Wednesday July 01 , 2015
TEXT_SIZE
   
Once You Know, You Newegg

More Qmail Updates

More qmail updates are coming out later this year. I plan on writing a secure qmail server which will consist of not only a secure SMTP server but also a secure POP3D (What most people would call POP3D-SSL) service. This will make the POP3 on port 110 obsolete and make your server even more secure. The only drawback to this is you are required to purchase a secure apache certificate. The reason why is because if you use a self-signed certificate you will get a nag window when you first open your mail.

As of this writing the dovecot and roundcube docs are working. Let me know if you have any issues.

I am toying around with making a new guide for just thwarting spam in general. This will cover all the smtp checks which are greylisting, RBLs, validrcptto and also the spamassassin checks like custom rules, bayes and more.

 

Qmail for 10.1 Complete

All the documentation for qmail has been updated to support FreeBSD 9.3 and 10.1. As of this writing 9.2 and 10.0 are unsupported.

Changes:

Installed curl as a requirement
Made some changes to the unzip port
Added qmail-1.03.tar.gz to the installing qmail docs as the port installs netqmail (No difference)
Changed Qmail-Scanner from 1.x port to 2.11 via source. The FreeBSD port for qmail-scanner was deleted in 2014 (No maintainer)

 

   

Acricles Updated

I have updated the mysql docs to use the databases/mysql56-server port and also updated the apache docs to use the /usr/ports/www/apache24 port. Enjoy!

   

Qmail confirmed working on FreeBSD 10.1

Hello,

Well it is official; As of April 18th at 9:24PM EST I have confirmed that on FreeBSD 10.1 qmail works with Qmail-Scanner 2.11. Docs will be updated. Here is what needs to be changed/added. I have also confirmed that qmail works with FreeBSD 9.3 as well.

Preinstall docs:

Install /usr/ports/ftp/curl with options on as follows:

COOKIES
DOCS
EXAMPLES
TLS_SRP
GSSAPI_BASE
THREADED_RESOLVER
GNUTLS

Install dig

Spamassassin:

Install mail/spamass-rules if you want some third-party spam-catching rulesets

When installing the users.sh file add the uid of qscand to be 89

   

goodcleanemail.com articles being migrated

After careful consideration for the last few months I have decided to merge the goodcleanemail.com articles with the freebsdrocks.net site to make it one site. I have not done any work with goodcleanemail.com in a few years and it's about time I upgraded / improved the site with some new articles. On the goodcleanemail.com site I will save all links and make one page with the title and the new URL.

   

TLS heartbeat read overrun (CVE-2014-0160)

FYI people:

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 > and Bodo Moeller <
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 > for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.