Skip to content

indimail-mta 3.0.3
Compare
Choose a tag to compare
@mbhangui mbhangui released this 23 Apr 12:39
v3.0.3
940a162
This commit was signed with the committer’s verified signature.
mbhangui Manvendra Bhangui
GPG key ID: C7CBC760014D250C
Verified
Learn about vigilant mode.

Date: Sun Apr 23 2023 17:51:54 +0000

DNF / YUM / APT / Arch Binary Downloads

Open Build Service Binary Download

Docker / Podman Containers

indimail-mta

Release Highlights

daemontools

  • terminate all childs if TERMINATE_SESSION is set
  • set process group of child when SETGPID is set
  • set sticky bit on run file to run in subreaper mode
    indimail-mta
  • ability to set environment variables usig dkimkeys and facilitate multi-signature generation (RSA/ED25519)
  • Many new mrtg graphs added
    ucspi-tcp
  • ability to pass username or uid in -u option in tcpserver
  • ability to pass multiple groups to -g in tcpserver
    **libdkim
  • ability to alter Hash Method after DKIMSignInit

What's Changed

  • added DKIMSignReplaceHash to alter Hash method by @mbhangui in #43
  • Add privilege qcert for accessing certificates by qmaild, qmailr by @mbhangui in #44

Full Changelog: v3.0.2...v3.0.3

ChangeLog

daemontools

  • 20/02/2023
  1. setuidgid.c: moved set_additional_groups function to libqmail
  • 04/03/2023
  1. run_init.c: return -1 for name too long
  2. supervise.c: disable using /run if DISABLE_RUN env variable is set
  3. svok.c, svc.c, svstat.c: check for supervise/ok in original service dir before run filesystem
  4. svscan.c: unset use_run if /run, /var/run is missing
  5. svscan.c: skip directories starting with .
  6. supervise.c: cleanup supervise directory in service directory when using run fs
  • 05/03/2023
  1. svscan.c: use TERMINATE_SESSION to terminate all children when running as session leader
  2. supervise.c: added exiting informational message
  3. svscan.c: check for dup2 errors.
  • 06/03/2023
  1. supervise.c: fix termination by svc in subreaper mode
  2. supervise.c: handle SIGTERM to exit and terminate child
  3. supervise.c: set Process Group ID of child when SETPGID env variable is set
  • 07/03/2023
  1. supervise.c: check for sticky bit on run on every restart
  • 13/03/2023
  1. svps: added -t, --term option
  2. installer.c: changed string warning: to warn:
  3. qmailctl: supress echo when not running on terminal
  • 21/03/2023
  1. svc: display system error for error opening supervise/control
  • 31/03/2023
  1. setuidgid.c: fixed illegal free
  • 02/04/2023
  1. supervise.c: pass the directory as the last arugment to ./run, ./shutdown, ./alert scripts.
  • 03/04/2023
  1. qmailctl: use portable test -t to test for tty
  • 22/04/2023
  1. supervise.c: ignore wait if service for which supervise should wait does
    not exist.

