to v. 2.4.6
• Feb 8, 2026
  - vpopmail upgraded to v. 5.6.12
  - roundcube update to v. 16.13
• Feb 3, 2026
  - qmail upgrade
• Jan 31, 2025
  - vqadmin upgraded to v 2.4.5
• Jan 8, 2026
  - qmail upgraded to v2026.01.08
• Dec 14, 2025
  - roundcube upgraded to version 1.6.12
• Nov 28, 2025
  - qmailadmin upgraded to v1.2.27
• Nov 26, 2025
  - ezmlm-idx moved to my git space. Patched to compile with modern compilers. Fixed mysql documentation.
• Nov 22, 2025
  - dovecot: quota driver switched to 'count'
  - vpopmail upgraded to v.5.6.11
• Nov 8, 2025
  - qmailadmin upgraded to v 1.2.26
  - log file modified accordingly in fail2ban filter
• Oct 30, 2025
  - vpopmail updated to v. 5.6.10
  - dovecot ugraded to v. 2.4.2
  - dovecot-pigeonhole ugraded to v. 2.4.2
• Oct 22, 2025
  - qmailadmin updated to v 1.2.25
• Oct 18, 2025
  - clamav upgraded to v 1.5.1
• Oct 11, 2025
  - clamav upgraded to v 1.5.0. A recent version of rust is needed (successfully using 1.88 here). Just reinstall as explained below. No particular change is needed in the config files.
• 3 ottobre 2025:
  - Aggiunta la sezione Data Query Service nella pagina relativa a RBL, che risolve il problema del ban di spamhaus da connessioni fatte con DNS pubblico.
• Sep 30, 2025
  - daemontools v0.82: Fixed crash in multilog caused by invalid buffer access when read() returned -1
• Sep 8, 2025
  - daemontools v. 0.81 compiles with latest gcc 15.2
  - qmail updated to v. 2025.09.08
• Sep 1, 2025
  vpopmail v5.6.9
  - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
  - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
• Aug 31, 2025
  - upgraded ucspi-tcp6 and ucspi-ssl to v. 0.13.5
• Aug 19, 2025
  - netqmail-1.07.1: now compiles with gcc 15.2
• Aug 18, 2025
  spamassassin's bayesian filter: improved the "Training Bayes" section
• Jul 10, 2025 qmail update
  - Authentication-Results: header support (Andreas Gerstlauer)
  - DKIM: added ERROR_FD=2 in control/filterargs to send error output of qmail-dkim in stderr when acting as a qmail-remote filter (Andreas Gerstlauer)
  - improved qmail-dkim error reporting when signing outgoing messages (Andreas Gerstlauer)
  - helodnscheck.cpp: qmail dir determined dinamically
  - qmHandle: Add -x and -X parametr for remove email by To/Cc/Bcc (by Stetinac)
• Jun 9, 2025 qmail v.2025.06.09
  - CRLF fix for fastremote-3 patch (thanks Andreas Gerstlauer)
  - Bug fix to the greetdelay program (thanks Andreas Gerstlauer): qmail-smtpd crashes if SMTPD_GREETDELAY is defined with no DROP_PRE_GREET defined.
• Jun 04, 2025
  - roundcube updated to v. 1.6.11
  - simscan updated to v. 1.4.6
• Apr 19, 2025
  - sauserprefs upgraded to v. 1.20.2
• Apr 18, 2025
  - qmail v2025.04.18: added script config-all.sh to automate the qmail core configuration (testing)
• Apr 19, 2025
  - sauserprefs upgraded to v. 1.20.2
• 4 aprile 2025
  - pubblicata una pagina con l'illustrazione del funzionamento di qmail, per quanto riguarda la configurazione suggerita in questa guida
• Mar 29, 2025
  - dovecot and dovecot-pigeonhole updated to v. 2.4.1-4
  - vpopmail updated to v. 2.6.8 (have a look at the release notes)
• Mar 23, 2025 (v. 5.6.7)
  - bug fix in vpopmaild.c: Crypted[64] enlarged to Crypted[128] to make room for SHA-512 passwords. This restores the usability of the RoundCube's 'password' plugin (commit)
  - fixed quota calculation in sql procedures for dovecot (tx Hakan Cakiroglu) (commit)
  - minor changes to the usage function of vmakedotqmail.c (commit)
• Mar 19, 2025 daemontools version 0.79
  This version does not add new features nor corrects bugs. It's just a reorganizations of the files in the source dir
  - daemontools will be installed in /var/qmail/daemontools
  - Moved 'package' and 'src' to the top dir
  - Version grabbed from 'VERSION' in package/upgrade
• Mar 17, 2025
  - added a patch to qmail-spp greylisting plugin to solve a compilation break on rocky 8 (tx Shailendra Shukla)
• Mar 15, 2025
  -dovecot config: added quota warning messages handling
• Mar 12, 2025
  - autorespond v 2.0.9: bug fix in memory allocation which caused a segfault when To: address has be used (tx Stephan for the hint)
• Mar 9, 2025
  - dovecot: fixed quota calculation in sql queries (tx Hakan Cakiroglu)
  - Roundcube recognizes unlimited quota
• Mar 5, 2025
  - solr upgraded to v. 9.8.0
• Feb 22, 2025
  - Dovecot: Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Let’s Encrypt have announced that they will end their free alerting service. Added a script to do the same internally.
• Feb 15, 2025
  - vpopmail upgraded to v. 5.6.6. bug fix: pwstr.h was not installed by Makefile (tx Bai Borko)
• Fedb 11, 2025
  qmail v. 2025.02.11
  - Several adjustments to get freeBSD and netBSD compatibility. More info in the commit history. Hints/comments are welcome.
  - freeBSD users have to comment out the "LIBRESOLV" variable from the very beginning of the Makefile, as libresolv.so in not needed on freeBSD.
  - Dropped files install-big.c, idedit.c and BIN.* files.
  - Dropped files byte_diff.c, str_cpy.c, str_diff.c, str_diffn.c and str_len.c, which break compilation on clang and can be replaced by the functions shipped by the compiler (tx notqmail).
  - Old documentation moved to the "doc" dir. install.c and hier.c modified accordingly
  - conf-cc and conf-ld now have -L/usr/local/lib and -I/usr/local/include to look for srs2 library
  - conf-cc and conf-ld now have -L/usr/pkg/lib and -I/usr/pkg/include to satisfy netBSD
  - vpopmail-dir.sh: minor correction to vpopmail dir existence check
  - srs.c: #include <srs2.h> now without path
• Feb 9, 2025
  - some packages updated to compile on FreeBSD/clang: daemontools, vpopmail, autorespond, qmailadmin
  - roundcube updated to v. 1.6.10
• Jan 30, 2025
  - dovecot and dovecot-pigeonhole updated to v. 2.4.0
• Dec 31, 2024
  the default driver for the Roundcube password plugin is now sql, as vpopmaild doesn't work when SHA-512 passwords have been enabled on vpopmail (--disable-sha512-passwords). All SQL queries have been updated.
• Dec 20, 2024
  vpopmail upgraded to v. 5.6.4
  - Password strength enforcement PR #5 (grabbed from Matt Brookings' 5.5.0-dev version)
  - Dropped min pwd length feature.
  - vmysql.h: tables' layout changed in order to have VARCHAR instead of CHAR. Fields containing ip addresses enlarged to VARCHAR(39), to create room for ipv6. Unix timestamps definition changed from BIGINT(20) to INT(11). (commit 44bad58) Have a look to the upgrade notes below.
• Dec 06, 2024
  - vqadmin v. 2.4.3: added a patch to highlight users with restrictions and with admin privileges (thanks Bai Borko)
• Dec 01, 2024 (More info here)
  qmail v2024.12.01
  - Added support for EAI (RFC 5336 SMTP Email Address Internationalization) (#13). Thanks to https://github.com/arnt/qmail-smtputf8/tree/smtputf8-tls.
  - chkuser is now smtputf8 compliant. It accepts utf8 characters in sender and recipient addresses provided that the remote server advertises the SMTPUTF8 verb in MAIL FROM, otherwise it allows only ASCII characters plus additional chars from the CHKUSER_ALLOWED_CHARS set. (#15 #16)
  * dropped variables CHKUSER_ALLOW_SENDER_CHAR_xx CHKUSER_ALLOW_RCPT_CHAR_xx (replaced by CHKUSER_ALLOWED_CHARS)
  * dropped variables CHKUSER_ALLOW_SENDER_SRS and CHKUSER_ALLOW_RCPT_SRS, as we are always accepting '+' and '#' characters
  * added variables CHKUSER_INVALID_UTF8_CHARS and CHKUSER_ALLOWED_CHARS
• Nov 15, 2024
  - dovecot: added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Oct 26, 2024
  - qmail upgraded to v. 2024.10.26
  * qmail-remote.c patched to dinamically touch control/notlshosts/<fqdn> if control/notlshosts_auto contains any number greater than 0 in order to skip the TLS connection for remote servers with an obsolete TLS version. (tx Alexandre Fonceca) (commit)
  * defined CHKUSER_DISABLE_VARIABLE "RELAYCLIENT" in chkuser_settings.h
  * enabled CHKUSER_SENDER_NOCHECK_VARIABLE "RELAYCLIENT" in chkuser_settings.h
  * fixed several compilation breaks/warnings on later gcc compilers (tx Pablo Murillo)
  * invalid auth fix in qmail-smtpd.c's smtp_auth function (tx Alexandre Fonceca for the advice) (commit)
  * qmail path determined dinamically in conf-policy
  * added a patch to remove chkuser and the vpopmail dependency (patches dir)
• Oct 19, 2024 
  vpopmail v.5.6.3
  - bug fixed: passwords with length > 8 were denied if sha-512 was disabled
  - fixed a configure break where a trivial C test program exits on error with gcc-14.1 due to missing headers
  - vusaged/domain.c: fixed -Wimplicit-function-declaration compilation warning
  - vmysql.h: dropped the multicolumn PRIMARY KEY in valias table to allow multiple forwards for a given alias.
• Oct 9, 2024
  - daemontools-0.78.2: added -ltr to conf-ld to restore compatibility with systems with glibc prior to v. 2.17 like RHEL6/CentOS6, where the librt.so library is not linked
• Sep 22, 2024
  -fehqlibs updated to v. 25c
  -ucspi-tcp6 updated to v. 1.13.01
  -ucspi-ssl updated to v. 0.13.02
• Sep 7, 2024
  - daemontools-0.78: fixed a .gitignore issue which was preventing the package/compile script upload (thanks Ivelin Topalov)
  - RC updated to v. 1.6.9
  - clamav updated to v. 1.4.1
  - qmailadmin upgraded to v. 1.2.23 (tx Nathanaël Semhoun)
  * Added support for qmail-autoresponder
  * Fixed load lang not retrieved
• Aug 16, 2024
  - upgraded dovecot to v. 2.3.21.1
  - upgraded pigeonhole to v. 0.5.21.1
• Jul 31, 2024
  multilog uses "d" flag as default to gain compatibility with the readable datetime format of multilog in daemontools-0.78. Change it with the "t" flag if you prefer to have timestamps.
• Jul 29, 2024 (version 0.78)
  - multilog prints a readable datetime if used with "d" flag, it prints timestamps if used in the usual way with the "t" flag (80f2133)
  - fixed several compilation warnings and/or breaks on gcc-14.1
• Jul 26, 2024
  vqadmin (version 2.4.1): Fixed configure break. Trivial C test program breaks on gcc-14.1 due to missing headers (commit)
• July 17, 2024
  qmailadmin updated to v.1.2.22
  * owner no longer required in autorespond
  * template.c code optimization
• July 15, 2024
  simscan 1.4.4 released: attachment size limit to be passed to spamassassin now handled by the size_limit variable in control/simcontrol, instead of the control/simsizelimit file.
• Jun 8, 2024
  qmail patch upgraded to v. 2024.06.08:
  * conf-channels: default number of channels increased to 4 (was 2). Now qmail offers 2 additional channels with respect to the 2 offered by default (local and remote). More info here
  * maxrcpt: error code changed to 452 due to RFC 4.5.3.1 (was 553). If DISABLE_MAXRCPT is defined it skips the check, otherwise outgoing messages from mailing lists would be rejected. (commit)
• Jun 7, 2024
  - vusaged: the header files of libev are now installed in /usr/local/include/libev (was /usr/local/include) to avoid conflicts with libevent (they both have an event.h header file). vusaged configure command was adjusted accordingly.
• Jun 1, 2024
  - clamav upgraded to v. 1.3.1
• May 26, 2024
  - Added Mailman installation howto
  - qmail patch upgraded to v. 2024.05.16 (changelog)
  - Roundcube upgraded to 1.6.7 (security fix)
  - Spamassassin upgraded to v. 4.0.1
  - Spamassassin: Razor-agents upgraded to v. 2.86 (fork of the original (dead?) project)
• Mar 27, 2024
  qmailadmin updated to v. 1.2.21
• Mar 4, 2024
  - Solr updated to v. 9.5.0
  - the documentation has been revised a bit
• Feb 12, 2024 qmail update
  - DKIM patch upgraded to v. 1.48
  * fixed minor bug using filterargs for local deliveries (commit)
  - Fixed several compilation warnings (commit)
  - Fixed incompatible redeclaration of library function 'log2' in qmail-send.c qsutil.c as showed by notqmail friends here
  - removed FILES, shar target from Makefile
• Feb 11, 2024
  clamav updated to v. 1.3.0
• Feb 6, 2024
  qmail: DKIM patch upgraded to v. 1.47
  * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
• Jan 27, 2024
  simscan upgraded to v 1.4.3: fixed several compilation and autotools warnings
• Jan 21, 2024
  - qmail: liberal-lf: bare LF are no longer allowed by default due to smuggling vulnerability CVE-2023-51765. Bare LF can be allowed by defining ALLOW_BARELF in tcprules or in run file.
  - tcprules moved to /var/qmail/control
• Jan 15, 2024
  qmail update:
  - TLS patch by F. Vermeulen upgraded to version 20231230 (more info at https://inoa.net/qmail-tls/ tx Greg Bell for the patch)
  * support to openssl 3.0.11
• Jan 11, 2024
  - qmail: dkim patch upgraded to version 1.46
• Jan 4, 2024
  qmail patch: DKIM patch upgraded to v. 1.44
  - fixed an issue with filterargs where spawn-filter is trying to execute remote:env xxxxx.... dk-filter. This issue happens when FILTERARGS environment variable is not defined in the qmail-send rc script.
  - dkim.c fix: https://notes.sagredo.eu/en/qmail-notes-185/configuring-dkim-for-qmail-92.html#comment3668 
  - dkfilter fix: correctly selects the domain to sign in case of sieve bounces
  - adjustments fo dk-filter and dknewkey man pages
• Dec 30, 2023
  - spamassassin/DMARC filter: now DMARC_REJECT is not hit if SPF_HELO_PASS is true
