Qmail dns any patch

The current "stable" version, 2. Even the "development" version, 3. Unfortunately, the qmailrocks distribution consists of a single tarball, which contains all of the other packages- qmail itself, a copy of this ancient version of my patch, as well as ancient versions of vpopmail, courier-imap, and so forth.

And even though qmailrocks has stopped updating, none of the other packages have- and that includes this combined patch. Which means that, unless you take the time to hunt down the current versions of the individual packages, read through their documentation well enough to understand what has changed since whatever version qmailrocks is using, and update the qmailrocks scripts to work with the current versions of the underlying packages, you will be setting up a server based on ancient software, configured in an insecure manner, and the first time soemthing goes wrong with that server, you will suddenly discover that qmailrocks' total lack of documentation has not prepared you to deal with the issues which WILL arise.

Do yourself a favour. Take the time to learn how qmail actually works, and then build a server which you understand how to operate. See Life with qmail LWQ for a much better set of directions. Most people start learning qmail by following along with the LWQ directions, then going back and adding any other patches they may need for their own servers the "netqmail" patch that LWQ uses is a very minimal patch. If you're curious, the current version of my patch includes every patch which is part of netqmail I haven't looked at netqmail Because I'm tired of having people like this guy scroll to the bottom of that page blaming ME for qmailrocks' problems.

Of course, the fact that he added this note to his web page, telling people to not use my patch, without so much as talking to me about it first, is a separate issue Version 7.

Changes in Version 5 , released , and included as part of "qmailrocks". The qmail RFC section 4. I choose not to, since this is one of the favourite tricks of the spammer.

If you don't want any limit, you can either delete this file, or use 0 as the value. Also, a minimum limit of recipients is enforced within the code- if you try to set it to a lower number, it will use If it has trouble looking up those records, it uses a error instead. When combined with a mechanism to make certain domain names appear to not exist , it can make for an effective way to reduce the amount of spam received by rejecting messages which claim to be from certain domain names.

With the "6c2" or later version of the combined patch, the environment variable will be re-read if the client sends a successful AUTH command. With the "6c6" or later version of the combined patch, using a value of 2 or higher will cause all non-successful checks to be logged, and using a value of 3 or higher will cause successful checks to be logged as well. Some ISP's have accounts which are only used for dialup access, and never check their mail. This patch prevents messages sent to these users from clogging up the queue for a week before being bounced.

The qmail-date-localtime. The qmailqueue. This "hook" allows you to do things like virus scanning and RBL checking before the message ever goes into the queue. If this other program returns a value other then zero, the SMTP server treats it as a hard or soft error depending on the return value and refuses to accept the message. It adds two new error responses to qmail-smtpd- one causes it to drop a message with a response of "we do not accept SPAM", and the other causes it to drop the message but act like it was accepted.

I've seen some mail servers continually try to deliver the same message over and over again, and they won't stop until it's been delivered. This allows a qmail-queue replacement program to "fake out" these servers. Note that this patch changes how qmail-smtpd interprets the return value "1" from a qmail-queue replacement program.

Instead of meaning "temporary failure", it means "ignored as spam". Filters which return 1 will cause a "temporary failure" response in an un-patched qmail-smtpd, which will result in the message delivery being tried over and over until the remote machine gives up on it. It's certainly not something that the RFC planned for, but I don't see it as a violation.

If I know that I don't want to receive a certain email message, and that I will never want to receive a certain email message, then telling the remote server that I've handled the message is exactly correct, because the message has indeed been correctly handled, in accordance with MY wishes. The fact that my wishes aren't the same as the wishes of the sender of the message is meaningless to me.

Spam is spam and I don't want any. If anybody out there doesn't agree with me, that I should be the one who ultimately decides which messages I do and don't receive on MY machine, then don't run this patch. The ". The errno. The qmail-smtpd-auth patch teaches qmail-smtpd to handle the AUTH command, which allows authorized remote users to use your mail server as a relay.

