Quotando la definizione di D. J. Bernstein

qmail è un mail transfer agent semplice, sicuro ed affidabile. è stato progettato per dei server UNIX connessi alla rete internet

Riferimenti

• Sito qmail di D.J. Bernstein http://cr.yp.to/qmail.html
• qmail.org (clone)
• Life with qmail
• Erwin Hoffman's "qmail support" site
• John Simpson's "qmail information" pages
• vedere anche la mia illustrazione di qmail (si veda anche l'illustrazione originale di DJB)

E' possibile reperire una introduzione più che comprensibile su come funziona un mail server in questa pagina. Anche la  "qmail newbie's guide to relaying" di Chris Johnson (copia locale... è destino che tutto quello che riguarda qmail vada piano piano sparendo) è molto chiara e la sua lettura è fondamentale all'inizio.

Avvertenze

Lo scopo di questa piccola guida NON è insegnare come funziona un server di posta, anche se alla fine si spera che uno che l'abbia seguita riesca ad avere un server funzionante. Questi appunti servono principalmente a ricordare i passi principali da seguire per avere una installazione veloce di qmail e di alcuni software correlati. Ho deciso di scriverla a causa della mancanza di ogni aggiornamento della documentazione riguardante le "distribuzioni" di qmail che mi erano familiari, nella speranza che ciò possa essere di aiuto anche a qualcun altro. Ovviamente il divertimento è stato una componente decisiva.
Pertanto, per conoscere in dettaglio come funziona un mail server, sei invitato a leggere con cura almeno i riferimenti che menzionerò in ogni pagina.

In secondo luogo, NON sono io il responsabile di quello che fai con il tuo server ;-). Usa la mia guida a tuo rischio.

Infine, i commenti, le critiche e i suggerimenti sono sempre benvenuti! :-)

Quale distribuzione?

Questa guida è stata scritta senza una particolare distribuzione Linux in mente. L'ho testata su due miei server di posta virtuali basati su  Slackware, sia a 64 che a 32 bit, e diverse persone là fuori confermano che essa funziona nelle altre distribuzioni Linux più comuni. La compilazione dei miei pacchetti è stata testata anche su piattaforme FreeBSD, OpenBSD, NetBSD.

Un altro toaster?

Se vale la definizione data da Bernstein probabilmente lo è. Tuttavia, a mio modo di vedere, un toaster dovrebbe essere una cosa alla Bill Shupp o alla qmailtoaster, che viene rilasciata insieme a tutti i pacchetti necessari, diversamente da qui. Poichè preferisco lasciare che il visitatore controlli da sè l'esistenza delle ultime versioni dei vari software, direi che questa "cosa" non dovrebbe essere classificata come un toaster. Piuttosto la chiamerei semplicemente "Roberto's qmail notes". Per la verità, sto inserendo qui un paragrafo sul toaster giusto per soddisfare i motori di ricerca, dato che molta gente arriva qui cercando un toaster per qmail.. :-) e ora che ho scritto la parola toaster 5 o 6 volte possiamo veramente iniziare... :-))

Prima di iniziare...

Questi appunti sono stati scritti in inglese e poi tradotti in italiano alla velocità della luce. Si vede, vero? Rileggendo ora, trovo degli strafalcioni e delle traduzioni letterali alla "Google translate"!. Me ne scuso, ma non ho sempre il tempo di fare le cose nel modo migliore..

Licenza

Roberto's qmail notes is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Mediawiki offre la possibilità di inserire formule Tex nelle nostre pagine creando dinamicamente immagini PNG per noi..

Questa pagina vuole richiamare i pacchetti e i principali passi da seguire per far funzionare Tex con MediaWiki in una macchina Slackware. Alla fine presenterò alcune problematiche nell'installzione.

Ghostscript

• Info & download: http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl900.htm
• Mediawiki richiede il comando gs

Ghostscript è già incluso in Slackware (ap/ghostscript e ap/ghostscript-fonts-std)  ma se siamo in un server minimale potresti avere bisogno di installarlo.

libfontconfig

Questa libreria la troviamo all'interno del pacchetto x/fontconfig. E' richesta da ImageMagick.

ImageMagick

• Info: http://www.imagemagick.org/script/index.php
• Download source: http://www.imagemagick.org/script/install-source.php
• Questo packetto è anche disponibile su slackware (xap/imagemagick)
• Mediawiki richiede il supporto dela comando convert

wget http://www.imagemagick.org/download/ImageMagick-6.7.6-5.tar.bz2
tar xvfj ImageMagick-6.7.6-5.tar.bz2
cd ImageMagick-6.7.6-5
chown -R root:root .

./configure \
        --without-x \
        --with-png \
        --with-freetype \
	--with-dps \
	--with-gslib
make
make install
ldconfig 

Test

Provare a digitare, dalla linea di comando

/usr/local/bin/convert logo: logo.gif

Se viene generato il file PNG tutto funziona come si deve.

Ocaml

• Scaricare da Slackbuild (http://slackbuilds.org/result/?search=ocaml&sv=), creare il pacchetto e installare come al solito.
• Scaricare i sorgenti da qui
• Ocaml è necessario per compilare texvc

wget http://caml.inria.fr/pub/distrib/ocaml-3.12/ocaml-3.12.0.tar.bz2
tar xjf ocaml-3.12.0.tar.bz2
cd ocaml-3.12.0
chown -R root:root .
./configure
make
make install

dvipng

Download: http://sourceforge.net/projects/dvipng/

Prerequisiti:

• libgd (l/gd pkg)
• libXpm (x/libXpm pkg), libxcb (x/libxcb), libXau (x/libXau) and  libXdmcp (x/libXdmcp) che sono prerequisiti di libgd.
• Kpathsea (incluso nel pacchetto Tex, installare tutto ciò che vi è nel gruppo t/)
• FreeType (pkg in l/freetype)
• T1lib (l/t1lib)
• libpng (l/libpng) and libz (l/zlib)
• texinfo (ap/tekinfo)

PATH=$PATH:/usr/share/texmf/bin/
export PATH

Ricordare di salvare ciò anche nel profile.

Per evitare problemi nel link di kpathsea configurare come segue

./configure LDFLAGS='-L/usr/share/texmf/lib/' CPPFLAGS='-I/usr/share/texmf/include/'
make
make install

AMS-LaTeX

• Info: http://www.ams.org/publications/authors/tex/amslatex

Senza AMS* alcune formule saranno rese correttamente mentre altre no. Il pacchetto tetex di Slackware contiene già AMS, comunque, nel caso non ce l'avessi:

cd /usr/share/texmf
wget ftp://ftp.ams.org/pub/tex/amslatex.zip
wget ftp://ftp.ams.org/pub/tex/amsrefs/amsrefs.zip
unzip amslatex.zip
unzip amsrefs.zip

dovresti trovarlo in /usr/share/texmf/tex/latex/amsmath/amsmath.sty

Abilitare Tex in Mediawiki

Cambiare directory dove è installato mediawiki, editare LocalSettings.php e decommentare questo:

$wgUseTeX = true;

Compilazione di texvc

cd /path/to/htdocs/mediawiki/math

Prima di compilare, per evitare un parse error, usare il PATH assoluto ovunque all'interno di math/render.ml in questo modo:

let cmd_dvips tmpprefix = "/usr/share/texmf/bin/dvips -q -R -E " ^ tmpprefix ^ ".dvi -f >" ^ tmpprefix ^ ".ps"
let cmd_latex tmpprefix = "/usr/share/texmf/bin/latex " ^ tmpprefix ^ ".tex >/dev/null"
(* Putting -transparent white in converts arguments will sort-of give you transperancy *)
let cmd_convert tmpprefix finalpath = "/usr/local/bin/convert -quality 100 -density 120 " ^ tmpprefix ^ ".ps " ^ finalpath ^ " >/dev/null 2>/tmp/wiki_convert_error"
(* Putting -bg Transparent in dvipng's arguments will give full-alpha transparency *)
(* Note that IE have problems with such PNGs and need an additional javascript snippet *)
(* Putting -bg transparent in dvipng's arguments will give binary transparency *)
let cmd_dvipng tmpprefix finalpath backcolor = "/usr/local/bin/dvipng -bg \'" ^ backcolor ^ "\' -gamma 1.5 -D 120 -T tight --strict " ^ tmpprefix ^ ".dvi -o " ^ finalpath ^ " >/dev/null 2>/tmp/wiki_dvipng_error"

Ora compiliamo

make

Problematiche

• Referenze: http://www.mediawiki.org/wiki/Manual:Troubleshooting_math_display_errors - http://www.mediawiki.org/wiki/Manual:Enable_TeX/problems

Provare a mettere dentro una pagina wiki qualcosa come

0

e cerchiamo di vedere cosa succede. Questo è il messaggio di errore più frequente:

Failed to parse (PNG conversion failed; check for correct installation of latex, dvips, gs, and convert)

Controlliamo se gli eseguibili sono nel path:

# ls -lH `which gs` `which latex` `which dvips` `which convert`
-rwxr-xr-x 1 root root 5977916 2008-12-05 23:36 /usr/bin/gs*
-rwxr-xr-x 1 root root   23410 2010-11-21 15:22 /usr/local/bin/convert*
-rwxr-xr-x 1 root root  209308 2007-06-28 04:51 /usr/share/texmf/bin/dvips*
-rwxr-xr-x 1 root root 1010984 2007-06-28 04:51 /usr/share/texmf/bin/latex*

Abilitiamo il log degli errori. Inserire una linea come questa in LocalSettings.php

$wgDebugLogFile = "/tmp/wiki.log";

Apriamo questo file e cerchiamo una riga come questa ;

TeX: ./math/texvc '/path/to/htdocs/mediawiki/images/tmp' '/path/to/htdocs/mediawiki/images/tmp' '0' 'UTF-8' 'transparent'
TeX output:
 Ccfcd208495d565ef66e7dff9f98764da0 0
---

Cerchiamo ora di eseguire il comando texvc dalla linea di comando come utente apache:

cd math
sudo -u apache ./texvc '../images/tmp' '../images/tmp' '0' 'UTF-8' 'transparent'

a controlliamo il PNG nella cartella images/tmp. Se si ottiene ancora un parse error, si ricontrolli il path assoluto in math/render.ml, e si ricompili. E si rileggano le referenze indicate.

Ecco come ho installato mod_tls (ftpes) e mod_sftp in proftpd. I miei tentativi di farli convivere in due demoni separati sono tutti falliti, giacchè ho registrato errori nel trasferimento che sono spariti solo quando ho provato a caricare mod_tls o mod_sftp a turno.

Questi i miei test sulla velocità (per la verità un po' frettolosi). ftpes sembra un pochino più veloce in modalità upload:

ftpes
upload: circa 22.4 K/s
download: più di 800 K/s

sftp
upload circa 18.2 K/s
download: più di 800 K/s

Le mie opzioni di configurazione:

./configure \
        --prefix=/usr/local \
        --without-pam --disable-auth-pam \
        --enable-openssl \
        --with-modules=mod_ratio:mod_readme:mod_sftp:mod_tls

file ftpes.conf

# common stuff goes here
Include /usr/local/etc/proftpd/proftpd.conf

<IfModule mod_tls.c>
 TLSEngine on
 PassivePorts 49152 65535
 #MasqueradeAddress 012.345.678.901 # se il server e' dietro un firewall
 TLSLog /var/log/proftpd/tls.log
 TLSProtocol SSLv23
 # Require protection on the control channel, but reject protection of the data channel
 TLSRequired ctrl+!data
 TLSRSACertificateFile /usr/local/etc/ssl/certs/proftpd.pem
 TLSRSACertificateKeyFile /usr/local/etc/ssl/certs/proftpd.pem
 TLSVerifyClient off
 TLSRenegotiate none
</IfModule>

file sftp.conf

# common stuff
Include /usr/local/etc/proftpd/proftpd.conf

<IfModule mod_sftp.c>
 SFTPEngine on
 SFTPLog /var/log/proftpd/sftp.log
 Port 22
 SFTPHostKey /etc/ssh/ssh_host_rsa_key
 SFTPHostKey /etc/ssh/ssh_host_dsa_key
 SFTPCompression delayed
 MaxLoginAttempts 6
</IfModule>

Infine avviare il demone richiamando il file di configurazione desiderato:

/usr/local/sbin/proftpd -c /usr/local/etc/proftpd/ftpes.conf # se si vuole ftpes
/usr/local/sbin/proftpd -c /usr/local/etc/proftpd/sftp.conf  # se si preferisce sftp

Non avviarli mai insieme.

file proftpd.conf

ServerType standalone
UseReverseDNS off
DeferWelcome off

Port 21
Umask 022
MaxInstances 30

User ftp
Group ftp

SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xferlog

<Global>

 <Directory /*>
 AllowOverwrite on
 </Directory>

</Global>

<VirtualHost 123.456.789.123>

 ServerName "ProFTPD"
 DefaultRoot ~/www
 DefaultServer on

</VirtualHost>

Startup script

#!/bin/sh
#
# /etc/rc.d/rc.proftpd
#

start() {
        /usr/local/sbin/proftpd -c /usr/local/etc/proftpd/ftpes.conf
#-n -d 20 for backup
#        /usr/local/sbin/proftpd -c /usr/local/etc/proftpd/sftp.conf
        echo "Server started."
}

stop() {
        /bin/killall proftpd
        echo "Server stopped."
}

restart() {
        stop
sleep 3
        start
#/bin/killall -HUP proftpd
        echo "Server restarted."
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac

Il progetto Pigeonhole fornisce il supporto Sieve a livello di plugin per il Local Delivery Agent (LDA) di Dovecot e anche per suo servizio LMTP. Il plugin è un interprete Sieve che filtra i messaggi in arrivo usando uno script scritto in linguaggio Sieve. Lo script Sieve è fornito dall'utente e, con il suo utilizzo, l'utente può personalizzare come i messaggi in arrivo sono trattati. I messaggi possono essere spediti a una cartella specifica, reindirizzati, rispediti al mittente, scartati, etc.