• Dec 26, 2023
  - qmailadmin upgraded to v1.2.18
  - Pyzor installed from github, as version 1.0.0 is not python3 compliant (thanks Mike)
• Dec 11, 2023
  qmail, vpopmail, daemontools, qmailadmin, simscan and vqadmin source code moved to github
• Nov 20, 2023
  -qmail patch updated. dkim:
  * The patch now by default excludes X-Arc-Authentication-Results
  * dkim can additionally use the environment variable EXCLUDE_DKIMSIGN to include colon separated list of headers to be excluded from signing (just like qmail-dkim). If -X option is used with dk-filter, it overrides the value of EXCLUDE_DKIMSIGN.
• Nov 5., 2023
  -bug fix: vpopmail defaultdelivery patch: it won't create the .qmail file in case control/defaultdelivery already has vdelivermail, in order to prevent a vpopmail loop
  -qmailforward RC plugin: it won't create the copy record if $config['qmailforward_defaultdelivery'] contains 'vdelivermail'
• Oct 13, 2023
  - vpopmail: added "s/qmail cdb" patch, which gets vpopmail to locate correctly the qmail assign.cdb for s/qmail users. s/qmail users should configure vpopmail with --enable-sqmail-cdb
• Oct 6, 2023
  - clamav updated to v. 1.2.0
• Sep 26, 2023
  new qmail combined patch:
  -surblfilter logs the rejected URL in the qmail-smtpd log. It can now inspect both http and https URLs.
  -Improvements in man dkim.9, qmail-dkim.9 and surblfilter.9
• Sep 17, 2023
  - dovecot upgraded to v 2.3.21
  - pigeonhole upgraded to v 0.5.21
• Sep 14, 2023
  - simscan now defines the maximum size of messages to be passed to spamassassin via control/simsizelimit file
• Sep 5, 2023
  -new qmail patch and DKIM patch upgraded to v. 1.42
  *dk-filter.sh: "source $envfn" has been replaced with ". $envfn" in oder to work for pure bourne shells
  *minor corrections to the man pages
  -vpopmail: changed configuration option --enable-logging=e (was p). Now failed attempts will be logged with no password shown.
• Sep 3, 2023
  -daemontools: Buffer Overflow fixed in timestamp.c (patch multilog-readable_datetime, Ubuntu 22.04). It was causing empty log files everywhere. (thanks Bai Borko and KPC)
• Aug 27, 2023
  - nuova patch per vpopmail e nuovo plugin qmailforward per Roundcube che vanno a risolvere diverse problematiche. Maggiori informazioni nella pagina dedicata..
• Aug 20, 2023 (diff)
  -qmail combined patch: install a sample control/smtpplugins file in case it does not exist yet, to avoid "unable to read control" crash.
• Aug 17, 2023
  - helodnscheck:
  * C++ version (testing).
  * bug fix: segfault in case of no result in DNS record.
  * default action changed to GNLR
• 5 agosto 2023
  L'installzione del certificato Let's Encrypt è ora basata su dehydrated. La vecchia documentazione basata su certbot non verrà più aggiornata.
• Jul 18, 2023
  vqadmin: patch updated
  - Italian translation file html/it updated, following the patch by Ali Erturk TURKER
  - the vqadmin source directory has been cleaned of unnececessary files
• Jul 15, 2023
  - fail2ban: l'installazione e la configurazione è stata rivista per funzionare su Debian, dove python2 non è presente (grazie a Gabriel Torres)
• Jun 30, 2023
  -daemontools: added my multilog-readable_datetime patch which replace the timestamp in the log lines with a human readable datetime. Do not install it if you prefer to stick with the timestamp.
  -if you install this patch you have to download again the convert-multilog program. In case you decide to stick with the original timestamp, then use the original convert-multilog. (diff)
  -qmail combiend patch: DKIM patch upgraded to v. 1.41
  *dknewkey will allow domains in control/domainkey
  *Made a few adjustments to the man pages and dkimsign.cpp for DKIMDOMAIN to work with qmail-smtpd (in case some configures qmail-smtpd to sign instead of the usual dk-filter/qmail-remote)
  -The broken link based on pobox.com in the default SPF error explanation was changed to https://mxtoolbox.com/SuperTool.aspx?action=spf
• Jun 25, 2023
  - Spamassassin: The ExtractText notes have been revised and corrected by Gabriel Torres
• Jun 18, 2023
  * qmail combined patch (diff)
  -vpopmail uid and gid are determined dinamically instead of assigning 89:89 ids by default
  -vpopmail install directory determined dinamically (was /home/vpopmail). Now the variable in the conf-cc file is determined as well.
  Feel free to post any issue in the comments as I'm not sure that /bin/sh will work in all Linux.
  * qmail run scripts:
  -defined the variable QMAILDIR in all run scripts in order to manage installations of qmail in directories different from default /var/qmail
  -/home/vpopmail is now ~vpopmail in order to manage installations of vpopmail in directories different from default /home/vpopmail
  -defined the variable TCPRULES_DIR on top of all run scripts
• May 18, 2023
  -certbot/letsencrypt: added the option --key-type rsa to the certbot command, to avoid that certbot will silently default to ECDSA the private key format, which results not understandable by my openssl-1.1. In this way the format of the private key will be RSA. More info here.
• May 17, 2023
  -SURBL: Top level domains URL is changed. So we have to adjust the update_tlds.sh script accordingly
• Apr, 26, 2023
  -new combined patch and dkim patch updated to v. 1.40
  -qmail-dkim uses CUSTOM_ERR_FD as file descriptor for errors (more info here)
• Apr 25, 2023
  - qmailadmin cracklib patch: bug fix in qmailadmin/passwd: it was changing the password also in case of cracklib alert (tx Alexandre Fonseca)
  - new qmailadmin combined patch released
• Mar 27, 2023
  qmail combined patch (diff here)
  -chkuser.c: double hyphens "--" are now allowed also in the rcpt email (tx Ali Erturk TURKER)
  -chkuser_settings.h CHKUSER_SENDER_NOCHECK_VARIABLE commented out. Sender check is now enabled also for RELAYCLIENT
  -removed a couple of redundant log lines caused by qmail-smtpd-logging
• Mar 18, 2023
  - new qmail combined patch
  * bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
  * redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here
• Mar 14, 2023
  - qmail combined patch: the split_str function in dknewkey was modified in order to work on debian 11 (tx J)
• Mar 12, 2023
  - qmail patch updated: the mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER)
  diff here
• Mar 1, 2023
  - qmail combined patch updated: added qmail-fastremote patch (tx Ali Erturk TURKER for the advise). qmail-remote CRLF removed (replaced by fastremote)
• Feb 27, 2023
  - qmail combined patch updated: now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER)
• Feb 24, 2023
  - qmail combined patch updated: several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here
• Feb 20, 2023
  - qmail combined patch updated
  ---- dkim patch upgraded to v. 1.37
  ------ ed25519 support​ (RFC 8463)
  ------ old yahoo's domainkeys stuff removed (no longer need the libdomainkeys.a library)
• Feb 18, 2023
  -vpopmail: added a patch by Ali Erturk TURKER which fixes several issues
  -vqadmin: added a patch by Ali Erturk TURKER which, among the other things, makes vqadmin aware of mysql-limits
• Feb 10, 2023
  -dovecot: added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)
• Jan 31,2023
  -bug fix in qmail-smtpd.c. 4096 bit RSA key cannot be open (tx Ali Erturk TURKER)
• Jan 4, 2023
  -Solr upgraded to version 9.1.0
  -The SOlr page has been improved as far as configuration, security and testing are concerned
• Jan 1, 2023
  -ClamAV upgraded to version 1.0.0
  -new qmail combined patch released. Bug fix in dk-filter. It was calling a non existent function (tx Andreas).
• Dic 17, 2022
  -qmail combined patch release
  * chkuser receipt check won't be disabled for RELAYCLIENT
  * CHKUSER_DISABLE_VARIABLE commented out from chkuser_settings.h
• Nov 20, 2022
  -switched all actions to nftables, as it has now replaced iptables and fail2ban has support for it.
• Nov 18, 2022
  -fail2ban upgraded to v. 1.0.2
• Oct 28, 2022:
  added a note on how to avoid being cutoff by spamhaus (tx Marco Varanda)
• 2022.10.02
  -dkim patch updated to v. 1.30 and new qmail combined patch released
  * bug fix: it was returning an error in case of domains with no key.
• Sep 29, 2022
  -bug fixed in the domainkey script: it wasn't creating the symbolic link of the selector name to the private key in case of a custom selector defined in the file control/dkimkeys
  Sep 28, 2022
  -qmail combined patch updated with new dkim patch v. 1.29. More info here
  -Roundcube webmail updated to v. 1.6.0
• Aug 12, 2022
  -dovecot: improved the sql stuff in case of --disable-many-domains (tx kengheng).
  -dovecot-pwd_query patch for vpopmail: added a procedure for the user_query (needed for dovecot/LDA)
  -dovecot-pwd_query patch for vpopmail renamed to dovecot-sql-procedures
  -combined patch for vpopmail updated
• Aug 08, 2022
  -qmailctl script improved. Now the script exits if services are not started with svscanboot or a supervise script is missing
  -roundcube/password plugin: the cracklib patch has been improved. Now it can retrieve the correct cracklib-check path
• Jul 28, 2022
  -The Roundcube plugins' page has been revised and polished. A couple of plugins have been added.
• May 22, 2022
  qmail patch: "qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
  -improved a couple of read_failed error messages
• May 12, 2022
  -clamav: updated to v. 0.105
  -qmailctl: a few modifications to avoid error strings in the service uptime when service is stopped. qmail-smtpsd was added to svclist
  -qmail-smtpsd support added
• Apr 22, 2022
  -dovecot: added Solr support
• Apr 17, 2022
  -dovecot/auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname).
• Apr 9, 2022
  qmailadmin: --enable-imageurl=/files is now --enable-imageurl=/qmailadmin/files (no need to have an alias on apache config). Added --disable-catchall, which is bad for spam. Tx Gabriel Torres
• Apr 01, 2022
  -qmailadmin: new combined patch. It now logs to stderr when qma-auth.log file can't be opened in write mode. It was returning a white screen
• Mar 17, 2022
  -vpopmail: new combiend patch: fixed a compilation break in vmysql.c with Debian 11 / gcc-10
• Feb 26, 2022
  -added REJECTNULLSENDERS environment variable (diff)
• Feb 18, 2022
  -fail2ban: added a couple of new rules to the qmail-smtpd.conf filter
• Feb 13, 2022
  -fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier. (diff here)
• Feb 1, 2022
  -added a plugin to qmail to filter bad DNS HELOs (more info here)
  -Roundcube upgraded to v. 1.5.2
• Jan 17, 2022
  -new qmail combined patch (diff here):
  * now qmail-smtpd logs rejects when client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
  * added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
• Dec 19, 2021
  -new qmail combined patch: added qmail-spp patch
• Oct 21, 2021
  roundcube updated to v. 1.5.0
• Sep 28, 2021
  clamav updated to v. 0.104. The new version installation is based on cmake (autotools abandoned)
• Sep 27, 2021
  -new qmail combined patch: now chkuser allows double hyphens "--" in the sender email, like in y--s.co.jp (diff here)
• Sep 8, 2021
  fail2ban updated to v. 0.11.2 and rc.fail2ban moved to /usr/local/bin/fail2banctl. The dovecot filter has been improved
• Sep 2, 2021
  -an issue in vusaged configure arised. I cured it with a patch, while Luca in the comments found a different solution.
• Aug 22, 2021
  -minor fix to qmail patch/qlog: now it logs the auth-type correctly (diff)
• Aug 15, 2021
  at the bottom of the qmail/testing page I added a note to the testssl script by Dirk Wetter, which allows you to inspect your SSL connection in detail.
• July 28, 2021
  simscan: my attachments-size-limit patch added. It allows you to overcome a limitation where simscan doesn't pass messages over 250k to spamassassin.
• July 16, 2021
  spamassassin: bayes_token.token database field changed to binary(5). It was char(5).
• Jul 12, 2021
  -spamassassin/userprefe: the "preference" varchar length in the database "userprefs" table was increased to 50 (was 30) to create space for long label such as  "bayes_auto_learn_threshold_spam", which resulted truncated before the modification.
• June 20, 2021
  -spamassassin: created a script to process the spam/ham for the learning and reporting system (more info here)
  -dovecot 15-mailboxes.conf: added mailboxes for the learning and reporting system
• June 19, 2021
  new qmail combined patch released
  -chkuser: defined extra allowed characters in sender/rcpt addresses and added the slash to the list (tx Thomas).
  -RSA key and DH parameters are created 4096 bit long also in Makefile-cert. qmail-smtpd.c and qmail-remote.c updated accordingly (tx Eric Broch).
  -Makefile-cert: the certs will be owned by vpopmail:vchkpw
• March 27, 2021
  - bug fixes in the vpopmail/defaultdelivery patch: increased the buffer for the .qmail-default file path, as in particular cases of long path/domain names it will result truncated. Fixed another bug where the .qmail.default file where opened twice.
  - now if vdelivermail is installed the "delete" option will be used instead of "bounce-no-mailbox", which is not reasonable anymore
