{"id":3560,"date":"2014-09-20T18:38:12","date_gmt":"2014-09-20T10:38:12","guid":{"rendered":"http:\/\/rmohan.com\/?p=3560"},"modified":"2014-09-20T18:38:12","modified_gmt":"2014-09-20T10:38:12","slug":"qmail-toaster","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=3560","title":{"rendered":"qmail toaster"},"content":{"rendered":"<p><a class=\"textlink\" title=\"http:\/\/cr.yp.to\/qmail.html - opens in a new window for some browsers\" href=\"http:\/\/cr.yp.to\/qmail.html\" target=\"_blank\" rel=\"ext\">qmail<\/a> is a secure, reliable, efficient and simple <acronym title=\"Mail Transport Agent\">MTA<\/acronym> written by Dan J. Bernstein. It has been security bug free since 1998 and is freely available.<\/p>\n<p>But vanilla qmail does not support security mechanisms like <acronym title=\"Simple Mail Transfer Protocol\">SMTP<\/acronym> authentication or support for <acronym title=\"Secure Sockets Layer\">SSL<\/acronym>\/<acronym title=\"Trusted Layer Security\">TLS<\/acronym>. While it supports <acronym title=\"Realtime BlockLists\">RBL<\/acronym> via <a class=\"textlink\" title=\"http:\/\/cr.yp.to\/ucspi-tcp.html - opens in a new window for some browsers\" href=\"http:\/\/cr.yp.to\/ucspi-tcp.html\" target=\"_blank\" rel=\"ext\">tcpserver<\/a>, it has no Anti-Spam-Features like checking the Envelope-From or tarpitting SMTP-connections. It further has no hook for Virus-Scanners or Spam-Filters. And last but not least it misses some nice-to-have features.<\/p>\n<p>Nevertheless qmail is one of the best choices for running an MTA.<\/p>\n<p>There are several patches and patch collections that add single or multiple extensions to qmail. This <em>zeitform qmail toaster<\/em> is another one. Check what we provide and use this patch if you see it fit your needs. You are welcome.<\/p>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-overview\">FEATURE OVERVIEW<\/h2>\n<p>The <em>zeitform qmail toaster<\/em> adds the following features to qmail:<\/p>\n<h3>ANTI-SPAM AND ANTI-VIRUS<\/h3>\n<ul>\n<li>Block executable attachments at SMTP level<\/li>\n<li>Hook for qmail-queue replacement (via <code>QMAILQUEUE<\/code>) enables qmail to run a virus scanner and\/or spam filter on every message [*]<\/li>\n<li>Check for resolvable domain within the Envelope-From<\/li>\n<li>Tarpit SMTP dialog for a large number of mail recipients<\/li>\n<li>Filter bad HELO-strings, envelope senders and recipients based on regular expressions<\/li>\n<\/ul>\n<h3>SECURITY ENHANCEMENTS<\/h3>\n<ul>\n<li>Support for <code>STARTTLS<\/code> and SMTP over SSL\/TLS as Client and Server<\/li>\n<li>SMTP authentication via LOGIN, PLAIN or <acronym title=\"Challenge-Response Authentication Mechanism\">CRAM<\/acronym>&#8211;<acronym title=\"Message Digest 5\">MD5<\/acronym><\/li>\n<li><acronym title=\"Post Office Protocol v3\">POP3<\/acronym> authentication via CRAM-MD5<\/li>\n<\/ul>\n<h3>OTHER ENHANCEMENTS<\/h3>\n<ul>\n<li>Standard compliant ESMTP <code>SIZE<\/code> command<\/li>\n<li><code>CAPA<\/code> command for POP3<\/li>\n<li>Skip over <acronym title=\"Mail eXchanger\">MX<\/acronym> servers that greet with 4xx or 5xx and try next MX (RFC-2821 compliance)<\/li>\n<li>Support for Maildir++ (maildirquota) for <a