Re: [qmailtoaster] Re: qmailtoaster+spamassassin+clamav+dovecot
Eric Shubert wrote: Igor Smitran wrote: Since CentOS already has clamav,spamassassin and dovecot in his repositories maybe it would be easier to install just qmailtoaster+vpopmail? What would be the correct way to setup qmailtoaster and vpopmail to work with repository versions of clamav,spamassassin and dovecot? There is no correct way to do this, nor any way that's documented. If you'd like to work on this, please join us over on the development list. QMT is not designed (yet) to work with repository versions of any packages. The -toaster versions contain preconfigured settings that work with the other -toaster packages. You might say that the -toaster packages are tightly coupled. I expect that Jake will have more to say on how future versions will utilize the distros' stock packages. I believe that QMT will be moving toward completely yum-able packages since qmail (and related software such as daemontools and ucspi-tcp) are now public domain and not restricted by DJB's licensing restrictions. I'm not sure what Jake's cooking up, but it might entail augmenting the stock distros' packages with -toaster packages that contain mostly configuration data and such. And now, hre's Jake! :) The next version of Qmailtoaster will be able to utilize the distro's clamav and spamassassin packages. I have not delved too deep into the actual mail store delivery yet, so I cannot say for certain whether or not the stock Dovecot packages will work. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] interesting header
David Milholen wrote: Hello All, I have an account on our system that seems to think we have been compromised because he received a few hundred undeliverable messages from our server. It looks like something tried to forge his email address thru another domain. Here is the header: The wletc.com domain is my domain. I am having trouble figuring out why *...@66.173.241.56 *is trailing the email address. If anyone can give me some insight on what is happening here would be great! Qmail appends the sending IP to the email address for diagnostic purposes. I wish other MTAs did this honestly. The message was sent through the IP 66.173.241.56, using that account name. This can help you track things down a little more. With some more information you can narrow it down to your server, mail proxy, or the user's computer (usually the case). - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] ppc install?
Donald Wheeling wrote: After several days of trying to update yellow dog linux so I could install qmail toaster I finally gave up on the update process and started over with fedora. I was to the point where I had to re-compile the kernel in order to upgrade other required package versions before installing the mail server. Anyway...moving on. I now have fedora installed (albeit much slower than yellow dog) and I've been able to install qmailtoaster up to a point. I'm currently stuck on spamassassin compiling and, after many searches on the net and your mailing lists (5 entries which lead nowhere), I cannot find any specifics on the package perl-forward-compat. The only thing I can figure the problem to be is maybe the package name was changed? Which version of Fedora? Did you run the dependency script for your version of Fedora from the main site? I thought I had all of the dependencies filled in the scripts, so if I'm missing one/more than I would like to know. I only have Fedora 10 spooled up in VMW right now, but here are the perl packages I have installed: perl-Compress-Raw-Zlib-2.008-53.fc10.i386 perl-Archive-Tar-1.40-53.fc10.i386 perl-CPAN-1.9205-53.fc10.i386 perl-HTML-Tagset-3.10-8.fc9.noarch perl-Digest-HMAC-1.01-19.fc9.noarch perl-5.10.0-53.fc10.i386 perl-IO-Zlib-1.07-53.fc10.i386 perl-URI-1.35-8.fc9.noarch perl-Net-CIDR-Lite-0.20-4.fc9.noarch perl-libwww-perl-5.823-1.fc10.noarch perl-devel-5.10.0-53.fc10.i386 perl-String-CRC32-1.4-6.fc9.i386 perl-Date-Manip-5.48-3.fc9.noarch perl-SNMP_Session-1.12-1.fc10.noarch perl-HTML-Parser-3.59-1.fc10.i386 perl-Pod-Escapes-1.04-53.fc10.i386 perl-version-0.74-53.fc10.i386 perl-IO-Compress-Zlib-2.008-53.fc10.i386 perl-Package-Constants-0.01-53.fc10.i386 perl-ExtUtils-MakeMaker-6.36-53.fc10.i386 perl-DBD-MySQL-4.005-8.fc9.i386 perl-Digest-SHA1-2.11-7.fc9.i386 perl-IO-Socket-INET6-2.54-1.fc9.noarch perl-Net-DNS-0.63-4.fc10.i386 perl-Module-Pluggable-3.60-53.fc10.i386 perl-DBI-1.607-1.fc10.i386 perl-libs-5.10.0-53.fc10.i386 perl-Compress-Zlib-2.008-53.fc10.i386 perl-Test-Harness-3.12-53.fc10.i386 perl-Socket6-0.20-1.fc10.i386 perl-Pod-Simple-3.07-53.fc10.i386 perl-IO-Compress-Base-2.008-53.fc10.i386 perl-Mail-SPF-Query-1.999.1-4.fc9.noarch perl-ExtUtils-ParseXS-2.18-53.fc10.i386