Il Server Dovecot Managesieve è un servizio per gestire la collezione di script Sieve dell'utente.

• Info: http://pigeonhole.dovecot.org/ - https://doc.dovecot.org/configuration_manual/sieve/
• Versione usata: 2.4.4
• Scarica: http://pigeonhole.dovecot.org/download.html

Se vuoi supportare i filtri per le email, devi gestire le Sieve rules per mezzo del server dovecot-pigeonhole. Quando crei un filtro con la tua webmail o il tuo client di posta, stai scrivendo uno script in linguaggio Sieve per personalizzare il modo in cui i tuoi messaggi saranno recapitati, vale a dire se saranno inoltrati a qualcun altro, scartati o salvati in delle cartelle particolari. Ma per fare questo Dovecot deve agire anche come un Local Delivery Agent  al posto di vpopmail/vdelivermail, ovvero deve essere Dovecot a salvare i messaggi nella tua cartella Maildir. Questa guida cercherà di spiegare come raggiungere questo obiettivo.

• May 10, 2026
  roundcube upgraded to v. 1.7.1 (security release)
• May 14, 2026
  - dovecot upgraded to v. 2.4.4
• May 10, 2026
  roundcube upgraded to v. 1.7.0
• Apr 7, 2026
  - qmail v. 2026.04.07
• Mar 30, 2026
  - dovecot 2.4.3 released
• Mar 4, 2026
  - clamav upgraded to v 1.5.2
• Feb 11, 2026
  - vpopmail upgraded to v. 5.6.13
  - vqadmin upgraded to v. 2.4.6
• Feb 8, 2026
  - vpopmail upgraded to v. 5.6.12
  - roundcube update to v. 16.13
• Feb 3, 2026
  - qmail upgrade
• Jan 31, 2025
  - vqadmin upgraded to v 2.4.5
• Jan 8, 2026
  - qmail upgraded to v2026.01.08
• Dec 14, 2025
  - roundcube upgraded to version 1.6.12
• Nov 28, 2025
  - qmailadmin upgraded to v1.2.27
• Nov 26, 2025
  - ezmlm-idx moved to my git space. Patched to compile with modern compilers. Fixed mysql documentation.
• Nov 22, 2025
  - dovecot: quota driver switched to 'count'
  - vpopmail upgraded to v.5.6.11
• Nov 8, 2025
  - qmailadmin upgraded to v 1.2.26
  - log file modified accordingly in fail2ban filter
• Oct 30, 2025
  - vpopmail updated to v. 5.6.10
  - dovecot ugraded to v. 2.4.2
  - dovecot-pigeonhole ugraded to v. 2.4.2
• Oct 22, 2025
  - qmailadmin updated to v 1.2.25
• Oct 18, 2025
  - clamav upgraded to v 1.5.1
• Oct 11, 2025
  - clamav upgraded to v 1.5.0. A recent version of rust is needed (successfully using 1.88 here). Just reinstall as explained below. No particular change is needed in the config files.
• 3 ottobre 2025:
  - Aggiunta la sezione Data Query Service nella pagina relativa a RBL, che risolve il problema del ban di spamhaus da connessioni fatte con DNS pubblico.
• Sep 30, 2025
  - daemontools v0.82: Fixed crash in multilog caused by invalid buffer access when read() returned -1
• Sep 8, 2025
  - daemontools v. 0.81 compiles with latest gcc 15.2
  - qmail updated to v. 2025.09.08
• Sep 1, 2025
  vpopmail v5.6.9
  - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
  - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
• Aug 31, 2025
  - upgraded ucspi-tcp6 and ucspi-ssl to v. 0.13.5
• Aug 19, 2025
  - netqmail-1.07.1: now compiles with gcc 15.2
• Aug 18, 2025
  spamassassin's bayesian filter: improved the "Training Bayes" section
• Jul 10, 2025 qmail update
  - Authentication-Results: header support (Andreas Gerstlauer)
  - DKIM: added ERROR_FD=2 in control/filterargs to send error output of qmail-dkim in stderr when acting as a qmail-remote filter (Andreas Gerstlauer)
  - improved qmail-dkim error reporting when signing outgoing messages (Andreas Gerstlauer)
  - helodnscheck.cpp: qmail dir determined dinamically
  - qmHandle: Add -x and -X parametr for remove email by To/Cc/Bcc (by Stetinac)
• Jun 9, 2025 qmail v.2025.06.09
  - CRLF fix for fastremote-3 patch (thanks Andreas Gerstlauer)
  - Bug fix to the greetdelay program (thanks Andreas Gerstlauer): qmail-smtpd crashes if SMTPD_GREETDELAY is defined with no DROP_PRE_GREET defined.
• Jun 04, 2025
  - roundcube updated to v. 1.6.11
  - simscan updated to v. 1.4.6
• Apr 19, 2025
  - sauserprefs upgraded to v. 1.20.2
• Apr 18, 2025
  - qmail v2025.04.18: added script config-all.sh to automate the qmail core configuration (testing)
• Apr 19, 2025
  - sauserprefs upgraded to v. 1.20.2
• 4 aprile 2025
  - pubblicata una pagina con l'illustrazione del funzionamento di qmail, per quanto riguarda la configurazione suggerita in questa guida
• Mar 29, 2025
  - dovecot and dovecot-pigeonhole updated to v. 2.4.1-4
  - vpopmail updated to v. 2.6.8 (have a look at the release notes)
• Mar 23, 2025 (v. 5.6.7)
  - bug fix in vpopmaild.c: Crypted[64] enlarged to Crypted[128] to make room for SHA-512 passwords. This restores the usability of the RoundCube's 'password' plugin (commit)
  - fixed quota calculation in sql procedures for dovecot (tx Hakan Cakiroglu) (commit)
  - minor changes to the usage function of vmakedotqmail.c (commit)
• Mar 19, 2025 daemontools version 0.79
  This version does not add new features nor corrects bugs. It's just a reorganizations of the files in the source dir
  - daemontools will be installed in /var/qmail/daemontools
  - Moved 'package' and 'src' to the top dir
  - Version grabbed from 'VERSION' in package/upgrade
• Mar 17, 2025
  - added a patch to qmail-spp greylisting plugin to solve a compilation break on rocky 8 (tx Shailendra Shukla)
• Mar 15, 2025
  -dovecot config: added quota warning messages handling
• Mar 12, 2025
  - autorespond v 2.0.9: bug fix in memory allocation which caused a segfault when To: address has be used (tx Stephan for the hint)
• Mar 9, 2025
  - dovecot: fixed quota calculation in sql queries (tx Hakan Cakiroglu)
  - Roundcube recognizes unlimited quota
• Mar 5, 2025
  - solr upgraded to v. 9.8.0
• Feb 22, 2025
  - Dovecot: Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Let’s Encrypt have announced that they will end their free alerting service. Added a script to do the same internally.
• Feb 15, 2025
  - vpopmail upgraded to v. 5.6.6. bug fix: pwstr.h was not installed by Makefile (tx Bai Borko)
• Fedb 11, 2025
  qmail v. 2025.02.11
  - Several adjustments to get freeBSD and netBSD compatibility. More info in the commit history. Hints/comments are welcome.
  - freeBSD users have to comment out the "LIBRESOLV" variable from the very beginning of the Makefile, as libresolv.so in not needed on freeBSD.
  - Dropped files install-big.c, idedit.c and BIN.* files.
  - Dropped files byte_diff.c, str_cpy.c, str_diff.c, str_diffn.c and str_len.c, which break compilation on clang and can be replaced by the functions shipped by the compiler (tx notqmail).
  - Old documentation moved to the "doc" dir. install.c and hier.c modified accordingly
  - conf-cc and conf-ld now have -L/usr/local/lib and -I/usr/local/include to look for srs2 library
  - conf-cc and conf-ld now have -L/usr/pkg/lib and -I/usr/pkg/include to satisfy netBSD
  - vpopmail-dir.sh: minor correction to vpopmail dir existence check
  - srs.c: #include <srs2.h> now without path
• Feb 9, 2025
  - some packages updated to compile on FreeBSD/clang: daemontools, vpopmail, autorespond, qmailadmin
  - roundcube updated to v. 1.6.10
• Jan 30, 2025
  - dovecot and dovecot-pigeonhole updated to v. 2.4.0
• Dec 31, 2024
  the default driver for the Roundcube password plugin is now sql, as vpopmaild doesn't work when SHA-512 passwords have been enabled on vpopmail (--disable-sha512-passwords). All SQL queries have been updated.
• Dec 20, 2024
  vpopmail upgraded to v. 5.6.4
  - Password strength enforcement PR #5 (grabbed from Matt Brookings' 5.5.0-dev version)
  - Dropped min pwd length feature.
  - vmysql.h: tables' layout changed in order to have VARCHAR instead of CHAR. Fields containing ip addresses enlarged to VARCHAR(39), to create room for ipv6. Unix timestamps definition changed from BIGINT(20) to INT(11). (commit 44bad58) Have a look to the upgrade notes below.
• Dec 06, 2024
  - vqadmin v. 2.4.3: added a patch to highlight users with restrictions and with admin privileges (thanks Bai Borko)
• Dec 01, 2024 (More info here)
  qmail v2024.12.01
  - Added support for EAI (RFC 5336 SMTP Email Address Internationalization) (#13). Thanks to https://github.com/arnt/qmail-smtputf8/tree/smtputf8-tls.
  - chkuser is now smtputf8 compliant. It accepts utf8 characters in sender and recipient addresses provided that the remote server advertises the SMTPUTF8 verb in MAIL FROM, otherwise it allows only ASCII characters plus additional chars from the CHKUSER_ALLOWED_CHARS set. (#15 #16)
  * dropped variables CHKUSER_ALLOW_SENDER_CHAR_xx CHKUSER_ALLOW_RCPT_CHAR_xx (replaced by CHKUSER_ALLOWED_CHARS)
  * dropped variables CHKUSER_ALLOW_SENDER_SRS and CHKUSER_ALLOW_RCPT_SRS, as we are always accepting '+' and '#' characters
  * added variables CHKUSER_INVALID_UTF8_CHARS and CHKUSER_ALLOWED_CHARS
• Nov 15, 2024
  - dovecot: added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Oct 26, 2024
  - qmail upgraded to v. 2024.10.26
  * qmail-remote.c patched to dinamically touch control/notlshosts/<fqdn> if control/notlshosts_auto contains any number greater than 0 in order to skip the TLS connection for remote servers with an obsolete TLS version. (tx Alexandre Fonceca) (commit)
  * defined CHKUSER_DISABLE_VARIABLE "RELAYCLIENT" in chkuser_settings.h
  * enabled CHKUSER_SENDER_NOCHECK_VARIABLE "RELAYCLIENT" in chkuser_settings.h
  * fixed several compilation breaks/warnings on later gcc compilers (tx Pablo Murillo)
  * invalid auth fix in qmail-smtpd.c's smtp_auth function (tx Alexandre Fonceca for the advice) (commit)
  * qmail path determined dinamically in conf-policy
  * added a patch to remove chkuser and the vpopmail dependency (patches dir)
• Oct 19, 2024 
  vpopmail v.5.6.3
  - bug fixed: passwords with length > 8 were denied if sha-512 was disabled
  - fixed a configure break where a trivial C test program exits on error with gcc-14.1 due to missing headers
  - vusaged/domain.c: fixed -Wimplicit-function-declaration compilation warning
  - vmysql.h: dropped the multicolumn PRIMARY KEY in valias table to allow multiple forwards for a given alias.
• Oct 9, 2024
  - daemontools-0.78.2: added -ltr to conf-ld to restore compatibility with systems with glibc prior to v. 2.17 like RHEL6/CentOS6, where the librt.so library is not linked
• Sep 22, 2024
  -fehqlibs updated to v. 25c
  -ucspi-tcp6 updated to v. 1.13.01
  -ucspi-ssl updated to v. 0.13.02
• Sep 7, 2024
  - daemontools-0.78: fixed a .gitignore issue which was preventing the package/compile script upload (thanks Ivelin Topalov)
  - RC updated to v. 1.6.9
  - clamav updated to v. 1.4.1
  - qmailadmin upgraded to v. 1.2.23 (tx Nathanaël Semhoun)
  * Added support for qmail-autoresponder
  * Fixed load lang not retrieved
• Aug 16, 2024
  - upgraded dovecot to v. 2.3.21.1
  - upgraded pigeonhole to v. 0.5.21.1
• Jul 31, 2024
  multilog uses "d" flag as default to gain compatibility with the readable datetime format of multilog in daemontools-0.78. Change it with the "t" flag if you prefer to have timestamps.
• Jul 29, 2024 (version 0.78)
  - multilog prints a readable datetime if used with "d" flag, it prints timestamps if used in the usual way with the "t" flag (80f2133)
  - fixed several compilation warnings and/or breaks on gcc-14.1
• Jul 26, 2024
  vqadmin (version 2.4.1): Fixed configure break. Trivial C test program breaks on gcc-14.1 due to missing headers (commit)
• July 17, 2024
  qmailadmin updated to v.1.2.22
  * owner no longer required in autorespond
  * template.c code optimization
• July 15, 2024
  simscan 1.4.4 released: attachment size limit to be passed to spamassassin now handled by the size_limit variable in control/simcontrol, instead of the control/simsizelimit file.
• Jun 8, 2024
  qmail patch upgraded to v. 2024.06.08:
  * conf-channels: default number of channels increased to 4 (was 2). Now qmail offers 2 additional channels with respect to the 2 offered by default (local and remote). More info here
  * maxrcpt: error code changed to 452 due to RFC 4.5.3.1 (was 553). If DISABLE_MAXRCPT is defined it skips the check, otherwise outgoing messages from mailing lists would be rejected. (commit)
• Jun 7, 2024
  - vusaged: the header files of libev are now installed in /usr/local/include/libev (was /usr/local/include) to avoid conflicts with libevent (they both have an event.h header file). vusaged configure command was adjusted accordingly.
• Jun 1, 2024
  - clamav upgraded to v. 1.3.1
• May 26, 2024
  - Added Mailman installation howto
  - qmail patch upgraded to v. 2024.05.16 (changelog)
  - Roundcube upgraded to 1.6.7 (security fix)
  - Spamassassin upgraded to v. 4.0.1
  - Spamassassin: Razor-agents upgraded to v. 2.86 (fork of the original (dead?) project)
• Mar 27, 2024
  qmailadmin updated to v. 1.2.21
• Mar 4, 2024
  - Solr updated to v. 9.5.0
  - the documentation has been revised a bit
• Feb 12, 2024 qmail update
  - DKIM patch upgraded to v. 1.48
  * fixed minor bug using filterargs for local deliveries (commit)
  - Fixed several compilation warnings (commit)
  - Fixed incompatible redeclaration of library function 'log2' in qmail-send.c qsutil.c as showed by notqmail friends here
  - removed FILES, shar target from Makefile
• Feb 11, 2024
  clamav updated to v. 1.3.0
• Feb 6, 2024
  qmail: DKIM patch upgraded to v. 1.47
  * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
• Jan 27, 2024
  simscan upgraded to v 1.4.3: fixed several compilation and autotools warnings
• Jan 21, 2024
  - qmail: liberal-lf: bare LF are no longer allowed by default due to smuggling vulnerability CVE-2023-51765. Bare LF can be allowed by defining ALLOW_BARELF in tcprules or in run file.
  - tcprules moved to /var/qmail/control
• Jan 15, 2024
  qmail update:
  - TLS patch by F. Vermeulen upgraded to version 20231230 (more info at https://inoa.net/qmail-tls/ tx Greg Bell for the patch)
  * support to openssl 3.0.11
• Jan 11, 2024
  - qmail: dkim patch upgraded to version 1.46
• Jan 4, 2024
  qmail patch: DKIM patch upgraded to v. 1.44