class=\"textlink\" title=\"http:\/\/sourceforge.net\/projects\/vpopmail\/ - opens in a new window for some browsers\" href=\"http:\/\/sourceforge.net\/projects\/vpopmail\/\" target=\"_blank\" rel=\"ext\">vpopmail<\/a><\/li>\n<li>Check existence of <a class=\"textlink\" title=\"http:\/\/sourceforge.net\/projects\/vpopmail\/ - opens in a new window for some browsers\" href=\"http:\/\/sourceforge.net\/projects\/vpopmail\/\" target=\"_blank\" rel=\"ext\">vpopmail<\/a> user before accepting message at SMTP level<\/li>\n<\/ul>\n<h3>BUGFIXES AND WORKAROUNDS<\/h3>\n<ul>\n<li>Compile with the new glibc (2.3.1 or newer) [*]<\/li>\n<li>Fixe a bug when <code>.qmail<\/code> contains only tabs within a line [*]<\/li>\n<li>Recognize 0.0.0.0 as local IP address. This prevents spammers to spoof [*]<\/li>\n<li>Support the sendmail <code>-f<\/code> flag [*]<\/li>\n<li>Improve ISO C conformance [*]<\/li>\n<li>Handle oversized <acronym title=\"Domain Name Service\">DNS<\/acronym> packets<\/li>\n<li>Return correct number of messages on POP3 <code>STAT<\/code> command<\/li>\n<li>Linux: reliability for EXT2 and ReiserFS<\/li>\n<\/ul>\n<p>All features marked [*] are also included in <a class=\"textlink\" title=\"http:\/\/www.qmail.org\/netqmail\/ - opens in a new window for some browsers\" href=\"http:\/\/qmail.mirrors.space.net\/netqmail\/\" target=\"_blank\" rel=\"ext\">netqmail-1.05<\/a>.<\/p>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-download\">DOWNLOAD<\/h2>\n<p>Download the following files:<\/p>\n<ul>\n<li><a title=\"Download Patch\" href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/zeitform-qmail-toaster-0.21.patch\">zeitform-qmail-toaster-0.21.patch<\/a><\/li>\n<li><a title=\"Download README file\" href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/README.zeitform\">README.zeitform<\/a> (included in above patch)<\/li>\n<\/ul>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-installation\">INSTALLATION<\/h2>\n<p>Install qmail as explained in <a class=\"textlink\" title=\"http:\/\/www.lifewithqmail.org\/ - opens in a new window for some browsers\" href=\"http:\/\/www.lifewithqmail.org\/\" target=\"_blank\" rel=\"ext\">Life with qmail<\/a>.<\/p>\n<p>If everything works correctly install the patches:<\/p>\n<pre>cd qmail-1.03\r\npatch -p0 &lt; ..\/zeitform-qmail-toaster-0.21.patch\r\nmake\r\nmake setup check\r\n<\/pre>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-usage\">USAGE AND CONFIGURATION<\/h2>\n<p>The <em>zeitform qmail toaster<\/em> adds or modifies the following configuration files:<\/p>\n<table>\n<caption>Table 1: configuration files<\/caption>\n<colgroup span=\"2\"><\/colgroup>\n<tbody>\n<tr>\n<td><code>signatures<\/code><\/td>\n<td>signatures of executable content to block<\/td>\n<\/tr>\n<tr>\n<td><code>badhelo<\/code><\/td>\n<td>containing regular expressions of bad HELO strings<\/td>\n<\/tr>\n<tr>\n<td><code>badmailfrom<\/code><\/td>\n<td>containing regular expressions of bad senders<\/td>\n<\/tr>\n<tr>\n<td><code>badmailto<\/code><\/td>\n<td>containing regular expressions of bad recipients<\/td>\n<\/tr>\n<tr>\n<td><code>databytes<\/code><\/td>\n<td>max message size for incoming SMTP<\/td>\n<\/tr>\n<tr>\n<td><code>clientcert.pem<\/code><\/td>\n<td>SSL certificate when acting as SMTP