[qmailtoaster] DKIM Error
Dear Jakes, Please find some time to help resolve my problem also, will very greatful to you. Thanks Regards, Anil Aliyan - Original Message - From: Anil Aliyan To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, October 31, 2009 2:28 AM Subject: [qmailtoaster] DKIM Error Jakes, Please find the config file attached with this mail. I have not changed anything in the conf file and i copied it as it is in the /var/qmail/control/dkim folder persmission are: -rw-r--r-- 1 qmailr qmail 891 Oct 29 17:06 global.key -rw-r--r-- 1 qmailr qmail 241 Oct 29 17:07 public.txt -rw-r--r-- 1 qmailr qmail 250 Oct 29 17:10 signconf.xml I performed following steps to install the DKIM: install required perl packages perl-XML-Simple perl-Mail-DKIM perl-XML-Parser --- mkdir /var/qmail/control/dkim dknewkey /var/qmail/control/dkim/global.key /var/qmail/control/dkim/public.txt perl -pi -e 's/global.key._domainkey/dkim1/' /var/qmail/control/dkim/public.txt ---Download DKIM Package --- wget http://qmailtoaster.org/dkim.tgz tar zxvf dkim.tgz cd dkim qmailctl stop mv signconf.xml /var/qmail/control/dkim/ chown -R qmailr:qmail /var/qmail/control/dkim mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig mv qmail-remote /var/qmail/bin/ chmod 777 /var/qmail/bin/qmail-remote chown root:qmail /var/qmail/bin/qmail-remote qmailctl start Copy Contents of public.key and paste into dns zone as it is without any modifications. - - Original Message - From: Jake Vickers To: qmailtoaster-list@qmailtoaster.com Sent: Friday, October 30, 2009 10:16 PM Subject: Re: [qmailtoaster] DKIM Error Anil Aliyan wrote: Dear All, I have setup DKIM as per instution in the DKIM video. Everything is setup correctly but still when i see mail hearders on yahoo or gmail i see Authentication-Results: mta164.mail.in.yahoo.com from=gnvfc.net; domainkeys=pass (ok); from=mail.gnvfc.net; dkim=permerror (no key) Secondly, for domain keys it says from=gnvfc.net; domainkeys=pass (ok); and for DKIM is says from=mail.gnvfc.net; dkim=permerror (no key) why is says from=? different in both the cases in domainkeys its gnvfc.net and in DKIM its mail.gnvfc.net. When recipient mail server verifies the key it might be looking for the domain name instead of hostname+domain name. DKIM reads the domain name from the me file in control dir, if i am not wrong. while Domain keys only selects the actual domain name from the email address or sending mailserver. DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.gnvfc.net; h= message-id:reply-to:from:to:subject:date:mime-version :content-type; s=dkim1; DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net; I have 5 virtual domains and if i use globalkey for the severs all maildomains will have samekey and every mail deliverd on yahoo will look for d=gnvfc.net for public key. How can i setup dkim for individual domain. and how can i get d=gnvfc.net as shown in RED above in both Signature headers. And is my DKIM entry in DNS is in the format given below, is it correct. I have simply copied it from the public.txt file and pasted into my dns, you can check the same from http://domainkeys.sourceforge.net/selectorcheck.html with dkim.gnvfc.net: dkim1 IN TXT k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0KkrMRWFDOYr41TzzIDAzXVumAXtAXw4XthJPLZ22YwZhh2jtu1V7jnvrywT2aMhh03UdxrGlipI2waX2m1JyTxp5sy07Bgm4AvYZXtm90Jq74b6V7jZqF04ur9IoaN9HEUdaFeY5HeYgab53phMOvwX5UH8Z6qgj3rC7hWtQPwIDAQAB Regards, Anil Aliyan Show us your DKIM config file. I suspect you have something configured incorrectly there. The DKIM patch for Qmail will allow you to sign multiple domains individually (when configured correctly, Yahoo will look at each domain for the DKIM key). The patch will force you to use ONE key to sign the domains however. So you use the same hash to sign, but each domain will get a DNS entry and each domain will sign for itself by configuring the DKIM config file correctly. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com dkimsign !-- per default sign
Re: [qmailtoaster] ppc install?
