Publicaciones sobre qmail

2013-05-29 09:15

Nothing Ever Really Goes Away On The Internet: ra-plugins

I used to manage a large number of QMail installations. And because Qmail was ... weirdly licensed, I wrote a set of plugins that ran on top of a patch called Qmail-SPP. I pretty much stopped doing that years ago because life took me in other directions, and forgot all about it.

That collection is called ra-plugins and I had not touched it since late 2008.

And today... I got a patch with two whole plugins to add to it so that it makes Qmail handle email addresses more like Gmail does (aliases using user+foo and making user.foo the same as userfoo).

So, I got them, added them, fixed a few simple building issues, updated the libsmtp it uses internally for one of the plugins to a later version, and there it stays, perhaps not to be touched until 2018.

2010-01-19 14:12

Feliz cumpleblog para mí!

Desde ayer este blog tiene 10 años así que es un buen momento para hacer historia.

Todo empezó en advogato donde se lo puede leer aún hoy! (Por favor léanlo acá ;-)

Después cambió a PyDS, una plataforma de blog python de escritorio con interface web, y hosteado en PyCS, un servicio gratuito.

Entonces PyCS se murió, y empecé a generar un blog estático hosteado en el hosting gratis de mi ISP. Eso era una bazofia.

Después fundé mi propia compañía, tuve mis propios servers, y empecé a hostearlo allí (¡Aún hoy este blog es HTML completamente estático! ¿No se nota, no?)

Entonces PyDS empezó a funcionar mal, y escribí mi propio software, que es una porquería, tal vez 25% terminado pero hace las cosas exactamente como yo quiero.

Hoy, este blog está agregado en Planeta PyAr, Planet Python, Planet Qt, Planeta LUGLI, Y algún otro lugar.

Este año decidí hacer que sea bilingüe (inglés y español) pero odio traducirlo (lo escribo primero en inglés).

De acuerdo a las estadísticas disponibles, es, en promedio, más popular que nunca (pero mis posts mas populares son viejos).

stats

Éstas son las páginas más populares del último año:

Lecciones:

  1. Necesito escribir más sobre Qt y/o empezar flames con gente que escribe sobre IT.
  2. Necesito buscar el material obsoleto y poner notas.
  3. Tener tu propio hosting y soft es mejor.
  4. 10 años es mucho tiempo: 860 posts (o 913, depende como los cuente)

2008-03-07 07:43

New qmail plugin idea: overload

It should not happen but it does: Your qmail server is overloaded. Maybe you are under a DOS attack, or there is a reason why you are getting 10x your usual amount of mail.

But then you start seeing how your "not preprocessed" queue starts growing, and growing...

This can also mean things like clamav or spamassassin, which need to check the mail before it gets queued are not keeping up with the mail flow, or maybe some IO performace issue.

But what can you do righ now to fix it?

Well, you can disable spamassassin, or, in extreme cases, shutdown SMTP so the system has a chance to catch its breath so to speak.

Of course, closing SMTP means your own users can't send email either, which sucks.

Now there is a lighter alternative: shutdown SMTP for those who are not your users.

Here's the trivial code, implemented as a SPP plugin:

#!/bin/dash

if [ -f /var/qmail/control/overloaded ]
then
      if [ -z "$SMTPAUTHUSER" ]
      then
              echo R451 Temporary Failure: Server overload
              echo overload: $PPID Temporary Failure: Server overload >&2
      fi
fi

And if you are daring and want to make your system self-correcting, maybe you should cron something like this:

* * * * * if [ `qmail-qstat  | tail -1 | cut -d: -f2` -gt 100 ];\
then touch /var/qmail/control/overloaded ;\
else rm -f /var/qmail/control/overloaded; fi

I will probably code it again in C and make it part of ra/plugins.

2007-11-30 09:29

¡Qmail en el dominio público! ¡¡¡Genial!!!

Por lo menos de acuerdo a Slashdot.

Eso significa que puede haber un verdadero proyecto de comunidad para integrar todos los parches que andan flotando!

Eso significa que qmail no va a ser una porquería sin necesidad de trabajo manual!

Estoy chocho con esto :-)

2007-11-28 15:51

Si usas qmail: lee esto

  • Mi plugin más útil es probablemente ipthrottle, que puedes usar para hacer que IPs ansiosos no se conecten tan seguido.
  • La versión actual en SVN puede autobloquear estos IPs por un período configurable si usas ipsvd, que es como tcpserver, pero mucho mejor.
  • Realmente necesito ayuda para probar la versión en SVN, que debería ser muicho, mucho, mucho mejor que los releases actuales.
  • El repositorio SVN está en googlecode

2007-11-23 17:32

Se busca: programador C

Revisando mis proyectos semi-abandonados, encontré uno que está practicamente terminado, pero del que me había olvidado: rater

Para hacer que sea realmente útil, sin embargo, necesito un programador C que convierta este programa python:

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import sys
from socket import *
serverHost = 'localhost'
serverPort = 1999

s = socket(AF_INET, SOCK_STREAM)
s.connect((serverHost, serverPort))
print "Sending: ",' '.join(sys.argv[1:])
s.send(' '.join(sys.argv[1:])+"\n")
data = s.recv(1024)
sys.stderr.write(data)
sys.stderr.flush()
sys.exit(int(data.split(' ')[0]))

En una linda función que nunca falle y nunca pierda memoria (por supuesto debe retornar en vez de salir del programa, esto es un ejemplo ;-)

Si tengo eso, puedo liberar rater como una herramienta útil, que debería encontrar un hogar en muchas instalaciones de qmail (y tal vez también tenga otros usos)

2007-07-23 15:59

Rater progresses (slowly)

I am hacking a bit on rater my daemon/client to see if things are happening more often than they should (in other words, generic rate limiting).