client<\/td>\n<\/tr>\n<tr>\n<td><code>servercert.pem<\/code><\/td>\n<td>SSL certificate when acting as SMTP server<\/td>\n<\/tr>\n<tr>\n<td><code>dh1024.pem<\/code><\/td>\n<td>1024 bit DH key<\/td>\n<\/tr>\n<tr>\n<td><code>dh512.pem<\/code><\/td>\n<td>512 bit DH key<\/td>\n<\/tr>\n<tr>\n<td><code>rsa512.pem<\/code><\/td>\n<td>512 bit RSA key<\/td>\n<\/tr>\n<tr>\n<td><code>clientca.pem<\/code><\/td>\n<td>list of CAs for client authentication<\/td>\n<\/tr>\n<tr>\n<td><code>clientcrl.pem<\/code><\/td>\n<td>list of CRLS for client authentication<\/td>\n<\/tr>\n<tr>\n<td><code>tlsclients<\/code><\/td>\n<td>list of E-Mail addresses for client authentication<\/td>\n<\/tr>\n<tr>\n<td><code>tlsclientciphers<\/code><\/td>\n<td>list of openssl cipher strings for client<\/td>\n<\/tr>\n<tr>\n<td><code>tlsserverciphers<\/code><\/td>\n<td>list of openssl cipher strings for server<\/td>\n<\/tr>\n<tr>\n<td><code>tlshosts\/*<\/code><\/td>\n<td>certificates for servers with required authentication<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>And it adds the following environment variables:<\/p>\n<table>\n<caption>Table 2: environment variables<\/caption>\n<colgroup span=\"2\"><\/colgroup>\n<tbody>\n<tr>\n<td><code>EXECUTABLEOK<\/code><\/td>\n<td>signatures of executable content to block<\/td>\n<\/tr>\n<tr>\n<td><code>QMAILQUEUE<\/code><\/td>\n<td>path to qmail-queue replacement<\/td>\n<\/tr>\n<tr>\n<td><code>DATABYTES<\/code><\/td>\n<td>overwrite <code>control\/databytes<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>NOBADHELO<\/code><\/td>\n<td>diables the checking of HELO strings<\/td>\n<\/tr>\n<tr>\n<td><code>SMTPS<\/code><\/td>\n<td>starts SMTP over TLS<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>BLOCK EXECUTABLE ATTACHMENTS<\/h3>\n<p>The blocking of executable attachments is controlled with the configuration file <code>control\/signatures<\/code>. This file contains BASE64 signatures of the <acronym title=\"Multipurpose Internet Mail Extensions\">MIME<\/acronym> attachments you want to block. To create own signatures look at the raw mail and include the significant bytes of the attachment&#8217;s first line into the control file. The following example blocks Windows executables and includes signatures for Zip-Archives:<\/p>\n<pre>cat &lt;&lt;EOF &gt;\/var\/qmail\/control\/signatures\r\n# Windows executables seen in active virii\r\nTVqQAAMAA\r\nTVpQAAIAA\r\n# Additional windows executable signatures not yet \r\n# seen in virii\r\nTVpAALQAc\r\nTVpyAXkAX\r\nTVrmAU4AA\r\nTVrhARwAk\r\nTVoFAQUAA\r\nTVoAAAQAA\r\nTVoIARMAA\r\nTVouARsAA\r\nTVrQAT8AA\r\n# .ZIPfile signature seen in SoBig.E and mydoom:\r\n#UEsDBBQAA\r\n#UEsDBAoAAA\r\nEOF\r\n<\/pre>\n<p>To disable the blocking of executables set the environment variable <code>EXECUTABLEOK<\/code>.<\/p>\n<h3>USING A QMAIL-QUEUE REPLACEMENT<\/h3>\n<p>To use a replacement for qmail-queue set the environment variable <code>QMAILQUEUE<\/code> to the path of the queue replacement. A good example is <a class=\"textlink\" title=\"http:\/\/qmail-scanner.sourceforge.net\/ - opens in a new window for some browsers\" href=\"http:\/\/qmail-scanner.sourceforge.net\/\" target=\"_blank\" rel=\"ext\">Qmail-Scanner<\/a>. It allows you to run all incoming messages though one or more virus scanners (like <a class=\"textlink\" title=\"http:\/\/www.clamav.net\/ - opens in a new window for some browsers\" href=\"http:\/\/www.clamav.net\/\" target=\"_blank\" rel=\"ext\">Clam AntiVirus<\/a> or a variety of commercial products) and\/or <a class=\"textlink\" title=\"http:\/\/spamassassin.org\/index.html - opens in a new window for some browsers\" href=\"http:\/\/spamassassin.org\/index.html\" target=\"_blank\" rel=\"ext\">SpamAssassin<\/a> for spam filtering.