• March 21, 2021
  qmail combined patch updated. update_tmprsadh.sh: RSA key and DH parameters increased to 4096 bits
• March 9, 2021
  vpopmail: the patch now installs the sql code needed for "one table per domain" (--disable-many-domains) in ~/vpopmail/etc/pwd-query_disable-many-domains.sql and creates the sql procedure if needed. Of course this add-on to vpopmail will be completely transparent when you compile with the default option --enable-many-domains
• Feb 26, 2021
  vpopmail: added a defaultdelivery patch, which makes vpopmail to copy your preferred delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domains, overriding the default vpopmail's behaiviour, where vpopmail copies its delivery agent vdelivermail.
  Feb 5, 2021
  - vpopmail: the patch has been improved. The sql-aliasdomains stuff is now done by means of the vpopmail's C programs and functions.
  Feb 3, 2021
  - vpopmail: new patch and script released.
  Just configure --enable-sql-aliasdomains (default) and forget. The dbtable will be created the first time you will create an aliasdomain.
• Jan 29, 2021
  - dovecot/auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
  - dovecot/dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
  - vpopmail: sql-aliasdomains and combined patch released (new aliasdomains dbtable has to be created!)
• Jan 13, 2021
  - vpopmail/dovecot: added support for sql aliasdomains
• Gen 5, 2021
  - dovecot upgraded to v. 2.3.13 (vpopmail-auth removed by dovecot's developers)
  - pigeonhole upgraded to v. 0.5.13
• Gen 3, 2021
  - Roundcube: Upgraded to v. 1.4.10
  - Roundcube: disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.
• Gen 2, 2021
  - ucspi-tcp6: upgraded to latest version
  - fehQlibs have to be installed as a prerequisite of ucspi-tcp6
• Dec 4, 2020
  - combined patch for qmail updated to solve compatibility problems with new gcc-10
  - a patch was also released to get vpopmail compiled with gcc-10
  - Tony Fung suggested a script to expunge messages, which can be very useful in case you need to expunge differently depending on your mailboxes/domains.
• Nov 18, 2020
  spamassassin:
  - solved some priviledge problems with the reports of the RC's markasjunk plugin, which is going to write inside the log dir and read the razor's identity file.
  - moved all log files into /var/log/spamassassin (apache group now has +w priv). spamdctl and logrotate scripts modified accordingly
• 2020.10.30
  Clamav: added clamav-unofficial-sigs (tx Tony Fung for the suggestion). Updated clamdctl and freshclamctl scripts to allow the restart function, needed by clamav-unofficial-sigs script
• 2020.10.28
  modified the spamassassin's DMARC rule. Now it passes emails with one between DKIM and SPF valid, according to RFC7489 (thanks Marcel Veldhuizen and Iulian for the hints)
• 2020.10.08
  rcptcheck-overlimit.sh: bug fix (tx Tony Fung)
• 2020.09.02
  spamassassin/DMARC: corrected the askDNS rule as it was not triggering the reject in the event that only one of DKIM or SPF failed (tx A F)
• 2020.09.01
  qmailadmin: minor adjustments to the skin patch
• 2020.08.12
  dovecot: upgraded to v. 2.3.11.3
  dovecot-pigeonhole: upgraded to v. 0.5.11
• 2020.08.11
  Roundcube: upgrade to v. 1.4.8
• 2020.08.10
  - new qmailadmin skin/combined patch released:
  mod_user.html: added the "value" attribute to the name/gecos input tag (tx Pablo Murillo)
• 2020.08.04
  - simscan: upgraded to v. 1.4.1
• 2020.08.02
  - several clarifications in the simscan page;
  - revised the ripMIME installation as the dev version of the program is now downloaded from github, to solve complation breaks.
• 2020.07.29
  - new combined patch
  * dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui).
• 2020.07.27
  - new combined patch
  * added a fix for cve-2005-1513 (tx C for the hint)
• 2020.07.15 
  - spamassassin: added Razor2, Pyzor, Spamcop configuration
  - Roundcube/markasjunk plugin has now info about the cmd_learn and the multi_driver drivers
  (tx Gabriel Torres)
• 2020.07.03
  Roundcube/password plugin: added a patch to make it work in combination with cracklib, to enforce password strenght (tx Tony Fung)
• 2020.06.10
  Roundcube: upgrade to v. 1.4.5 
• 2020.05.22
  new qmailadmin skin/combined patch released
• 2020.05.05
  -qmailadmin
  * patched qmailadmin to provide a new responsive skin for the control panel.
  * combined patch released
• 2020.05.01
  -qmailadmin
  * added qmailadmin-cracklib patch to enforce password complexity
  * pwd-strenght patch removed
• 2020.04.25
  -combined patch updated
  * qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca)
• 2020.04.16
  - new combined patch: qmail-remote-logging patch added (more info here)
• 2020.04.10
  - new combined patch: DKIM patch updated to v. 1.28
  * outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
  * declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
• 2020.03.31
  - DKIM configuration: added UNSIGNED_SUBJECT variable to the run files, which can be useful to declare if one wants to allow messages without the sign of the subject (more info here)
  2020.03.19
  dovecot: added the autoexpunge setting in 15-mailbox.conf. The expunge via cronjob in not needed anymore
• 2020.02.26
  vqAdmin: fixed a problem which was preventing the patch to be applied (tx Marco Varanda)
• 2020.02.25
  dovecot: modified 10-master.conf to set up stats' service priviledges and correct an error which appeared in qmail-send
• 2020.02.11
  table spamassassin.txrep modified as the column "count" was renamed (tx Tony Fung).
• 2020.02.06
  queue-repair.py: applied a patch to make the program python3 compliant (tx Tony Fung)
• 2020.02.04
  dovecot-sql.conf.ext: adjusted the user_query string to get compatibility with mariadb-10.3 (tx Tony Fung)
• 2020.01.11
  - new combined patch: qmail-tls patch updated to v. 20200107
  * working client cert authentication with TLSv1.3
• 2019.12.12
  spamassassin: upgraded to v. 3.4.3
• 2019.12.08
  - big patch updated
  * qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na) 
  - domainkeys script improved: it now manages 2048 bit long key (tx Tatsuya Yokota)
• 2019.12.01
  dovecot: upgraded to v. 2.3.8
  dovecot-pigeonhole: upgraded to v. 0.5.8
  Roundcube: upgraded to v. 1.4.1 (mobile responsive skin released!)
  Roundcube plugins: updated
• 2019.09.18
  spamassassin: added a page concerning TxRep and another one concerning DMARC filter
• 2019.09.09
  dovecot: now the SQL user_query retrieves the quota as well (tx Alexandre Fonceca, more info here)
• 2019.08.07
  - a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
  * BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
  * CHKUSER_ENABLE_ALIAS_DEFAULT, CHKUSER_VAUTH_OPEN_CALL and CHKUSER_DISABLE_VARIABLE are now defined in chkuser_settings.h
  * Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
• 2019.07.12
  - qmail-channels patch added
  more info here http://www.thesmbexchange.com/eng/qmail-channels_patch.html 
  - improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here.
• 2019.06.19
  - DKIM patch updated to v. 1.26
  * BUG - honor body length tag in verification
• 2019.05.24
  - qmail-tls patch updated to v. 20190517
  * bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
• 2019.05.23
  - DKIM patch updated to v. 1.25
  * SIGSEGV - when the txt data for domainkeys is very large exposed a bug in the way realloc() was used incorrectly.
  * On 32 bit systems, variable defined as time_t overflows. Now qmail-dkim will skip expiry check in such conditions.
• 2019.04.25
  * bug fixed on qmail-smtpd.c: it was selecting the wrong openssl version on line 2331 (tx ChangHo.Na)
  2019.04.09
  - qmail-tls patch updated to v. 20190408
  * make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
  * compiler warnings on char * casts (Kai Peter)
• 2019.04.03
  - libdomainkeys patch updated (tx Manvendra Banghui)
• 2019.03.22
  - new combined patch: fixed a bug causing crashes of qmail-remote when using openssl-1.1 (tx Luca Franceschini)
• 2019.02.27
  - port to openssl-1.1
  - DKIM patch updated to v. 1.24
  * bug fix: restored signaturedomains/nosignaturedomains functionalities.
• 2019.02.26
  simscan: patch updated (tx Pablo Murillo)
  vQadmin: some adjustments into apache config and it's working again under apache-2.4 (tx Erald)
• 2019.02.01
  fail2ban upgraded to v. 0.10.4
• 2018.09.23
  spamassassin upgraded to v. 3.4.2
• 2018.08.25
  -DKIM patch updated to v. 1.23
  * fixed a bug where including round brackets in the From: field ouside the double quotes (From: "Name Surname (My Company)" <name.surname@company.com>) results in a DKIMContext structure invalid error (tx Mirko Buffoni).
  * qmail-dkim and dkim were issuing a failure for emails which had multiple signature with at least one good signature. Now qmail-dkim and dkim will issue a success if at least one good signature is found.
• 2018.08.23
  -logging patch updated to v. 5
  * fixed a bugin logit and logit2 functions where a RSET command and a subsequent brutal quit of the smtp conversation ^] by the client cause a segfault (tx Mirko Buffoni, more info here)
• 2018.08.02
  ezmlm-web: Ricardo Brisighelli sent me two patches which solves compilation breaks with gcc-7
• 2018.06.22
  -clamav updated to v. 0.100.0
• 2018.04.06
  -added a patch to daemontools to extend the log file size limit to 100MB (tx Sam Tang)
• 2018.04.04
  -qmailctl script updated (tx Sam Tang)
  * "qmailctl stat" now shows something like "0 days, 00 hours 16 mins"
  * can assign another service which related qmail for monitoring, like dovecot, clamd, freshclam...
  * change "up" and "down" to green and red color.
• 2018.04.03
  -DKIM patch updated to v. 1.22
  * openssl 1.1.0 port
  * various improvements, bug fixes
• 2018-03-21
  added a new page to explain how to install a letsencrypt certificate for qmail and dovecot here
• 2018-02-07
  clamav updated to v. 0.99.3 (bug fix, tx to Bob Greco) 
• 2018-01-10
  == combined patch updated
  -maildir++
  * fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here and here.
  -qmail-queue-extra
  * removed, because it was causing more problems than advantages, as the domain of the log@yourdomain.tld had to match the system domain inside control/me and can't be a virtual domain as well.
  == dovecot: upgraded to v. 2.3.0
  == dovecot-pigeonhole: upgraded to v. 0.5.0.1 
• 2017-10-24
  new patch arrived (tx Luca Franceschini)
  -qlogfix (diff here)
  * log strings should terminate with \n to avoid trailing ^M using splogger
  * bug reporting custom errors from qmail-queue in qlog
  -added dnscname patch
  -added rcptcheck patch
  added rcptcheck-overlimit.sh (tx Luca Franceschini)
  added a page about rcptcheck-overlimit.sh usage
• 2017-09-05
  Roundcube upgraded to v. 1.3.1. The enigma plugin requires Crypt_GPG-1.6.2
• 2017-08-24
  -fail2ban: the qmail-smtpd.conf filter has been simplyfied and is now based on the "qlogenvelope" lines 
• 2017-08-18
  -combined patch updated: qmail-smtpd now retains authentication upon rset (tx to Andreas)
• 2017-07-05
  -roundcube upgraded to v. 1.3.0
• 2017-05-14
• Combined patch updated:
  DKIM patch updated to v. 1.20
  It now manages long TXT records, avoiding the rejection of some hotmail.com messages.
• 2017-03-02
  -ucspi-tcp6 upgraded to v. 1.04 (some bug fixes http://www.fehcom.de/ipnet/ucspi-tcp6.html)
• 2016-12-19
  -Several new patches and improvements added (thanks to Luca Franceschini)
  More info here http://notes.sagredo.eu/node/178
• 2016-12-14
  simscan: bug fix and new combined patch (thanks to Bob Greco, more info here)
• 2016-12-02
  -fixed BUG in qmail-remote.c: in case of remote server who doesn't allow EHLO the response for an alternative
  HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
  Patch applied: http://notes.sagredo.eu/files/qmail/patches/fix_sagredo_remotehelo.patch
• 2016-09-19
  -big patch updated: qmail-tls patch updated to v. 20160918
    * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
    * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
• 2016-08-06
  qmailadmin: added the ezmlm-idx 7 compatibility patch
  2016-08-04
• ucspi-tcp6 upgraded to v. 1.02
• 2016-07-20
  -roundcube: added enigma plugin
• 2016-05-31
  -roundcube upgraded to v. 1.2.0. All plugins updated as well
• 2016-05-15
  -force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
  the STARTTLS command was not sent by the client
• 2016-03-09
  -combined patch updated
  * dkim patch updated to v. 1.19: verification will not fail when a dkim signature does not include the subject provided that the  UNSIGNED_SUBJECT environment variable is declared. More info here.
• 2016-01-18
  -removed the line "DKIMKEY=/var/qmail/control/domainkeys/%/default" from the qmail rc config file, as DKIMKEY is actually ignored by dk-filter, which will look for the key in that location by default. Use DKIMSIGN instead to define yor domainkey location (thanks to Steffen for the hint)
• 2015-12-26
  qmail-tls updated to v. 20151215
  * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
  * add ECDH to qmail-smtpd
  * increase size of RSA and DH pregenerated keys to 2048 bits
  * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  more info here 
  -roundcube upgraded to v. 1.1.4 (security fixes, more info here)
• 2015-12-15
  -DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
  2015-11-23
  qmail-submission/run modified: SMTPAUTH="!" to enable the submission feature (auth required). Now incoming msg can be received only on standard 25 port 
• 2015-10-06
  -fail2ban upgraded to v. 0.9.3
• 2015-10-03
  -new combiend patch released: qmail-authentication updated to v. 0.8.3
• 2015-09-02
  dovecot: the user query on the auth is now able to manage pop3/imap/webmail vpopmail limits (thanks to Arturo Blanco)
• 2015-08-29
  vQadmin: combined patch released (more info inside the patch itself)
• 2015-08-08
  -fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
• 2015-05-28
  qmailadmin: added a patch to log auth failures (thanks to Tony)
  fail2ban: added a filter against qmailadmin log failures
• 2015-05-03
  spamassassin: upgraded to v. 3.4.1
• 2015-04-25
  qmailadmin: added a patch to check for the password strenght
• 2015-04-11
  -combined patch updated: 
  --qmail-authentication: upgraded to v. 0.8.2
  --qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
• 2015-03-28
  -combined patch updated: added qmail-empf patch
• 2015-02-25
  the home page graphic of qmailadmin has copyright issues as shown here (thanks to Marc for the hint)
• 2015-02-17
  roundcube: upgraded to v. 1.1.0. All plugins have been upgraded as well
• 2015-01-10
  roundcube: added carddav plugin
• 2014-11-20
  combined patch updated:
  -the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian).
• 2014-11-15
  combined patch updated:
  -modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log (thanks to Simone for the hint). Look here for details.
• 2014-11-08
  simscan has been improved with the jms patch. The work dir is mounted as a ramdisk now
• 2014-10-29
  fail2ban: qmail-smtp.conf filter updated to look for GREETDELAY lines
• 2014-10-14
  SSLv3 disabled on dovecot because of security reasons (more info here)
• 2014-10-14
  dovecot upgraded to v. 2.2.14
  dovecot-pigeonhole recompiled
• 2014-10-04
  dovecot upgraded to v. 2.2.14.rc1
  dovecot-pigeonhole upgraded to v. 0.4.3
  the global sieve folder was moved to /usr/local/dovecot/etc/sieve/
• 2014-09-29
  roundcube upgraded to v. 1.0.3.
  added a roundcube-auth filter to fail2ban
• 2014-08-26
  roundcube upgraded to v. 1.0.2. Fixed some errors in the relative page, as sometime the $config variable was still $rcmail_config as in the past, and all the config files are now merged into config.inc.php (thanks to Otto)
• 2014-08-24
  the log rotation of qmail is managed by the jms'  https://qmail.jms1.net/scripts/convert-multilog. Thanks to Marc for the suggestion
• 2014-08-18
  added a page concerning fail2ban setup
• 2014-05-13
  clamav upgraded to v. 0.98.3
  roundcube upgraded to v. 1.0.1
  ezmlm-idx upgraded to v. 7.2.2
  qmailadmin recompiled against ezmlm-idx-7.2.2
• 2014-05-03
  ezmlm-idx upgraded to v. 7.2.0
  Bruce Guenter has released a new version of ezmlm-idx, getting the program to be compliant with the Yahoo DMARC Policy Change. You have to recompile qmailadmin against ezmlm as well.
• 2014-04-14
  combined patch updated:
  -added qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified
• 2014-04-08
  roundcube upgraded to v. 1.0.0
• 2014-03-10
  combined patch updated:
  -added qmail-smtpd-liberal-lf patch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
• 2014-02-14
  spamassassin upgraded to v. 3.4.0
• 2014-01-10
  roundcube upgraded to v. 1.0-rc. Plugins have been upgraded as well
• 2014-01-24
  ucspi-tcp6 upgraded to v. 1.00: fixed problems when compiling with C99 compilers
• 2013-12-30
  combined patch updated:
  -added qmail-SRS patch. You must install libsrs2 now.
  -the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
• 2013-12-20
  combined patch update (more info here):
  -added qmail-date-localtime patch
  -added qmail-hide-ip patch
  -the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now communications trying to send commands before the greeting will be closed. Premature disconnections will be logged as well. More info here
  -modified the configuration of qmail-smtpd and qmail-submission according to the new greetdelay patch
  -updated the page concerning greetdelay
  -CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like )
  -chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
  -added qmail-moreipme patch
  -added qmail-dnsbl patch (more info here)
  -added a page concerning qmail-dnsbl patch
• 2013-12-05
  added two patches to my combined patch to make qmail rfc2821 compliant
• 2013-11-23
  any-to-cname patch added to the combined patch
• 2013-10-30
  Added two contributions by Costel Balta:
  -how to avoid to be "cut off" from spamhaus.org (read here)
  -adding the foxhole db to clamav (on the bottom of the clamav page)
• 2013-09-27
  -DKIM patch upgraded to v. 1.17. Defined -DHAVE_SHA_256 while compiling dkimverify.cpp in the Makefile. This solved an issue while verifying signatures using sha256.
• 2013-09-16
  Minor fixes to the DKIM patch
• 2013-09-14
  -new combined patch released. The DKIM patch has been upgraded to v. 1.16; the signing at qmail-remote level has been revised by its author.
  -I added notes about qmail-remote signing in the DKIM page of this guide.
  -the domainkey program now gives ownership of the domainkey to qmailr, which runs qmail-remote
• 2013-08-25
  -qmail-qmqpc.c call to timeoutconn() needed a correction because the function signature was modified by the
   outgoingip patch. Thanks to Robbie Walker
   (diff file here http://notes.sagredo.eu/files/qmail/patches/qmail-qmqpc.diff)
• 2013-08-22
  ucspi-tcp6: upgraded to v. 0.99. The current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you install his modified qmail-spf patch (my combined patch already has this adjustment to spf).
  Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from http://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/
• 2013-08-21
  -big patch updated: fixed a bug in hier.c which caused the installation not to build properly the queue/todo dir structure (thanks to Scott Ramshaw)
• 2013-08-19
  -DKIM-SURBL patch by Manvendra Bhangui updated to v. 1.14
  -added a page about SURBL configuration
• 2013-08-12
  -DKIM patch upgraded to v. 1.12. The new patch adds surblfilter functionality.
  -added qmail-smtpd pid, qp log patch
• 2013-08-08
  -qmail-SPF modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant. In order to have it working with such addresses you have to patch tcpserver.c accordingly. You can use a patch fot ucspi-tcp6-0.98 by Manvendra Bhangui at http://notes.sagredo.eu/files/qmail/patches/tcpserver-ipv6mapped_ipv4.patch or wait for v. 0.99 relase of ucspi-tcp6
  -added outgoingip patch
  -added qmail-bounce patch
• 2013-05-20
  dovecot: upgraded to v. 2.2.2
  dovecot-pigeonhole: rebuilt
• 2013-05-18
  Roundcube: upgraded to v. 0.9.1
• 2013-05-09
  -dovecot-pigeonhole: upgraded to stable 0.4.0 version
• 2013-05-06
  -dovecot: upgraded to v. 2.2.1 The configuration has been modified to use the sql/mysql driver in place of the vpopmail one; the password is now sended in plain text
  -dovecot-pigeonhole: upgraded to latest development version
  -RoundCube: imap_auth_type has been set to NULL to send the password in plain text and make dovecot's auth happy
  -the dovecot's expunge shell script was simplyfied. Using the sql driver solved all issues of the old vpopmail backend related to the missing iteration feature.
• 2013-04-16
  Roundcube: upgraded to v. 0.9.0
  All rc plugins have been updated as well
• 2013-03-31
  new combined patch: qmail-auth updated to latest v. 0.8.1 Added authentication by recipient domain for qmail-remote. Look at README.auth for further details
• 2013-02-11
  new combined patch: some code adjustments in qmail-smtpd.c smtpd_ehlo() to restore total compatibility with esmtp-size patch
• 2013.02.08
  new combined patch: qmail-auth has been updated to the latest v. 0.7.6. Look at README.auth for further details
  ucspi-tpc6: updated to v. 0.98
• 2013.01.28 new combined patch released: fixed an issue on qmail-pop3d which was causing a double +OK after the pass command (thanks to Rakesh, Orbit and Simplex for helping in testing and troubleshooting)
• 2013.01.27 ucspi-tpc6: updated to v. 0.97
• 2013.01.06 ucspi-tpc6 0.96 by E.Hoffmann replace the ucspi-tcp 0.88 by DJB. It provides IPv6 and rblsmtpd greetdelay support
  combined patch modified. The variable GREETDELAY was renamed to SMTPD_GREETDELAY just to avoid conflicts with the GREETDELAY variable inside rblsmtpd
  qmail-smtpd/run file modified accordingly
• 2012.11.14 Roundcube: upgraded to v. 0.8.4
• 2012.11.10 Roundcube: upgraded to v. 0.8.3. Autologon plugin: modified
• 2012-10-31 new combined patch: qmail-auth has been updated to the latest v. 0.7.5. Look at README.auth for further details
  The qmail-forcetls patch was simplyfied accordingly.
• 2012.10.25 vpopmail: upgraded to v. 5.4.33 (now marked as stable). Be aware that you have to recompile netqmail, qmailadmin and vqadmin as well.
  qmailadmin: upgraded to v. 1.2.16
• 2012.10.19 Roundcube: added context menu, autologon and logout_redirect plugins
• 2012.10.18 Roundcube: upgraded to v. 0.8.2
• 2012.10.11 dovecot: upgraded to v. 2.1.10
  dovecot-pigeonhole: upgraded to v.0.3.3
• 2012.10.10 fixed vQadmin 'invalid language' issue (see vQadmin page for details http://notes.sagredo.eu/it/node/57)
• 2012.09.19 ClamAV: upgraded to v. 0.97.6
• 2012.09.04 zipdownload Roundcube's plugin: modified to gain compatibility to v. 0.8.1 (thanks to taki)
• 2012.08.31 Roundcube: upgraded to v. 0.8.1
  dovecot: upgraded to v. 2.1.9
  dovecot-pigeonhole: recompiled
• 2012.08.11 Roundcube: upgraded to v. 0.8.0
• 2012.05.26 dovecot-pigeonhole: upgraded to v 0.3.1
• 2012.05.24 dovecot: upgraded to v. 2.1.6
• 2012-04-25 new combined patch: added qmail-remote CRLF (thanks to Pierre Lauriente for the help on testing and troubleshooting)
  The qmail-remote CRLF patch solved a problem of broken headers after sieve forwarding that was caused by a bad handling of the CR (carriage return) by qmail-remote. The issue is also reported here http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
• 2012.04.16
  qmail-tap added to my combined patch
• 2012.03.03 dovecot: upgraded to v. 2.1.1
  The configuration files have been updated: the most important change was the location of auth_socket_path variable inside 10-mail.conf
• 2012.02.17 dovecot: upgraded to v. 2.1.0
  dovecot-pigeonhole: upgraded to v.0.3.0
• 2012.02.08: esmtp-size patch added to my combined patch
• 2012.01.29: New combined patch released: added doublebounce-trim patch
• 2012.01.21 Roundcube: updated to v. 0.7.1. All plugins have been updated to latest version as well.
• 2011.12.13 dnsbl.sorbs.org is not on my RBL examples anymore, as it proved to be a bad list. It's rejecting gmail's IPs and also confusing the IP of my own server as dynamic.
• 2011.12.12 New combined patch released.
  -modified update_tmprsadh to chown the .pem files to vpopmail to avoid hang-ups during the smtp conversation on port 587 caused by permission problems.
• 2011.10.06 New combined patch released.
  -fixed qmail-remote.c which was not going into tls on authentication (thanks to Krzysztof Gajdemski)
  -force-tls now quits if the starttls command is not provided when required (thanks to Jacekalex)
• 2011.09.30 Dovecot: upgraded to v. 2.0.15
  dovecot-pigeonhole: upgraded to v . 0.2.4
  ICU: upgraded to v. 4.8.1
• 2011.09.29 RoundCube: upgraded to v. 0.6. All plugins have been updated to latest version
• 2011.08.13 RoundCube: upgraded to v. 0.5.4 (security fix)
• 2011.07.27: Big patch updated. My force-tls patch allows the management of STARTTLS and CRAM-MD5 variables in the run file, so that there's no need to recompile each time anymore.
  I also added the "qmail-inject-null-sender" patch by Stéphane Cottin, which addresses a bug on qmail-inject
• 2011.07.23 The configuration of dovecot was updated to allow maildir++ (thanks to Nicolas) on files 90-quota.conf and 20-imap.conf
• 2011.07.15 The combined patch has been updated: an issue which caused the compilation's break down of qmail on 64b platforms has been fixed
• 2011.07.03 Added support for rblsmtpd. Added a page about the greetdelay patch.
• 2011.06.29 New combined patch released. Added ext-todo and big-todo patches, which adress the "silly qmail syndrome" on big servers.
• 2011.06.24 Spamassassin: updated to v. 3.3.2
• 2011.06.02 Roundcube: updated to v. 0.5.3 (2 important bug fixes)
• 2011.05.29 Dovecot: added a page concerning the purging of expired emails from Trash/Junk
• 2011.05.25 RoundCube: updated to v. 0.5.2. Updated almost all roundcube's plugin to latest version.
• 2011.05.17 Added Luca Morettoni's qmail-rblchk
• 2011.04.19 Dovecot-2.0.12 upgrade; dovecot-pigeonhole v.0.2.3 upgrade
• 2011.04.06 Vermulen's TLS patch updated (security fix, see http://www.kb.cert.org/vuls/id/555316).
  New qmail combined patch releasead.
• 2011.02.25 Added DKIM patch and related page