  - fixed an issue with filterargs where spawn-filter is trying to execute remote:env xxxxx.... dk-filter. This issue happens when FILTERARGS environment variable is not defined in the qmail-send rc script.
  - dkim.c fix: https://notes.sagredo.eu/en/qmail-notes-185/configuring-dkim-for-qmail-92.html#comment3668 
  - dkfilter fix: correctly selects the domain to sign in case of sieve bounces
  - adjustments fo dk-filter and dknewkey man pages
• Dec 30, 2023
  - spamassassin/DMARC filter: now DMARC_REJECT is not hit if SPF_HELO_PASS is true
• Dec 26, 2023
  - qmailadmin upgraded to v1.2.18
  - Pyzor installed from github, as version 1.0.0 is not python3 compliant (thanks Mike)
• Dec 11, 2023
  qmail, vpopmail, daemontools, qmailadmin, simscan and vqadmin source code moved to github
• Nov 20, 2023
  -qmail patch updated. dkim:
  * The patch now by default excludes X-Arc-Authentication-Results
  * dkim can additionally use the environment variable EXCLUDE_DKIMSIGN to include colon separated list of headers to be excluded from signing (just like qmail-dkim). If -X option is used with dk-filter, it overrides the value of EXCLUDE_DKIMSIGN.
• Nov 5., 2023
  -bug fix: vpopmail defaultdelivery patch: it won't create the .qmail file in case control/defaultdelivery already has vdelivermail, in order to prevent a vpopmail loop
  -qmailforward RC plugin: it won't create the copy record if $config['qmailforward_defaultdelivery'] contains 'vdelivermail'
• Oct 13, 2023
  - vpopmail: added "s/qmail cdb" patch, which gets vpopmail to locate correctly the qmail assign.cdb for s/qmail users. s/qmail users should configure vpopmail with --enable-sqmail-cdb
• Oct 6, 2023
  - clamav updated to v. 1.2.0
• Sep 26, 2023
  new qmail combined patch:
  -surblfilter logs the rejected URL in the qmail-smtpd log. It can now inspect both http and https URLs.
  -Improvements in man dkim.9, qmail-dkim.9 and surblfilter.9
• Sep 17, 2023
  - dovecot upgraded to v 2.3.21
  - pigeonhole upgraded to v 0.5.21
• Sep 14, 2023
  - simscan now defines the maximum size of messages to be passed to spamassassin via control/simsizelimit file
• Sep 5, 2023
  -new qmail patch and DKIM patch upgraded to v. 1.42
  *dk-filter.sh: "source $envfn" has been replaced with ". $envfn" in oder to work for pure bourne shells
  *minor corrections to the man pages
  -vpopmail: changed configuration option --enable-logging=e (was p). Now failed attempts will be logged with no password shown.
• Sep 3, 2023
  -daemontools: Buffer Overflow fixed in timestamp.c (patch multilog-readable_datetime, Ubuntu 22.04). It was causing empty log files everywhere. (thanks Bai Borko and KPC)
• Aug 27, 2023
  - nuova patch per vpopmail e nuovo plugin qmailforward per Roundcube che vanno a risolvere diverse problematiche. Maggiori informazioni nella pagina dedicata..
• Aug 20, 2023 (diff)
  -qmail combined patch: install a sample control/smtpplugins file in case it does not exist yet, to avoid "unable to read control" crash.
• Aug 17, 2023
  - helodnscheck:
  * C++ version (testing).
  * bug fix: segfault in case of no result in DNS record.
  * default action changed to GNLR
• 5 agosto 2023
  L'installzione del certificato Let's Encrypt è ora basata su dehydrated. La vecchia documentazione basata su certbot non verrà più aggiornata.
• Jul 18, 2023
  vqadmin: patch updated
  - Italian translation file html/it updated, following the patch by Ali Erturk TURKER
  - the vqadmin source directory has been cleaned of unnececessary files
• Jul 15, 2023
  - fail2ban: l'installazione e la configurazione è stata rivista per funzionare su Debian, dove python2 non è presente (grazie a Gabriel Torres)
• Jun 30, 2023
  -daemontools: added my multilog-readable_datetime patch which replace the timestamp in the log lines with a human readable datetime. Do not install it if you prefer to stick with the timestamp.
  -if you install this patch you have to download again the convert-multilog program. In case you decide to stick with the original timestamp, then use the original convert-multilog. (diff)
  -qmail combiend patch: DKIM patch upgraded to v. 1.41
  *dknewkey will allow domains in control/domainkey
  *Made a few adjustments to the man pages and dkimsign.cpp for DKIMDOMAIN to work with qmail-smtpd (in case some configures qmail-smtpd to sign instead of the usual dk-filter/qmail-remote)
  -The broken link based on pobox.com in the default SPF error explanation was changed to https://mxtoolbox.com/SuperTool.aspx?action=spf
• Jun 25, 2023
  - Spamassassin: The ExtractText notes have been revised and corrected by Gabriel Torres
• Jun 18, 2023
  * qmail combined patch (diff)
  -vpopmail uid and gid are determined dinamically instead of assigning 89:89 ids by default
  -vpopmail install directory determined dinamically (was /home/vpopmail). Now the variable in the conf-cc file is determined as well.
  Feel free to post any issue in the comments as I'm not sure that /bin/sh will work in all Linux.
  * qmail run scripts:
  -defined the variable QMAILDIR in all run scripts in order to manage installations of qmail in directories different from default /var/qmail
  -/home/vpopmail is now ~vpopmail in order to manage installations of vpopmail in directories different from default /home/vpopmail
  -defined the variable TCPRULES_DIR on top of all run scripts
• May 18, 2023
  -certbot/letsencrypt: added the option --key-type rsa to the certbot command, to avoid that certbot will silently default to ECDSA the private key format, which results not understandable by my openssl-1.1. In this way the format of the private key will be RSA. More info here.
• May 17, 2023
  -SURBL: Top level domains URL is changed. So we have to adjust the update_tlds.sh script accordingly
• Apr, 26, 2023
  -new combined patch and dkim patch updated to v. 1.40
  -qmail-dkim uses CUSTOM_ERR_FD as file descriptor for errors (more info here)
• Apr 25, 2023
  - qmailadmin cracklib patch: bug fix in qmailadmin/passwd: it was changing the password also in case of cracklib alert (tx Alexandre Fonseca)
  - new qmailadmin combined patch released
• Mar 27, 2023
  qmail combined patch (diff here)
  -chkuser.c: double hyphens "--" are now allowed also in the rcpt email (tx Ali Erturk TURKER)
  -chkuser_settings.h CHKUSER_SENDER_NOCHECK_VARIABLE commented out. Sender check is now enabled also for RELAYCLIENT
  -removed a couple of redundant log lines caused by qmail-smtpd-logging
• Mar 18, 2023
  - new qmail combined patch
  * bugfix in dkimverify.cpp: now it checks if k= tag is missing (tx Raisa for providing detailed info)
  * redundant esmtp-size patch removed, as the SIZE check is already done by the qmail-authentication patch (tx Ali Erturk TURKER) diff here
• Mar 14, 2023
  - qmail combined patch: the split_str function in dknewkey was modified in order to work on debian 11 (tx J)
• Mar 12, 2023
  - qmail patch updated: the mail headers will change from "ESMTPA" to "ESMTPSA" when the user is authenticated via starttls/smtps (tx Ali Erturk TURKER)
  diff here
• Mar 1, 2023
  - qmail combined patch updated: added qmail-fastremote patch (tx Ali Erturk TURKER for the advise). qmail-remote CRLF removed (replaced by fastremote)
• Feb 27, 2023
  - qmail combined patch updated: now qmail-remote is rfc2821 compliant even for implicit TLS (SMTPS) connections (tx Ali Erturk TURKER)
• Feb 24, 2023
  - qmail combined patch updated: several missing references to control/badmailto and control/badmailtonorelay files were corrected to control/badrcptto and control/badrcpttonorelay (tx Ali Erturk TURKER) diff here
• Feb 20, 2023
  - qmail combined patch updated
  ---- dkim patch upgraded to v. 1.37
  ------ ed25519 support​ (RFC 8463)
  ------ old yahoo's domainkeys stuff removed (no longer need the libdomainkeys.a library)
• Feb 18, 2023
  -vpopmail: added a patch by Ali Erturk TURKER which fixes several issues
  -vqadmin: added a patch by Ali Erturk TURKER which, among the other things, makes vqadmin aware of mysql-limits
• Feb 10, 2023
  -dovecot: added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)
• Jan 31,2023
  -bug fix in qmail-smtpd.c. 4096 bit RSA key cannot be open (tx Ali Erturk TURKER)
• Jan 4, 2023
  -Solr upgraded to version 9.1.0
  -The SOlr page has been improved as far as configuration, security and testing are concerned
• Jan 1, 2023
  -ClamAV upgraded to version 1.0.0
  -new qmail combined patch released. Bug fix in dk-filter. It was calling a non existent function (tx Andreas).
• Dic 17, 2022
  -qmail combined patch release
  * chkuser receipt check won't be disabled for RELAYCLIENT
  * CHKUSER_DISABLE_VARIABLE commented out from chkuser_settings.h
• Nov 20, 2022
  -switched all actions to nftables, as it has now replaced iptables and fail2ban has support for it.
• Nov 18, 2022
  -fail2ban upgraded to v. 1.0.2
• Oct 28, 2022:
  added a note on how to avoid being cutoff by spamhaus (tx Marco Varanda)
• 2022.10.02
  -dkim patch updated to v. 1.30 and new qmail combined patch released
  * bug fix: it was returning an error in case of domains with no key.
• Sep 29, 2022
  -bug fixed in the domainkey script: it wasn't creating the symbolic link of the selector name to the private key in case of a custom selector defined in the file control/dkimkeys
  Sep 28, 2022
  -qmail combined patch updated with new dkim patch v. 1.29. More info here
  -Roundcube webmail updated to v. 1.6.0
• Aug 12, 2022
  -dovecot: improved the sql stuff in case of --disable-many-domains (tx kengheng).
  -dovecot-pwd_query patch for vpopmail: added a procedure for the user_query (needed for dovecot/LDA)
  -dovecot-pwd_query patch for vpopmail renamed to dovecot-sql-procedures
  -combined patch for vpopmail updated
• Aug 08, 2022
  -qmailctl script improved. Now the script exits if services are not started with svscanboot or a supervise script is missing
  -roundcube/password plugin: the cracklib patch has been improved. Now it can retrieve the correct cracklib-check path
• Jul 28, 2022
  -The Roundcube plugins' page has been revised and polished. A couple of plugins have been added.
• May 22, 2022
  qmail patch: "qmail-smtpd pid, qp log" patch (http://iain.cx/qmail/patches.html#smtpd_pidqp) removed, as its log informations are already contained in the qlogreceived line. (diff)
  -improved a couple of read_failed error messages
• May 12, 2022
  -clamav: updated to v. 0.105
  -qmailctl: a few modifications to avoid error strings in the service uptime when service is stopped. qmail-smtpsd was added to svclist
  -qmail-smtpsd support added
• Apr 22, 2022
  -dovecot: added Solr support
• Apr 17, 2022
  -dovecot/auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname).
• Apr 9, 2022
  qmailadmin: --enable-imageurl=/files is now --enable-imageurl=/qmailadmin/files (no need to have an alias on apache config). Added --disable-catchall, which is bad for spam. Tx Gabriel Torres
• Apr 01, 2022
  -qmailadmin: new combined patch. It now logs to stderr when qma-auth.log file can't be opened in write mode. It was returning a white screen
• Mar 17, 2022
  -vpopmail: new combiend patch: fixed a compilation break in vmysql.c with Debian 11 / gcc-10
• Feb 26, 2022
  -added REJECTNULLSENDERS environment variable (diff)
• Feb 18, 2022
  -fail2ban: added a couple of new rules to the qmail-smtpd.conf filter
• Feb 13, 2022
  -fixed a TLS Renegotiation DoS vulnerability. Disabled all renegotiation in TLSv1.2 and earlier. (diff here)
• Feb 1, 2022
  -added a plugin to qmail to filter bad DNS HELOs (more info here)
  -Roundcube upgraded to v. 1.5.2
• Jan 17, 2022
  -new qmail combined patch (diff here):
  * now qmail-smtpd logs rejects when client tries to auth when auth is not allowed, or it's not allowed without TLS (a closed connection with no log at all appeared before).
  * added qmail-spp.o to the TARGET file so that it will be purged with "make clean".
• Dec 19, 2021
  -new qmail combined patch: added qmail-spp patch
• Oct 21, 2021
  roundcube updated to v. 1.5.0
• Sep 28, 2021
  clamav updated to v. 0.104. The new version installation is based on cmake (autotools abandoned)
• Sep 27, 2021
  -new qmail combined patch: now chkuser allows double hyphens "--" in the sender email, like in y--s.co.jp (diff here)
• Sep 8, 2021
  fail2ban updated to v. 0.11.2 and rc.fail2ban moved to /usr/local/bin/fail2banctl. The dovecot filter has been improved
• Sep 2, 2021
  -an issue in vusaged configure arised. I cured it with a patch, while Luca in the comments found a different solution.
• Aug 22, 2021
  -minor fix to qmail patch/qlog: now it logs the auth-type correctly (diff)
• Aug 15, 2021
  at the bottom of the qmail/testing page I added a note to the testssl script by Dirk Wetter, which allows you to inspect your SSL connection in detail.
• July 28, 2021
  simscan: my attachments-size-limit patch added. It allows you to overcome a limitation where simscan doesn't pass messages over 250k to spamassassin.
• July 16, 2021
  spamassassin: bayes_token.token database field changed to binary(5). It was char(5).
• Jul 12, 2021
  -spamassassin/userprefe: the "preference" varchar length in the database "userprefs" table was increased to 50 (was 30) to create space for long label such as  "bayes_auto_learn_threshold_spam", which resulted truncated before the modification.
• June 20, 2021
  -spamassassin: created a script to process the spam/ham for the learning and reporting system (more info here)
  -dovecot 15-mailboxes.conf: added mailboxes for the learning and reporting system
• June 19, 2021
  new qmail combined patch released
  -chkuser: defined extra allowed characters in sender/rcpt addresses and added the slash to the list (tx Thomas).
  -RSA key and DH parameters are created 4096 bit long also in Makefile-cert. qmail-smtpd.c and qmail-remote.c updated accordingly (tx Eric Broch).
  -Makefile-cert: the certs will be owned by vpopmail:vchkpw
• March 27, 2021
  - bug fixes in the vpopmail/defaultdelivery patch: increased the buffer for the .qmail-default file path, as in particular cases of long path/domain names it will result truncated. Fixed another bug where the .qmail.default file where opened twice.
