KaBewM.com

A lot of people have been asking for greylisting in the QmailToaster. Although I do not plan to add ANY of greylisting packages to the QmailToaster release at this time, here is a simple one to add quicky to the QmailToaster.

http://thomas.mangin.me.uk/software/qmail-greylist.html

Install instructions are simple (modified for QmailToaster):
cd /var/qmail/bin ; wget http://thomas.mangin.me.uk/data/source/greyd ; chmod +x greyd ; mkdir /var/qmail/grey ; chown vpopmail.vchkpw /var/qmail/grey


Add ‘,GREY=”"‘ to the :allow statement at the bottom of /etc/tcprules.d/tcp.smtp and run “service qmail cdb“.

Then change /var/qmail/supervise/smtp/run to look like this:

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
GREYD="/var/qmail/bin/greyd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"

exec /usr/bin/softlimit -m 12000000 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $GREYD $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1

Got some feedback about the libsrs2-toaster package on the main site and the qmail-toaster package on the devel site. Basically there was a minor fix for the libsrs2-toaster package, which has been re-released. This consisted of tweaking the spec file to put libs in /usr/lib64 on 64-bit machines. My mistake. Not having a dedicated 64-bit build host really screws me up from time to time, my apologies to any affected.

The qmail-toaster package on the devel site has SRS as a mandatory compile feature. This feature can be disabled at runtime by leaving the srs_domain option blank. The problem here appears to be gcc4 (and above) specific. I am working with Marcelo Coelho to fix this for the QmailToaster users. Hopefully we will be able to make this a “main” site release soon.

My howtoforge article is going to be fairly detailed, yet there will be a few changes from the main docs (Perl modules from rpmforge, BIND instead of djbdns). I am writing this the way I set up QmailToaster. This means a CentOS 4.x system running a Bind Caching Name Server with an IP Tables Firewall. In addition, I will be enabling SURBL, Blacklists, OpenProtect SA Rules, and SRS to assist with spam blocking. Instead of using cnt40-perl.sh, I will be installing the rpm’s from the rpmforge repository. Other than RPMForge/BIND, it’ll pretty much be the same as the current install docs. I am more than half done, so far, but I am waiting for the SRS enabled release to make it to the main site.

Today I released an updated SquirrelMail package for the QmailToaster. It is currently on the devel site only, although I plan to move that one to the main site fast. I will also be moving the maildrop and courier packages over. I have been testing an SRS enabled QmailToaster on one of my servers and thus far all is well. I believe I am going to put it out there within the week as an optional compile time option.

I’ve also begun writing an article about QmailToaster for the HowtoForge site. I’d really like to see major growth for the QmailToaster Project this year, and I think getting the word out will be key. I hope to be finished with my article by Friday of this week.

RegisterFly finally issued my cert for my personal domain. It took forever and isn’t a single root cert, as advertised, but at least it works. I basically pasted my csr into the support ticket and told them to send an approval request to hostmaster ‘ at ‘ kabewm.com for approval. This is not the cert they advertise, nor was it issued in the ten minutes advertised on their site. In the future I will be buying from elsewhere to avoid the headaches.

I attempted to get a RegisterFly cert for my domain, but immediately after submitting my csr I get an error. I figured, no worries, I’ll just submit a ticket and get this taken care of asap. Well it’s been over 48 hours and not a peep out of the support site. When I submitted the ticket, I saw a note saying that typical service is within 2-3 hours but it could take up to 24 hours. Well needless to say I will no longer be recommending RegisterFly certs to anyone. The QmailToaster procedure for SSL Cert’s used to point to these clowns, but no longer. It now points to RapidSSL, a company that is fairly inexpensive but with good support and a procedure that just works.

Today I’ve released four updated packages for the QmailToaster Project. The first three were fairly minor in changes, as they were maintenance upgrades for the Courier-MTA utilities. This included the maildrop, courier-imap and courier-authlib packages. The more interesting changes were made by Alexey Loukianov, a member of the QmailToaster Community. He had released a few logging patches for SPF and DomainKeys for the main smtp server package. These patches make it a lot easier to determine where things went wrong. I have decided to include those in the next release of the main qmail-toaster package, currently on the devel site for public consumption. I will be moving this to the main site, should no complaints or show stoppers show up in a months time.

Special Thanks to Alexey Loukianov, The QmailToaster Community & Lightspeed Wireless. Without their support, the QmailToaster Project would not be moving as fast.