<\/p>\n<h3>CHECKING THE ENVELOPE-FROM<\/h3>\n<p>If you receive mail from <code>user@domain.com<\/code> and the mail can not be delivered to the recipient it must be bounced. If <code>domain.com<\/code> does not exist, qmail sends a doublebounce.<\/p>\n<p>As most spammers fake the sender address &#8212; even to non-existent ones &#8212; it can be reasonable to check if the Envelope-From&#8217;s domain exists.<\/p>\n<p>If <code>domain.com<\/code> can&#8217;t be resolved via DNS, qmail will not accept the message for delivery.<\/p>\n<h3>TARPITTING<\/h3>\n<p>Regular users won&#8217;t send messages to a large number of recipients, spammers do. To make life a bit more uneasy for spammers, tarpitting inserts a small delay between accepting recipients. With this feature qmail can be configured to inserts delays after a certain number of recipients is exceeded.<\/p>\n<h3>CHECKING HELO-STRINGS, SENDERS AND RECIPIENTS WITH REGULAR EXPRESSIONS<\/h3>\n<p>Vanilla qmail can filter incoming mails based on a list of bad senders in the file <code>control\/badmailfrom<\/code>, but does not support regular expression.<\/p>\n<p>With this patch <code>control\/badmailfrom<\/code> is expanded to understand regular expressions and the files <code>control\/badmailto<\/code> and <code>control\/badhelo<\/code> are added that keep a regex based list of bad recipients and bad HELO-strings. For further details see the file <code>README.qregex<\/code>. Some examples:<\/p>\n<pre># example for \"badhelo\"\r\n# block host strings with no dot (not a FQDN)\r\n!\\.\r\n<\/pre>\n<pre># example for \"badmailfrom\"\r\n# drop everything containing the word spam\r\n.*spam.*\r\n# force users to fully qualify themselves\r\n# (ie deny \"user\", accept \"user@domain\")\r\n!@\r\n<\/pre>\n<pre># example for \"badmailto\"\r\n# must not contain invalid characters, brakets or multiple @'s\r\n[!%#:*^(){}]\r\n@.*@\r\n<\/pre>\n<h3>SMTP AND POP3 PROTOCOL EXTENSIONS<\/h3>\n<p>SMTP AUTH adds authentication to the STMP protocol and to qmail-smtpd in special. This enables selective relaying for users on dynamic IP addresses. The applied patch supports authentication via PLAIN, LOGIN or CRAM-MD5 SASL. All mechanisms but CRAM-MD5 send the password unencrypted and should be avoided in unencrypted SMTP sessions.<\/p>\n<p>SMTP SIZE adds the SIZE sommand to qmail. qmail does by default limit the size of incoming messages by the amount of bytes given in <code>control\/databytes<\/code>, but does not publish this limit. SMTP clients that observe the SIZE value would not start the DATA phase for larger messages. This saves traffic.<\/p>\n<p>STARTTLS adds SSL\/TLS encryption to the SMTP session after the command is issued. Please see <code>README.tls<\/code> for details and configuration issues.