The original patch came from here , but I changed it so that qmail-smtpd would only advertise the AUTH capability if it actually supports it i. Note that this was the first patch I couldn't make apply cleanly with the others without manual changes to the code.

This was the patch that started me on the idea of making a single combined patch file- not so much for distributing to others through my web site, but for carrying around with me for when I build client machines- first on a CD-ROM, and later on a USB memory stick. Of course the USB memory stick now contains a lot more than just a patch file- it has a full set of scripts that I use to take a machine from a fresh install of Centos 4 to a fully functioning server.

NOTE : There have been issues where people who started out using the original AUTH patch were inadvertently making their machines into open relays because the code in the patch doesn't adequately check to make sure that a "checkpassword" program is properly specified on the command line. I have sent my changes to the author of the AUTH patch, but it's been several years now and he hasn't released any new versions yet.

I also added another check to the program- it will not advertise the AUTH capability unless the checkpasswd program is specified correctly on the command line i. This prevents users from sending their passwords over the wire in plain text when they forget to turn on the TLS or SSL checkbox in their mail program. This is for security reasons- allowing people to send AUTH commands over a non-encrypted connection is allowing them to give out their passwords over the Internet- and all a spammer needs is one valid userid and password in order to use your server as a spam relay.

For some reason, qmailrocks If you are using qmailrocks Later versions of the combined patch include a way to disable this security measure, but I do not recommend that anybody use it and if you got my patch as part of the qmailrocks SPF is a system where the owners of domain names can "publish" the list of IP addresses from which their users send mail. If another mail server sees an incoming message claiming to be "From" that domain, but not coming from an IP on their SPF list, that server can reliably reject the message as a forgery.

The environment variable, if present, will override the file. I've been using 3 on my own server for over a year, and I've been very happy with the results. You can also use the control files spfrules , spfguess , and spfexp as detailed on the original SPF patch home page. The version of the SPF patch which has been included here is rather old it's version "rc2" on the patch's home page , and it has some bugs. Version 6c9 of the combined patch updates this to the latest "rc5" version of the SPF patch.

Part of qmail's loop-detection logic is determining whether or not a given IP address "is" the current machine.

This patch "teaches" qmail that 0. This post from the qmail mailing list describes the problem. This file on qmail. I have since updated this patch- see the newbind. This mailing list message describes the problem and includes the patch file which I saved as a stand-alone. After a discussion with Eric from qmailrocks. Some people may have servers which only exist inside of a closed network and have no contact with the outside world, some poeple may have clueless supervisors who order them to turn on AUTH without requiring the users to use encryption, and some people may live in a country where encryption is illegal This would normally be done in the "run" script which starts up the qmail-smtpd service.

I have added another manual patch which modifies how the TLS patch works. This way, if you don't want to support TLS, you simply don't create the. Also with this patch, if you need to build qmail without needing the openssl libraries for some reason i. When you run make after this change, the resulting qmail-smtpd will not have any references to the openssl libraries at all and of course will not be able to handle the STARTTLS command.

This can also be used in your tcpserver access control file if there are certain IP addresses for which you do not wish to support TLS. I will admit this isn't the most descriptive error message in the world, and it will be clarified in a future patch. Thanks to Allyn Baskerville on the qmailrocks list for pointing this out. The validrcptto. My modification is that it uses a cdb file instead of a flat text file, which is a MAJOR performance boost for sites with more than a few hundred mailboxes on the server.

I wrote it so that if the validrcptto. This allows you to have the patch on your server before you're actually ready to use it, or even if you don't plan to use it at all. I have also added a counter to this mechanism I plan on using this on my own server to automatically add these IP addresses to a blacklist. Setting it to zero will disable the checks, allowing unlimited attempts otherwise known as "harvesting", a trick used by spammers to build a list of which email addresses do and don't work within your domain.

This web page describes the stand-alone version of this patch, suitable for adding to djb's original source. It also provides more documentation, including directions for a script called mkvalidrcptto which can be used to build the validrcptto.

