Kaare Rasmussen | 2 Oct 12:48 2014

/usr/bin/env perl


I use perlbrew and therefore change the first line of e.g. 
qpsmtpd-forkserver to /usr/bin/env perl. It has possibly been discussed 
before (?) but are there anything that prevents this to go into the repo?

Kaare Rasmussen | 24 Sep 12:48 2014

Re: Config advice

Hi Matt

Thanks for your reply, I really appreciate that.
> Against, standard behavior is to accept authenticated local users on port 587.

I only have 25 to play with (without having to do a lot of reshuffling, 
which I hope to avoid). But I guess that shoud be OK - it's been working 
with qpsmtpd-0.40 for years.

When I try with swaks, it just works:

swaks -t -tls -p 25 --server smtp.host.tld -f kaare <at> host.tld -t 
kaare <at> another.place  -ao --auth-user=kaare <at> host.tld

It authenticates and the message reaches the destination. But with 
Thunderbird I get

23000 Accepted connection 0/15 from / 
23000 Connection from PO4-0.155M.rc00-alb.aplus.dk []
23000 (connect) ident::geoip: DK
23000 (connect) fcrdns: fail, no PTR hosts have forward DNS
23000 (connect) earlytalker: pass, not spontaneous
23000 (connect) relay: skip, no match
23000 (connect) dnsbl: fail, NAUGHTY, zen.spamhaus.org
23000 220 li757-176 ESMTP qpsmtpd 0.93/v0.93 ready; send us your mail, 
but not your spam.
23000 dispatching EHLO sender.domain.tlf
23000 (ehlo) helo: fail, no forward or reverse DNS match
23000 (ehlo) helo: fail, tolerated, no matching DNS
(Continue reading)

Kaare Rasmussen | 23 Sep 23:24 2014

Config advice


I haven't touched my qpsmtpd setup for years, but I'm moving it and want 
to upgrade now. So I seek advice for how to setup the current qpsmtpd.
What I want:

qpsmtpd receives all mail to my domains.
the local users will use qpsmtpd as a smtp server.

This means that the local users will log in with some flavor of auth, 
probably vpopmail_sql. Currently I use flat_file for testing.

So far so good. It's the further processing where I'm in doubt. Mail 
from outside mustn't be relayed, whereas my users of course have to send 
to other hosts. Also, spam checking should only be for incoming mail, 
not for my users.

In my existing setup I forward to postfix on another port. Not sure if 
that is necessary or desirable any longer. I see there is a 
postfix-queue plugin. It fails with permission errors when I try it, and 
I want to check here before I spend too much time going in the wrong 

David Favor | 17 Jul 16:18 2014

qpsmtpd-async weird ParaDNS lookup problem

I've been running qpsmtpd-async for years on all sorts of servers.

Likely I have something in DNS setup slightly wrong on a new server
I'm setting up + what's wrong escapes me.

The symptom is qpsmtpd-async hanging forever in the HELO sequence.

Both forkserver + prefork work fine + async works so much better,
I'd like to resolve this problem.

Here's an example of the problem...

Listen child making a Qpsmtpd::PollServer for 7.
11869 in config(plugins)
11869 config(plugins) returning (resolve_sender_host dont_require_anglebrackets rcpt_simple
test <at> newswire.net chris <at> newswire.net doug <at> newswire.net support <at> newswire.net accounting <at> newswire.net
sales <at> newswire.net debrown <at> newswire.net maildir /cluster/clients/ivan-budimir
%d/users/%l/Maildir) from cache
DNS failure looking for after 0 secs (looked for 1, got 0)
11869 (connect) running plugin: resolve_sender_host
11869 (connect) resolve_sender_host: DEBUG: ip= host=localhost domain=localhost
11869 Plugin resolve_sender_host, hook connect returned DECLINED,
11869 in config(smtpgreeting)
11869 config(smtpgreeting) returning (Ready!) from cache

Notice this line emitted from ParaDNS...

    DNS failure looking for after 0 secs (looked for 1, got 0)

Bind looks good...
(Continue reading)

Devin Carraway | 6 Jun 09:27 2014

[patch] Expand tls plugin docs concerning certificate chains

Perhaps counterintuitively, IO::Socket:SSL expects that multi-step SSL
cert chains must have the intermediate certs in the SSL_cert_file
path and not the SSL_ca_file path.  Add documentation on this point,
and a way of verifying cert configuration since most MTAs won't be
at all helpful in diagnosing SSL verification errors.


Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 4096R/9197B5F9: 9C64 37CD 1B7B 029D 0933  49EA 1E52 7672 9197 B5F9
Daniel Hauck | 31 May 01:00 2014

Re: sending from other address

Hey Matt,

thanks ;)

I changed the sql statement in the auth/auth_vpopmail_sql plugin.

But I thought that there is a cleaner way to do this ;)

On 31.05.2014 00:54, Matt Simerson wrote:
> Try it and see. :)
> Matt
> On May 30, 2014, at 3:51 PM, Daniel Hauck <daniel <at> hauck.it> wrote:
>> Hey guys,
>> has qpsmtpd the ability that I can login as foo <at> mail.de and
>> send as bar <at> mail.de?
>> I authenticate against vpopmail.
>> Is there a built-in function or a hack for this?
>> Thanks a lot :)
>> Best regards,
>> Daniel

(Continue reading)

Daniel Hauck | 31 May 00:51 2014

sending from other address

Hey guys,

has qpsmtpd the ability that I can login as foo <at> mail.de and
send as bar <at> mail.de?

I authenticate against vpopmail.

Is there a built-in function or a hack for this?

Thanks a lot :)

Best regards,

Jared Johnson | 27 May 06:19 2014

Seeking senior perl dev with QP experience

Hi all,

My employer (eFolder, Inc - www.efolder.net) is seeking a senior Perl 
developer to join our team working on our email security software.  I 
respect a lot of the regulars on this list, and our software is built 
with qpsmtpd, so I'm hoping some among you might be available and 
interested in the position.  If so, you can find further details here:


Just a quick plug, this is a 100% telecommute position with amazing 
benefits, and in my personal experience, eFolder is the best employer 
I've ever worked for.  Feel free to contact me directly with informal 
questions about the position, I would be working alongside whoever fills 
this role.

Thanks for reading!


Charlie Brady | 28 Apr 20:02 2014

Re: Yahoo's DMARC debacle (fwd)

On Mon, 28 Apr 2014, Matt Simerson wrote:

> On Apr 28, 2014, at 10:57 AM, Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au> wrote:
> > I'm guessing that Matt didn't intend this information to be private to me.
> Correct, but perl.org is rejecting all messages from domains with DMARC 
> p=reject policies, which includes mine, yahoo.com, and aol.com.

What a fine club you have elected yourself into! :-)

> Matt
> > ---------- Forwarded message ----------
> > Date: Mon, 28 Apr 2014 09:45:55 -0700
> > From: Matt Simerson <matt <at> tnpi.net>
> > To: Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au>
> > Subject: Re: Yahoo's DMARC debacle
> > 
> > 
> > On Apr 28, 2014, at 6:13 AM, Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au> wrote:
> > 
> >> On Sun, 27 Apr 2014, Matt Simerson wrote:
> >> 
> >>>> and are dealing with the fallout.
> >>> 
> >>> I dealt with the "fallout" on my mailing lists in May of 2013:
(Continue reading)

Charlie Brady | 28 Apr 20:00 2014

Re: Yahoo's DMARC debacle

On Mon, 28 Apr 2014, Matt Simerson wrote:

> > So either DKIM isn't relevant, or something else in my 
> > qpsmtpd/qmail/ezmlm-idx chain is breaking DKIM. Any suggestions?
> If ezmlm isn't adding a list prefix or message trailers, then it's 
> unlikely that ezmlm is breaking the messages DKIM signatures.
> Are you using any QP plugins that alter list messages?

Not specifically, and not as far as I know.

>  (The addition of X-* and Received headers are generally DKIM agnostic). 
> Altering any message header specifically listed in the DKIM-Signature h 
> property, or the altering the message body (attachment stripping, 
> charset conversion, etc.) are the types of changes that are likely to 
> invalidate a DKIM signature.

ezmlm is quite likely to be stripping attachments.

> The way to test is create yourself a new list and subscribe to it from a 
> gmail or yahoo address. Then send messages to the list and check their 
> headers when they return to your freemail account. Gmail will filter 
> them to the Junk folder if they fail SPF or DMARC tests.

Thanks. I'll do that, then send an invoice for my time to yahoo. :-)

> Matt
(Continue reading)

Charlie Brady | 28 Apr 15:20 2014

Re: Yahoo's DMARC debacle

On Sun, 27 Apr 2014, Matt Simerson wrote:

> If you're operating a mailing list, you have 3 choices:
>    1. Don't break DKIM
>    2. If you insist upon breaking DKIM by adding subject prefixes and message trailers, take ownership of the
message by changing the From address to your own domain.
>    3. Alter the From address and add the original senders address to the Reply-To header.

So my question remains, does anyone have working qpsmtpd plugins for doing 
such transformation on mailing list messages?