  - now if vdelivermail is installed the "delete" option will be used instead of "bounce-no-mailbox", which is not reasonable anymore
• March 21, 2021
  qmail combined patch updated. update_tmprsadh.sh: RSA key and DH parameters increased to 4096 bits
• March 9, 2021
  vpopmail: the patch now installs the sql code needed for "one table per domain" (--disable-many-domains) in ~/vpopmail/etc/pwd-query_disable-many-domains.sql and creates the sql procedure if needed. Of course this add-on to vpopmail will be completely transparent when you compile with the default option --enable-many-domains
• Feb 26, 2021
  vpopmail: added a defaultdelivery patch, which makes vpopmail to copy your preferred delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domains, overriding the default vpopmail's behaiviour, where vpopmail copies its delivery agent vdelivermail.
  Feb 5, 2021
  - vpopmail: the patch has been improved. The sql-aliasdomains stuff is now done by means of the vpopmail's C programs and functions.
  Feb 3, 2021
  - vpopmail: new patch and script released.
  Just configure --enable-sql-aliasdomains (default) and forget. The dbtable will be created the first time you will create an aliasdomain.
• Jan 29, 2021
  - dovecot/auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
  - dovecot/dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
  - vpopmail: sql-aliasdomains and combined patch released (new aliasdomains dbtable has to be created!)
• Jan 13, 2021
  - vpopmail/dovecot: added support for sql aliasdomains
• Gen 5, 2021
  - dovecot upgraded to v. 2.3.13 (vpopmail-auth removed by dovecot's developers)
  - pigeonhole upgraded to v. 0.5.13
• Gen 3, 2021
  - Roundcube: Upgraded to v. 1.4.10
  - Roundcube: disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.
• Gen 2, 2021
  - ucspi-tcp6: upgraded to latest version
  - fehQlibs have to be installed as a prerequisite of ucspi-tcp6
• Dec 4, 2020
  - combined patch for qmail updated to solve compatibility problems with new gcc-10
  - a patch was also released to get vpopmail compiled with gcc-10
  - Tony Fung suggested a script to expunge messages, which can be very useful in case you need to expunge differently depending on your mailboxes/domains.
• Nov 18, 2020
  spamassassin:
  - solved some priviledge problems with the reports of the RC's markasjunk plugin, which is going to write inside the log dir and read the razor's identity file.
  - moved all log files into /var/log/spamassassin (apache group now has +w priv). spamdctl and logrotate scripts modified accordingly
• 2020.10.30
  Clamav: added clamav-unofficial-sigs (tx Tony Fung for the suggestion). Updated clamdctl and freshclamctl scripts to allow the restart function, needed by clamav-unofficial-sigs script
• 2020.10.28
  modified the spamassassin's DMARC rule. Now it passes emails with one between DKIM and SPF valid, according to RFC7489 (thanks Marcel Veldhuizen and Iulian for the hints)
• 2020.10.08
  rcptcheck-overlimit.sh: bug fix (tx Tony Fung)
• 2020.09.02
  spamassassin/DMARC: corrected the askDNS rule as it was not triggering the reject in the event that only one of DKIM or SPF failed (tx A F)
• 2020.09.01
  qmailadmin: minor adjustments to the skin patch
• 2020.08.12
  dovecot: upgraded to v. 2.3.11.3
  dovecot-pigeonhole: upgraded to v. 0.5.11
• 2020.08.11
  Roundcube: upgrade to v. 1.4.8
• 2020.08.10
  - new qmailadmin skin/combined patch released:
  mod_user.html: added the "value" attribute to the name/gecos input tag (tx Pablo Murillo)
• 2020.08.04
  - simscan: upgraded to v. 1.4.1
• 2020.08.02
  - several clarifications in the simscan page;
  - revised the ripMIME installation as the dev version of the program is now downloaded from github, to solve complation breaks.
• 2020.07.29
  - new combined patch
  * dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui).
• 2020.07.27
  - new combined patch
  * added a fix for cve-2005-1513 (tx C for the hint)
• 2020.07.15 
  - spamassassin: added Razor2, Pyzor, Spamcop configuration
  - Roundcube/markasjunk plugin has now info about the cmd_learn and the multi_driver drivers
  (tx Gabriel Torres)
• 2020.07.03
  Roundcube/password plugin: added a patch to make it work in combination with cracklib, to enforce password strenght (tx Tony Fung)
• 2020.06.10
  Roundcube: upgrade to v. 1.4.5 
• 2020.05.22
  new qmailadmin skin/combined patch released
• 2020.05.05
  -qmailadmin
  * patched qmailadmin to provide a new responsive skin for the control panel.
  * combined patch released
• 2020.05.01
  -qmailadmin
  * added qmailadmin-cracklib patch to enforce password complexity
  * pwd-strenght patch removed
• 2020.04.25
  -combined patch updated
  * qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca)
• 2020.04.16
  - new combined patch: qmail-remote-logging patch added (more info here)
• 2020.04.10
  - new combined patch: DKIM patch updated to v. 1.28
  * outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
  * declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
• 2020.03.31
  - DKIM configuration: added UNSIGNED_SUBJECT variable to the run files, which can be useful to declare if one wants to allow messages without the sign of the subject (more info here)
  2020.03.19
  dovecot: added the autoexpunge setting in 15-mailbox.conf. The expunge via cronjob in not needed anymore
• 2020.02.26
  vqAdmin: fixed a problem which was preventing the patch to be applied (tx Marco Varanda)
• 2020.02.25
  dovecot: modified 10-master.conf to set up stats' service priviledges and correct an error which appeared in qmail-send
• 2020.02.11
  table spamassassin.txrep modified as the column "count" was renamed (tx Tony Fung).
• 2020.02.06
  queue-repair.py: applied a patch to make the program python3 compliant (tx Tony Fung)
• 2020.02.04
  dovecot-sql.conf.ext: adjusted the user_query string to get compatibility with mariadb-10.3 (tx Tony Fung)
• 2020.01.11
  - new combined patch: qmail-tls patch updated to v. 20200107
  * working client cert authentication with TLSv1.3
• 2019.12.12
  spamassassin: upgraded to v. 3.4.3
• 2019.12.08
  - big patch updated
  * qmail-smtpd.c: now TLS is defined before chkuser.h call, to avoid errors on closing the db connection (tx ChangHo.Na) 
  - domainkeys script improved: it now manages 2048 bit long key (tx Tatsuya Yokota)
• 2019.12.01
  dovecot: upgraded to v. 2.3.8
  dovecot-pigeonhole: upgraded to v. 0.5.8
  Roundcube: upgraded to v. 1.4.1 (mobile responsive skin released!)
  Roundcube plugins: updated
• 2019.09.18
  spamassassin: added a page concerning TxRep and another one concerning DMARC filter
• 2019.09.09
  dovecot: now the SQL user_query retrieves the quota as well (tx Alexandre Fonceca, more info here)
• 2019.08.07
  - a couple of adjustments to chkuser (tx Luca Franceschini, more info here)
  * BUG - since any other definition of starting_string ends up as "DOMAIN", if starting_string is otherwise defined, chkuser will be turned off.
  * CHKUSER_ENABLE_ALIAS_DEFAULT, CHKUSER_VAUTH_OPEN_CALL and CHKUSER_DISABLE_VARIABLE are now defined in chkuser_settings.h
  * Now CHKUSER_DISABLE_VARIABLE, CHKUSER_SENDER_NOCHECK_VARIABLE, CHKUSER_SENDER_FORMAT_NOCHECK, CHKUSER_RCPT_FORMAT_NOCHECK and CHKUSER_RCPT_MX_NOCHECK can be defined at runtime level as well.
• 2019.07.12
  - qmail-channels patch added
  more info here http://www.thesmbexchange.com/eng/qmail-channels_patch.html 
  - improved verbosity of die_read function in qmail-smtpd.c (qmail-smtpd: read failure). More info here.
• 2019.06.19
  - DKIM patch updated to v. 1.26
  * BUG - honor body length tag in verification
• 2019.05.24
  - qmail-tls patch updated to v. 20190517
  * bug: qmail-smtpd ssl_free before tls_out error string (K. Wheeler)
• 2019.05.23
  - DKIM patch updated to v. 1.25
  * SIGSEGV - when the txt data for domainkeys is very large exposed a bug in the way realloc() was used incorrectly.
  * On 32 bit systems, variable defined as time_t overflows. Now qmail-dkim will skip expiry check in such conditions.
• 2019.04.25
  * bug fixed on qmail-smtpd.c: it was selecting the wrong openssl version on line 2331 (tx ChangHo.Na)
  2019.04.09
  - qmail-tls patch updated to v. 20190408
  * make compatible with openssl 1.1.0 (Rolf Eike Beer, Dirk Engling, Alexander Hof)
  * compiler warnings on char * casts (Kai Peter)
• 2019.04.03
  - libdomainkeys patch updated (tx Manvendra Banghui)
• 2019.03.22
  - new combined patch: fixed a bug causing crashes of qmail-remote when using openssl-1.1 (tx Luca Franceschini)
• 2019.02.27
  - port to openssl-1.1
  - DKIM patch updated to v. 1.24
  * bug fix: restored signaturedomains/nosignaturedomains functionalities.
• 2019.02.26
  simscan: patch updated (tx Pablo Murillo)
  vQadmin: some adjustments into apache config and it's working again under apache-2.4 (tx Erald)
• 2019.02.01
  fail2ban upgraded to v. 0.10.4
• 2018.09.23
  spamassassin upgraded to v. 3.4.2
• 2018.08.25
  -DKIM patch updated to v. 1.23
  * fixed a bug where including round brackets in the From: field ouside the double quotes (From: "Name Surname (My Company)" <name.surname@company.com>) results in a DKIMContext structure invalid error (tx Mirko Buffoni).
  * qmail-dkim and dkim were issuing a failure for emails which had multiple signature with at least one good signature. Now qmail-dkim and dkim will issue a success if at least one good signature is found.
• 2018.08.23
  -logging patch updated to v. 5
  * fixed a bugin logit and logit2 functions where a RSET command and a subsequent brutal quit of the smtp conversation ^] by the client cause a segfault (tx Mirko Buffoni, more info here)
• 2018.08.02
  ezmlm-web: Ricardo Brisighelli sent me two patches which solves compilation breaks with gcc-7
• 2018.06.22
  -clamav updated to v. 0.100.0
• 2018.04.06
  -added a patch to daemontools to extend the log file size limit to 100MB (tx Sam Tang)
• 2018.04.04
  -qmailctl script updated (tx Sam Tang)
  * "qmailctl stat" now shows something like "0 days, 00 hours 16 mins"
  * can assign another service which related qmail for monitoring, like dovecot, clamd, freshclam...
  * change "up" and "down" to green and red color.
• 2018.04.03
  -DKIM patch updated to v. 1.22
  * openssl 1.1.0 port
  * various improvements, bug fixes
• 2018-03-21
  added a new page to explain how to install a letsencrypt certificate for qmail and dovecot here
• 2018-02-07
  clamav updated to v. 0.99.3 (bug fix, tx to Bob Greco) 
• 2018-01-10
  == combined patch updated
  -maildir++
  * fixed a bug where the filesize part of the S=<filesize> component of the Maildir++ compatible filename is wrong (tx MG). More info here and here.
  -qmail-queue-extra
  * removed, because it was causing more problems than advantages, as the domain of the log@yourdomain.tld had to match the system domain inside control/me and can't be a virtual domain as well.
  == dovecot: upgraded to v. 2.3.0
  == dovecot-pigeonhole: upgraded to v. 0.5.0.1 
• 2017-10-24
  new patch arrived (tx Luca Franceschini)
  -qlogfix (diff here)
  * log strings should terminate with \n to avoid trailing ^M using splogger
  * bug reporting custom errors from qmail-queue in qlog
  -added dnscname patch
  -added rcptcheck patch
  added rcptcheck-overlimit.sh (tx Luca Franceschini)
  added a page about rcptcheck-overlimit.sh usage
• 2017-09-05
  Roundcube upgraded to v. 1.3.1. The enigma plugin requires Crypt_GPG-1.6.2
• 2017-08-24
  -fail2ban: the qmail-smtpd.conf filter has been simplyfied and is now based on the "qlogenvelope" lines 
• 2017-08-18
  -combined patch updated: qmail-smtpd now retains authentication upon rset (tx to Andreas)
• 2017-07-05
  -roundcube upgraded to v. 1.3.0
• 2017-05-14
• Combined patch updated:
  DKIM patch updated to v. 1.20
  It now manages long TXT records, avoiding the rejection of some hotmail.com messages.
• 2017-03-02
  -ucspi-tcp6 upgraded to v. 1.04 (some bug fixes http://www.fehcom.de/ipnet/ucspi-tcp6.html)
• 2016-12-19
  -Several new patches and improvements added (thanks to Luca Franceschini)
  More info here http://notes.sagredo.eu/node/178
• 2016-12-14
  simscan: bug fix and new combined patch (thanks to Bob Greco, more info here)
• 2016-12-02
  -fixed BUG in qmail-remote.c: in case of remote server who doesn't allow EHLO the response for an alternative
  HELO was checked twice, making the connection to die. (Thanks to Luca Franceschini)
  Patch applied: http://notes.sagredo.eu/files/qmail/patches/fix_sagredo_remotehelo.patch
• 2016-09-19
  -big patch updated: qmail-tls patch updated to v. 20160918
    * bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
    * bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
• 2016-08-06
  qmailadmin: added the ezmlm-idx 7 compatibility patch
  2016-08-04
• ucspi-tcp6 upgraded to v. 1.02
• 2016-07-20
  -roundcube: added enigma plugin
• 2016-05-31
  -roundcube upgraded to v. 1.2.0. All plugins updated as well
• 2016-05-15
  -force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoids to write the auth verb if the
  the STARTTLS command was not sent by the client
• 2016-03-09
  -combined patch updated
  * dkim patch updated to v. 1.19: verification will not fail when a dkim signature does not include the subject provided that the  UNSIGNED_SUBJECT environment variable is declared. More info here.
• 2016-01-18
  -removed the line "DKIMKEY=/var/qmail/control/domainkeys/%/default" from the qmail rc config file, as DKIMKEY is actually ignored by dk-filter, which will look for the key in that location by default. Use DKIMSIGN instead to define yor domainkey location (thanks to Steffen for the hint)
• 2015-12-26
  qmail-tls updated to v. 20151215
  * typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
  * add ECDH to qmail-smtpd
  * increase size of RSA and DH pregenerated keys to 2048 bits
  * qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
  more info here 