---------

• 2010.12.12 first release of this guide and related patch

Changelog

• May 7, 2026
  Razor-Agent-Client upgraded to v. 2.88
• Jun 3, 2025
  - disabled IPv6 on DCC as servers are not always responding (tx Shailendra Shukla)
• Dec 26, 2023
  Pyzor installed from github, as version 1.0.0 is not pythone3 compliant (thanks Mike)

Questa pagina concerne il setup di alcuni filtri di rete che aiutano spamassassin a decidere cosa fare di un dato messaggio. Abilitando questi filtri, insieme al sistema di apprendimento bayesiano, migliorerà drasticamente le prestazioni di spamassassin nella lotta allo spamming.

• Repository ufficiale: http://plugins.roundcube.net/

Changelog

• Apr 27, 2026
  - qmailforward upgraded to v1.0.5 (bug fix: sql call is not done if the forward is not a valid email address)
• Dec 19, 2025
  - composer is now installed in /usr/local/bin and not in RC dir
• Apr 19, 2025
  - sauserprefs aggiornato alla versione 1.20.2
• 23 marzo 2025
  - il driver vpopmaild del plugin password è nuovamente funzionante, ora che il problema è stato sistemato dal lato vpopmail (versione 5.6.7 in poi).

Le SURBL sono liste di siti web che appaiono nel corpo della posta indesiderata. Diversamente dalla maggior parte delle liste non sono liste di indirizzi IP.

I siti web che appaiono nei messaggi di posta indesiderata tendono ad essere più stabili rispetto agli indirizzi IP in rapido cambiamento dei botnet che sono soliti inviare la maggior parte di questi messaggi. Le liste di IP come zen.spamhaus.org possono essere usate in un primo stadio di filtraggio per aiutare a identificare da circa l'80% al 90% dei messaggi di posta indesiderata. Le liste SURBL possono contribuire a eliminare il restante 75% della posta indesiderata in un successivo stadio di filtraggio. Usate insieme alle liste di IP (RBL), le SURBL risultano un metodo molto efficace per identificare fino al  95% della posta indesiderata.

Changelog

• Mar 29, 2026
  - aggiunta una nota sui control file
• Feb 17, 2026
  - added notes to testing section
• Sep 26, 2023
  -surblfilter logs the rejected URL in the qmail-smtpd log. It can now inspect both http and https URLs.
  -Improvements in man dkim.9, qmail-dkim.9 and surblfilter.9
• May 17, 2023
  -Top level domains URL is changed. So you have to adjust the update_tlds.sh script accordingly

Rsync is a fast and extraordinarily versatile file copying tool.  It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon.
It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied.  It is famous for  its  delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination.  Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.
Rsync finds files that need to be transferred using a "quick check" algorithm (by default) that looks for files that have changed in size or in last-modified  time.
Any  changes  in  the  other preserved attributes (as requested by options) are made on the destination file directly when the quick check indicates that the file's data does not need to be updated.

• rsync command examples: http://www.thegeekstuff.com/2010/09/rsync-command-examples/

I will show shortly how to:

• backup your files from remote to local using rsync
• use modules to have multiple backups possible
• secure the connection with ssh
• avoid to prompt for the password, so that your backup can be done via script/cronjob

Before we start, I'll call "local" the computer where the files have to be copied and "remote" the computer where those files are stored and where you have to listen for ssh connections.

Remote host

To secure our data, we'll use rsync via a remote ssh connection, so there's no need to start rsync as a daemon, but sshd must be configured to accept connections without password and rsa-key authentication must be enabled in your /etc/ssh/sshd_config file:

PermitRootLogin without-password
PubkeyAuthentication yes
AllowUsers root

Here "root" is the only user who is allowed to connect via ssh. So the user "root" will be used at the ssh level and should not be confused with "rsync-user", which will be used to log-in to the rsync "module", site1 in the following example.

Log-in as "root" and create the config file /etc/rsync.conf.

# common stuff
motd file = /etc/rsyncd_motd
# the following in case you want to test rsync as daemon
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock

[site1]
       # this is the path of the files to backup
       path = /home/ssh-user/path/where/site1/files/live
       comment = site1 files
       uid = root
       gid = root
       read only = yes
       list = yes
       auth users = rsync-user
       secrets file = /root/rsyncd.scrt
       # we don't have super user access
       use chroot = false


[site2]
       [....site2 stuff....]

uid and gid are the userID and the groupID under which file transfers will take place.

Before the transfer will start, you have to authenticate rsync with "auth user". Create the secret file ~/rsync.scrt which holds the user:password couples:

rsync-user:password
rsync-user2:password2

Remove the 'r' flag to other users:

chmod o-r ~/rsync.scrt

Local host

Since we want to backup our files by means of a script and a cronjob, it's important that the remote ssh connection will not prompt for any password. We can achieve this by exchanging a ssh-key between client and server.

