eric thanks a lot
yes i am running qmailtoaster on centos6 now the next question is how do i patch ? would need detailed steps please so that i don't go wrong anywhere regds rajesh ----- Original Message ----- From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 20 Apr 2017 09:27:25 -0600 Subject: Hi Rajesh, I think you're still running QMT/CentOS 6, correct? If so, I've uploaded a qmail update <ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm> to the QMT/CentOS 6 repository that incorporates the DNS patch you referenced (any-to-cname.patch) and the starttls flush io patch <http://www.kb.cert.org/vuls/id/555316> which I've been derelict in implementing. It has not been tested. If you do install it and something goes wrong, it most likely won't, you can always downgrade which I've been doing regularly with success (of late) on CentOS 7 with qmail while testing other patches. Be mindful that I haven't downgraded on CentOS 6 The patch (below) has relatively minor, yet very helpful, coding changes. Eric <patch> diff -uNr qmtqmail-1.03/dns.c qmtqmail-1.03-new/dns.c --- qmtqmail-1.03/dns.c 2017-04-20 08:54:53.142832827 -0600 +++ qmtqmail-1.03-new/dns.c 2017-04-20 08:59:46.309633810 -0600 @@ -256,7 +256,7 @@ if (!sa->len) return loop; if (sa->s[sa->len - 1] == ']') return loop; if (sa->s[sa->len - 1] == '.') { --sa->len; continue; } - switch(resolve(sa,T_ANY)) + switch(resolve(sa,T_CNAME)) { case DNS_MEM: return DNS_MEM; case DNS_SOFT: return DNS_SOFT; diff -uNr qmtqmail-1.03/qmail-smtpd.c qmtqmail-1.03-new/qmail-smtpd.c --- qmtqmail-1.03/qmail-smtpd.c 2017-04-20 08:54:52.848840048 -0600 +++ qmtqmail-1.03-new/qmail-smtpd.c 2017-04-20 08:58:23.299671749 -0600 @@ -723,7 +723,9 @@ char ssinbuf[1024]; substdio ssin = SUBSTDIO_FDBUF(saferead,0,ssinbuf,sizeof ssinbuf); - +#ifdef TLS +void flush_io() { ssin.p = 0; flush(); } +#endif stralloc line = {0}; stralloc base64types = {0}; @@ -1398,7 +1400,7 @@ , { "rset", smtp_rset, 0 } , { "help", smtp_help, flush } #ifdef TLS -, { "starttls", smtp_tls, flush } +, { "starttls", smtp_tls, flush_io } #endif , { "noop", err_noop, flush } , { "vrfy", err_vrfy, flush } </patch> On 4/20/2017 1:12 AM, Rajesh M wrote: > hi eric > > we are receiving a lot of cname lookup failed. > > this happens on a random basis on all our qmailtoaster servers. > > our resolv.conf contains > > 127.0.0.1 > 8.8.8.8 > 8.8.4.4 > > we use bind locally within the mail server and google's dns which is also set > as cache records and allow lookups from local ips only. > > Had a quick question > > there are supposedly two different patches. > > https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html > > is qmailtoaster on whitehorse patched with both these two patches related to > dns.? > > DNS-related Patches by Jonathan de Boyne Pollard > http://www.memoryhole.net/qmail/any-to-cname.patch > > thanks > rajesh > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com