For people who care about such things, the normal rcpthosts check is done first- if an email arrives where the recipient's domain name is not listed in the rcpthosts or morercpthosts. The standard warning about using or allowing AUTH to happen without some kind of encryption applies here Most of the people who would try are going to be spammers anyway, so I don't really think it makes a whole lot of difference.

Doing this will prevent any other service from being able to deliver their normal mail to your server. This was causing problems with TMDA , a challenge-response mechanism that I use on my server which some people may not like, but I will state this- it is probably the single most effective spam-blocking tool I have ever used.

The problem was that TMDA would send a challenge, and whenever anybody answered a challenge, their answer was rejected by the validrcptto mechanism. Thanks to "marlowe" on the qmailrocks mailing list for telling me this was happening. Part of writing the "-default" search stuff was adding debugging code to make sure I was using djb's string functions correctly. They're a bit tricky, but once you figure out what they do, they're actually pretty cool.

I ended up leaving some of the debugging stuff in there, figuring some people might want to see it when they run their servers. Using 1 shows what it's looking for and what it found, while 2 also shows which specific values it's searching from the cdb file. Somebody on the qmailrocks mailing list had a question about a patch to NOT include the entire original message when generating a bounce.

I looked at it, and the patch is very nice- it only touches one file, it only makes the absolute minimum changes it needs in order to do its job, and it doesn't cut existing lines which would prevent future patches from applying cleanly. However, I don't like the fact that it's always enabled, and has a 50, byte limit by default. I tend to feel that unless the administrator does something extra defines an environment variable, creates a control file, etc.

Since I was playing with the code again anyway, I went ahead and added this patch to the mix. This matches the original behavior of qmail-send the program within qmail which actually builds the bounce messages, and which this patch affects. There is also no default of 50, anymore- the default is zero, meaning no trimming of bounce messages. If you want a limit, whether it's 50, or something else, you will need to create the control file. These changes are needed in order to allow for patches which require different environment variables to be set depending on whether or not the connection has been successfully AUTH'd.

Note that the environment changes happen when the first DATA command is sent by the client. An example of a patch which needs this functionality, and in fact the initial reason for writing this patch, is the domainkeys patch.

In order to verify a signature for an incoming message, it requires that a variable DKVERIFY exist, which contains a list of letters telling which domainkeys results should be considered hard or soft errors. The domainkeys patch is not a full combined patch like the ones listed here.

It is an "add-on" patch which is meant to be installed after installing one of the combined patches here. It is only available for the 6b and later versions, since it requires the dynamic environment variables change features which were added from 6a to 6b. Fixes the CRAM bug, where the challenge and response were being sent from qmail-smtpd to vchkpw in the wrong order.

I have installed them for reasons I explain below, which are not necessarily reasons that matter to everyone. This is a list of the patches I use and some others I have run across , with descriptions and reasons for using them. Most of these patches were pulled from qmail. Some people feel that qmail has certain shortcomings like non-conformance to RFCs and either like complaining or have found a solution, or have developed patches to fix the problem.

Trust me, the issues have been hashed over again and again and again on the qmail mailing list, and the current state of things seems to keep the most people happy. In most cases, things are the way they are on purpose please feel free to search the qmail list archives for the explanation of any particular detail! These patches all work on netqmail, which you should be using anyway. While vanilla qmail is as cool and unbreachable as ever, netqmail is a convenient packaging of some of the patches that have cropped up as being very important.

It is not officially the same thing as qmail, but is a convenience packaging of qmail. For more information, go here. One final note, some of these patches conflict or seem to , and resolving them takes a little bit of knowledge of C. For any others, you're on your own. We can quibble over whether that's the smartest thing to do, but as-such, qmail's behavior is consistent with the RFC.

The usual complaint is to point out that RFC says in section 5 :. The policy at issue here, however, is regarding errors given as part of the greeting. What should it mean for that particular message you're trying to deliver?

This is primarily what Matthias Andree's patch changes. Some vocal mail administrators seem to be of the opinion that a greeting error is a resonable thing to use to indicate an overload situation for example, that the server is overwhelmed by a spam attack, and cannot handle additional email at the moment.

