notqmail 1.09

What's notqmail?

It's software for running an email server. For more information, see About, Install, and Help.

---

What's not new?

As usual, this release is intended as a safe, easy update path from a previous notqmail, netqmail, or qmail. Your local patches should mostly continue to apply.

To the best of our knowledge, qmail, netqmail, and therefore notqmail have never been vulnerable to "SMTP Smuggling" (#251). Your instance of notqmail may nonetheless be vulnerable if you've applied any patches or chained any programs (such as fixcrio) that cause line endings to be changed in transit. Other forks of qmail may be vulnerable if they have have modified its handling of line endings in qmail-smtpd and/or qmail-remote.

What's new?

Regressions fixed

• qmail-inject: fix header parse regression introduced in 1.08. (#229, closing #147)

Patch adjustments

See also patches.

• big-todo: conflict in qmail-qstat.sh, skip that section; conflict in hier.c, add the two lines inside hier_queue()
• dns-oversize: merged, no longer needed (#201)
• qmail-queue-custom-error: merged, no longer needed (#195)
• smtp-auth: conflicts in Makefile and TARGETS, remove references to now.o and alloc.a
• smtp-tls: does not apply, please wait for a new upstream patch
• smtpd-spp: conflict in Makefile, remove references to now.o and alloc.a

All other changes, organized by project goal:

Preserve qmail's hard-earned security properties

• qmail-local: close race window when creating file in tmp/. (#119)

Add interfaces to make extensions possible

• qmail-queue: extend interface so a custom rejection message can be communicated to the caller. Based on Flavio Curti's qmail-queue-custom-error-v2.netqmail-1.05.patch. (#195)

Provide sensible defaults

• qmail-remote: stop rewriting RCPT TO: domains when they are a CNAME (RFC 5321 5.1). (#121)
• qmail-remote: handle DNS packets up to max EDNS response size. Based on Christopher K. Davis's qmail-103.patch. (#201)
• qmail-remote: honor all group memberships of the qmailr user. This lets admins more precisely define read permissions on TLS or DKIM key material. (#153)
• qmail-smtpd: allow [] to appear in Received: lines. (#170)
• docs: append .md suffix. (#36)

Reduce marginal cost of development

• Define CODEOWNERS with our default reviewers. (#192)
• Remove maildirwatch. (#93)
• Remove qsmhook. (#87)
• Remove elq, pinq, and qail. (#99)
• Ensure local headers are self-contained by including them before system headers. (#183)
• Say NULL instead of casting 0 to a pointer type. (#152, #161)
• auto-str: make most output human-readable. (#144)
• Add ids.a, a library containing auto_user*.o and auto_group*.o. (#182)
• Makefile: remove stale references to auto-uid. (#219)
• TARGETS: remove unneeded auto_uid*.o and auto_gid*.o entries. (#154)
• Makefile: call head (but not tail, for portability) in the POSIX style. (#105, #205)
• Use ssize_t in substdio to match return types of read() and write(). (#84)
• Replace error_* variables with #defines to their errno equivalents. (#171)
• qmail-qstat: remove unneeded dependencies, simplify logic, add compatibility with big-todo queues. (#234)
• qmail-qmtpd, qmail-qmqpd: validate that netstring length is a number. (#241)
• qmail-remote: avoid sending CRCRLF if input contains CRLF. (#18)
• Make now() an inline function. (#158, #169)
• qmail-remote: fix warnings about get() being used with wrong pointer signedness. (#162)
• clean up hier.h and spawn functions. (#155)
• Improve platform checks for select(). (#163)
• qmail-send: use utimes() instead of utime(). (#164)
• predate: use better version of calling time(). (#150)
• Add missing system headers for close(), chdir(), getpid(), other undeclared functions. (#237, #146)
• Add prototypes for scan.h, fmt.h. (#129, #126)
• Use default strdup() instead of open coding it. (#130)
• Remove functions that only reimplement standard C functions. (#103)
• Remove the custom allocator. (#124)
• Fix several classes of compiler warning. (#184, #185, #186, #187, #188, #200, #271, #273)
• Fix CodeQL cpp/integer-multiplication-cast-to-long. (#193)
• Add tests for qmail-send:job_*() and prioq_*() functions. (#224, #179, #254)
• Remove register storage class declaration. (#202)
• Add noreturn attribute to a couple of functions. (#211)
• Return int from all main() functions. (#145)
• Add back accidentally removed typecast in gen_allocdefs.h. (#137)
• Clean up substdio interface declarations. (#271)
• TravisCI: remove. (#207, #216)
• CirrusCI: remove. (#253)
• GitHub: extend build matrix (gcc with and without utmpx(5)) with clang, with and without -DDEPRECATED_FUNCTIONS_REMOVED, with and without nroff/mandoc, with and without compiler warnings turned up. (#181)
• GitHub: enable CodeQL analysis. (#176, #253)
• FreeBSD: update. (#125, #216, #235, #253, #274)
• macOS: add, update. (#181, #253)
• OpenBSD: add, update. (#242), #253, #274)
• Solaris: add, fix, update. (#206, #231, #242, #253)
• Ubuntu: update. ([#231...