I found my time to be more valuable learning going forward than chasing dependencies. To each his own. Good luck in your quest. This list is pretty active and some very knowledgeable participants, myself not included but I'm learning. Donald Wheeling wrote: Thanks for the info but I like doing this myself. This way I know what I have and where everything is. To be honest I love compiling and troubleshooting. I just need to know where I can find a perl-forward-compat source. Every place I found one the server was no longer available or the package was gone. The five entries I found in the mailing lists were dead leads. Date: Sun, 1 Nov 2009 19:35:21 -0800 From: c...@yother.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] ppc install? I might suggest the QMTISO if you are starting from scratch. It's $20.00, download the iso burn it to a cd and in 30 minutes or so you have a fully functioning qmail mail server with all of the bells and whistles at your fingertips. You spend 30 minutes after the initial install running your updates and creating your accounts and you move on to your next project. IMHO this is a no brainer if you don't have to keep your existing OS. Donald Wheeling wrote: After several days of trying to update yellow dog linux so I could install qmail toaster I finally gave up on the update process and started over with fedora. I was to the point where I had to re-compile the kernel in order to upgrade other required package versions before installing the mail server. Anyway...moving on. I now have fedora installed (albeit much slower than yellow dog) and I've been able to install qmailtoaster up to a point. I'm currently stuck on spamassassin compiling and, after many searches on the net and your mailing lists (5 entries which lead nowhere), I cannot find any specifics on the package perl-forward-compat. The only thing I can figure the problem to be is maybe the package name was changed? Date: Wed, 28 Oct 2009 19:54:01 -0700 From: craig.p.mclaugh...@gmail.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] ppc install? A quick poke at http://rpmfind.net came up with dkms and fuse for the ppc architecture. Perhaps it will have others you seek? In the past I've had luck with rpm.pbone.net http://rpm.pbone.net, but a scan there didn't come up with any immediately obvious candidates for ppc. Still, it may be worth some further digging. Cheers, --Craig On Wed, Oct 28, 2009 at 7:03 PM, Donald Wheeling donw1...@hotmail.com mailto:donw1...@hotmail.com wrote: Good to know. Unfortunately, and expectedly, I cannot find yellow dog linux updates to make it current so I'm going to have to update every package the hard way without yum. If anyone knows a dependable ppc source RPM site to make this easier I'm all ears. Date: Wed, 28 Oct 2009 14:18:22 -0400 From: j...@qmailtoaster.com mailto:j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] ppc install? Donald Wheeling wrote: Hello all. I've been away for quite a while and haven't followed qmailtoaster's progress very closely. I am now getting back into it and I'd like to update a very old qmailtoaster (2004) install but I'm uncertain if the hardware is still supported. I have a ppc that I'd like to reuse for this purpose but, after a couple of days, I can't find anything that says it is still supported. In the past I remember I used to pass redhat arguments to the rpms during install but with the new OS advancements ppc support may be just a memory. Machine specs are below: Machine - PPC power tower pro OS - yellow dog linux 4.0 (redhat variant) I did find one reference to ppc in the mailing lists but it was vague. It might have been a reference to a client not the server. Any suggestions are of course welcomed. Welcome back! The build flags you used then will still work today. You will need to use the cnt40 flag for your particular case, since that will be CentOS 4 which is (almost) the same as Yellow Dog 4 (if I remember correctly), or you can use rht90 which will compile for generic Redhat 9.0. I unfortunately do not have any PPC hardware (nor even a copy of YD4!) to test on, so please post back here on any updates/progress you make. -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you
Re: [qmailtoaster] DKIM Error
Anil Aliyan wrote: Dear Jakes, Please find some time to help resolve my problem also, will very greatful to you. Thanks Regards, Anil Aliyan - Original Message - *From:* Anil Aliyan mailto:acali...@gnvfc.net *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Sent:* Saturday, October 31, 2009 2:28 AM *Subject:* [qmailtoaster] DKIM Error Jakes, Please find the config file attached with this mail. Pasting the config file into the email is easier for us to help you. It looks like your config file may be wrong, depending on how you configured your system. Right now, your system is going to sign every domain sending email as the domain listed in your /var/qmail/control/me file since you only defined a global rule. This is fine if the me file only contain your domain name (gnvfc.com) but you probably have your hostname in the me file as well (mail.gnvfc.com) so it's signing using that domain. You can define individual domains to sign for in this format: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global gnvfc.com selector=dkim1 types id=dkim / /gnvcf /dkimsign This will inherit any declarations from the global tags that you do not override (so it will inherit the algorithm=rsa-sha1, keyfile, method). But without seeing how you configured other things it's hard to guess.