But consider: is this a reasonable thing to do? If a server cannot or will not accept email, and this is known at connection time, why accept the connection? It wastes bandwidth, it wastes server resources, it wastes time. Why would anyone use scarce resources—in the middle of being overloaded—to tell senders about it?

Why accept a connection when you cannot accept email? It's more efficient to simply refuse the connection. Imagine if taxicabs worked on the same principle. When they're hired and full, they cannot accept new riders. The easiest and most direct way of not accepting new riders is to ignore the folks on the sidewalk waving at the taxi.

The idea that the taxi would pull over to tell them "sorry, I'm busy" seems downright goofy almost as if the taxi driver is taunting the people on the sidewalk. Similarly, if a server is overloaded, the idea that it would accept connections for the sole purpose of telling the sender "sorry, I'm busy" also seems goofy. If you're busy, you should be using your resources to do your job rather than using them to tell everyone how terribly busy you are.

So it seems reasonable to conclude that if a server is willing to accept new connections, then it's probably not overloaded. However, the more important issue is that when a server KNOWS it cannot accept email for whatever reason, what should it do? First it needs to decide if it wants that email delivery attempt be retried immediately or later?

And, in either case, should the sender re-contact the most-preferable MX i. Answering the latter question requires answering another question first: what do backup MX records mean? If you have multiple servers available to deal with high load, why not assign them all the same priority and use them ALL during low-load situations as well e.

I finally had the time to install this patch and configure qmail-channels. Now I need to wait until we send out our next newsletter to see if qmail is separating emails in separate queues based on the destination domain. I should have a detailed analysis for us within the next couple of days. Stay tuned! After my original message, Yahoo is now also refusing our newsletters because we are sending too many emails at the same time:. I'm not familiiar with the qmail channel patch, but you have to limit the number of mails per second in order to avoid the block.

Roberto Puzzanghera miz July 11, It seems that yahoo accepts a maximum of 20 msg per connection, so this patch should do the trick Gabriel Torres Roberto Puzzanghera July 12, The qmail-channels patch you integrated in your patch worked like a charm to fix the yahoo issue described above. We could use the postfix solution you linked above, but it would only work in our webserver where postfix is used to accept and send emails to our email server, which is running qmail , whereas with qmail-channels we have the solution valid for all emails sources in our setup, which is best.

The configuration of qmail-channels is quite simple. After applying the patch, and before compiling qmail, we need to edit conf-channels and add the total number of queues we want.

The default is 2, meaning local and remote. As I wanted two additional queues two group of domains we wanted to limit the delivery rate , I changed that to 4 and compiled qmail.

Roberto Puzzanghera Gabriel Torres July 12, Suitable concurrency values could be useful to someone else Gabriel Torres Roberto Puzzanghera July 13, I am still testing the numbers. I have concurrencysuppl0 with 1 and concurrencysuppl1 with 10 right now. According to what the other user posted above, we could increase the Yahoo queue up to Another note: I had to increase the softlimit configuration.

Na April 25, GoofY April 10, While running make in the netqmail dir I encountered an error in chkuser. Roberto Puzzanghera GoofY April 10, Tony Fung April 8, I just compile libdomainkeys with patch "libdomainkeys-openssl Is the patch "libdomainkeys-openssl Roberto Puzzanghera Tony Fung April 8, Madzel February 19, Roberto Puzzanghera Madzel February 19, Madzel Roberto Puzzanghera February 19, Can you confirm that this is the patch you applied?

Madzel Roberto Puzzanghera February 20, Yes, i used the linked openssl patch. I have all downloaded data deletetd and repeated the whole procedure again:. Roberto Puzzanghera Madzel February 27, Roberto Puzzanghera Madzel February 20, Try to apply this patch, which is specific for openssl Stumpi February 11, It will not compile with OpenSSL 1. After more than 12 years of using Qmail it is now time to change to Exim or PostFix, i guess. Sad and disapointing Roberto Puzzanghera Stumpi February 19, Roberto Puzzanghera Stumpi February 12, It compiles with v.