notqmail-1.08: notqmail 1.08

notqmail 1.08

• CVE-2005-1515: fix signedness wraparound in substdio_{put,bput}().
• CVE-2005-1514: fix possible signed integer overflow in commands().
• CVE-2005-1513: fix integer overflow in stralloc_readyplus().
• Fix several other places where variables could overflow.
• qmail-pop3d: instead of running as root if root authenticates (and being a vector for a dictionary attack on the root password), exit 1 to look just like a failed checkpassword login.
• qmail-inject: do not parse header recipients if -a is given.
• Correctly detect multiple IP addresses on the same interface.
• Remove workaround for ancient DNS servers that do not properly support CNAME. Patch by Jonathan de Boyne Pollard that was floating around the net for years.
• Fix possible integer overflow in alloc().
• Remove dnscname and dnsmxip programs that were being built but not installed.
• Remove systype and related platform detection.
• Remove unused variable in maildir.c.
• Reduce variable scope in tcpto.c.
• Avoid local variables shadowing same-named globals.
• Avoid needing exit.h in named-pipe bug check.
• Add a test target and some unit tests, using Check.
• Add missing function declarations in cdbmss.h, scan.h.
• Add missing return types to main().
• Add hier.h for inclusion in instcheck.c, instchown.c, instpackage.c.
• Use system headers and types instead of the HASSHORTSETGROUPS check.
• Use system headers instead of redeclaring exit(), read(), write(), malloc(), free(), fork(), uint32_t.
• Use C89 function signatures for code we've touched so far.
• TravisCI: move setting MAKEFLAGS out of the script and into the matrix.
• Add FreeBSD builds with CirrusCi.
• Add a GitHub Actions build.
• Remove DJB's TODO.
• Replace many pobox.com URLs.
• Acknowledge Erik Sjölund's qmail-local.c bugfix that we've inherited from netqmail.
• Avoid generating catted manpages by building with NROFF=true.
• Optionally create a systemd service file.
• Run an alternate qmail-remote by setting QMAILREMOTE in qmail-send's environment.

Complete release note for 1.08 in the wiki.

notqmail-1.07: notqmail 1.07

notqmail 1.07

• Support utmpx in qbiff(1) for systems that no longer provide utmp. (#24, #29, #57)
• Append .md extensions to INSTALL and SENDMAIL to disambiguate from install and sendmail on case-insensitive filesystems, such as HFS+. (#16)
• Enable BIND 8 API compatibility for systems with BIND 9 resolvers. (#16)
• Work around macOS linker error by explicitly initializing a struct. (#16)
• Add missing function arguments, includes, and Makefile dependencies. (#1, #20, #31, #53, #55)
• Fix builds on at least FreeBSD (#24) and macOS. (#16)
• Look up qmail's UIDs and GIDs at run time, not build time. (#15)
• Optionally install as non-root, to a staging area, with DESTDIR. (#4, #15)
• Remove precompiled var-qmail package support. (#15)
• Remove shar target and FILES. (#27)
• Remove SYSDEPS. (#33)
• Remove vfork(), fixing macOS runtime. (#38)

Complete release note for 1.07 in the wiki.

qmail-1.03

qmail 1.03