Create the private and public keys:

root@localhost:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa_remoteHost): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa_remoteHost.
Your public key has been saved in /root/.ssh/id_rsa_remoteHost.pub.
The key fingerprint is:
a0:53:33:c5:d1:ea:4c:e2:a1:98:d9:ba:b0:e8:5f:90 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|    o++o         |
|     o. .        |
|    . ..         |
|    .oo.         |
|   E.O .S        |
|    * *          |
|.  . o .         |
|.o. . .          |
|+.oo             |
+-----------------+

Now you have to append the public key id_rsa_remoteHost.pub to the remote server's ~/.ssh/authorized_keys file. ssh-copy-id is a program which can do this for you:

root@localhost:~# ssh-copy-id -i ~/.ssh/id_rsa_remoteHost -p 12345 root@remoteHost

You will be prompted to enter the root password in order to copy the key.

Now test that the connection is allowed with no password:

root@localhost:~# ssh -p 12345 -l root -i /root/.ssh/id_rsa_remoteHost <remoteHost>
Last login: Mon Sep  2 16:04:57 2013 from localhost
Linux 2.6.32.10-vs2.3.0.36.29.2-smp.
root@remotehost:~#

You can disable the access with password for the user root in your /etc/ssh/sshd_config:

PermitRootLogin prohibit-password

Now we are ready to create our backup shell-script as /usr/local/bin/rsync_backup.sh:

#!/bin/sh

/usr/bin/rsync \
        -avz --exclude "*~" --delete-after \
        -e "ssh -p 12345 -l root -i /root/.ssh/id_rsa_remoteHost" \
        --password-file /root/remoteHost_rsync_pwd \
        rsync-user1@::site1 \
        /local/destination/path

Remember to give the flag +x  to that file:

chmod +x /usr/local/bin/rsync_backup.sh

The password file /root/remoteHost_rsync_pwd holds the password of the rsync connection; in this way our shell-script will not receive a password prompt when it connects. It should be stored in a safe place and priviledges must be given only to the root user. It will contain just the password string.

Maybe the line

-avz --exclude "*~" \

deserves some description, but you are invited to refer to the man page for more details.

• --exclude "*~" is to avoid the copy of backup files of my text editor
• "-a" stands for -rlptgoD and preserves everything
• "-r" means recursive mode while traversing directories
• "-p", "-o", and "-g" preserve the permissions, owner and group information of files and directories to be copied
• "-t" preserves the file and directory timestamps
• "-l" preserves the symbolic links
• "-D" preserves devices and special files
• "-v" turns on verbosity in output
• "-z" enables compression

If you are wondering if the above method of using rsync is suitable for the vpopmail maildirs as well, the answer is yes, but with some adjustments. This is what I have in my backup scripts:

rsync -a \ 
 --stats --delete-after --delete-excluded --numeric-ids --partial \
 --exclude=Maildir/tmp/ \
 --exclude=Maildir/*/tmp/ \
 --exclude=dovecot* \
 --exclude=*.lock \
 --exclude=*.lock.* \
 --exclude=/cache/ \
 --exclude=*.qmail \
 --exclude=*.qmails \
 -e "ssh -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=no" \ 
 root@${MAIL_IP}:/home/vpopmail/domains/ /home/backup/backup-domains/ \ 
 >> "$LOGFILE" 2>&1

As you can see, I'm excluding the dovecot indexes and all the Maildirs' tmp dirs. This avoids transferring constantly changing temporary or volatile data, reduce the risk of inconsistencies if the backup is restored to a server with a different version of dovecot and improve synchronization performance by avoiding large amounts of non-critical files.

--stats prints statistics of the transfer in the log file.

--delete-after deletes files on the destination server only after the transfer is complete. If the transfer is interrupted midway, you don't immediately lose files on the backup.

--delete-excluded deletes from the backup everything that is no longer included in the sync, even if you had voluntarily excluded it.

--numeric-ids forces rsync to use numeric UIDs and GIDs instead of user and group names. This avoids problems if users on the backup server have different names than on the source server.

--partial Allows partially transferred files to be kept if the transfer is interrupted. With --partial, the file remains, and rsync can resume where it left off next time, saving time and bandwidth.

Connecting to the remote Host

You can have a quick connection to the remote Host if you setup a ~/.ssh/config file as follow

Host MyHost
HostName remoteHost.net
User ssh-user
Port 12345
IdentityFile ~/.ssh/id_rsa_remoteHost

and connecting as

> ssh MyHost
Enter passphrase for key '/home/ssh-user/.ssh/id_rsa_remoteHost':
Last login: Mon Sep  2 16:04:57 2013 from localhost
Linux 2.6.32.10-vs2.3.0.36.29.2-smp.
ssh-user@remotehost:~#

At this point it is convenient to disable root remote access setting /etc/ssh/sshd_config as follow:

PermitRootLogin without-password
AllowUsers ssh-user 
PubkeyAuthentication yes

MariaDB uses asynchronous replication based on binary logs (binlog). Master (source) writes changes to the binary log, slave (replica) reads the binlog from the master and replays events locally. Replication is one-way by default (master to slave).

Master configuration

Configure MariaDB by editing /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=1
log_bin=binlog
binlog_format=ROW
bind-address = 0.0.0.0

bind-address = 0.0.0.0 assures that the server is accessible from the outnet. Check with netstat

netstat -plunt|grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      417359/mariadbd

Restart MariaDB, then check the binary log file name and the binary log position:

MariaDB [(none)]> SHOW MASTER STATUS;  
+---------------+----------+--------------+------------------+ 
| File          | Position | Binlog_Do_DB | Binlog_Ignore_DB | 
+---------------+----------+--------------+------------------+ 
| binlog.000001 |    14446 |              |                  | 
+---------------+----------+--------------+------------------+ 
1 row in set (0.000 sec)

Create the user for the replication from the slave:

CREATE USER 'replica'@'SlaveIP%' IDENTIFIED BY 'password';
GRANT REPLICATION SLAVE ON *.* TO 'replica'@'SlaveIP';
FLUSH PRIVILEGES;

Dump the databases you want to backup (vpopmail, roundcubemail and spamassassin in my example):

mysqldump -u root -p --databases vpopmail roundcubemail spamassassin --single-transaction --master-data=2 > dump.sql

Slave configuration

Prepare the server by editing /etc/my.cnf.d/mariadb-server.cnf. Assign a unique id:

# replica 
server-id=2       # unique id
log_bin=binlog    # to revert master - slave 
read_only=ON      # cannot alter the database
# databases to replicate (it will read only these db from log)
replicate-do-db=vpopmail
replicate-do-db=roundcubemail
replicate-do-db=spamassassin

Log into MariaDB, stop the current slave (if it exists) and drop the databases to be cloned;

STOP SLAVE;
RESET SLAVE ALL;
DROP DATABASE IF EXISTS vpopmail;
DROP DATABASE IF EXISTS spamassassin;
DROP DATABASE IF EXISTS roundcubemail;

Use scp to copy the dump you have done earlier (here I am connecting via secure key):

scp -i '/root/.ssh/ed25519' root@MasterIP:/root/dump.sql .

Import the dump:

mysql -u root -p < dump.sql

Open the dump.sql file and identify the line holding the log file and the log position:

-- CHANGE MASTER TO MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

The same thing can be achieved by using grep

grep "CHANGE MASTER TO" dump.sql      
-- CHANGE MASTER TO MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

Enter the slave server and configure the master:

CHANGE MASTER TO MASTER_HOST='MasterIP', MASTER_USER='replica', MASTER_PASSWORD='replicaPWD', MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

Then start the slave on MariaDB and verify its status:

MariaDB [(none)]> START SLAVE; 
Query OK, 0 rows affected (0.000 sec) 

MariaDB [(none)]> SHOW SLAVE STATUS\G 
*************************** 1. row *************************** 
               Slave_IO_State: Waiting for master to send event 
                  Master_Host: MasterIP
                  Master_User: replica 
                  Master_Port: 3306 
                Connect_Retry: 60 
              Master_Log_File: binlog.000001 
          Read_Master_Log_Pos: 719355 
               Relay_Log_File: mariadb-relay-bin.000003 
                Relay_Log_Pos: 357109 
        Relay_Master_Log_File: binlog.000001 
             Slave_IO_Running: Yes 
            Slave_SQL_Running: Yes 
              Replicate_Do_DB:  
          Replicate_Ignore_DB:  
           Replicate_Do_Table:  
       Replicate_Ignore_Table:  
      Replicate_Wild_Do_Table:  
  Replicate_Wild_Ignore_Table:  
                   Last_Errno: 0 
                   Last_Error:  
                 Skip_Counter: 0 
          Exec_Master_Log_Pos: 719355 
              Relay_Log_Space: 357420 
              Until_Condition: None 
               Until_Log_File:  
                Until_Log_Pos: 0 
           Master_SSL_Allowed: No 
           Master_SSL_CA_File:  
           Master_SSL_CA_Path:  
              Master_SSL_Cert:  
            Master_SSL_Cipher:  
               Master_SSL_Key:  
        Seconds_Behind_Master: 0 
Master_SSL_Verify_Server_Cert: No 
                Last_IO_Errno: 0 
                Last_IO_Error:  
               Last_SQL_Errno: 0 
               Last_SQL_Error:  
  Replicate_Ignore_Server_Ids:  
             Master_Server_Id: 1 
               Master_SSL_Crl:  
           Master_SSL_Crlpath:  
                   Using_Gtid: No 
                  Gtid_IO_Pos:  
      Replicate_Do_Domain_Ids:  
  Replicate_Ignore_Domain_Ids:  
                Parallel_Mode: optimistic 
                    SQL_Delay: 0 
          SQL_Remaining_Delay: NULL 
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates 
             Slave_DDL_Groups: 0 
Slave_Non_Transactional_Groups: 90 
   Slave_Transactional_Groups: 980 
         Replicate_Rewrite_DB:  
1 row in set (0.000 sec)

If Slave_IO_Running: Yes and Slave_SQL_Running: Yes it's ok. Seconds_Behind_Master inform us if the server is aligned.

You can insert data into Master and check if they are replicated no Slave.

Promoting the backup server to production

Connect to mariadb from command line and check the slave status and that the slave is synced with master (Seconds_Behind_Master: 0):

SHOW SLAVE STATUS\G

Check that:

Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Seconds_Behind_Master: 0

If slave is perfectly synced with master stop the replica

STOP SLAVE;
RESET SLAVE ALL;

Set the mariadb server writable

SET GLOBAL read_only=OFF;

Exit from MariaDB command line and modify the config file so that read_only is commented out.

[mysqld] 
# replica 
server-id=2 
log_bin=binlog 
#read_only=ON 
replicate-do-db=vpopmail 
replicate-do-db=roundcubemail

Restart the server. Now the database server is in production.

Solr è un server di indicizzazione basato su Apache Lucene. Dovecot communica con esso attraverso delle query HTTP/XML. Il server di indicizzazione consente di fare ricerche di testo in modo veloce nelle mail, compreso il corpo dei messaggi.

• Scarica l'ultima versione: v. 9.10.1
• Documentazione ufficiale
• Documentazione di Solr FTS Engine per Dovecot

Changelog

• 8 febbraio 2026
  - upgrade alla versione 9.10.1
• 5 marzo 2025
  - la versione 9.8.0 richiede SOLR_OPTS="$SOLR_OPTS -Dsolr.config.lib.enabled=true" in solr.in.sh

Aggiornamento alla versione 9.10.x

• Maggiori informazioni qui
• Dovecot ha recentemente rilasciato i file schema aggiornati alla versione 9, alternativi a quelli che si trovano qui

Prima di ogni cosa controllare che la propria versione di java sia almeno la 11.