** indimail-mta**

  • 01/02/2023
  1. qmail-dkim.c, getDomainToken.c: use dkimkeys to set env variables. Can be used to facilitate rsa/ed25519 multi-signature generation
  2. qmail-dkim.c: use DKIMSignReplaceHash() to change signature encryption method
  • 04/02/2023
  1. dk-filter.sh: refactored for multi-signature generation
  • 05/02/2023
  1. dknewkey.sh: made key type case insensitive
  2. dknewkey.sh: removed newlines from public key records
  3. dknewkey.sh: added -e, --enforce option to disable testing mode for dkim key
  • 07/02/2023
  1. qmail-qread.c: BUG: Fixed SIGSEGV
  2. qmail-qread.c: skip dynamic queue if DYNAMIC_QUEUE is not set
  • 08/02/2023
  1. qmail-qread.c: auto determine dynamic queue using /dev/shm/qscheduler
  2. qscheduler.c: merged sigterm, die() functions
  3. getqueue.c: include stdint.h for uint32_t definition
  4. qmail-smtpd.c, qmail-qread.c, nowutc.c: fixed format string for subprintf
  5. hasstdarg.h: fixed HAVE_STDARG_H define
  6. qmail.h: added perm_error, temp_error macro to evaluate perm/temp errors
  7. qmail.c: use perm_error/temp_error from qmail.h to evaluate perm/temp error
  • 11/02/2023
  1. dknewkey.sh: generate ed25519 public key without ASN.1 structure (skip first 12 bytes)
  • 12/02/2023
  1. qmail-dkim.c: replaced exit code 70 with QQ_PID_FILE
  2. cdbget.c: added -n option for searching cdb created by cdb-database
  3. qmail-newu.c, cdb-database.c: refactored code
  4. dk-filter.sh, qmail-dkim.c: use VERBOSE variable to turn on debug for signature verification status on fd 2
  • 13/02/2023
  1. removed yahoo domainkeys
  • 14/02/2023
  1. cleanq.c, qhpsi.c, qscanq.c: renamed auto_uidc, auto_gidc to auto_uidv, auto_gidv
  2. dknewkey.sh: use qcerts group for certificate group permission
  3. get_uid.c: added qcerts group ID for certificate group permissionA
  4. get_uid.c: renamed auto_uidv, auto_gidv to auto_uidi, auto_gidi
  5. get_uid.c: added auto_gidc for qcerts group ID
  6. indimail-mta.spec: added group ID qcerts for certificate group permissions.
  7. perm_list.in: updated group ownership of certs, domainkeys directory to qcerts
  8. qlocal_upgrade.in: add group ID qcerts
  9. qlocal_upgrade.in: updated group id of certs to qcerts
  10. qlocal_upgrade.in: added qcerts as supplementary group for qmaild, qmailr and apache
  11. qmail-poppass.c, sql-database.c: renamed auto_uidv to auto_uidi, auto_gidv to auto_gidi
  12. qmail-showctl.c: renamed auto_uidv to auto_uidi, auto_uidc to auto_uidv, auto_gidv to auto_gidi
  13. qmail-showctl.c: added auto_uidc for qcerts group ID
  14. qmail-sql.c: renamed auto_uidv, auto_gidv to auto_uidi, auto_gidi
  15. smtpd.c: fix dossl function - return on error
  16. svctool.in: use tcpserver -u qmaild for running qmail-smtpd for qcerts supplememtary group
  17. svctool.in: create qcerts group ID and added qcerts as supplementary group for qmailr, qmaild, apache
  18. svctool.in: create certs with root:qcerts owner:group
  19. update_tmprsadh: create rsa/dh parameter files with root:qcerts owner:group
  20. create_services.in, svctool.in, indimail-mta.spec.in, debian/indimail-mta.postinst.in: added --setgroups to set USE_SETGROUPS env variable for qmail-start
  • 15/02/2023
  1. svctool.in: run indisrvr with additional qcert group ID privilege
  • 17/02/2023
  1. smtpd.c: reworded smtp errors
  2. smtpd.c: handle error code from commands() function
  3. qmail-dkim.c: added env variable NODKIMKEYS to disable reading of dkimkeys control file
  4. qmail-dkim.c: disable dkimkeys when doing DKIMSIGNEXTRA
  5. dk-filter.sh: set environment variables set in dkimkeys control file
  • 18/02/2023
  1. sys-checkpwd.c: replaced strerr_warn with subprintf
  • 19/02/2023
  1. dk-filter.sh: added unset variables feature of dkimkeys, for var=val when val is not set
  • 20/02/2023
  1. smtpd.c: use plaintxtread for ssl connection to avoid abnormal exit during smtp auth
  2. svctool.in: run qmail-smtpd with qmail group privilege to access control/host.mysql
  • 03/03/2023
  1. svctool.in: fixed libindimail control file generation
  2. svctool.in: fixed nooverwrite for qmail-send, slowq-send service
  3. create_services.in: run svctool only when running as uid 0
  • 07/03/2023
  1. svctool.in: added --certdir option to override default certificate location when generating new certs
  • 08/03/2023
  1. srsfilter.c: discard double, triple bounces
  2. qmta-send, slowq-send: Fixed makefile to enable SRS
  3. qmta-send.c, slowq-send.c: fixed but with handling SRS address
  • 09/03/2023
  1. svctool.in: skip creation of .qmail aliases when --postmaster is not specified
  2. smtpd.c: fixed error "Non-existing DNS_MX: MAIL" for invalid batv signatures
  • 10/03/2023
  1. qmail-remote.c: skip smtp_auth function if remote doesn't support authenticated smtp
  2. svctool.in: run imapd, pop3d with additional qcert group privilege for certificate access
  • 11/03/2023
  1. smtpd.c: set SHUTDOWN env variable as an empty string for ODMR when childprog is not provided
  2. qmail-remote.c: display protocol as SMTPS when using TLS
  3. create_services.in, indimail-mta.spec, debian/indimail-mta.postinst.in: use --forceauthsmtp, --starttls options for odmr service on port 366
  4. svctool.in: Fixed setting AUTH variables (REQUIREAUTH, AUTHMODULES) for ODMR service
  • 12/03/2023
  1. qmail-smtpd.c: change cwd using SYSCONFDIR env variable
  2. qmail-cdb.c: allow workdir to be overriden by SYSCONFDIR, CONTROLDIR env variables
  3. test-recipients.c: use env variable SYSCONFDIR to override /etc/indimail for user/recipients
  4. recipients.c: refactored recipients extension
  5. recipients.c: fixed bug with string comparisions
  • 13/03/2023
  1. dknewkey.sh: use fold command to split public key string
  • 17/03/2023
  1. svctool.in: fixed using sysconfdir for indimail.cnf
  • 20/03/2023
  1. dknewkey.sh: new split_str function REF: sagredo.edu comment2961
  2. svctool: removed field mailing_list from vfilter table
  3. svctool: updated logging options for mysqld service
  4. svctool: create logrotate.mysql for rotating mysqld logs in cron
  5. svctool: use sysconfdir variable for indimail.cnf
  • 21/03/2023
  1. svctool: new function do_exit to premature exit normally
  • 26/03/2023
  1. autoresponder.c, doc/ChangeLog, qmail-qfilter.c, serialcmd.c, sslerator.c, sys-checkpwd.c: fixed code for wait_handler
  • 28/03/2023
  1. qmail.c: replaced few left-over exit codes with constants from qmail.h
  2. qmail.c: new feature: QMAILQUEUE with one or more arguments
  3. qmulti.c: queue program can be specified on command line
  4. svctool.in: use qmail-dkim qmail-spamfilter chain in QMAILQUEUE
  5. svctool.in: override bogofilter.cf path with --sysconfdir
  • 29/03/2023
  1. qlocal_upgrade.in: upgrade qmail-send, slowq-send service to use --setgroups
  • 30/03/2023
  1. smtpd.c: replaced SSL_shutdown(), SSL_free() with ssl_free() to fix SIGSEGV in qmail/tls.c
  2. debian/rules: fixed typo qlocal_upgrade, qupgrade script names
  3. svctool: fixes for mariadb ssl setup (permissions)
  4. svctool: fix libindimail path on debian
  • 01/04/2023
  1. indimail_stub.c: refactored getlibObject() function
  • 04/04/2023
  1. svctool: updated mrtg graphs
  • 05/04/2023
  1. svctool: added --config=snmpdconf for creating /etc/indimail/snmpd.conf
  • 06/04/2023
  1. svctool: added command to create /etc/indimail/snmpd.conf
  2. indimail-mta.spec: added /etc/indimail/favicon.base64 image for mrtg graphs
  3. svctool: --mrtg command - added favicon.png to mailmrtg/index.html
  • 08/04/2023
  1. svctool: added mrtg graphs for inlookup queries
  • 09/04/2023
  1. svctool: added mrtg graphs for inlookup cache hits and dnscache
  2. svctool: added mrtg graphs for qmta-send
  • 16/04/2023
  1. svctool: fixed /var/indimail/mysqldb/ssl group permissions
  • 17/04/2023
    100.svctool: added set_mysql_ssl_permission function
  • 21/04/2023
    101.svctool: set permissions for supervise/control for qscanq, inlookup service
    102.svctool: reduce wait time for mysql service for pwdlookup, inlookup service
    103.svctool: set client-key permission to 640 for mariadb
  • 23/04/2023
    104.svctool: pass username and password argument for mysqldb creation
    105.svctool: added qmail group to imap/pop3 run scripts for write access to tcp directory