I'm confident that someone will solve this at some point. Charles January 24, I have installed netqmail Roberto Puzzanghera Charles January 25, Wouter de Geus December 19, Right now I'm trying to upgrade my legacy qmail server to a new incarnation based on Docker, going with your patch this time :. I figure it's a matter of time before this becomes a necessity, alreaady I see older TLS versions being dropped on various mailservers.

Roberto Puzzanghera Wouter de Geus December 19, Honestly, accomplishing this task would be far over my skills but I'm confident that an upgrade to the qmail-tls patch by f. Bernardo Correia September 20, I have a centos 7 working with your qmail how to.

But when i try to update to the latest patch i start getting this errors on smtp log. I'm still unable to solve the problem, already tried to increased soft limit with no luck, double checked all perms on queues and qmail directory, checked all the run files, nothing.

Roberto Puzzanghera miz July 24, Roberto Puzzanghera Bernardo Correia September 20, Mirko Buffoni August 20, It was hard to track. But I was lucky to isolate the problem with a mail client who was issuing a RSET command and closed the connection brutally after this. After a RSET command, the mailfrom. Roberto Puzzanghera Mirko Buffoni August 23, Thanks to Mirko this bug was fixed in the v. Mirko Buffoni August 17, However, it compares the header with string without considering that the string may be longer, after the match.

The proposed patch will fix this, allowing, as an extreme case, to specify a colon as last character in searched header string. So a field Subject: will work too giving back the searched Subject, while field Subjectt won't. Roberto Puzzanghera Mirko Buffoni August 17, Vahid Baboli July 6, Roberto Puzzanghera Vahid Baboli July 6, Provided that you can choose to install the complete combined patch and then use just what you need of it, this could be a subset of patches that you need to build a send server.

The most important in my opinion are in bold text. Vahid Baboli Roberto Puzzanghera January 2, Roberto Puzzanghera Vahid Baboli January 3, Vahid Baboli Roberto Puzzanghera January 3, These servers are only sending mail out so I only need any-to-cname and TLS patch. If your server is just sending, the logging patch is of little use, because it logs qmail-smtpd.

You can always decide to use my big patch roberto-netqmail We are getting lots of complains and rejections due to use of TLS 1. I am wondering is there is a way to make qmail-remote we are only sending binary static so I just package the binaries and deploy to servers rather that compile on each server. I am not sure all servers have the latest libraries.

I would also consider building a qmail package for your linux distribution, just to save the compilation time, but you must be sure that all the libraries are the same in all your servers, of course. Kris von Mach November 14, Tocy November 8, Roberto Puzzanghera Tocy November 8, Tocy Roberto Puzzanghera November 9, Roberto Puzzanghera Tocy November 9, I will gladly test but I don't know how to fix the code for this library and the qmail-remote.

Sorry but I am more of a system guy than a developer:. Tocy Tocy November 10, Roberto Puzzanghera sa1phx November 6, I can confirm the changes sa1phx posted for the "domainkeys. Here are my details -. Here is the resulting diff between the source with the libdomainkeys I confirm that after applying their changes, make succeeds and libdomainkeys. I cannot yet confirm that the libdomainkeys. As my C skills are close to zero, some help would be really appreciated in order to make my patch openssl Unfortunately, qmail-remote.

I applied the patch you showed for qmail-remote. When I try to make with the openssl I didn't want to use openssl 1. I edit netqmail's conf-cc to read:. Then I make clean, and try to make again now using the older openssl Eric Jim McNamara February 13, Roberto Puzzanghera Eric February 13, Roberto Puzzanghera Roberto Puzzanghera February 13, New testing patch released.

Look at the top of this page. There's a patch for libdomainkeys as well. They can be used both on v. Anonymous Roberto Puzzanghera March 28, Roberto Puzzanghera Anonymous March 31, Please try the following libdomainkeys patched by Manvendra Banghui. If this will not solve feel free to write me in private so that I can provide a direct contact with him. Hamersky Roberto Puzzanghera April 1, Thanks Roberto and Manvendra with libdomainkeys patched by Manvendra Banghui working :.

