Blue Flower

Monday, 06 July 2015 00:55

smtp.cdb, smtp or smtpssl access definitions

Written by
This will allow the specified IP range to make a connection

This will deny the specified IP range to make a connection

When set with :allow, this will accept relay messages from the specified IP

When set with :allow or :deny, this will instruct smtpd to skip RBL checks for
the specified IP range

RBLSMTPD="my temp error message"
When set, this will skip RBL lookups but return "my temp error messsage" as a
4xx temp error for the specified IP range

RBLSMTPD="-my perm error message"
When set, this will skip RBL lookups and return "my perm error message" as a
5xx perm error for the specified IP range
Special thanks to Nick Holder
Monday, 06 July 2015 00:54

Limiting messages sizes qmail will accept

Written by

Create /var/qmail/control/databytes and then within the file specify the maximum size of the message you want to allow in bytes. If you want to limit messages to roughly 10 megabytes then you would put 10000000 in the file, or you can use google so you can get the size right on the money.

# chmod 644 /var/qmail/control/databytes
# chown root:qmail  /var/qmail/control/databytes
# qmailctl restart

Monday, 06 July 2015 00:54

How to correctly view qmail logs with timestamps

Written by

In order to view logs with timestamps, run this command:

tai64nlocal < /var/log/qmail/qmail-send/current

for more about multilog please take a look at

Monday, 06 July 2015 00:53

Signal 11 errors in qmail-smtpd

Written by

If you start seeing Status 11 errors to pop up in qmail-smtpd whenever a message came in from a domain, The SPF records uses colons for delimiters instead of spaces, so the lack of spaces, and possibly other syntax problems, in an SPF record will cause smtpd to exit abnormally and put the status 11 message in your qmail-smtpd log and a signal 11 error in /var/log/messages. I worked around this problem by adding:,SPFBEHAVIOR="0"

in /etc/tcp.smtp

Special thanks to Lonnie Burgess

Monday, 06 July 2015 00:52


Written by

Stolen from

Qmail-Remove will remove messages containing a particular string from your Qmail queue.


This is a useful thing to do in a number of situations. For instance, if you are hit with a spamming attack, you can temporarily instate a second Qmail installation (once the spam run is finished), allow it to take over mail receipt, and then use this tool to clean the offending mails out of the queue before switching over to the main Qmail installation once again.

Occasionally, viruses will get past scanners before the signatures get updated; if they exist in large numbers, it is often practical to stop the Qmail install briefly in order to clean out all messages containing a signature related to the virus.

Whatever the reason to pull items from your mail queue, this program will delete them in such a manner that will let you restore them easily.

"Removed" Emails:

Mails are *not* deleted from the queue! They are only stored, temporarily, in $qmail-queue/yanked/, where you can view them individually and restore them back to the queue manually. There is currently no support for restoring them automatically.

By default, Qmail-Remove assumes that your Qmail queue is stored in /var/qmail/queue, but this can be changed with a command line option. Similarly, Qmail-Remove assumes that your queue "split" is 23 by default, among other things.

See Qmail-Remove -h for more commandline options.


Monday, 06 July 2015 00:45

Configuring POP3D-SSL

Written by

This HOWTO covers the configuration of Courier pop3d with SSL. This HOWTO assumes you have installed Courier's IMAP/POP3 installation.

Please note that paths may vary from distro to distro

# cp /usr/local/etc/pop3d-ssl.dist /usr/local/etc/pop3d-ssl
# cp /usr/local/etc/pop3d.dist /usr/local/etc/pop3d

Modify /usr/local/etc/pop3d-ssl so it includes the below lines.


Create the pop3d-ssl cert by running the following command.

# /usr/local/sbin/mkpop3dcert

Create the pop3d-ssl start script and start pop3d-ssl, by running the below commands.

# cp /usr/local/libexec/pop3d-ssl.rc /usr/local/etc/rc.d/init.d/pop3s
# /usr/local/etc/rc.d/pop3s start

Add the last line above to /etc/rc.local to ensure pop3d-ssl starts at boot.

Installing your SSL Certificate into Outlook or Outlook Express

The PEM file holds your certificate and your private key. Split them into
two files using a text editor and copy commands:
cp blah.pem usercert.pem
cp blah.pem userkey.pem

In usercert.pem delete the section for the private key
(marked with ---- BEGIN RSA PRIVATE KEY ---- and ---- END RSA PRIVATE KEY ----)

In userkey.pem delete everything but the private key

To convert the current .pem to a readable format so Outlook can import it, we use this method:

From .pem to .p12

openssl pkcs12 -export -out cert.p12 -inkey ./userkey.pem -in ./usercert.pem

It will ask you to enter your PEM pass phrase twice. Enter both correctly and you will now have a .p12 file!

Page 14 of 23