Patched the attached qmail ebuild, if USE="ssl", qmail will build with tls.
Created attachment 1036 [details, diff] patch for qmail-1.03-r7.ebuild to enable tls if use="ssl"
I'm going to return this since I can't test it. Surely we have somebody who uses qmail?
I'm not a qmail user, so I can't really test it. Someone else can work on integrating this. If we can't find someone to test qmail we should just get rid of it.
was pretty sure I'd given this to someone who uses and understands qmail better than I do.... If it's left to me, I'll remove it from the tree entirely.
We will NOT abandon qmail. :-) hans: Can you confirm that this still works after the inclusion of qmail-queue.patch? woodchip: a) is this the patch you were talking about? b) do you have time/ability to test it? this patch is non-intrusive, right? (meaning, you have to configure something to make it work and it doesn't change the default behaviour) regards Thilo
*** Bug 3405 has been marked as a duplicate of this bug. ***
Thilo, Nope, I was using an auth patch: http://members.elysium.pl/brush/qmail-smtpd-auth/ Which I needed for *outgoing* auth, but also works for incoming auth as well. This patch *is* intrusive, in that if you apply it (without editing the source of course..) then your qmail wants to use auth for incoming mail; which may or may not be what some users want. It serves my purposes well; though I haven't tested it with a qmail-queue patched qmail. Ahh qmail, such fun.
The qmail-smtp patch allows qmail to authenticate SMTP connections. I'm not sure whether this is straying from the topic of /this/ bug report; should we file another requesting inclusion of the qmail-smtp auth patch? QMail's out-of-the-box behavior is to disallow all relaying of email, AFAIK. Users must specifically enable hosts which it will relay email for, with RELAYCLIENT. Either that, or remove the rcpthosts file, and relay email for everybody in the world, including spammers. I use the qmail-smtp auth patch as well; Thilo, do you know if it changes the behavior of RELAYCLIENT? If not, then this patch is minimally intrusive. If this is still too intrusive, then can we provide a qmail-secure-relay ebuild? I'll throw it together -- but I'm not sure how best to do it. Should I create a new package, or is there a way of specifying a "branch" ebuild? I'd like to know that when I do 'ebuild -u world', I'm not suddenly going to start rejecting smtp relay connections from valid users.
my earlier comment made no sense -- n/m. i have to use my own qmail ebuild, because the portage one is too lacking. i have an ebuild here patched with ESTMP protocol support (patched qmail-smtpd) and AUTH LOGIN support (patched qmail-remote) and also the qmail-smtpd-requireauth patch (nice improvement to the qmail-smtpd-auth patch). these three would make decent additions to the package. if theres a better patch than the one im using for the qmail-remote side, id like to use it instead because this one only does AUTH LOGIN. plus added programs queue-fix, qmail-qfilter, qmHandle, qmail-remove. maybe ill put it on my webspace and get opinions, would make a huge improvement over our current offering. sadly i havent tested the whole ball of wax with tls in the mix either. ldap and tls would be quite nice, although i hear yuo cant mix both patches yet. might as well turn this into the next-generation-qmail-ebuild-wishlist :P
qmail-1.03-r9 has been added to portage. It is currently masked. Please test the tls+smtp-auth patch and let me know if things work properly for you. Also since this is the qmail wishlist bug, please go over this new ebuild and let me know if there is any other support you would like compiled in.
After emerging qmail-1.03-r9.ebuild, I cannot do SMTP anymore: Log in /service/qmail-smtpd/log/main after a 'telnet localhost 25': @400000003d90abeb3ac25db4 tcpserver: status: 1/40 @400000003d90abeb3ac93b84 tcpserver: pid 31581 from 127.0.0.1 @400000003d90abeb3ad126dc tcpserver: ok 31581 localhost:127.0.0.1:25 :127.0.0.1::45833 @400000003d90abeb3b03f6ac /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory @400000003d90abeb3b0974ec tcpserver: end 31581 status 32512 @400000003d90abeb3b0980a4 tcpserver: status: 0/40
Solved the problem with the following message: /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory Just need to increase the softlimit on the memory for qmail-smtpd in /var/qmail/supervise/qmail-smtpd/run: SSL eats your memory... Use /usr/bin/softlimit -m 20000000 instead of /usr/bin/softlimit -m 2000000
Are there any other open issues with this build? Does everything work as expected?
did not test, but the ebuild looks good and close my wishes.
Can I get somebody to verify that ssl support works on this new build? :)
Is it possible to use that patch to connect to an SMTP server only allowing tls WITH authentification ? I want my qmail to be able to send messages to that server. If not possible, what should I use ?
This patch adds TLS support, yes.
I would like to unmask qmail-1.03-r9... If somebody can give me a verified working report I will unmask it. I have tested the ebuild personally but I'd like to get further verification. The ebuild adds ldap support, the latest ssl patches, and an important fix for running an ssl enabled ucspi-tcp and qmail.
I've got 5 people watching this bug... anybody have any problems with qmail- 1.03-r9??? any success???
I'm not using it, since setting it up did not really work for me (the way I wanted with SSL and TLS for both incoming and outgoing and strong auth).
i've been working on trying to get this latest ebuild up and running, and have been having many problems, although i cant really seem to find anybody else who's tested it to see if it's just me or if the ebuild is faulty. i've sort of been logging my work in this thread here: http://forums.gentoo.org/viewtopic.php?t=24525 if i can help in some way, i'd be happy to, although i have very little experience with ebuilds, but let me know if there's something i can do.
TLS and SMTP AUTH support have been given an overhaul in qmail-1.03-r10. Please test this new ebuild and let me know if you have better luck with SMTP AUTH and such...
please test -r10
db fix
Nick: qmail-1.03-r10 works great here.