  -roundcube upgraded to v. 1.1.4 (security fixes, more info here)
• 2015-12-15
  -DKIM patch updated to v. 1.18 (a big thank to Manvendra Bhangui for his kind support). More info here
  2015-11-23
  qmail-submission/run modified: SMTPAUTH="!" to enable the submission feature (auth required). Now incoming msg can be received only on standard 25 port 
• 2015-10-06
  -fail2ban upgraded to v. 0.9.3
• 2015-10-03
  -new combiend patch released: qmail-authentication updated to v. 0.8.3
• 2015-09-02
  dovecot: the user query on the auth is now able to manage pop3/imap/webmail vpopmail limits (thanks to Arturo Blanco)
• 2015-08-29
  vQadmin: combined patch released (more info inside the patch itself)
• 2015-08-08
  -fixed a bug on qmail-remote.c that was causing the sending of an additional ehlo greeting (thanks to Cristoph Grover)
• 2015-05-28
  qmailadmin: added a patch to log auth failures (thanks to Tony)
  fail2ban: added a filter against qmailadmin log failures
• 2015-05-03
  spamassassin: upgraded to v. 3.4.1
• 2015-04-25
  qmailadmin: added a patch to check for the password strenght
• 2015-04-11
  -combined patch updated: 
  --qmail-authentication: upgraded to v. 0.8.2
  --qmail-tls: upgraded to v. 20141216 (POODLE vulnerability fixed)
• 2015-03-28
  -combined patch updated: added qmail-empf patch
• 2015-02-25
  the home page graphic of qmailadmin has copyright issues as shown here (thanks to Marc for the hint)
• 2015-02-17
  roundcube: upgraded to v. 1.1.0. All plugins have been upgraded as well
• 2015-01-10
  roundcube: added carddav plugin
• 2014-11-20
  combined patch updated:
  -the SSLv3 connection upon the auth was switched off because of security reasons (thanks to Florian).
• 2014-11-15
  combined patch updated:
  -modified the QUEUE_EXTRA variable in extra.h to record the Message-ID in the qmail-send's log (thanks to Simone for the hint). Look here for details.
• 2014-11-08
  simscan has been improved with the jms patch. The work dir is mounted as a ramdisk now
• 2014-10-29
  fail2ban: qmail-smtp.conf filter updated to look for GREETDELAY lines
• 2014-10-14
  SSLv3 disabled on dovecot because of security reasons (more info here)
• 2014-10-14
  dovecot upgraded to v. 2.2.14
  dovecot-pigeonhole recompiled
• 2014-10-04
  dovecot upgraded to v. 2.2.14.rc1
  dovecot-pigeonhole upgraded to v. 0.4.3
  the global sieve folder was moved to /usr/local/dovecot/etc/sieve/
• 2014-09-29
  roundcube upgraded to v. 1.0.3.
  added a roundcube-auth filter to fail2ban
• 2014-08-26
  roundcube upgraded to v. 1.0.2. Fixed some errors in the relative page, as sometime the $config variable was still $rcmail_config as in the past, and all the config files are now merged into config.inc.php (thanks to Otto)
• 2014-08-24
  the log rotation of qmail is managed by the jms'  https://qmail.jms1.net/scripts/convert-multilog. Thanks to Marc for the suggestion
• 2014-08-18
  added a page concerning fail2ban setup
• 2014-05-13
  clamav upgraded to v. 0.98.3
  roundcube upgraded to v. 1.0.1
  ezmlm-idx upgraded to v. 7.2.2
  qmailadmin recompiled against ezmlm-idx-7.2.2
• 2014-05-03
  ezmlm-idx upgraded to v. 7.2.0
  Bruce Guenter has released a new version of ezmlm-idx, getting the program to be compliant with the Yahoo DMARC Policy Change. You have to recompile qmailadmin against ezmlm as well.
• 2014-04-14
  combined patch updated:
  -added qmail-maxrcpt patch, which allows you to set a limit on how many recipients are specified
• 2014-04-08
  roundcube upgraded to v. 1.0.0
• 2014-03-10
  combined patch updated:
  -added qmail-smtpd-liberal-lf patch, which allows qmail-smtpd to accept messages that are terminated with a single \n instead of the required \r\n sequence. This should avoid some "read failed" reject.
• 2014-02-14
  spamassassin upgraded to v. 3.4.0
• 2014-01-10
  roundcube upgraded to v. 1.0-rc. Plugins have been upgraded as well
• 2014-01-24
  ucspi-tcp6 upgraded to v. 1.00: fixed problems when compiling with C99 compilers
• 2013-12-30
  combined patch updated:
  -added qmail-SRS patch. You must install libsrs2 now.
  -the character "=" in the sender address is now considered valid by chkuser in order to accept SRS
• 2013-12-20
  combined patch update (more info here):
  -added qmail-date-localtime patch
  -added qmail-hide-ip patch
  -the original greetdelay by e.h. has been replaced with the improved patch by John Simpson. Now communications trying to send commands before the greeting will be closed. Premature disconnections will be logged as well. More info here
  -modified the configuration of qmail-smtpd and qmail-submission according to the new greetdelay patch
  -updated the page concerning greetdelay
  -CHKUSER_SENDER_FORMAT enabled to reject fake senders without any domain declared (like )
  -chkuser logging: I slightly modified the log line adding the variables' name just to facilitate its interpretation
  -added qmail-moreipme patch
  -added qmail-dnsbl patch (more info here)
  -added a page concerning qmail-dnsbl patch
• 2013-12-05
  added two patches to my combined patch to make qmail rfc2821 compliant
• 2013-11-23
  any-to-cname patch added to the combined patch
• 2013-10-30
  Added two contributions by Costel Balta:
  -how to avoid to be "cut off" from spamhaus.org (read here)
  -adding the foxhole db to clamav (on the bottom of the clamav page)
• 2013-09-27
  -DKIM patch upgraded to v. 1.17. Defined -DHAVE_SHA_256 while compiling dkimverify.cpp in the Makefile. This solved an issue while verifying signatures using sha256.
• 2013-09-16
  Minor fixes to the DKIM patch
• 2013-09-14
  -new combined patch released. The DKIM patch has been upgraded to v. 1.16; the signing at qmail-remote level has been revised by its author.
  -I added notes about qmail-remote signing in the DKIM page of this guide.
  -the domainkey program now gives ownership of the domainkey to qmailr, which runs qmail-remote
• 2013-08-25
  -qmail-qmqpc.c call to timeoutconn() needed a correction because the function signature was modified by the
   outgoingip patch. Thanks to Robbie Walker
   (diff file here http://notes.sagredo.eu/files/qmail/patches/qmail-qmqpc.diff)
• 2013-08-22
  ucspi-tcp6: upgraded to v. 0.99. The current version includes an hack by Manvendra Bhangui from indimail.org which gets tcpserver and qmail's spfcheck to be IPv4-mapped IPv6 addresses compliant, provided that you install his modified qmail-spf patch (my combined patch already has this adjustment to spf).
  Fot those interested, a few days ago Manvendra Bhangui released a package of patches including now not only DKIM and SURBL but also SPF and the entire qmail totally IPv6 compliant. The upgrade for me is not so straightforward, but I'm planning to have it in my big patch soon or later. For the moment you can play with it downloading from http://sourceforge.net/projects/indimail/files/netqmail-addons/qmail-dkim-1.0/
• 2013-08-21
  -big patch updated: fixed a bug in hier.c which caused the installation not to build properly the queue/todo dir structure (thanks to Scott Ramshaw)
• 2013-08-19
  -DKIM-SURBL patch by Manvendra Bhangui updated to v. 1.14
  -added a page about SURBL configuration
• 2013-08-12
  -DKIM patch upgraded to v. 1.12. The new patch adds surblfilter functionality.
  -added qmail-smtpd pid, qp log patch
• 2013-08-08
  -qmail-SPF modified by Manvendra Bhangui to make it IPv4-mapped IPv6 addresses compliant. In order to have it working with such addresses you have to patch tcpserver.c accordingly. You can use a patch fot ucspi-tcp6-0.98 by Manvendra Bhangui at http://notes.sagredo.eu/files/qmail/patches/tcpserver-ipv6mapped_ipv4.patch or wait for v. 0.99 relase of ucspi-tcp6
  -added outgoingip patch
  -added qmail-bounce patch
• 2013-05-20
  dovecot: upgraded to v. 2.2.2
  dovecot-pigeonhole: rebuilt
• 2013-05-18
  Roundcube: upgraded to v. 0.9.1
• 2013-05-09
  -dovecot-pigeonhole: upgraded to stable 0.4.0 version
• 2013-05-06
  -dovecot: upgraded to v. 2.2.1 The configuration has been modified to use the sql/mysql driver in place of the vpopmail one; the password is now sended in plain text
  -dovecot-pigeonhole: upgraded to latest development version
  -RoundCube: imap_auth_type has been set to NULL to send the password in plain text and make dovecot's auth happy
  -the dovecot's expunge shell script was simplyfied. Using the sql driver solved all issues of the old vpopmail backend related to the missing iteration feature.
• 2013-04-16
  Roundcube: upgraded to v. 0.9.0
  All rc plugins have been updated as well
• 2013-03-31
  new combined patch: qmail-auth updated to latest v. 0.8.1 Added authentication by recipient domain for qmail-remote. Look at README.auth for further details
• 2013-02-11
  new combined patch: some code adjustments in qmail-smtpd.c smtpd_ehlo() to restore total compatibility with esmtp-size patch
• 2013.02.08
  new combined patch: qmail-auth has been updated to the latest v. 0.7.6. Look at README.auth for further details
  ucspi-tpc6: updated to v. 0.98
• 2013.01.28 new combined patch released: fixed an issue on qmail-pop3d which was causing a double +OK after the pass command (thanks to Rakesh, Orbit and Simplex for helping in testing and troubleshooting)
• 2013.01.27 ucspi-tpc6: updated to v. 0.97
• 2013.01.06 ucspi-tpc6 0.96 by E.Hoffmann replace the ucspi-tcp 0.88 by DJB. It provides IPv6 and rblsmtpd greetdelay support
  combined patch modified. The variable GREETDELAY was renamed to SMTPD_GREETDELAY just to avoid conflicts with the GREETDELAY variable inside rblsmtpd
  qmail-smtpd/run file modified accordingly
• 2012.11.14 Roundcube: upgraded to v. 0.8.4
• 2012.11.10 Roundcube: upgraded to v. 0.8.3. Autologon plugin: modified
• 2012-10-31 new combined patch: qmail-auth has been updated to the latest v. 0.7.5. Look at README.auth for further details
  The qmail-forcetls patch was simplyfied accordingly.
• 2012.10.25 vpopmail: upgraded to v. 5.4.33 (now marked as stable). Be aware that you have to recompile netqmail, qmailadmin and vqadmin as well.
  qmailadmin: upgraded to v. 1.2.16
• 2012.10.19 Roundcube: added context menu, autologon and logout_redirect plugins
• 2012.10.18 Roundcube: upgraded to v. 0.8.2
• 2012.10.11 dovecot: upgraded to v. 2.1.10
  dovecot-pigeonhole: upgraded to v.0.3.3
• 2012.10.10 fixed vQadmin 'invalid language' issue (see vQadmin page for details http://notes.sagredo.eu/it/node/57)
• 2012.09.19 ClamAV: upgraded to v. 0.97.6
• 2012.09.04 zipdownload Roundcube's plugin: modified to gain compatibility to v. 0.8.1 (thanks to taki)
• 2012.08.31 Roundcube: upgraded to v. 0.8.1
  dovecot: upgraded to v. 2.1.9
  dovecot-pigeonhole: recompiled
• 2012.08.11 Roundcube: upgraded to v. 0.8.0
• 2012.05.26 dovecot-pigeonhole: upgraded to v 0.3.1
• 2012.05.24 dovecot: upgraded to v. 2.1.6
• 2012-04-25 new combined patch: added qmail-remote CRLF (thanks to Pierre Lauriente for the help on testing and troubleshooting)
  The qmail-remote CRLF patch solved a problem of broken headers after sieve forwarding that was caused by a bad handling of the CR (carriage return) by qmail-remote. The issue is also reported here http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
• 2012.04.16
  qmail-tap added to my combined patch
• 2012.03.03 dovecot: upgraded to v. 2.1.1
  The configuration files have been updated: the most important change was the location of auth_socket_path variable inside 10-mail.conf
• 2012.02.17 dovecot: upgraded to v. 2.1.0
  dovecot-pigeonhole: upgraded to v.0.3.0
• 2012.02.08: esmtp-size patch added to my combined patch
• 2012.01.29: New combined patch released: added doublebounce-trim patch
• 2012.01.21 Roundcube: updated to v. 0.7.1. All plugins have been updated to latest version as well.
• 2011.12.13 dnsbl.sorbs.org is not on my RBL examples anymore, as it proved to be a bad list. It's rejecting gmail's IPs and also confusing the IP of my own server as dynamic.
• 2011.12.12 New combined patch released.
  -modified update_tmprsadh to chown the .pem files to vpopmail to avoid hang-ups during the smtp conversation on port 587 caused by permission problems.
• 2011.10.06 New combined patch released.
  -fixed qmail-remote.c which was not going into tls on authentication (thanks to Krzysztof Gajdemski)
  -force-tls now quits if the starttls command is not provided when required (thanks to Jacekalex)
• 2011.09.30 Dovecot: upgraded to v. 2.0.15
  dovecot-pigeonhole: upgraded to v . 0.2.4
  ICU: upgraded to v. 4.8.1
• 2011.09.29 RoundCube: upgraded to v. 0.6. All plugins have been updated to latest version
• 2011.08.13 RoundCube: upgraded to v. 0.5.4 (security fix)
• 2011.07.27: Big patch updated. My force-tls patch allows the management of STARTTLS and CRAM-MD5 variables in the run file, so that there's no need to recompile each time anymore.
  I also added the "qmail-inject-null-sender" patch by Stéphane Cottin, which addresses a bug on qmail-inject
• 2011.07.23 The configuration of dovecot was updated to allow maildir++ (thanks to Nicolas) on files 90-quota.conf and 20-imap.conf
• 2011.07.15 The combined patch has been updated: an issue which caused the compilation's break down of qmail on 64b platforms has been fixed
• 2011.07.03 Added support for rblsmtpd. Added a page about the greetdelay patch.
• 2011.06.29 New combined patch released. Added ext-todo and big-todo patches, which adress the "silly qmail syndrome" on big servers.
• 2011.06.24 Spamassassin: updated to v. 3.3.2
• 2011.06.02 Roundcube: updated to v. 0.5.3 (2 important bug fixes)
• 2011.05.29 Dovecot: added a page concerning the purging of expired emails from Trash/Junk
• 2011.05.25 RoundCube: updated to v. 0.5.2. Updated almost all roundcube's plugin to latest version.
• 2011.05.17 Added Luca Morettoni's qmail-rblchk
• 2011.04.19 Dovecot-2.0.12 upgrade; dovecot-pigeonhole v.0.2.3 upgrade
• 2011.04.06 Vermulen's TLS patch updated (security fix, see http://www.kb.cert.org/vuls/id/555316).
  New qmail combined patch releasead.
• 2011.02.25 Added DKIM patch and related page