Scaricare Solr:

SOLR_VER=9.10.1
wget https://www.apache.org/dyn/closer.lua/solr/solr/${SOLR_VER}/solr-${SOLR_VER}.tgz?action=download -O solr-${SOLR_VER}.tgz

Arrestare quindi il server Solr e lanciare l'aggiornamento con le opzioni -f (aggiornamento) e -n (non lanciare do not start the server when finished) options:

tar xzf solr-${SOLR_VER}.tgz solr-${SOLR_VER}/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-${SOLR_VER}.tgz -f -n

Gli utenti Slackware invece dovranno procedere diversamente:

wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh
chmod +x install_solr_slackware.sh
./install_solr_slackware.sh solr-${SOLR_VER}.tgz -f -n

Scaricare e installare il nuovo schema e il file di configurazione per Dovecot

cd /var/solr/data/dovecot/conf
rm -f schema.xml managed-schema.xml solrconfig.xml
wget https://raw.githubusercontent.com/dovecot/core/refs/heads/main/doc/solr-schema-9.xml -O schema.xml 
wget https://raw.githubusercontent.com/dovecot/core/refs/heads/main/doc/solr-config-9.xml -O solrconfig.xml
chown solr:solr solrconfig.xml schema.xml

Il nuovo file di configurazione sostituisce LRUCache con CaffeineCache e cambia la locazione delle librerie .jar (diff).

Riconfigurare il proprio /etc/default/solr.in.sh file, dato che molte opzioni sono cambiate radicalmente, quindi riavviare Solr.

Dobbiamo abilitare le librerie di configurazione come descritto qui per risolvere un errore che compare dalla versione 9.8.0 quando con lo scjema di Dovecot. Aggiungere questa riga al file /etc/default/solr.in.sh:

SOLR_OPTS="$SOLR_OPTS -Dsolr.config.lib.enabled=true"

Infine aggiornare gli indici (editare lo script apposito per inserire la propria password di Dovecot)

wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh
chmod +x solr_rescan_index.sh
chown root:root solr_rescan_index.sh
chmod o-wrx solr_rescan_index.sh

./solr_rescan_index.sh
Stopping Dovecot 
. 
<?xml version="1.0" encoding="UTF-8"?> 
<response> 

<lst name="responseHeader"> 
 <int name="status">0</int> 
 <int name="QTime">20</int> 
</lst> 
</response> 
Starting Dovecot.

Lo script non deve restituire errori (status=0). Se invece si ottengono degli errori è necessario ricontrollare le autorizzazioni di sicurezza e le credenziali dell'utente dovecot di Solr.

• Maggiori informazioni qui
• Versione: fehQlibs-30

Le fehQlibs sono librerie C aggiuntive sviluppate da Erwin Hoffmann. Sono un prerequisito di ucspi-tcp6 e di ucspi-ssl.

Installare come segue in /usr/local:

FEQLIBS_VER=30
cd /usr/local
wget https://www.fehcom.de/ipnet/fehQlibs/fehQlibs-${FEQLIBS_VER}.tgz
tar xzf fehQlibs-${FEQLIBS_VER}.tgz 
chown -R root:root fehQlibs-${FEQLIBS_VER}
cd fehQlibs-${FEQLIBS_VER}

Cambiare la cartella di installazione modificando il file conf-build come segue

LIBDIR=/usr/local/lib 
HDRDIR=/usr/local/include 

Compilare e installare

make -C src
make -C src shared
make -C src install 

cd ..
rm qlibs
ln -s fehQlibs-${FEQLIBS_VER} qlibs

Le qlibs dovranno essere trovate al momento della compilazione di ucspi-tcp6, quindi dobbiamo aggiungerle al file /etc/ld.so.conf:

echo "/usr/local/qlibs" >> /etc/ld.so.conf
ldconfig

In genere nei sistemi Unix si può lanciare questo comando per ottenere lo stesso risultato e linkare le librerie qlib:

ldconfig -m /usr/local/qlibs

TxRep was designed as an enhanced replacement of the AutoWhitelist plugin. TxRep, just like AWL, tracks scores of messages previously received, and adjusts the current message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. Each message from a particular sender adjusts the historical total score which can change them from a spammer if they send non-spam messages. Senders who are considered non-spammers can become treated as spammers if they send messages which appear to be spam. Simpler told TxRep is a score averaging system. It keeps track of the historical average of a sender, and pushes any subsequent mail towards that average.

The Bayesian classifier in Spamassassin tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham. If I've handed 100 messages to sa-learn that have the phrase penis enlargement and told it that those are all spam, when the 101st message comes in with the words penis and enlargment, the Bayesian classifier will be pretty sure that the new message is spam and will increase the spam score of that message.

In pratica Bayes è un classificatore statistico: guarda i token (parole, header, URL, ecc.) e calcola la probabilità che il messaggio sia spam senza interessarsi di chi manda, ma solo del contenuto.

Invece TxRep tiene traccia della reputazione del mittente (indirizzo email + IP).

• TxRep - Reputation plugin
• README.txrep
• Bayes Introduction
• README.bayes

Changelog

• 18 agosto 2025: aggiunte parecchie informazioni alla sezione "Addestramento del sistema bayesiano"

• Info: http://www.fehcom.de/ipnet/ucspi-tcp6.html
• Autore: Erwin Hoffmann. Le funzionalità IPv6 sono state incluse dalla IPv6 patch di Felix von Leitner. Il lavoro originale ucspi-tcp 0.88 da cui è derivato ucspi-tcp6 è di D.J. Bernstein
• Version: 1.13.07

TCP6_VER=1.13.07
cd /var/qmail/ 
wget https://www.fehcom.de/ipnet/ucspi-tcp6/ucspi-tcp6-${TCP6_VER}.tgz 
tar xzf ucspi-tcp6-${TCP6_VER}.tgz 
cd net/ucspi-tcp6/ucspi-tcp6-${TCP6_VER}/ 
./package/install

qmailctl reboot

• Maggiori informazioni: http://www.fehcom.de/ipnet/ucspi-ssl.html
• Autore: Erwin Hoffmann
• Versione: 0.13.07

sslserver, sslclient, e sslhandle sono strumenti da utilizzare dalla linea di comando per costruire applicazioni SSL client-server. 

sslserver ascolta connessioni su IPv6 e/o IPv4, e lancia un programma per ogni connessione accettata. L'ambiente del programma include variabili che mantengono l'host name locale e remoto, l'indirizzo IP, e i numeri di porta.

sslclient richiede una connessione o a tramite IPv6 o IPv4 TCP sockets, e lancia un programma. L'ambiente del programma environment include le stesse variabili di sslserver.

Mediante sslserver è possibile accettare connessioni sicure per spedire la posta attraverso la porta 465 previa autenticazione.

Abbiamo già installato le fehQlibs, che sono delle librerie C supplementari necessarie anche per ucspi-ssl.

A partire dalla versione 1.13.05 è richiesto il pacchetto mandoc sia per ucspi-tcp6 che per ucspi-ssl. Gli utenti Slackware possono trovare il pacchetto su slackbuild.org.

UCSPISSL_VER=0.13.07
cd /var/qmail 
wget https://www.fehcom.de/ipnet/ucspi-ssl/ucspi-ssl-${UCSPISSL_VER}.tgz
tar xzf ucspi-ssl-${UCSPISSL_VER}.tgz 
cd host/superscript.com/net/ucspi-ssl-${UCSPISSL_VER}
./package/install

La configurazione degli script supervise per qmail-smtps è all'interno della pagina riguardante la configurazione.

After backlash from the Linux community, California may be backing off on its promise to force all operating systems to verify age, but one platform may still have to comply.

Steam Deck price rises point toward high prices for the new Valve hardware, Lenovo puts its name to a cheap retro handheld and regrets it, Wikipedia management seems to be acting like a typical big tech company and the workers are organising, Bambu pisses off its 3D printer customers and Joe got given a free unrelated 3D printer, and we don’t believe that the Raspberry Pi 6 will arrive as late as 2028.

News

Steam Deck back in stock, with updated pricing

The golden age of handheld gaming is already over [archived]

Lenovo pulls its controversial G02 retro handheld from sale – starting a chain reaction that could decimate the retro gaming market

Sellers circumvent Lenovo’s retro handheld ban with cheap wholesale storefronts

Big Tech’s Anti-Labor Playbook Has Come for Wikipedia

We’re Wiki Workers United, a global solidarity union for the staff of the Wikimedia Foundation

Wikipedia editors plot strike and banner sabotage after Wikimedia layoffs

Comprehensive Response to Bambu’s AGPLv3 Violations – Software Freedom Conservancy

‘Fuck you, Bambu’: How one private message could change the face of 3D printing [archived]

No Raspberry Pi 6 before 2028

Don’t expect a Raspberry Pi 5 in 2023, says Eben Upton [21st Dec 2022]

Introducing: Raspberry Pi 5! [28th Sep 2023]

Hello and welcome to my May 2026 free software activities report. A lot's been going on in my life offline so I took a bit of a hiatus from doing these reports, but I've had a fairly productive month of May so I thought it'd be nice to do another one for this month.

Launch applications and interact with the desktop using mouse gestures at an entirely new level with Kando.

Nexis lets you manage processes, applications, packages, and disk health with a single tool. We'll help you get started.

This month we explore Solus 4.9, RakuOS 2026.04.15, Trisquel 12.0, and iDeal OS 2026.04.03.

A recent FCC decision won't allow new authorizations for foreign-made consumer routers to be sold in the US.

Keeping Linux machines in a known state requires a configuration management system. Discover how pyinfra simplifies this task with Python's full programming power.

Bottles lets you run Windows apps and games on Linux in clean, isolated environments without dual-booting.

Docker containers and Kubernetes pods might not be as airtight as you think. We'll show you three potential attacks.

Remember the old days when you could buy software and they gave you a permanent copy of the files on a shrink-wrapped CD? It was primitive, but at least you knew what you were getting, and you could rest assured that your new purchase would remain in your cupboard until you or one of your heirs decided to throw it away. The new service-based Internet was sold to the public as a convenience, but under the surface, it made consumer decisions even more complicated and challenged our assumptions about what it even means to "buy" or "own."

Mike Schilli's new home rooftop weather station continuously provides sun, wind, and rain data. High time to create a custom analysis program.

Valve's compatibility layer has transformed the open source platform into a serious gaming contender.

We'll show you some best practices for introducing Claude Code (or another LLM-based coding assistant) while maintaining knowledge and control of the code.

AI is here to stay, and understanding how it works under the hood can mean the difference between frustration and genuinely useful results. This article covers LLM fundamentals, effective prompting, and a structured agentic workflow that puts you in control.

This month in Linux Voice and Elvie.

Exploiting Layer 4 protocol handshakes and the resource limits of Layer 7.

This month, we explore the top FOSS, including a popular BitTorrent Client, a modern 8-bit game, and a slick web browser.

The Fischertechnik Maker Kit Bionic lets you enter the world of walking robots. We'll show you what it takes to bring this robot to life.

In the news: Fedora 44 Gaming Ready; Manjaro 26.1 Preview; Microsoft Issues Warning About Linux Vulnerability; Is AI Coming to Your Ubuntu Desktop?; Framework Laptop 13 Pro Competes with the Best; Latest CachyOS Features Supercharged Kernel; Kernel 7.0 Is a Bit More Rusty; and France Says "Au Revoir" to Microsoft.

The core of an immutable system cannot be changed, but you can bend that rule by overlaying your own stuff using a nifty systemd feature called SysExt.

Use common logic with DIP switches to determine functionality, IP addresses, hostnames, and other functional differences on repetitive hardware arrangements.

This month in Kernel News, AI hunts for linux bugs.

Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.

What makes a good library?

Support us on Patreon and get an ad-free RSS feed with early episodes sometimes

See our contact page for ways to get in touch.

Subscribe to the RSS feed

What makes a good library?

Support us on Patreon and get an ad-free RSS feed with early episodes sometimes

See our contact page for ways to get in touch.

Subscribe to the RSS feed

A test release of GNUtrition, 0.33.0rc4, is now available.

GNUtrition is free nutrition analysis software. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release improves how user ages are stored and used by GNUtrition. You no longer need to manually update your age every year on (or near) your birthday. Thankfully, no database changes/migrations are necessary for this, you just need to enter your birthday and you will be good to go!

More information about GNUtrition may be found on its home page at http://www.gnu.or ... tware/gnutrition/. This test release can be obtained from the alpha.gnu.org server at one of the following:

    ftp://alpha.gnu.o ... g/gnu/gnutrition/
    http://alpha.gnu. ... g/gnu/gnutrition/
    https://alpha.gnu ... g/gnu/gnutrition/

Please report any problems you experience to the GNUtrition bug reports mailing list: bug-gnutrition@gnu.org (https://lists.gnu ... fo/bug-gnutrition).

