Re: [qmailtoaster] lot of cname lookup failed

Thu, 04 May 2017 06:12:00 -0700 

Also, shut qmail down while upgrade/downgrade


On 5/4/2017 1:36 AM, Rajesh M wrote:

eric

sorry for the late response

i have implemented on my test server and it works fine, but the real test would 
be when i implement it on production since the issue is a random one.

if need to go back to the older version incase i face any problems then how do 
i do that ?

if i try to recompile the older version it does not allow me to downgrade.

rajesh




----- Original Message -----
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Fri, 21 Apr 2017 06:44:00 -0600
Subject:

Rajesh,

Do you want to go through the patch procedure our simply use the RPM
I've provided at the below link? It would be a simple matter of doing a
'yum --enablerepo=qmt-testing update' if you have the QMT repos set up
for YUM. I've already installed this on my CentOS 6 box.

You could also download the SRPM
<ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/SRPMS/qmail-1.03-1.qt.src.rpm>
and build it on your own machine. Commands are as follows provided you
have a build environment:

# cd ~/rpmbuild/SRPMS

# wget
ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/SRPMS/qmail-1.03-1.qt.src.rpm

# rpmbuild --rebuild --define "dist .qt.el6" qmail-1.03-1.qt.src.rpm

# rpm -Uvh ~/rpmbuild/RPMS/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm

Eric


On 4/20/2017 10:16 PM, Rajesh M wrote:

eric

thanks a lot

yes i am running qmailtoaster on centos6

now the next question is how do i patch ?

would need detailed steps please so that i don't go wrong anywhere

regds
rajesh





----- Original Message -----
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, 20 Apr 2017 09:27:25 -0600
Subject:

Hi Rajesh,

I think you're still running QMT/CentOS 6, correct?

If so, I've uploaded a qmail update
<ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm>
to the QMT/CentOS 6 repository that incorporates the DNS patch you
referenced (any-to-cname.patch) and the starttls flush io patch
<http://www.kb.cert.org/vuls/id/555316> which I've been derelict in
implementing.

It has not been tested. If you do install it and something goes wrong,
it most likely won't, you can always downgrade which I've been doing
regularly with success (of late) on CentOS 7 with qmail while testing
other patches. Be mindful that I haven't downgraded on CentOS 6

The patch (below) has relatively minor, yet very helpful, coding changes.

Eric

<patch>

diff -uNr qmtqmail-1.03/dns.c qmtqmail-1.03-new/dns.c
--- qmtqmail-1.03/dns.c 2017-04-20 08:54:53.142832827 -0600
+++ qmtqmail-1.03-new/dns.c     2017-04-20 08:59:46.309633810 -0600
@@ -256,7 +256,7 @@
       if (!sa->len) return loop;
       if (sa->s[sa->len - 1] == ']') return loop;
       if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
-   switch(resolve(sa,T_ANY))
+   switch(resolve(sa,T_CNAME))
        {
         case DNS_MEM: return DNS_MEM;
         case DNS_SOFT: return DNS_SOFT;
diff -uNr qmtqmail-1.03/qmail-smtpd.c qmtqmail-1.03-new/qmail-smtpd.c
--- qmtqmail-1.03/qmail-smtpd.c 2017-04-20 08:54:52.848840048 -0600
+++ qmtqmail-1.03-new/qmail-smtpd.c     2017-04-20 08:58:23.299671749 -0600
@@ -723,7 +723,9 @@

    char ssinbuf[1024];
    substdio ssin = SUBSTDIO_FDBUF(saferead,0,ssinbuf,sizeof ssinbuf);
-
+#ifdef TLS
+void flush_io() { ssin.p = 0; flush(); }
+#endif

    stralloc line = {0};
    stralloc base64types = {0};
@@ -1398,7 +1400,7 @@
    , { "rset", smtp_rset, 0 }
    , { "help", smtp_help, flush }
    #ifdef TLS
-, { "starttls", smtp_tls, flush }
+, { "starttls", smtp_tls, flush_io }
    #endif
    , { "noop", err_noop, flush }
    , { "vrfy", err_vrfy, flush }

</patch>



On 4/20/2017 1:12 AM, Rajesh M wrote:

hi eric

we are receiving a lot of cname lookup failed.

this happens on a random basis on all our qmailtoaster servers.

our resolv.conf contains

127.0.0.1
8.8.8.8
8.8.4.4

we use bind locally within the mail server and google's dns which is also set 
as cache records and allow lookups from local ips only.

Had a quick question

there are supposedly two different patches.

https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html

is qmailtoaster on whitehorse patched with both these two patches related to 
dns.?

DNS-related Patches by Jonathan de Boyne Pollard
http://www.memoryhole.net/qmail/any-to-cname.patch

thanks
rajesh




---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch
White Horse Technical Consulting (WHTC)

Reply via email to