How to patch qmail in Ubuntu to avoid DNS-related errors
Matthias Pigulla · 10. November 2014
qmail 1.03 was released in 1998 and wasn't really maintained after that anymore. A motley krewe of qmail contributors (note: qmail.org is offline, but there is an archived version of this URL) cobbled together what is called netqmail-1.06. Basically that's qmail plus some additional patches and small fixes. In Ubuntu (and Debian?), netqmail is the source used to build the qmail package.
Now since qmail was initially released, a few things changed on the Internet. One of those is the advent of DNSSEC which adds crypto features like signed zones to the DNS infrastructure. The problem with that is that is may cause large DNS reply packets, especially with a particular kind of DNS query ("ANY") that qmail issues.
qmail itself has a problem with these large DNS replies as it was designed to handle packets not over 512 byte in size. So, when connecting to a site, it might fail with the misleading message "
CNAME lookup failed temporarily. (#4.4.3)", defer message delivery and eventually time out.
You can actually double-fix this by 1) patching qmail to correctly handle these larger DNS replies and, while you're at it, 2) remove the DNS ANY queries altogether because they are no longer needed nowadays.
Here is how you can build patched
qmail packages for Ubuntu yourself:
- Install Ubuntu's development scripts:
sudo apt-get install devscripts
- Get the netqmail source package:
apt-get source netqmail. This will download the sources and extract them into
- Enter this directory (
cd netqmail-1.06) and place the two files 0004-oversize-dns.diff and 0005-remove-cname-check.diff in the
- Update the version number for the package you're building. To do so, figure out the exact version of netqmail you're using (maybe look at the
.1~customto it and then issue a command like
debchange -v 1.06-4.1~custom.
This will open your favorite text editor so you can add a changelog entry for your .deb package, and maybe you want to point yourself to this blog for future reference.
- A few moments later, you should end up with your own qmail packages:
- Install those with
sudo dpkg -i ../qmail_*.deb
Basically, that's it. Also, keep an eye on these bug reports dealing with the issue. If you're lucky, the necessary changes might get merged by the package maintainer.