---------

• 2010.12.12 first release of this guide and related patch

Changelog

• May 7, 2026
  Razor-Agent-Client upgraded to v. 2.88
• Jun 3, 2025
  - disabled IPv6 on DCC as servers are not always responding (tx Shailendra Shukla)
• Dec 26, 2023
  Pyzor installed from github, as version 1.0.0 is not pythone3 compliant (thanks Mike)

Questa pagina concerne il setup di alcuni filtri di rete che aiutano spamassassin a decidere cosa fare di un dato messaggio. Abilitando questi filtri, insieme al sistema di apprendimento bayesiano, migliorerà drasticamente le prestazioni di spamassassin nella lotta allo spamming.

• Repository ufficiale: http://plugins.roundcube.net/

Changelog

• Apr 27, 2026
  - qmailforward upgraded to v1.0.5 (bug fix: sql call is not done if the forward is not a valid email address)
• Dec 19, 2025
  - composer is now installed in /usr/local/bin and not in RC dir
• Apr 19, 2025
  - sauserprefs aggiornato alla versione 1.20.2
• 23 marzo 2025
  - il driver vpopmaild del plugin password è nuovamente funzionante, ora che il problema è stato sistemato dal lato vpopmail (versione 5.6.7 in poi).

Le SURBL sono liste di siti web che appaiono nel corpo della posta indesiderata. Diversamente dalla maggior parte delle liste non sono liste di indirizzi IP.

I siti web che appaiono nei messaggi di posta indesiderata tendono ad essere più stabili rispetto agli indirizzi IP in rapido cambiamento dei botnet che sono soliti inviare la maggior parte di questi messaggi. Le liste di IP come zen.spamhaus.org possono essere usate in un primo stadio di filtraggio per aiutare a identificare da circa l'80% al 90% dei messaggi di posta indesiderata. Le liste SURBL possono contribuire a eliminare il restante 75% della posta indesiderata in un successivo stadio di filtraggio. Usate insieme alle liste di IP (RBL), le SURBL risultano un metodo molto efficace per identificare fino al  95% della posta indesiderata.

Changelog

• Mar 29, 2026
  - aggiunta una nota sui control file
• Feb 17, 2026
  - added notes to testing section
• Sep 26, 2023
  -surblfilter logs the rejected URL in the qmail-smtpd log. It can now inspect both http and https URLs.
  -Improvements in man dkim.9, qmail-dkim.9 and surblfilter.9
• May 17, 2023
  -Top level domains URL is changed. So you have to adjust the update_tlds.sh script accordingly

Rsync is a fast and extraordinarily versatile file copying tool.  It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon.
It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied.  It is famous for  its  delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination.  Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.
Rsync finds files that need to be transferred using a "quick check" algorithm (by default) that looks for files that have changed in size or in last-modified  time.
Any  changes  in  the  other preserved attributes (as requested by options) are made on the destination file directly when the quick check indicates that the file's data does not need to be updated.