<\/p>\n<p>Example:<\/p>\n<pre>220 mail.zeitform.de ESMTP\r\nEHLO host.de\r\n250-mail.zeitform.de\r\n250-STARTTLS\r\n250-AUTH LOGIN CRAM-MD5 PLAIN\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN\r\n250-PIPELINING\r\n250-8BITMIME\r\n250 SIZE 50000000\r\n<\/pre>\n<p>POP3 CAPA is a command that shows the capabilities of a POP3 server. vanila qmail does not offer this command. It is required to propagate the AUTH methods.<\/p>\n<p>POP3 AUTH offers SASL authentication via CRAM-MD5. While this is not strictly necessary as APOP provides a secure way of authentication (without plaintext password), some clients support it and it is considered more secure than APOP. Using CRAM-MD5 authentication with <a class=\"textlink\" title=\"http:\/\/sourceforge.net\/projects\/vpopmail\/ - opens in a new window for some browsers\" href=\"http:\/\/sourceforge.net\/projects\/vpopmail\/\" target=\"_blank\" rel=\"ext\">vpopmail<\/a> required a patch for <code>vchkpw<\/code>.<\/p>\n<p>Example:<\/p>\n<pre>+OK &lt;23137.1078842811@guildenstern.zeitform.de&gt;\r\nCAPA\r\n+OK Capability list follows\r\nTOP\r\nUIDL\r\nLAST\r\nUSER\r\nAPOP\r\nSASL CRAM-MD5\r\n<\/pre>\n<p>For further information on the protocols POP3 and SMTP:<\/p>\n<ul>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2821.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2821.txt\" target=\"_blank\" rel=\"ext\">RFC 2821: Simple Mail Transfer Protocol<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2554.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2554.txt\" target=\"_blank\" rel=\"ext\">RFC 2554: SMTP Service Extension for Authentication<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc1939.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc1939.txt\" target=\"_blank\" rel=\"ext\">RFC 1939: Post Office Protocol &#8211; Version 3<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc1734.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc1734.txt\" target=\"_blank\" rel=\"ext\">RFC 1734: POP3 AUTHentication command<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2195.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2195.txt\" target=\"_blank\" rel=\"ext\">RFC 2195: IMAP\/POP AUTHorize Extension for Simple Challenge\/Response<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2104.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2104.txt\" target=\"_blank\" rel=\"ext\">RFC 2104: HMAC: Keyed-Hashing for Message Authentication<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2595.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2595.txt\" target=\"_blank\" rel=\"ext\">RFC 2595: Using TLS with IMAP, POP3 and ACAP<\/a><\/li>\n<li><a title=\"http:\/\/www.ietf.org\/rfc\/rfc2222.txt - opens in a new window for some browsers\" href=\"http:\/\/www.ietf.org\/rfc\/rfc2222.txt\" target=\"_blank\" rel=\"ext\">RFC 2222: Simple Authentication and Security Layer (SASL)<\/a><\/li>\n<li><a title=\"http:\/\/fiatlux.zeitform.info\/technische_infos\/e-mail_prot.html - opens in a new window for some browsers\" href=\"http:\/\/fiatlux.zeitform.info\/technische_infos\/e-mail_prot.html\" target=\"_blank\" rel=\"ext\">E-Mail Protokolle<\/a> (German)<\/li>\n<\/ul>\n<h3>VPOPMAIL SUPPORT<\/h3>\n<p>The <em>zeitform qmail toaster<\/em> adds Maildir++ quota support to qmail. This improves the interoperability with <a class=\"textlink\" title=\"http:\/\/sourceforge.net\/projects\/vpopmail\/ - opens in a new window for some browsers\" href=\"http:\/\/sourceforge.net\/projects\/vpopmail\/\" target=\"_blank\" rel=\"ext\">vpopmail<\/a>.