RE: [qmailtoaster] ppc install?
I'm running Fedora 11 on my server. The error I get is when trying to rebuild the rpm is: rpmbuild --rebuild $DIST spamassassin-toaster-3.2.5-1.3.17.src.rpm Installing spamassassin-toaster-3.2.5-1.3.17.src.rpm error: Failed build dependencies: perl-forward-compat is needed by spamassassin-toaster-3.2.5-1.3.17.src.rpm I don't even see that package in your list. Maybe it's part of one of those packages. I'll have a look on rpmfind.net. Thanks for the list Date: Mon, 2 Nov 2009 09:44:25 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] ppc install? Donald Wheeling wrote: After several days of trying to update yellow dog linux so I could install qmail toaster I finally gave up on the update process and started over with fedora. I was to the point where I had to re-compile the kernel in order to upgrade other required package versions before installing the mail server. Anyway...moving on. I now have fedora installed (albeit much slower than yellow dog) and I've been able to install qmailtoaster up to a point. I'm currently stuck on spamassassin compiling and, after many searches on the net and your mailing lists (5 entries which lead nowhere), I cannot find any specifics on the package perl-forward-compat. The only thing I can figure the problem to be is maybe the package name was changed? Which version of Fedora? Did you run the dependency script for your version of Fedora from the main site? I thought I had all of the dependencies filled in the scripts, so if I'm missing one/more than I would like to know. I only have Fedora 10 spooled up in VMW right now, but here are the perl packages I have installed: perl-Compress-Raw-Zlib-2.008-53.fc10.i386 perl-Archive-Tar-1.40-53.fc10.i386 perl-CPAN-1.9205-53.fc10.i386 perl-HTML-Tagset-3.10-8.fc9.noarch perl-Digest-HMAC-1.01-19.fc9.noarch perl-5.10.0-53.fc10.i386 perl-IO-Zlib-1.07-53.fc10.i386 perl-URI-1.35-8.fc9.noarch perl-Net-CIDR-Lite-0.20-4.fc9.noarch perl-libwww-perl-5.823-1.fc10.noarch perl-devel-5.10.0-53.fc10.i386 perl-String-CRC32-1.4-6.fc9.i386 perl-Date-Manip-5.48-3.fc9.noarch perl-SNMP_Session-1.12-1.fc10.noarch perl-HTML-Parser-3.59-1.fc10.i386 perl-Pod-Escapes-1.04-53.fc10.i386 perl-version-0.74-53.fc10.i386 perl-IO-Compress-Zlib-2.008-53.fc10.i386 perl-Package-Constants-0.01-53.fc10.i386 perl-ExtUtils-MakeMaker-6.36-53.fc10.i386 perl-DBD-MySQL-4.005-8.fc9.i386 perl-Digest-SHA1-2.11-7.fc9.i386 perl-IO-Socket-INET6-2.54-1.fc9.noarch perl-Net-DNS-0.63-4.fc10.i386 perl-Module-Pluggable-3.60-53.fc10.i386 perl-DBI-1.607-1.fc10.i386 perl-libs-5.10.0-53.fc10.i386 perl-Compress-Zlib-2.008-53.fc10.i386 perl-Test-Harness-3.12-53.fc10.i386 perl-Socket6-0.20-1.fc10.i386 perl-Pod-Simple-3.07-53.fc10.i386 perl-IO-Compress-Base-2.008-53.fc10.i386 perl-Mail-SPF-Query-1.999.1-4.fc9.noarch perl-ExtUtils-ParseXS-2.18-53.fc10.i386
[qmailtoaster] Connected to ip but connection died. 4.4.2
Hey guys, My server can send mail without any problem and receive mail from gmail, hotmail, yahoo etc however I'm having trouble receiving mail from my other domain which is hosted by another company. Anyone have advice on how to troubleshoot error: Connected to ip but connection died. 4.4.2.