• rsync command examples: http://www.thegeekstuff.com/2010/09/rsync-command-examples/

I will show shortly how to:

• backup your files from remote to local using rsync
• use modules to have multiple backups possible
• secure the connection with ssh
• avoid to prompt for the password, so that your backup can be done via script/cronjob

Before we start, I'll call "local" the computer where the files have to be copied and "remote" the computer where those files are stored and where you have to listen for ssh connections.

Remote host

To secure our data, we'll use rsync via a remote ssh connection, so there's no need to start rsync as a daemon, but sshd must be configured to accept connections without password and rsa-key authentication must be enabled in your /etc/ssh/sshd_config file:

PermitRootLogin without-password
PubkeyAuthentication yes
AllowUsers root

Here "root" is the only user who is allowed to connect via ssh. So the user "root" will be used at the ssh level and should not be confused with "rsync-user", which will be used to log-in to the rsync "module", site1 in the following example.

Log-in as "root" and create the config file /etc/rsync.conf.

# common stuff
motd file = /etc/rsyncd_motd
# the following in case you want to test rsync as daemon
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock

[site1]
       # this is the path of the files to backup
       path = /home/ssh-user/path/where/site1/files/live
       comment = site1 files
       uid = root
       gid = root
       read only = yes
       list = yes
       auth users = rsync-user
       secrets file = /root/rsyncd.scrt
       # we don't have super user access
       use chroot = false


[site2]
       [....site2 stuff....]

uid and gid are the userID and the groupID under which file transfers will take place.

Before the transfer will start, you have to authenticate rsync with "auth user". Create the secret file ~/rsync.scrt which holds the user:password couples:

rsync-user:password
rsync-user2:password2

Remove the 'r' flag to other users:

chmod o-r ~/rsync.scrt

Local host

Since we want to backup our files by means of a script and a cronjob, it's important that the remote ssh connection will not prompt for any password. We can achieve this by exchanging a ssh-key between client and server.

Create the private and public keys:

root@localhost:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa_remoteHost): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa_remoteHost.
Your public key has been saved in /root/.ssh/id_rsa_remoteHost.pub.
The key fingerprint is:
a0:53:33:c5:d1:ea:4c:e2:a1:98:d9:ba:b0:e8:5f:90 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|    o++o         |
|     o. .        |
|    . ..         |
|    .oo.         |
|   E.O .S        |
|    * *          |
|.  . o .         |
|.o. . .          |
|+.oo             |
+-----------------+

Now you have to append the public key id_rsa_remoteHost.pub to the remote server's ~/.ssh/authorized_keys file. ssh-copy-id is a program which can do this for you:

root@localhost:~# ssh-copy-id -i ~/.ssh/id_rsa_remoteHost -p 12345 root@remoteHost

You will be prompted to enter the root password in order to copy the key.

Now test that the connection is allowed with no password:

root@localhost:~# ssh -p 12345 -l root -i /root/.ssh/id_rsa_remoteHost <remoteHost>
Last login: Mon Sep  2 16:04:57 2013 from localhost
Linux 2.6.32.10-vs2.3.0.36.29.2-smp.
root@remotehost:~#

You can disable the access with password for the user root in your /etc/ssh/sshd_config:

PermitRootLogin prohibit-password

Now we are ready to create our backup shell-script as /usr/local/bin/rsync_backup.sh:

#!/bin/sh

/usr/bin/rsync \
        -avz --exclude "*~" --delete-after \
        -e "ssh -p 12345 -l root -i /root/.ssh/id_rsa_remoteHost" \
        --password-file /root/remoteHost_rsync_pwd \
        rsync-user1@::site1 \
        /local/destination/path

Remember to give the flag +x  to that file:

chmod +x /usr/local/bin/rsync_backup.sh

The password file /root/remoteHost_rsync_pwd holds the password of the rsync connection; in this way our shell-script will not receive a password prompt when it connects. It should be stored in a safe place and priviledges must be given only to the root user. It will contain just the password string.

Maybe the line

-avz --exclude "*~" \

deserves some description, but you are invited to refer to the man page for more details.

• --exclude "*~" is to avoid the copy of backup files of my text editor
• "-a" stands for -rlptgoD and preserves everything
• "-r" means recursive mode while traversing directories
• "-p", "-o", and "-g" preserve the permissions, owner and group information of files and directories to be copied
• "-t" preserves the file and directory timestamps
• "-l" preserves the symbolic links
• "-D" preserves devices and special files
• "-v" turns on verbosity in output
• "-z" enables compression

If you are wondering if the above method of using rsync is suitable for the vpopmail maildirs as well, the answer is yes, but with some adjustments. This is what I have in my backup scripts:

rsync -a \ 
 --stats --delete-after --delete-excluded --numeric-ids --partial \
 --exclude=Maildir/tmp/ \
 --exclude=Maildir/*/tmp/ \
 --exclude=dovecot* \
 --exclude=*.lock \
 --exclude=*.lock.* \
 --exclude=/cache/ \
 --exclude=*.qmail \
 --exclude=*.qmails \
 -e "ssh -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=no" \ 
 root@${MAIL_IP}:/home/vpopmail/domains/ /home/backup/backup-domains/ \ 
 >> "$LOGFILE" 2>&1

As you can see, I'm excluding the dovecot indexes and all the Maildirs' tmp dirs. This avoids transferring constantly changing temporary or volatile data, reduce the risk of inconsistencies if the backup is restored to a server with a different version of dovecot and improve synchronization performance by avoiding large amounts of non-critical files.

--stats prints statistics of the transfer in the log file.

--delete-after deletes files on the destination server only after the transfer is complete. If the transfer is interrupted midway, you don't immediately lose files on the backup.

--delete-excluded deletes from the backup everything that is no longer included in the sync, even if you had voluntarily excluded it.

--numeric-ids forces rsync to use numeric UIDs and GIDs instead of user and group names. This avoids problems if users on the backup server have different names than on the source server.

--partial Allows partially transferred files to be kept if the transfer is interrupted. With --partial, the file remains, and rsync can resume where it left off next time, saving time and bandwidth.

Connecting to the remote Host

You can have a quick connection to the remote Host if you setup a ~/.ssh/config file as follow

Host MyHost
HostName remoteHost.net
User ssh-user
Port 12345
IdentityFile ~/.ssh/id_rsa_remoteHost

and connecting as

> ssh MyHost
Enter passphrase for key '/home/ssh-user/.ssh/id_rsa_remoteHost':
Last login: Mon Sep  2 16:04:57 2013 from localhost
Linux 2.6.32.10-vs2.3.0.36.29.2-smp.
ssh-user@remotehost:~#

At this point it is convenient to disable root remote access setting /etc/ssh/sshd_config as follow:

PermitRootLogin without-password
AllowUsers ssh-user 
PubkeyAuthentication yes

MariaDB uses asynchronous replication based on binary logs (binlog). Master (source) writes changes to the binary log, slave (replica) reads the binlog from the master and replays events locally. Replication is one-way by default (master to slave).

Master configuration

Configure MariaDB by editing /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=1
log_bin=binlog
binlog_format=ROW
bind-address = 0.0.0.0

bind-address = 0.0.0.0 assures that the server is accessible from the outnet. Check with netstat

netstat -plunt|grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      417359/mariadbd

Restart MariaDB, then check the binary log file name and the binary log position:

MariaDB [(none)]> SHOW MASTER STATUS;  
+---------------+----------+--------------+------------------+ 
| File          | Position | Binlog_Do_DB | Binlog_Ignore_DB | 
+---------------+----------+--------------+------------------+ 
| binlog.000001 |    14446 |              |                  | 
+---------------+----------+--------------+------------------+ 
1 row in set (0.000 sec)

Create the user for the replication from the slave:

CREATE USER 'replica'@'SlaveIP%' IDENTIFIED BY 'password';
GRANT REPLICATION SLAVE ON *.* TO 'replica'@'SlaveIP';
FLUSH PRIVILEGES;

Dump the databases you want to backup (vpopmail, roundcubemail and spamassassin in my example):

mysqldump -u root -p --databases vpopmail roundcubemail spamassassin --single-transaction --master-data=2 > dump.sql

Slave configuration

Prepare the server by editing /etc/my.cnf.d/mariadb-server.cnf. Assign a unique id:

# replica 
server-id=2       # unique id
log_bin=binlog    # to revert master - slave 
read_only=ON      # cannot alter the database
# databases to replicate (it will read only these db from log)
replicate-do-db=vpopmail
replicate-do-db=roundcubemail
replicate-do-db=spamassassin

Log into MariaDB, stop the current slave (if it exists) and drop the databases to be cloned;

STOP SLAVE;
RESET SLAVE ALL;
DROP DATABASE IF EXISTS vpopmail;
DROP DATABASE IF EXISTS spamassassin;
DROP DATABASE IF EXISTS roundcubemail;

Use scp to copy the dump you have done earlier (here I am connecting via secure key):

scp -i '/root/.ssh/ed25519' root@MasterIP:/root/dump.sql .

Import the dump:

mysql -u root -p < dump.sql

Open the dump.sql file and identify the line holding the log file and the log position:

-- CHANGE MASTER TO MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

The same thing can be achieved by using grep

grep "CHANGE MASTER TO" dump.sql      
-- CHANGE MASTER TO MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

Enter the slave server and configure the master:

CHANGE MASTER TO MASTER_HOST='MasterIP', MASTER_USER='replica', MASTER_PASSWORD='replicaPWD', MASTER_LOG_FILE='binlog.000001', MASTER_LOG_POS=65327;

Then start the slave on MariaDB and verify its status:

MariaDB [(none)]> START SLAVE; 
Query OK, 0 rows affected (0.000 sec) 

MariaDB [(none)]> SHOW SLAVE STATUS\G 
*************************** 1. row *************************** 
               Slave_IO_State: Waiting for master to send event 
                  Master_Host: MasterIP
                  Master_User: replica 
                  Master_Port: 3306 
                Connect_Retry: 60 
              Master_Log_File: binlog.000001 
          Read_Master_Log_Pos: 719355 
               Relay_Log_File: mariadb-relay-bin.000003 
                Relay_Log_Pos: 357109 
        Relay_Master_Log_File: binlog.000001 
             Slave_IO_Running: Yes 
            Slave_SQL_Running: Yes 
              Replicate_Do_DB:  
          Replicate_Ignore_DB:  
           Replicate_Do_Table:  
       Replicate_Ignore_Table:  
      Replicate_Wild_Do_Table:  
  Replicate_Wild_Ignore_Table:  
                   Last_Errno: 0 
                   Last_Error:  
                 Skip_Counter: 0 
          Exec_Master_Log_Pos: 719355 
              Relay_Log_Space: 357420 
              Until_Condition: None 
               Until_Log_File:  
                Until_Log_Pos: 0 
           Master_SSL_Allowed: No 
           Master_SSL_CA_File:  
           Master_SSL_CA_Path:  
              Master_SSL_Cert:  
            Master_SSL_Cipher:  
               Master_SSL_Key:  
        Seconds_Behind_Master: 0 
Master_SSL_Verify_Server_Cert: No 
                Last_IO_Errno: 0 
                Last_IO_Error:  
               Last_SQL_Errno: 0 
               Last_SQL_Error:  
  Replicate_Ignore_Server_Ids:  
             Master_Server_Id: 1 
               Master_SSL_Crl:  
           Master_SSL_Crlpath:  
                   Using_Gtid: No 
                  Gtid_IO_Pos:  
      Replicate_Do_Domain_Ids:  
  Replicate_Ignore_Domain_Ids:  
                Parallel_Mode: optimistic 
                    SQL_Delay: 0 
          SQL_Remaining_Delay: NULL 
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates 
             Slave_DDL_Groups: 0 
Slave_Non_Transactional_Groups: 90 
   Slave_Transactional_Groups: 980 
         Replicate_Rewrite_DB:  
1 row in set (0.000 sec)

If Slave_IO_Running: Yes and Slave_SQL_Running: Yes it's ok. Seconds_Behind_Master inform us if the server is aligned.

You can insert data into Master and check if they are replicated no Slave.

Promoting the backup server to production

Connect to mariadb from command line and check the slave status and that the slave is synced with master (Seconds_Behind_Master: 0):

SHOW SLAVE STATUS\G

Check that:

Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Seconds_Behind_Master: 0

If slave is perfectly synced with master stop the replica

STOP SLAVE;
RESET SLAVE ALL;

Set the mariadb server writable

SET GLOBAL read_only=OFF;

Exit from MariaDB command line and modify the config file so that read_only is commented out.

[mysqld] 
# replica 
server-id=2 
log_bin=binlog 
#read_only=ON 
replicate-do-db=vpopmail 
replicate-do-db=roundcubemail

Restart the server. Now the database server is in production.