I had to take a few days off, since my brother got married and we all went back to Santa Fe for that and a weekend, and then everyone else has sore throats and I am the only one healthy.

But hey, it works well enough already:

  • The simplistic protocol is done
  • The server works
    • It can take hours of gibberish without problems.
    • It can take hours of valid input without problems.
    • It does what it's supposed to do.
  • It's staying below 300SLOC, which was my goal.

Missing stuff:

  • Valgrind it.
  • Client library.
  • Generic CLI client.
  • A qmail-spp plugin that uses it.

And then, I can forget all about it.

2007-03-06 14:23

C is not Python II.

RaSPF, my C port of PySPF, is pretty much functional right now.

Here's what I mean:

  • It passes 75 internal unit tests (ok, 74 , but that one is arguable).
  • It passes 137 of 145 tests of the SPF official test suite.
  • It agrees with PySPF in 181 of the 183 cases of the libspf2 live DNS suite.
  • It segfaults in none of the 326 test cases.

So, while there are still some corner cases to debug, it's looking very good.

I even spent some time with valgrind to plug some leaks ( the internal test suite runs almost leakless, the real app is a sieve ;-)

All in all, if I can spend a little while with it during the week, I should be able to make a release that actually works.

Then, I can rewrite my SPF plugin for qmail, which was what sent me in this month-log tangent.

As a language wars comparison:

  • The sloccount of raspf is 2557 (or 2272 if we use the ragel grammar source instead of the generated file)
  • The sloccount of PySPF is 993.

So, a 2.6:1 or 2.28:1 code ratio.

However, I used 4 non-standard C libraries: bstrlib, udns, and helpers for hashes and exceptions, which add another 5794 LOCs.

So, it could be argued as a 8:1 ratio, too, but my C code is probably verbose in extreme, and many C lines are not really "logic" but declarations and such.

Also, I did not write PySPF, so his code may be more concise, but I tried my best to copy the flow as much as possible line-per-line.

In short, you need to write, according to this case, between 2 and 8 times more code than you do in Python.

That's a bit much!

2007-02-09 12:38

Playing with literate programming

I am using ra-plugins as a toy to do things I never bothered in other projects.

I am doing unit-testing. And now... some literate programming!

Ok, not much, and not very well, but at least I am playing with Lp4all which is a nice, simple tool to generate nice HTML from slightly wiki-marked sources.

You can see some little things in my code here. My veredict so far? A nice way to keep the code documented in a fashion that ocasinal browsers can follow.

The main thing missing is automatic cross-referencing.

In general, I am finding that this (and unit testing) helps me express explicitly to myself what the heck I am trying to do, and see if the code actually does it. Which is a really good thing.

2007-02-06 11:34

There is one thing worse than not having a test suite

UPDATE: There is *another* *better* test suite It is in YAML, though, so I need to parse it before I can use it, but that's my problem.

It's having a test suite that makes no sense.

I have written, for my ra-plugins project (you don't have to know what it is for this post anyway) a piece of code that tries to check mail senders using SPF.

SPF is an open standard. It has standard implementations. It has a test suite (http://www.schlitt.net/spf/tests/).

The test suite says this:
spfquery -ip=192.0.2.1 -sender=05.spf1-test.mailzone.com -helo=05.spf1-test.mailzone.com result /.*/ fail smtp-comment /.*/ explanation header-comment /.*/ spfquery: domain of 05.spf1-test.mailzone.com does not designate 192.0.2.1 as permitted sender received-spf /.*/ Received-SPF: fail (spfquery: domain of 05.spf1-test.mailzone.com does not designate 192.0.2.1 as permitted sender) client-ip=192.0.2.1; [email protected]; helo=05.spf1-test.mailzone.com;

So, yeah:

$ spfquery -ip=192.0.2.1 -sender=05.spf1-test.mailzone.com -helo=05.spf1-test.mailzone.com
fail
Please see http://www.openspf.org/why.html?sender=05.spf1-test.mailzone.com&ip=192.0.2.1&receiver=spfquery
spfquery: domain of 05.spf1-test.mailzone.com does not designate 192.0.2.1 as permitted sender
Received-SPF: fail (spfquery: domain of 05.spf1-test.mailzone.com does not designate
192.0.2.1 as permitted sender) client-ip=192.0.2.1;
envelope-from=05.spf1-test.mailzone.com; helo=05.spf1-test.mailzone.com;

So, the standard implementation does what the test suite says.

Too bad that, if you bother checking the URL you are told to "please see"...

The domain 05.spf1-test.mailzone.com has published an SPF policy, however the policy is neutral on whether 192.0.2.1 is authorized to send mail on its behalf.

Either both the test suite and the sample implementation are wrong, or the site is wrong. And I am leaning towards "the test suite is wrong", because...

$ host -t txt 05.spf1-test.mailzone.com
05.spf1-test.mailzone.com descriptive text "v=spf1 default=deny"

If you check the record syntax (http://www.openspf.org/SPF_Record_Syntax) default is an unknown modifier, and should be ignored, so the record is simply "v=spf1", and indeed the result is neutral and there is no reason why this should be a fail.

Contents © 2000-2019 Roberto Alsina