Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 44211 - mail-mta/netqmail Set RELAYCLIENT after smtp-auth
Summary: mail-mta/netqmail Set RELAYCLIENT after smtp-auth
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Rolf Eike Beer
Depends on:
Reported: 2004-03-09 20:39 UTC by Michael Moen
Modified: 2020-11-08 16:06 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Moen 2004-03-09 20:39:55 UTC
To avoid running SpamAssassin on outgoing mail when using qmail-scanner you can add the qmail-auth-qmailqueue.patch. This patch can be found here and the readme is here

Reproducible: Always
Steps to Reproduce:

I tested with the following patch, the build was successful and the desired
results were achieved (no SpamAssassin scan on outgoing smtp-atuh mail).

*** ./qmail-1.03-r13.ebuild     Sat Feb 28 15:31:01 2004
--- /usr/local/portage/net-mail/qmail/qmail-1.03-r13.ebuild     Tue Mar  9
20:09:44 2004
*** 89,94 ****
--- 89,97 ----
        EPATCH_SINGLE_MSG="Adding support for oversize DNS" \
        epatch ${DISTDIR}/qmail-103.patch
+       # Add qmail-auth-qmailqueue patch to disable SpamAssassin for authed users
+       epatch ${FILESDIR}/${PV}-${PR}/qmail-auth-qmailqueue.patch
        # Fix for tabs in .qmail bug noted at
        # gentoo bug #24293
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-09 23:31:37 UTC
please test it with the latest qmail ebuilds as well.
Comment 2 Michael Moen 2004-03-10 19:17:15 UTC
I am unable to test this, qmail-1.03-r14.ebuild and qmail-1.03-r15.ebuild are both
 currrently unstable, with both ebuilds the qmail-smptd service dies every 30 
seconds even before applying the auth-relayclient patch.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-10 21:29:38 UTC
could you please provide details on it dying every 30 seconds. unless I missed a bug (quite possible, as I'm very busy with school lately), I haven't heard of this before.
Comment 4 Michael Moen 2004-03-10 22:41:44 UTC
I wonder how many people are going out of their way to install a masked version
 of qmail, considering that other than 3rd party patches it hasn't changed much.

Here is what is in /var/log/qmail/qmail-smtpd/current

@40000000404fd6d11ede6994 Error in logging setup!
@40000000404fd6d11ede6d7c No CDB file found ()
@40000000404fd6d11ede7164 Some error detected, sleeping for 30 seconds for safety
@40000000404fd6d11ede754c SERVICE(smtp), QMAILDUID(201), NOFILESGID(200) or QMAILLUID() is unset in ./run

Works fine with r13, but r14 and r15 both cause this. Not sure if it's my config or a package issue (maybe the setup is different after r14), but the box goes into production on Friday so I don't have a lot of time to play with it.
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-10 23:28:12 UTC
my rough statistics (based on how many people have downloaded some of the patches directly), put stable qmail users at 500+ and unstable qmail users at 250+ (scale this by a factor of 6-10x at least for those that use mirrors i'd guess).

seeing that output, it's quite simple.
1. after the emerge of the unstable qmail, make sure you do etc-update and update the config files. the new config files are _required_.
2. read the emerge output! the tcprules cdb files moved to /etc/tcprules.d/

-r14 is lots of bugfixes, new features (and a rewrote of several of the gentoo qmail scripts, like the ssl stuff, to go with some of the new gentoo qmail howtos around). 
-r15 adds the tcprules changes to -r14.
Comment 6 Michael Moen 2004-03-10 23:52:06 UTC
I saw that the files were moved to /etc/tcprules.d and they do exist.

I ran etc-update and here is the output.

Scanning Configuration files...
Automerging trivial changes in: conf-qmqpd
Automerging trivial changes in: conf-qmtpd
Exiting: Nothing left to do; exiting. :)

My system appears to be in a funky state? Which config files do I need to look at for the required changes?
Comment 7 Michael Moen 2004-03-11 00:39:01 UTC
Disregard that last post... I found it in conf-common, not sure why it didn't merge... it appears to be working.

OK, well it runs but it no longer understands SMTP-AUTH. I even tried moving my /var/qmail/control out of the way and re-emerging the r15 package, no luck. I also checked conf-smtpd, everything appears to be in order. Unless I find a resolution by tomorrow at this time I'm going to have to stick with r13 as it works.
Comment 8 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-11 00:53:19 UTC
one of the changes in -r14, is to default to requiring STARTTLS before SMTP AUTH is allowed. Set USE=notlsbeforeauth to disable this behavior and always allow SMTP AUTH.
Comment 9 Michael Moen 2004-03-11 01:29:43 UTC
No luck with that, apparently it accepted the USE flag:

 * Enabling SSL/TLS functionality
 * Disabling STARTTLS before SMTP AUTH
 * Enabling AUTHCRAM support
 * Replacing obsolete head/tail with POSIX compliant ones

Not sure, but it's late and my day starts over in about 6 hours. I'll take another crack at this tomorrow evening if you have any other things I can try. 
Thanks for your time Robin-
Comment 10 Michael Moen 2004-03-27 15:33:48 UTC
Finally got a chance to setup a test box.

The initial patch proposed works as expected with -r15.
Comment 11 Martin Mokrejš 2009-07-15 14:19:44 UTC
While looking at the sources of netqmail-1.06 I see the last line of the patch is somewhat applied, while the second not.

+      /* hack to disable SpamAssassin with qmail-scanner (but not virus scanning!) while doing SMTP AUTH */
+      if (!env_unset("RELAYCLIENT")) die_read();
+      if (!env_put("RELAYCLIENT=")) die_nomem();

Is that sufficient what is in 1.06 already?
Comment 12 Karel Hala 2011-08-17 19:06:17 UTC
I am having the same difficulties with netqmail-1.05-r8 with qmail-scanner-2.08st. The reason of older netqmail is DNS patch witch fails wit 1.06.

Qmail-scanner logs shows:
Wed, 17 Aug 2011 20:11:48 CEST:30960: clamdscan: finished scan in 0.120582 secs
Wed, 17 Aug 2011 20:11:48 CEST:30960: SA: don't scan as RELAYCLIENT implies this was sent by a local user

However when user sends email, it is successufuly sent to its recipient, but sender gets reply with

Spam detection software, running on the system....

and debug why it is considered as a spam. So users are confused and abusing me. The most problematic are DSL lines and RBLs.

I needed to setup an submission port without qmail-scanner and tell them to use that port instead of 25. But i personally dislike this provisory solution.

Any clues on topic?
Comment 13 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-06 19:46:17 UTC
Ping, any progress on this?
Comment 14 Pacho Ramos gentoo-dev 2018-04-29 17:28:51 UTC
mail-filter/qmail-scanner removed
Comment 15 Rolf Eike Beer archtester 2020-11-08 16:06:41 UTC
qmail-scanner is gone, and if you still need this all current ebuilds support user patches in /etc/portage/patches.