Solr è un server di indicizzazione basato su Apache Lucene. Dovecot communica con esso attraverso delle query HTTP/XML. Il server di indicizzazione consente di fare ricerche di testo in modo veloce nelle mail, compreso il corpo dei messaggi.

• Scarica l'ultima versione: v. 9.10.1
• Documentazione ufficiale
• Documentazione di Solr FTS Engine per Dovecot

Changelog

• 8 febbraio 2026
  - upgrade alla versione 9.10.1
• 5 marzo 2025
  - la versione 9.8.0 richiede SOLR_OPTS="$SOLR_OPTS -Dsolr.config.lib.enabled=true" in solr.in.sh

Aggiornamento alla versione 9.10.x

• Maggiori informazioni qui
• Dovecot ha recentemente rilasciato i file schema aggiornati alla versione 9, alternativi a quelli che si trovano qui

Prima di ogni cosa controllare che la propria versione di java sia almeno la 11.

Scaricare Solr:

SOLR_VER=9.10.1
wget https://www.apache.org/dyn/closer.lua/solr/solr/${SOLR_VER}/solr-${SOLR_VER}.tgz?action=download -O solr-${SOLR_VER}.tgz

Arrestare quindi il server Solr e lanciare l'aggiornamento con le opzioni -f (aggiornamento) e -n (non lanciare do not start the server when finished) options:

tar xzf solr-${SOLR_VER}.tgz solr-${SOLR_VER}/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-${SOLR_VER}.tgz -f -n

Gli utenti Slackware invece dovranno procedere diversamente:

wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh
chmod +x install_solr_slackware.sh
./install_solr_slackware.sh solr-${SOLR_VER}.tgz -f -n

Scaricare e installare il nuovo schema e il file di configurazione per Dovecot

cd /var/solr/data/dovecot/conf
rm -f schema.xml managed-schema.xml solrconfig.xml
wget https://raw.githubusercontent.com/dovecot/core/refs/heads/main/doc/solr-schema-9.xml -O schema.xml 
wget https://raw.githubusercontent.com/dovecot/core/refs/heads/main/doc/solr-config-9.xml -O solrconfig.xml
chown solr:solr solrconfig.xml schema.xml

Il nuovo file di configurazione sostituisce LRUCache con CaffeineCache e cambia la locazione delle librerie .jar (diff).

Riconfigurare il proprio /etc/default/solr.in.sh file, dato che molte opzioni sono cambiate radicalmente, quindi riavviare Solr.

Dobbiamo abilitare le librerie di configurazione come descritto qui per risolvere un errore che compare dalla versione 9.8.0 quando con lo scjema di Dovecot. Aggiungere questa riga al file /etc/default/solr.in.sh:

SOLR_OPTS="$SOLR_OPTS -Dsolr.config.lib.enabled=true"

Infine aggiornare gli indici (editare lo script apposito per inserire la propria password di Dovecot)

wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh
chmod +x solr_rescan_index.sh
chown root:root solr_rescan_index.sh
chmod o-wrx solr_rescan_index.sh

./solr_rescan_index.sh
Stopping Dovecot 
. 
<?xml version="1.0" encoding="UTF-8"?> 
<response> 

<lst name="responseHeader"> 
 <int name="status">0</int> 
 <int name="QTime">20</int> 
</lst> 
</response> 
Starting Dovecot.

Lo script non deve restituire errori (status=0). Se invece si ottengono degli errori è necessario ricontrollare le autorizzazioni di sicurezza e le credenziali dell'utente dovecot di Solr.

• Maggiori informazioni qui
• Versione: fehQlibs-30

Le fehQlibs sono librerie C aggiuntive sviluppate da Erwin Hoffmann. Sono un prerequisito di ucspi-tcp6 e di ucspi-ssl.

Installare come segue in /usr/local:

FEQLIBS_VER=30
cd /usr/local
wget https://www.fehcom.de/ipnet/fehQlibs/fehQlibs-${FEQLIBS_VER}.tgz
tar xzf fehQlibs-${FEQLIBS_VER}.tgz 
chown -R root:root fehQlibs-${FEQLIBS_VER}
cd fehQlibs-${FEQLIBS_VER}

Cambiare la cartella di installazione modificando il file conf-build come segue

LIBDIR=/usr/local/lib 
HDRDIR=/usr/local/include 

Compilare e installare

make -C src
make -C src shared
make -C src install 

cd ..
rm qlibs
ln -s fehQlibs-${FEQLIBS_VER} qlibs

Le qlibs dovranno essere trovate al momento della compilazione di ucspi-tcp6, quindi dobbiamo aggiungerle al file /etc/ld.so.conf:

echo "/usr/local/qlibs" >> /etc/ld.so.conf
ldconfig

In genere nei sistemi Unix si può lanciare questo comando per ottenere lo stesso risultato e linkare le librerie qlib:

ldconfig -m /usr/local/qlibs

TxRep was designed as an enhanced replacement of the AutoWhitelist plugin. TxRep, just like AWL, tracks scores of messages previously received, and adjusts the current message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. Each message from a particular sender adjusts the historical total score which can change them from a spammer if they send non-spam messages. Senders who are considered non-spammers can become treated as spammers if they send messages which appear to be spam. Simpler told TxRep is a score averaging system. It keeps track of the historical average of a sender, and pushes any subsequent mail towards that average.

The Bayesian classifier in Spamassassin tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham. If I've handed 100 messages to sa-learn that have the phrase penis enlargement and told it that those are all spam, when the 101st message comes in with the words penis and enlargment, the Bayesian classifier will be pretty sure that the new message is spam and will increase the spam score of that message.

In pratica Bayes è un classificatore statistico: guarda i token (parole, header, URL, ecc.) e calcola la probabilità che il messaggio sia spam senza interessarsi di chi manda, ma solo del contenuto.

Invece TxRep tiene traccia della reputazione del mittente (indirizzo email + IP).

• TxRep - Reputation plugin
• README.txrep
• Bayes Introduction
• README.bayes

Changelog

• 18 agosto 2025: aggiunte parecchie informazioni alla sezione "Addestramento del sistema bayesiano"

• Info: http://www.fehcom.de/ipnet/ucspi-tcp6.html
• Autore: Erwin Hoffmann. Le funzionalità IPv6 sono state incluse dalla IPv6 patch di Felix von Leitner. Il lavoro originale ucspi-tcp 0.88 da cui è derivato ucspi-tcp6 è di D.J. Bernstein
• Version: 1.13.07

TCP6_VER=1.13.07
cd /var/qmail/ 
wget https://www.fehcom.de/ipnet/ucspi-tcp6/ucspi-tcp6-${TCP6_VER}.tgz 
tar xzf ucspi-tcp6-${TCP6_VER}.tgz 
cd net/ucspi-tcp6/ucspi-tcp6-${TCP6_VER}/ 
./package/install

qmailctl reboot

• Maggiori informazioni: http://www.fehcom.de/ipnet/ucspi-ssl.html
• Autore: Erwin Hoffmann
• Versione: 0.13.07

sslserver, sslclient, e sslhandle sono strumenti da utilizzare dalla linea di comando per costruire applicazioni SSL client-server. 

sslserver ascolta connessioni su IPv6 e/o IPv4, e lancia un programma per ogni connessione accettata. L'ambiente del programma include variabili che mantengono l'host name locale e remoto, l'indirizzo IP, e i numeri di porta.

sslclient richiede una connessione o a tramite IPv6 o IPv4 TCP sockets, e lancia un programma. L'ambiente del programma environment include le stesse variabili di sslserver.

Mediante sslserver è possibile accettare connessioni sicure per spedire la posta attraverso la porta 465 previa autenticazione.

Abbiamo già installato le fehQlibs, che sono delle librerie C supplementari necessarie anche per ucspi-ssl.

A partire dalla versione 1.13.05 è richiesto il pacchetto mandoc sia per ucspi-tcp6 che per ucspi-ssl. Gli utenti Slackware possono trovare il pacchetto su slackbuild.org.

UCSPISSL_VER=0.13.07
cd /var/qmail 
wget https://www.fehcom.de/ipnet/ucspi-ssl/ucspi-ssl-${UCSPISSL_VER}.tgz
tar xzf ucspi-ssl-${UCSPISSL_VER}.tgz 
cd host/superscript.com/net/ucspi-ssl-${UCSPISSL_VER}
./package/install

La configurazione degli script supervise per qmail-smtps è all'interno della pagina riguardante la configurazione.

Changelog

• May 14, 2026
  - dovecot 2.4.3 released. Changed dovecot_config_version and dovecot_storage_version in dovecot.conf
  - the new version has lua as a dependency. Added --without-lua at configure command
• Feb 25, 2026
  - Added Server Name Indication (SNI) settings in sni.conf.template, imported from local.conf commit
  - userdb iterate query nor orders by domain and username commit
  - 15-mailboxes.conf: fts_autoindex = no added to Trash and Junk folders commit
  - 10-auth.conf: + character added to auth_username_chars commit
• Nov 24, 2025
  - dropped 'enforce = no' from 90-quota.conf to enforce quota limits (commit)
• Nov 22, 2025
  - quota driver switched to 'count' (commit). 'count' is the recommended way of calculating quota on recent Dovecot installations.
• Oct 30, 2025
  - dovecot ugraded to v. 2.4.2
• Mar 29, 2025
  - dovecot updated to v. 2.4.1-4
• Mar 15, 2025 (config version 2.4.0.1 diff) 
  - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here)
  - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included from local.conf
• Mar 9, 2025
  - fixed quota calculation in sql queries (tx Hakan Cakiroglu)
• Feb 22, 2025
  - Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Bug fix in move-spam.sieve: erroneously matches "YES" if "BAYES" is in the header
• Feb 15, 2025
  - added support for vpopmail configured with --disable-many-domains
  - 90-sieve.conf: global script move-spam.sieve called correctly
• Feb 8, 2025
  - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko)
  - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
• Jan 29, 2025
  - dovecot upgraded to v 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
• Nov 15, 2024
  - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Dec 29, 2023
  default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default
• Feb 10, 2023
  - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)

• Info: https://roundcube.net
• Versione: 1.7.1

Roundcube è una webmail avanzata con una bella interfaccia grafica.

Changelog

• May 24, 2026
  - version 1.7.1 (security release)
• Mar 9, 2025
  added $config['quota_zero_as_unlimited'] = true; to show quota unlimited instead of unknown for accounts with unlimited quota

• Versione di vpopmail: 5.6.13
• github: sagredo-dev/vpopmail
• Scarica
• Changelog completo
• README.vdelivermail
• Pagina originale di Inter7

Vpopmail fornisce un modo semplice di gestire indirizzi di posta su domini virtuali e account email diversi da quelli su /etc/passwd.

Changelog

• Feb 11, 2026
  - vlimits.c: avoids no file found exit when .qmailadmin-limits is not existent because no limits are defined yet (a565779)
  - added sql files to be imported on upgrade to v. 5.6.x (8136480)
• Feb 8, 2026
- migliorata la sezione "upgrade"
  - vmysql.c changes (#10)
  • valias_create_table now check if table is already created in order to avoid warnings in dotqmail2valias
  • solved quotes issue in query in valias_insert function
• Nov 20, 2025
  - vutil: 'isSomething' functions reviewed to satisfy qmailadmin calls in #9
  - Added definition of 'call_onchange' function and cured its calls to avoid break 97ffe38
• Oct 30, 2025 (v. 5.6.10)
  - Added specific usage informations for s/qmail users (look here)
  - Dropped -std=gnu17 from compilation options and solved (probably) all breaks and warnings on gcc 15.2 2d8526d
  - configure.ac now looks for mariadb include and lib dir in addition to mysql dab36e8
  - configure.ac automatically looks for vanilla qmail's users/cdb and s/qmail's users/assign.cdb file 723efb3
  - Updated the usage() funcion message in vadduser.c to clarify the use of pre-hashed passwords with -e 5b5ccdb
  - control/defaultdelivery is now installed by vpopmail if --enable-defaultdelivery 77f54eb
  - vrcptcheck checks all kind of address (users, forwards, valiases) #7
  - Dropped unused functions in vpopmail.c #8
• Sep 1, 2025 (v. 5.6.9)
  - added -std=gnu17 to gain compatibility with gcc-15 (PR #6)
  - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
• Mar 29, 2025
  - defaultdelivery feature (--enable-defaultdelivery) changes (more info here, commit):
  • vdelivermail is installed by default in .qmail-default of newly created domains with option 'delete' as in the previous version.
  • if no user's valiases and no .qmail are found, then the message is sent to the control/defaultdelivery file, so that dovecot-lda (or whatelse) can store the mail into inbox and execute the sieve rules.
  • if vdelivermail is found in control/defaultdelivery, then it is ignored. The delivery remains in charge to vdelivermail, to avoid loops.
  • v. 5.6.8 is backward compatible. The users having .qmail from previous versions of the defauldelivery feature are not affected by this change.