<\/p>\n<p>If a message arrives for a recipient address that has no valid user associated (neither as POP3 account nor as forward to a different address) vpopmail may deliver this message to a catch-all account (e.g. postmaster) or bounce the message as being not deliverable (<code>bounce-no-mailbox<\/code>). With the chkuser patch this check can be done at SMTP level, i.e. after the client issued the RCPT TO command. If a message would be undeliverable, qmail-smtpd will answer with a error message instead of accepting the message and handling the bounce. With the increase of spam this looks like a better approach.<\/p>\n<pre>RCPT TO:&lt;non-existant@domain.com&gt;\r\n550 sorry, no mailbox here by that name (#5.1.1 - chkusr)\r\n<\/pre>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-license\">LICENSE<\/h2>\n<p>Most of the patches within the <em>zeitform qmail toaster<\/em> are from other people. Most of them did not include any copyright or license information. So if you are in trouble, contact them for their lines of code.<\/p>\n<p>This documentation and the merging of all patches was done by us. So we have some copyright after all. Where it applies, the license is either the <a class=\"textlink\" title=\"http:\/\/www.gnu.org\/licenses\/gpl.html - opens in a new window for some browsers\" href=\"http:\/\/www.gnu.org\/licenses\/gpl.html\" target=\"_blank\" rel=\"ext\">GNU GPL<\/a> or the <a class=\"textlink\" title=\"http:\/\/www.gnu.org\/licenses\/fdl.html - opens in a new window for some browsers\" href=\"http:\/\/www.gnu.org\/licenses\/fdl.html\" target=\"_blank\" rel=\"ext\">GNU FDL<\/a>, whichever fits better.<\/p>\n<p>THE PATCH IS PROVIDED &#8220;AS IS&#8221;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE PATCH OR THE USE OR OTHER DEALINGS IN THE PATCH.<\/p>\n<p><a href=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/#top\"><img loading=\"lazy\" decoding=\"async\" class=\"gotop\" title=\"top\" src=\"http:\/\/alex.zeitform.de\/qmail\/toaster\/images\/top.png\" alt=\"top\" width=\"32\" height=\"10\" \/><\/a><\/p>\n<h2 id=\"q-reference\">REFERENCES AND CREDITS<\/h2>\n<p>The <em>zeitform qmail toaster<\/em> uses the patches, code or advice from a variety of people (in alphabetical order). The original patches are given as reference where it is possible.<\/p>\n<ul>\n<li>Matthias Andree: <a href=\"http:\/\/www-dt.e-technik.uni-dortmund.de\/~ma\/qmail\/patch-qmail-1.03-rfc2821.diff\" target=\"_blank\" rel=\"ext\">rfc2821<\/a><\/li>\n<li>Nagy Balazs: <a href=\"http:\/\/js.hu\/package\/qmail\/qmail-1.03-mfcheck.4.patch\" target=\"_blank\" rel=\"ext\">mfcheck<\/a><\/li>\n<li>Evan Borgstrom: <a href=\"http:\/\/www.unixpimps.org\/software\/qregex\/\" target=\"_blank\" rel=\"ext\">qregex<\/a><\/li>\n<li>James Craig Burley: <a href=\"http:\/\/www.jcb-sc.com\/qmail\/patches\/qmail-isoc.patch\" target=\"_blank\" rel=\"ext\">isoc<\/a><\/li>\n<li>Tom Clegg: <a