Manvendra Bhangui Anonymous March 28, Just got notified of dktest segmentation fault. I will take a look at it. It might take me some time to replicate the same openssl version on my laptop and test it out. If it helps, you can temporarily disable domainkeys and just have DKIM.

I performed the patch installation but the mailfrom check function is not being performed. I ran tests by thunderbird by changing from: and sending successfully. Marcio R Roberto Puzzanghera November 7, I did the installation again and I did not succeed. Does this patch block the email with the from field changed? Roberto Puzzanghera Marcio R November 7, Roberto Puzzanghera miz November 7, Roberto Puzzanghera miz November 8, Your config seems to be correct and I have almost the same run file in my 2 servers I've no idea at the moment, if you find a solution let me know please.

Ed Vrijmoet October 25, I followed your installation and ran in to trouble at compiling netqmail Roberto Puzzanghera Ed Vrijmoet October 25, Ed Vrijmoet Roberto Puzzanghera October 25, I am sorry but because I am not a programmer I don't understand what is written so I think that something has changed in openssl Provided that I can't do the tests myself because I don't use Debian and I just have openssl Ed Vrijmoet Roberto Puzzanghera October 27, I had to use libssl1.

Ed Vrijmoet Roberto Puzzanghera October 26, I have been trying to find out what the problem is with compiling netqmail and what i found is this, all packages related to openssl cannot be compiled with openssl Marcio August 9, When sent an email to yyy xx. Any tips for correction?

Marcio roberto puzzanghera August 10, I'm using it. How do you make a submission test and see if it is occurring in your installation account? Please send a test to gustavo. When I send emails to the email gustavo. Sending a test mail returns an error message from mx1.

What about that mx1. It appears to be a Sophos platform John Trolinger July 19, We have the Latest stable combined patch for netqmail The error was.

Eugene September 17, I applied latest patch for netqmail, then make and receive error missing features. Someone in the past already mentioned that my patch is not freebsd compliant. Unfortunately I don't have any freebsd machine to do tests. I will send you an email include account shortly. I recently upgrade to the latest patch here, and I think that this is causing a problem:. Thanks to Simone for the hint.

I have an account on my domain named log [domain]. Every single mail get copied to this account since the upgrade! Recompile qmail. If not, how can I remove that extra. Thank you Roberto. I was looking into a solution to keep the feature and disable it run-time; I will try with:. Otherwise I will just reverse the patch as you suggest and remove the feature.

John miz July 7, It is okay to enter the entire email address. Just change the length number to the number of characters minus 1. George Cooke October 1, I am installing qmail for the first time on Debian and I got to the 'finally install and start qmail' make setup check, qmailctl start part on this page, but qmailctl did run as it did not exist.

So I just spent an hour stressing out trying to work out why qmailctl and supervise scripts didn't exist, and got it working on my own from LWQ, then came back here to continue and realised that you provide exact instructions for qmailctl and the supervise stuff to get it running in the next page, the configuration section!! GoofY George Cooke April 10, George, you had to be very tired, not idiot, and I think that in a normal situation this should not happen to you.

BTW I think it's not a good idea to add such obvious instructions, someone would be offended.. In addition the "install page" is just in the 4th page of the guide and the readers should consider all the following pages, as you already pointed out. I have a box A which was sending spams as one of the email accounts was compromised because of a weak password.

The IP was blacklisted and to prevent more undelivered emails, i had decided to use box B to relay emails. Emails from domain1. In box A, i have about 60 domains and being lazy i decided to change the extry of smtproutes box A from domain1. What is wrong with my smtproutes? And is this the best way workaround until i had removed box A's IP from the blacklists?

I think is good enough. But in my opinion the most important thing is to recognize why that pwd was stolen.. In that case use fail2ban. Or it was an sql exploit by means of a security hole in one of your hosted websites? I recently published a pwd patch for qmailadmin, I think it can enforce the pwd complexity even though it is very rudimental. Are you using fail2ban as suggested?

