How to patch qmail in Ubuntu to avoid DNS-related errors

qmail is a mail transfer agent written in the late 90's. Its modular architecture, simple configuration and high performance still make it a good choice for high volume mailing lists and bulk mail handling. Yet, some things changed on the Internet during the last 20 years and so you might need to twiddle with the qmail source code a little to get things working.

Written by: Matthias
Published on: 2014-11-10

qmail 1.03 was released in 1998 and wasn't really maintained after that anymore. A motley krewe of qmail contributors (note: qmail.org is offline, but there is an archived version of this URL)  cobbled together what is called netqmail-1.06. Basically that's qmail plus some additional patches and small fixes. In Ubuntu (and Debian?), netqmail is the source used to build the qmail package.

Now since qmail was initially released, a few things changed on the Internet. One of those is the advent of DNSSEC which adds crypto features like signed zones to the DNS infrastructure. The problem with that is that is may cause large DNS reply packets, especially with a particular kind of DNS query ("ANY") that qmail issues.

qmail itself has a problem with these large DNS replies as it was designed to handle packets not over 512 byte in size. So, when connecting to a site, it might fail with the misleading message " CNAME lookup failed temporarily. (#4.4.3)", defer message delivery and eventually time out.

You can actually double-fix this by 1) patching qmail to correctly handle these larger DNS replies and, while you're at it, 2) remove the DNS ANY queries altogether because they are no longer needed nowadays.

Here is how you can build patched qmail packages for Ubuntu yourself:

  • Install Ubuntu's development scripts:  sudo apt-get install devscripts
  • Get the netqmail source package:  apt-get source netqmail . This will download the sources and extract them into ./netqmail-1.06 .
  • Enter this directory (cd netqmail-1.06) and place the two files 0004-oversize-dns.diff and 0005-remove-cname-check.diff in the debian/diff subdirectory.
  • Update the version number for the package you're building. To do so, figure out the exact version of netqmail you're using (maybe look at the debian/changelog file), append .1~custom to it and then issue a command like debchange -v 1.06-4.1~custom.
    This will open your favorite text editor so you can add a changelog entry for your .deb package, and maybe you want to point yourself to this blog for future reference.
  • Run debuild.
  • A few moments later, you should end up with your own qmail packages: ls ../qmail_*.deb
  • Install those with sudo dpkg -i ../qmail_*.deb

Basically, that's it. Also, keep an eye on these bug reports dealing with the issue. If you're lucky, the necessary changes might get merged by the package maintainer.

Interesse geweckt?

Wir hören gerne zu, wenn Sie Fragen oder Anmerkungen zu diesem Thema haben. Und wenn Sie ein Projekt, ein Produkt, ein Problem oder eine Idee mit uns besprechen möchten, freuen wir uns erst recht über ein Gespräch!