libdkim

  • 01/02/2023
  1. new function DKIMSignReplaceHash to alter current Hash method
  • 04/02/2023
  1. dkim.cpp: Generate dkim-signature for each -s option passed on command line
  2. dkimverify.cpp: return actual signature error in ProcessHeaders instead of "no valid sigs"
  • 11/02/2023
  1. dkim.cpp: added dkim_error_str function to return DKIM error
  2. dkim.h: added DKIM_EVP_SIGN_FAILURE, DKIM_EVP_DIGEST_FAILURE definitions for EVP signing and digest failures
  3. dkimsign.cpp: check for EVP sign and digest failures
  4. dkimsign.cpp: fixed a= tag to "ed25519-sha256"
  5. dkimverify.cpp: fixed verification of ed25519 signature without ASN.1 structure
  • 12/02/2023
  1. dkimverify.cpp: fixed multi-signature verfication (rsa+ed25519)
  • 19/02/2023
  1. dkim.cpp: fixed usage strings
  • 18/03/2023
  1. dkimverify.cpp: Fixed SIGSEGV with missing k= tag in DKIM txt record
  • 28/03/2023
  1. dkimverify.cpp: use error routine only for EVP functions failure
  • 06/04/2023
  1. dkimsign.cpp: fixed compiler warning of use of uninitialized variable

ucspi-tcp

  • 13/02/2023
  1. dotls.c, tcpserver.c: added error message for tls_init failure
  2. tcpclient.c: added error message for tls_init, tls_session failures
  3. tcpserver.c: allow both user and uid to be passed to -u option. passing user enables setting of supplementary groups
  • 20/02/2023
  1. tcpserver.c: add additional groups as a comma separated groups to -g
  • 08/03/2023
  1. tcpclient.c: refactored wait handling
  • 01/04/2023
  1. load_mysql.c: refactored getlibObject() function
  • 08/04/2023
  1. tcpserver.c: fixed status not getting printed

Contributors

mbhangui
Assets 2
Loading
0 Join discussion