href=\"http:\/\/tomclegg.net\/qmail\/qmail-capa-pop3d.patch\" target=\"_blank\" rel=\"ext\">pop3d-capa<\/a><\/li>\n<li>Christopher K. Davis: <a href=\"http:\/\/www.ckdhr.com\/ckd\/qmail-103.patch\" target=\"_blank\" rel=\"ext\">oversizedns<\/a><\/li>\n<li>Frank Denis: <a href=\"http:\/\/www.jedi.claranet.fr\/qmail-tuning.html\" target=\"_blank\" rel=\"ext\">link-sync<\/a><\/li>\n<li>Phil Edwards: <a href=\"http:\/\/memoryhole.net\/qmail\/glibc-2.3.x.patch\" target=\"_blank\" rel=\"ext\">errno<\/a><\/li>\n<li>Scott Gifford: <a href=\"http:\/\/www.suspectclass.com\/~sgifford\/qmail\/qmail-0.0.0.0.patch\" target=\"_blank\" rel=\"ext\">0.0.0.0<\/a><\/li>\n<li>Bruce Guenter: <a href=\"http:\/\/www.qmail.org\/qmailqueue-patch\" target=\"_blank\" rel=\"ext\">qmailqueue<\/a><\/li>\n<li>Will Harris: <a href=\"http:\/\/will.harris.ch\/qmail-smtpd.c.diff\" target=\"_blank\" rel=\"ext\">size<\/a><\/li>\n<li>Erwin Hoffmann: <a href=\"http:\/\/www.fehcom.de\/qmail\/smtpauth.html\" target=\"_blank\" rel=\"ext\">smtp-auth<\/a>, <a href=\"http:\/\/www.ornl.gov\/cts\/archives\/mailing-lists\/qmail\/2003\/07\/msg00880.html\" target=\"_blank\" rel=\"ext\">size-bugfix<\/a><\/li>\n<li>Andrew St. Jean: <a href=\"http:\/\/www.arda.homeunix.net\/store\/qmail\/\" target=\"_blank\" rel=\"ext\">qregex (update)<\/a><\/li>\n<li>Chris Johnson: <a href=\"http:\/\/www.palomine.net\/qmail\/tarpit.html\" target=\"_blank\" rel=\"ext\">tarpit<\/a><\/li>\n<li>Vladimir Kabanov: valuable advice<\/li>\n<li>Dwayne Koonce: <a href=\"http:\/\/alex.zeitform.de\/qmail\/qmail_single_patches\/qmail-pop3d-stat.tls.patch\" target=\"_blank\" rel=\"ext\">pop3d-stat<\/a><\/li>\n<li>Antonio Nati: <a href=\"http:\/\/www.interazioni.it\/qmail\/\" target=\"_blank\" rel=\"ext\">chkusr<\/a><\/li>\n<li>David Phillips: <a href=\"http:\/\/david.acz.org\/software\/sendmail-flagf.patch\" target=\"_blank\" rel=\"ext\">sendmail-flagf<\/a><\/li>\n<li>Alex Pleiner: <a href=\"http:\/\/alex.zeitform.de\/qmail\/qmail-popup-auth_cram_md5\/\" target=\"_blank\" rel=\"ext\">popup_cram-md5<\/a><\/li>\n<li>Dave Sill: <a href=\"http:\/\/www.lifewithqmail.org\/\" target=\"_blank\" rel=\"ext\">Life with qmail<\/a><\/li>\n<li>Bill Shupp: <a href=\"http:\/\/shupp.org\/patches\/qmail-maildir++.patch\" target=\"_blank\" rel=\"ext\">maildir++<\/a><\/li>\n<li>Erik Sjoelund: <a href=\"http:\/\/memoryhole.net\/qmail\/bugfix.qmail-local.patch\" target=\"_blank\" rel=\"ext\">qmail-local-fix<\/a><\/li>\n<li>Frederik Vereulen: <a href=\"http:\/\/inoa.net\/qmail-tls\/\" target=\"_blank\" rel=\"ext\">tls<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>qmail is a secure, reliable, efficient and simple MTA written by Dan J. Bernstein. It has been security bug free since 1998 and is freely available.<\/p>\n<p>But vanilla qmail does not support security mechanisms like SMTP authentication or support for SSL\/TLS. While it supports RBL via tcpserver, it has no Anti-Spam-Features like checking the Envelope-From [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3560"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3560"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3560\/revisions"}],"predecessor-version":[{"id":3561,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3560\/revisions\/3561"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}