Is the patch in this tutorial? Let me read through again and let me add this into my present build. And yes i am using fail2ban. I use centos7. But, when I installed the netqmail patch roberto-netqmail So, if you are sure that there are no messages in your queue, because it's just a testing server, stop qmail and try to kill all your qmail-todo processes like this.

I had built a new toaster on a VPS and also got flooded by qmail-todo which Roberto had mentioned. Ruben Garcia nic December 8, I did as you say but when i enter the commond qmailctl stat , the qmail-send still can no up normal.

Is there anything file or folder i should delete if i want rebuilt qmail? This is very strange. If I understand well. When you want to recompile just follow this steps. I suppose that you have a folder with a patched qmail. I did as what you say, but the problem is still. So I change use the "roberto-netqmail But i still cannot send mail to other email accounts?

I can't be of much help if you don't try to provide details of what is happening to your server. You forgot to reply to my previous questions You should read the "tcprules" page. I suggest you to read carefully everything once again and perform all tests in the "Testing" page; I can assure that it works :. I stop qmail, erased the queue, but because of i don't known i to kill the many qmail-todo process? Carlos carlos h September 3, I explain me better my problem.

All seems fine, less when I try to send an email, it remains in the queue and lots of qmail-todo appears when I execute "top". Seems that is entered in an infinite loop. Roberto Puzzanghera Carlos September 3, Roberto Puzzanghera carlos h September 4, This is eventually an issue of the log line verbosity. Roberto Puzzanghera carlos h September 3, Hi Carlos, can you please describe what is the issue in your server, please?

I read the above from xiao and it is not clear to me I m not absolutely secure, but I think there is a bug in the patch: roberto-netqmail I dont know if after in some point the variable name is toggled or not, and if it causes the mistake to loop with my qmail-todo process.

Sorry I wrote above as anonymous. When I send an email from my server autoexaming. Roberto Puzzanghera carlos September 4, In my case I preferred domain without smtp. If you connect to your server from another server, because you want to send an email after the auth, then you will see the remote ip in remoteip, but this is mainly for the submission service.

Concerning your rcpthosts issue Concerning the todo loop it seems to be a separate problem what do you have in your queue? How many msg? It is half-solved for me, just enter in the loop when i do qmailctl restart. When I want restart qmail, reboot the computer.

I think it's better if you write me in private and continue there the investigation. Once solved we'll post here the solution. Thanks very much, now everything is ok. Marc January 2, Every Mail send from amazon is not delivered because it shows the error qmail-smtpd: read failed. This error only happen with mails from the amazon mail servers, i do not have this eror with other mails.

I have no clue whats wrong - do you have an idea? Output from Log File:. I think you should record the smtp conversation enabling recordio in your run file. Let me know if you solve. Marc roberto puzzanghera January 3, I tried a manual spfquery for the amazon mail and the check take about 70 sec. So i think that the check takes to long and the qmail-smtp process take this as an timeout and reject the mail because of that.

Other spf checks to other domains are working fast. Maybe i should try to change the dns server entry? But it is strange that this happens only to amazon servers. I completely followed your notes, my email server can send email to another domain but cannot deliver to local account.

I've try to send from huyenha to nxhuy 2 accounts already created and loged in sucsessful but it said:. Arturo huyenha January 3, I made the installation of a new server, I have the same problems as mentioned, for every email that incoming or outgoing a copy this email is sent to the account log domain. This is normal, as the log yourdomain. Arturo roberto puzzanghera January 3, Arturo roberto puzzanghera January 4, I mean that the domain is automatically added to other files in the folder Control virtualdomains, rcpthosts, etc.

No ideas at the moment, but you can be sure that the domain was actually created trying to connect to the postmaster account, for example. Connected to 0. But that generate another error that can't deliver to "log alias" for qmail-tap function. This alias is needed to improve the log of qmail send. You can solve by changing the tap address. Shailendra Shukla roberto puzzanghera December 12,