It’s a Linux Dev Time style hot questions episode. Is “cloud native” more about where the workload is going or how you deploy it? What is a skill that is really important in your job that may surprise people? Is the cloud more or less secure than a company-controlled data centre or on-prem?  Would you recommend what you do to your kids/nephews etc?

Support us on patreon and get an ad-free RSS feed with early episodes sometimes

Subscribe to the RSS feed.

A test release of GNUtrition, 0.33.0rc3, is now available.

GNUtrition is free nutrition analysis software written for the GNU operating system. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release removes a number of dependencies that broke building/installing on various systems. You no longer need to have a full LibreOffice, ncurses, SQLite, or LaTeX/TexInfo install to build and install GNUtrition.

More information about GNUtrition may be found on its home page at http://www.gnu.or ... tware/gnutrition/. This test release can be obtained from the alpha.gnu.org server at one of the following:

    ftp://alpha.gnu.o ... g/gnu/gnutrition/
    http://alpha.gnu. ... g/gnu/gnutrition/
    https://alpha.gnu ... g/gnu/gnutrition/

Please report any problems you experience to the GNUtrition bug reports mailing list: bug-gnutrition@gnu.org (https://lists.gnu ... fo/bug-gnutrition).

It looks like Bitlocker had a back door in it, how a listener accidentally broke Gitea for users of the snap version, Google accidentally published an unpatched exploit for Chromium-based browsers, why people are starting to ditch Bitwarden, and moving a tech stack away from large corporations.

Plugs

Support us on patreon and get an ad-free RSS feed with some early episodes

How Klara and TrueNAS fixed ZFS’s longest standing limitation

Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS

News/discussion

YellowKey Bitlocker Bypass Vulnerability

Microsoft shares mitigation for YellowKey Windows zero-day

How I Broke Gitea for Everyone

Google publishes exploit code threatening millions of Chromium users

The Quiet Renovation at Bitwarden

Free consulting

We were asked about moving a tech stack away from large corporations.

GNU Parallel 20260522 ('Hantavirus') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  ...and GNU Parallel is fun.
    -- DJviolin@reddit

New in this release:

• --fast rewritten. 1 million jobs in 10 seconds. Try: seq 1000000 | time parallel --fast echo | wc -l
• Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

Debian’s ambitious aim to make all packages reproducible pushes us closer to a better future, yet more talk about age verification for VPNs, Firefox gets more users on mobile thanks to regulation, Opera’s gaming browser comes to Linux, Valve releases CAD files for the Steam Controller, and the Steam Frame might be coming soon. With guest host Andy from Linux Dev Time.

News/discussion

Debian Release Team: Debian Must Now Ship Reproducible Packages

EU calls VPNs “a loophole that needs closing” in age verification push

EU browser choice rules send millions more users Firefox’s way

Opera GX Lands on Linux

Steam Controller and Puck CAD files officially released under a Creative Commons license — Valve encourages users to create accessories for the device

Steam Frame coming soon?

In the recent weeks I've been engaging Prot as a coach to help review my new ffs package for GNU Emacs as I worked on preparing it for inclusion in GNU ELPA, as well as discussing other Emacs- and life-related topics.

UPDATE 2026-05-23 22:39:15 -0400: Prot also published an article about our session on his website: https://protesilaos.com/commentary/2026-05-23-life-issues-and-philosophy-amin-bandali/

In our nearly 2-hour conversation, we discussed at length and in depth various aspects of life in the current times. For instance, feeling overwhelmed in the face of innumerable things happening at once, with technology changing our perception and making events feel proximate and imminent.

We talked about seasonality and rhythms in life, including in relation to burnout and knowing our own limitations, and descriptive vs prescriptive thinking when reflecting on the expectations we may place on our self when comparing our self to others through the lens of our necessarily-incomplete impressions and glimpses of their lives. We discussed absence or loss as a dual to presence or persistence in the process of life. How with our memories and through embodying the philosophy and teachings of departed loved ones their essence and legacy continues to live on within us. But also loss in the sense of us losing parts of our self in life-defining moments while preserving other parts and gaining new ones, being liberated of some of the burdens of our past self and in effect becoming someone else in the process.

In being true to our self, we talked about humans as multi-faceted beings and the importance of expressing and giving a voice to these different aspects of our self, and keeping alive that child-like sense of awe and wonder. To live a life where the pace and rhythms of our environment are in sync with our internal rhythms, and to not give others undue power over us or our happiness through trying to live according to their prescribed standards or expectations.

I also learned more about Prot's practical philosophy of situational awareness in life, not merely as a means for survival, but also as a way of appreciating all of the beauty that surrounds us, and a method for gaining the knowledge and skills to apply what we learn from patterns in one area of life to other areas.

We concluded our session with a mention to the concept of sanctity, to set aside a sacred time or place for our self wherein no distractions are allowed, where we can unwind, rest, and recharge for whatever comes next.

Here is the video recording of our session, which I share with Prot's permission:

You can view or download the full-resolution video from the Internet Archive.

Like Prot, I am invigorated and inspired to live a full, honest life. To do my best, do what I do in earnest, and make the best of what I have.

Take care, and so long for now.

We all seem to be moving away from Ubuntu, but there are still quite a few reasons to keep using it.

WG Tunnel

PiVPN

Charlie’s OggCamp talk about infrastructure as code

Support us on Patreon and get an ad-free RSS feed with some early episodes

See our contact page for ways to get in touch.

Subscribe to the RSS feed.

Why a proposal for an alternative to IPv6 is unlikely to be viable, Microsoft really doesn’t want you to run Exchange Server on-prem, Google will finally stop being a proper search engine, setting up an email server for internal use, and mitigating DDoS attacks without Cloudflare.

Plugs

Support us on patreon and get an ad-free RSS feed with some early episodes

Tuning ZFS for Databases

Webinar: May 27th at 11am EDT: Database Performance on ZFS with Tom Lawrence

News/discussion

Veteran network architect proposes IPv8 – to improve IPv4, not leapfrog v6

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

Google Search as you know it is over

Free consulting

We were asked about setting up an email server for internal use, and mitigating DDoS attacks without Cloudflare.

ffs provides a minor mode for simple plain text presentations in Emacs, where the slides are separated using the page-delimiter, by default the form feed character (^L).

I wrote ffs in early 2022 for my LibrePlanet 2022 presentation the Net beyond the Web, and earlier this year decided to polish it towards being a proper package and submit it to GNU ELPA. The manual still needs some more work, but the overall package is in pretty good shape so I submitted for inclusion in GNU ELPA.

• Package name (GNU ELPA): ffs
• Official manual: https://kelar.org/~bandali/gnu/emacs/ffs.html
• Change log: https://kelar.org/~bandali/gnu/emacs/ffs-changelog.html
• Git repository: https://git.kelar.org/~bandali/ffs
• Backronyms: fabulous foolproof slides - for freedom's sake - ffs flips slides

ffs and I owe a debt of gratitude to Protesilaos for rounds of code review and feedback for improving and polishing the package in preparation for submission to GNU ELPA. You can watch videos of these sessions posted earlier on my website:

• FFS code review with Protesilaos
• FFS code review and Emacs extensibility with Protesilaos

Further, inspiration for parts of ffs's implementation was gratefully drawn from Protesilaos's Logos package for Emacs.

Dedicated to the loving memory of Farangis Yousefinia.

Below are the release notes.

OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting.

Read More at Causely

The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.

Changelog

• May 14, 2026
  - dovecot 2.4.3 released. Changed dovecot_config_version and dovecot_storage_version in dovecot.conf
  - the new version has lua as a dependency. Added --without-lua at configure command
• Feb 25, 2026
  - Added Server Name Indication (SNI) settings in sni.conf.template, imported from local.conf commit
  - userdb iterate query nor orders by domain and username commit
  - 15-mailboxes.conf: fts_autoindex = no added to Trash and Junk folders commit
  - 10-auth.conf: + character added to auth_username_chars commit
• Nov 24, 2025
  - dropped 'enforce = no' from 90-quota.conf to enforce quota limits (commit)
• Nov 22, 2025
  - quota driver switched to 'count' (commit). 'count' is the recommended way of calculating quota on recent Dovecot installations.
• Oct 30, 2025
  - dovecot ugraded to v. 2.4.2
• Mar 29, 2025
  - dovecot updated to v. 2.4.1-4
• Mar 15, 2025 (config version 2.4.0.1 diff) 
  - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here)
  - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included from local.conf
• Mar 9, 2025
  - fixed quota calculation in sql queries (tx Hakan Cakiroglu)
• Feb 22, 2025
  - Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Bug fix in move-spam.sieve: erroneously matches "YES" if "BAYES" is in the header
• Feb 15, 2025
  - added support for vpopmail configured with --disable-many-domains
  - 90-sieve.conf: global script move-spam.sieve called correctly
• Feb 8, 2025
  - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko)
  - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
• Jan 29, 2025
  - dovecot upgraded to v 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
• Nov 15, 2024
  - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Dec 29, 2023
  default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default
• Feb 10, 2023
  - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)

• Info: https://roundcube.net
• Versione: 1.7.1

Roundcube è una webmail avanzata con una bella interfaccia grafica.

Changelog

• May 24, 2026
  - version 1.7.1 (security release)
• Mar 9, 2025
  added $config['quota_zero_as_unlimited'] = true; to show quota unlimited instead of unknown for accounts with unlimited quota

• Versione di vpopmail: 5.6.13
• github: sagredo-dev/vpopmail
• Scarica
• Changelog completo
• README.vdelivermail
• Pagina originale di Inter7

Vpopmail fornisce un modo semplice di gestire indirizzi di posta su domini virtuali e account email diversi da quelli su /etc/passwd.

Changelog

• Feb 11, 2026
  - vlimits.c: avoids no file found exit when .qmailadmin-limits is not existent because no limits are defined yet (a565779)
  - added sql files to be imported on upgrade to v. 5.6.x (8136480)
• Feb 8, 2026
- migliorata la sezione "upgrade"
  - vmysql.c changes (#10)
  • valias_create_table now check if table is already created in order to avoid warnings in dotqmail2valias
  • solved quotes issue in query in valias_insert function
• Nov 20, 2025
  - vutil: 'isSomething' functions reviewed to satisfy qmailadmin calls in #9
  - Added definition of 'call_onchange' function and cured its calls to avoid break 97ffe38
• Oct 30, 2025 (v. 5.6.10)
  - Added specific usage informations for s/qmail users (look here)
  - Dropped -std=gnu17 from compilation options and solved (probably) all breaks and warnings on gcc 15.2 2d8526d
  - configure.ac now looks for mariadb include and lib dir in addition to mysql dab36e8
  - configure.ac automatically looks for vanilla qmail's users/cdb and s/qmail's users/assign.cdb file 723efb3
  - Updated the usage() funcion message in vadduser.c to clarify the use of pre-hashed passwords with -e 5b5ccdb
  - control/defaultdelivery is now installed by vpopmail if --enable-defaultdelivery 77f54eb
  - vrcptcheck checks all kind of address (users, forwards, valiases) #7
  - Dropped unused functions in vpopmail.c #8
• Sep 1, 2025 (v. 5.6.9)
  - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
  - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
• Mar 29, 2025
  - defaultdelivery feature (--enable-defaultdelivery) changes (more info here, commit):
  • vdelivermail is installed by default in .qmail-default of newly created domains with option 'delete' as in the previous version.
  • if no user's valiases and no .qmail are found, then the message is sent to the control/defaultdelivery file, so that dovecot-lda (or whatelse) can store the mail into inbox and execute the sieve rules.
  • if vdelivermail is found in control/defaultdelivery, then it is ignored. The delivery remains in charge to vdelivermail, to avoid loops.
  • v. 5.6.8 is backward compatible. The users having .qmail from previous versions of the defauldelivery feature are not affected by this change.