Re: [qmailtoaster] interesting header
Update on this... It has been resolved.. It was a host that used that email account to send out alot of spam. My server stopped it because it would not relay for yahoo so my server was telling the actual account on my domain the mail was undeliverable. I do like that on the attached ip. That ip did not belong to my domain it pointed to bigtextrailers.com. I blocked that ip and had the customer change his password on his account. Thank you, Dave Jake Vickers wrote: David Milholen wrote: Hello All, I have an account on our system that seems to think we have been compromised because he received a few hundred undeliverable messages from our server. It looks like something tried to forge his email address thru another domain. Here is the header: The wletc.com domain is my domain. I am having trouble figuring out why *...@66.173.241.56 *is trailing the email address. If anyone can give me some insight on what is happening here would be great! Qmail appends the sending IP to the email address for diagnostic purposes. I wish other MTAs did this honestly. The message was sent through the IP 66.173.241.56, using that account name. This can help you track things down a little more. With some more information you can narrow it down to your server, mail proxy, or the user's computer (usually the case). - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] clamav-toaster-0.95.2-1.3.31 released
Does the new clamav efficient with memory usage? this is my memory usage for clamd. is it normal? PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 4589 clamav16 0 247m 180m 1320 S0 9.0 2:04.47 clamd I am using the old clamav (0.95.2) but with newer unofficial-clamav-sigs v. 3.6 from http://www.inetmsg.com/pub/ because the unofficial-clamav-sigs from the latest qtp is still using version 2.5 [r...@svr-m1 ~]# rpm -qa | grep plus qmailtoaster-plus.repo-0.1-1 qmailtoaster-plus-0.3.1-1.4.11 Jake Vickers wrote: Noel Rivera (Border Less) wrote: Jake, when we install this update? Whenever you wish. When I put a new version online, I usually do not put it in the current.txt file for 24 hours (qtp-newmodel knows a new package is released by looking at this file). This way it gives me (and a couple others out there) time to manually run an update on their systems and see if there are any bugs that did not show up when I tested on my development machine. Updates in a lab and updates in the wild differ, so I put that safety net in there. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] duplicate email from ezmlm
Dear All (especially Jake/Eric), this list once got problem with duplicate email from ezmlm, I would to know how to resolved it (Jake/Eric please?) because it seem my server (ezmlm) sent duplicate email to milist members some solutions I found on mail-archive.com - I need to free some memory - I need to reinstall updated simscan (as I am only installing newer clamav/sa but never w/ simscan) I can't do re-installing the server as it can cause longer downtime to my users - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM Error
Dear Jake, I am ready to provide all the details, please let me know what information or config file you want to provide to you. use strict; use warnings; our $VERSION = '0.2'; use Mail::DKIM 0.29; use Mail::DKIM::Signer; # enable support for pretty signatures, if available eval 'require Mail::DKIM::TextWrap'; =head config file structure - missing settings will be merged from the global-node - domain-entry will also match its subdomains - create empty domain-node to omit signing (or specify none as id) dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha256 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=beta types id=dkim / /global !