eric sorry for the late response
i have implemented on my test server and it works fine, but the real test would be when i implement it on production since the issue is a random one. if need to go back to the older version incase i face any problems then how do i do that ? if i try to recompile the older version it does not allow me to downgrade. rajesh ----- Original Message ----- From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 21 Apr 2017 06:44:00 -0600 Subject: Rajesh, Do you want to go through the patch procedure our simply use the RPM I've provided at the below link? It would be a simple matter of doing a 'yum --enablerepo=qmt-testing update' if you have the QMT repos set up for YUM. I've already installed this on my CentOS 6 box. You could also download the SRPM <ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/SRPMS/qmail-1.03-1.qt.src.rpm> and build it on your own machine. Commands are as follows provided you have a build environment: # cd ~/rpmbuild/SRPMS # wget ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/SRPMS/qmail-1.03-1.qt.src.rpm # rpmbuild --rebuild --define "dist .qt.el6" qmail-1.03-1.qt.src.rpm # rpm -Uvh ~/rpmbuild/RPMS/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm Eric On 4/20/2017 10:16 PM, Rajesh M wrote: > eric > > thanks a lot > > yes i am running qmailtoaster on centos6 > > now the next question is how do i patch ? > > would need detailed steps please so that i don't go wrong anywhere > > regds > rajesh > > > > > > ----- Original Message ----- > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 20 Apr 2017 09:27:25 -0600 > Subject: > > Hi Rajesh, > > I think you're still running QMT/CentOS 6, correct? > > If so, I've uploaded a qmail update > <ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm> > to the QMT/CentOS 6 repository that incorporates the DNS patch you > referenced (any-to-cname.patch) and the starttls flush io patch > <http://www.kb.cert.org/vuls/id/555316> which I've been derelict in > implementing. > > It has not been tested. If you do install it and something goes wrong, > it most likely won't, you can always downgrade which I've been doing > regularly with success (of late) on CentOS 7 with qmail while testing > other patches. Be mindful that I haven't downgraded on CentOS 6 > > The patch (below) has relatively minor, yet very helpful, coding changes. > > Eric > > <patch> > > diff -uNr qmtqmail-1.03/dns.c qmtqmail-1.03-new/dns.c > --- qmtqmail-1.03/dns.c 2017-04-20 08:54:53.142832827 -0600 > +++ qmtqmail-1.03-new/dns.c 2017-04-20 08:59:46.309633810 -0600 > @@ -256,7 +256,7 @@ > if (!sa->len) return loop; > if (sa->s[sa->len - 1] == ']') return loop; > if (sa->s[sa->len - 1] == '.') { --sa->len; continue; } > - switch(resolve(sa,T_ANY)) > + switch(resolve(sa,T_CNAME)) > { > case DNS_MEM: return DNS_MEM; > case DNS_SOFT: return DNS_SOFT; > diff -uNr qmtqmail-1.03/qmail-smtpd.c qmtqmail-1.03-new/qmail-smtpd.c > --- qmtqmail-1.03/qmail-smtpd.c 2017-04-20 08:54:52.848840048 -0600 > +++ qmtqmail-1.03-new/qmail-smtpd.c 2017-04-20 08:58:23.299671749 -0600 > @@ -723,7 +723,9 @@ > > char ssinbuf[1024]; > substdio ssin = SUBSTDIO_FDBUF(saferead,0,ssinbuf,sizeof ssinbuf); > - > +#ifdef TLS > +void flush_io() { ssin.p = 0; flush(); } > +#endif > > stralloc line = {0}; > stralloc base64types = {0}; > @@ -1398,7 +1400,7 @@ > , { "rset", smtp_rset, 0 } > , { "help", smtp_help, flush } > #ifdef TLS > -, { "starttls", smtp_tls, flush } > +, { "starttls", smtp_tls, flush_io } > #endif > , { "noop", err_noop, flush } > , { "vrfy", err_vrfy, flush } > > </patch> > > > > On 4/20/2017 1:12 AM, Rajesh M wrote: >> hi eric >> >> we are receiving a lot of cname lookup failed. >> >> this happens on a random basis on all our qmailtoaster servers. >> >> our resolv.conf contains >> >> 127.0.0.1 >> 8.8.8.8 >> 8.8.4.4 >> >> we use bind locally within the mail server and google's dns which is also >> set as cache records and allow lookups from local ips only. >> >> Had a quick question >> >> there are supposedly two different patches. >> >> https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html >> >> is qmailtoaster on whitehorse patched with both these two patches related to >> dns.? >> >> DNS-related Patches by Jonathan de Boyne Pollard >> http://www.memoryhole.net/qmail/any-to-cname.patch >> >> thanks >> rajesh >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com