Also added these fixes to the CentOS 7 testing repository
ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/7/testing/x86_64/qmail-1.03-2.1.qt.el7.x86_64.rpm
On 4/20/2017 9:27 AM, Eric Broch wrote:
Hi Rajesh,
I think you're still running QMT/CentOS 6, correct?
If so, I've uploaded a qmail update
<ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm>
to the QMT/CentOS 6 repository that incorporates the DNS patch you
referenced (any-to-cname.patch) and the starttls flush io patch
<http://www.kb.cert.org/vuls/id/555316> which I've been derelict in
implementing.
It has not been tested. If you do install it and something goes wrong,
it most likely won't, you can always downgrade which I've been doing
regularly with success (of late) on CentOS 7 with qmail while testing
other patches. Be mindful that I haven't downgraded on CentOS 6
The patch (below) has relatively minor, yet very helpful, coding changes.
Eric
<patch>
diff -uNr qmtqmail-1.03/dns.c qmtqmail-1.03-new/dns.c
--- qmtqmail-1.03/dns.c 2017-04-20 08:54:53.142832827 -0600
+++ qmtqmail-1.03-new/dns.c 2017-04-20 08:59:46.309633810 -0600
@@ -256,7 +256,7 @@
if (!sa->len) return loop;
if (sa->s[sa->len - 1] == ']') return loop;
if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
- switch(resolve(sa,T_ANY))
+ switch(resolve(sa,T_CNAME))
{
case DNS_MEM: return DNS_MEM;
case DNS_SOFT: return DNS_SOFT;
diff -uNr qmtqmail-1.03/qmail-smtpd.c qmtqmail-1.03-new/qmail-smtpd.c
--- qmtqmail-1.03/qmail-smtpd.c 2017-04-20 08:54:52.848840048 -0600
+++ qmtqmail-1.03-new/qmail-smtpd.c 2017-04-20 08:58:23.299671749
-0600
@@ -723,7 +723,9 @@
char ssinbuf[1024];
substdio ssin = SUBSTDIO_FDBUF(saferead,0,ssinbuf,sizeof ssinbuf);
-
+#ifdef TLS
+void flush_io() { ssin.p = 0; flush(); }
+#endif
stralloc line = {0};
stralloc base64types = {0};
@@ -1398,7 +1400,7 @@
, { "rset", smtp_rset, 0 }
, { "help", smtp_help, flush }
#ifdef TLS
-, { "starttls", smtp_tls, flush }
+, { "starttls", smtp_tls, flush_io }
#endif
, { "noop", err_noop, flush }
, { "vrfy", err_vrfy, flush }
</patch>
On 4/20/2017 1:12 AM, Rajesh M wrote:
hi eric
we are receiving a lot of cname lookup failed.
this happens on a random basis on all our qmailtoaster servers.
our resolv.conf contains
127.0.0.1
8.8.8.8
8.8.4.4
we use bind locally within the mail server and google's dns which is also set
as cache records and allow lookups from local ips only.
Had a quick question
there are supposedly two different patches.
https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html
is qmailtoaster on whitehorse patched with both these two patches related to
dns.?
DNS-related Patches by Jonathan de Boyne Pollard
http://www.memoryhole.net/qmail/any-to-cname.patch
thanks
rajesh
---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