-- use dkim + domainkey for example.com -- example.com selector=beta2 types id=dkim / types id=domainkey method=nofws / /example.com !-- no signing for example2.com -- example2.com / /dkimsign =cut my $configfile = undef; $configfile = '/var/qmail/control/dkim/signconf.xml'; my $debugfile = undef; #$debugfile = '/tmp/dkim.debug'; my $qremote = '/var/qmail/bin/qmail-remote.orig'; my $binary = 0; our $config; $config-{'global'} = { types = { dkim = {} }, keyfile = '/var/qmail/control/dkim/global.key', algorithm = 'rsa-sha256', method = 'simple', selector = 'beta', # either string or file (first line of file will be used) domain = '/var/qmail/control/me' }; #--- # read config file. safely if (defined($configfile) -r $configfile) { eval 'use XML::Simple'; if (!$@) { my $xmlconf; eval { $xmlconf = XMLin($configfile, ForceArray = ['types'], KeyAttr = ['id']); }; qexit_deferral('Unable to read config file: ', $@) if ($@); ConfigMerge::merge($config, $xmlconf); } } # open debug file my $debugfh = undef; if (defined($debugfile)) { open($debugfh, '', $debugfile) or qexit_deferral('Unable to open ', $debugfile, ' to writing: ', $!); } # generate signatures my $dkim; my $mailbuf = ''; eval { my $conf = $config-{'global'}; $dkim = Mail::DKIM::Signer-new( Policy = 'MySignerPolicy', Debug_Canonicalization = $debugfh ); if ($binary) { binmode STDIN; } while (STDIN) { $mailbuf .= $_; unless ($binary) { chomp $_; s/\015?$/\015\012/s; } $dkim-PRINT($_); } $dkim-CLOSE(); }; qexit_deferral('Error while signing: ', $@) if ($@); # close debug file close($debugfh) if (defined($debugfh)); # execute qmail-remote unshift(@ARGV, $qremote); open(QR, '|-') || exec { $ARGV[0] } @ARGV or qexit_deferral('Unable to run qmail-remote: ', $!); foreach my $dkim_signature ($dkim-signatures) { my $sig = $dkim_signature-as_string; $sig =~ s/\015\012\t/\012\t/g; print QR $sig.\012; } print QR $mailbuf; close(QR); #--- sub qexit { print @_, \0; exit(0); } sub qexit_deferral { return qexit('Z', @_); } sub qexit_failure { return qexit('D', @_); } sub qexit_success { return qexit('K', @_); } #--- package ConfigMerge; # merge config hashes. arrays and scalars will be copied. sub merge { my ($left, $right) = @_; foreach my $rkey (keys(%$right)) { my $rtype = ref($right-{$rkey}) eq 'HASH' ? 'HASH' : ref($right-{$rkey}) eq 'ARRAY' ? 'ARRAY' : defined($right-{$rkey}) ? 'SCALAR' : ''; my $ltype = ref($left-{$rkey}) eq 'HASH' ? 'HASH' : ref($left-{$rkey}) eq 'ARRAY' ? 'ARRAY' : defined($left-{$rkey}) ? 'SCALAR' : ''; if ($rtype ne 'HASH' || $ltype ne 'HASH') { $left-{$rkey} = $right-{$rkey}; } else { merge($left-{$rkey}, $right-{$rkey}); } } return; } #--- package MySignerPolicy; use Mail::DKIM::SignerPolicy; use base 'Mail::DKIM::SignerPolicy'; use Mail::DKIM::Signature; use Mail::DKIM::DkSignature; use Carp; use strict; use warnings; sub apply { my ($self, $signer) = @_; my $domain = undef; $domain = lc($signer-message_sender-host) if (defined($signer-message_sender)); # merge configs while($domain) { if (defined($config-{$domain})) { $config-{'global'}-{'types'} = undef; ConfigMerge::merge($config-{'global'}, $config-{$domain}); last; } (undef, $domain) = split(/\./, $domain, 2); } my $conf = $config-{'global'}; return 0 if (!defined($conf-{'types'}) || defined($conf-{'types'}-{'none'})); # set key file $signer-key_file($conf-{'keyfile'}); # parse (signature) domain if (substr($conf-{'domain'}, 0, 1) eq '/') { open(FH, '', $conf-{'domain'}) or croak('Unable to open domain-file: '.$!); my $newdom = (split(/ /, FH))[0]; close(FH); croak(Unable to read domain-file. Maybe empty file.) if (!$newdom); chomp($newdom); $conf-{'domain'} = $newdom; } # generate signatures my $sigdone = 0; foreach my $type (keys(%{$conf-{'types'}})) { my $sigconf =