NightmareMail - The Mail Exchanger for Falsix

MXF/NightmareMail is a fork of gh:notqmail/notqmail.

NightmareMail/MxF

NightmareMail shall become a mailer daemon for the 21st century operating system integrator. It’s small, it’s light on system resources, and stable tags are backed by a USD50* security guarantee from ellenor at site umbrellix.net if you can prove that the bug comes from NightmareMail or our upstream notqmail. Other than the amount and the provider, the terms of the guarantee are identical to the security guarantee that was provided with qmail. That means that bugs whose impact can be contained with ulimit will not get a reward, though they will be fixed.

Nightmare Mail is also known as MxF, as it’ll be included in New Vision, the working codename for the Falsix operating system, and is our default Mail eXchanger Service. (Mail eXchanger for Falsix)

Footnote *: Void where prohibited by law. Bitcoin is used as the payment method. If the value of 1/6 of my savings account is higher than USD50, you will receive the higher amount for successfully triggering a security guarantee payment. Local holes experienced by sealed servers will receive ½ the guaranteed amount. Shell server users are backed by the full guarantee. Only the first reporter of a specific bug may get the guaranteed amount.

We stand with George Guninski. He deserves his $500. So does Wietse. By rights, the bugs they both described should have been prevented, either by sane limits (which can be lifted by intrepid sysadmins; I suggest stopping at 128) or by strongly admonishing use of ulimits.

Installation

Requirements

The libraries from notqmail have been separated into the package umbrellix.net/prog/suitcase, and where redundant with skalibs, components of skalibs are used instead. TODO: actually implement this - currently skalibs is actively detrimental to compiling most of qmail.

You also need a POSIX-compliant Make and a C compiler.

To compile mxf-remote (currently experimental), you also need redo. If redo is not correctly installed at your site, we endorse Leah Neukirchen’s C implementation, at https://github.com/leahneukirchen/redo-c, which does not have a name under /pkg or /package.

Name

It does not install there, but this package is host/umbrellix.net/mail/nightmaremail under /package, which we do not endorse because we think it is inflexible, and umbrellix.net/mail/nightmaremail under /pkg (same page as the disendorse).

Obtaining

Want the source? It’s currently not stable tagged, so no fifty dollar bug bounty for you. git clone https://git.umbrellix.net/nightmaremail

Copying

Changes to notqmail that make notqmail NightmareMail are licenced to you, the user, as termed in doc/LICENCE.mxf. This is similar to the CDDL, except there is a resumptibility clause.

Notqmail itself appears to be available under the Unlicense.

qmail-isoc is licenced under a liberal licence. See THANKS.mxf.

Features

Over and above notqmail? None yet.

We plan on adding, in the future:

• Composable mxf-remote, supporting QMTPS as sender as well as explicit TLS for SMTP as sender, and the _smtp._tcp and _qmtp._tcp SRV types. Let’s face it - qmail-remote is an old program. It only supports IPv4, and SMTP without any TLS whatsoever. It doesn’t even support QMTP as sender!
  • Composable remote, by itself, doesn’t solve this problem. Composable remote uses a protocol lookup program to deduce the correct UCSPI to use, and the correct protocol program (mxf-smtpc? mxf-qmtpc?) to launch under that UCSPI.
  • Umbrellix proposes a new SRV type - _smtp - and the composable mxf-remote will, using the protocol lookup program, support sending to the results of _smtp SRV queries.
• 21st-century RBL support, with IPv4 and IPv6. Most RBLs in the 21st century use an A record to indicate that an address is listed, not a TXT record as they did in 1997. rblsmtpd, part of Dan Bernstein’s ucspi-tcp program, isn’t set up to handle this. It also rejects rbl’d users who may be rbl’d because they’re on dialup. “Dialup” in MTA admin terms nowadays can mean fibre-optic access, but it’s still dialup. We’ve received a licence from the developer of qmail-dnsbl which permits us to integrate and modify that patch for this purpose.
• Modern build system, for inclusion in the New Vision integration New Vision is Umbrellix' fork of HardenedBSD. As its name suggests, we intend to pursue a New Vision in BSD system design. Many of the programs we wish to use to do that currently have build systems written in GNU Make. We do not include GPL’d software in the base system, for licensing reasons (many FreeBSD components are under the CDDL). As far as I know, MxF is currently built with a djb custom build system, which is inflexible to the needs of modern sites. Our recommended startTLS frontend, from the venerable Laurent Bercot from skarnet.org, uses GNU Make too. GNU-free build systems will be part of the New Vision project.
• mxf-lmtpc - mxf-local, but over LMTP (and accompanying MXFLOCAL envconfig variable) In the modern day, many sites use local delivery solutions from Dovecot or other IMAP servers, which also support Maildir. These LDAs as they’re called often speak LMTP, which is a protocol used for intra-site email delivery. Easing the transition away from Postfix for sites like this - sites like Umbrellix - is a high priority of NightmareMail. This does of course reduce the advantage of qmail when it comes to configurability for mailing lists. It’s recommended that MXFLOCAL implementations still scan user ~/.qmail files if they are being used for delivery to UNIX users.
• QMQP over SSH. QMQP is an intrasite protocol. It doesn’t use transport security and shouldn’t be exposed to anonymous hosts. Hey! That’s something ssh can alleviate. ssh provides both transport security and public key authentication to front the qmqp server. Support for null-client email servers firing off a QMQP over SSH connection, will be added, perhaps via a generic pipe mechanism.
• mxf-configengine - single-file configuration compilation Let’s face it: qmail control files are a bit harder to work with than the kinds of configuration files you may be used to. Luckily, most are one line long, and all are flat-formatted. We can use this to our advantage by reading a file in rough .ini format, and writing the values in that file to mxf control files, should you prefer single file configuration over control files. configengine will optionally be able to signal net.umbrellix.mail.mxf services to change state through (s6-)svc if a configuration option they only read at boot, or only read on hangup, has been changed. This’ll make your life as an email admin much easier.