Preface

  • What's a POP toaster?

    I use Dan Bernstein's definition described at http://cr.yp.to/qmail/toaster.html

  • What this toaster does and does not do

    This "howto" will walk you through building a Linux Qmail "Toaster". While these instructions are intended to work with popular Linux distributions, they will probably work on other flavors of Unix without too much modification.

    • Qmail SMTP Mail Server with SMTP-AUTH (Plain, Login, CRAM-MD5), TLS (SSL) support, and optional Virus/Spam Scanner.
    • POP3 Server with CRAM-MD5, APOP, and SSL support
    • IMAP Server with TLS (SSL) support
    • WebMail Server
    • Quota Support (usage viewable by webmail)
    • Autoresponder
    • Mailing Lists
    • Web-Based Email Administration

    What this toaster does NOT do is act as a thorough guide to qmail or any of the other packages it installs. Such information is already available in the documentation, Life With Qmail, or other howtos/toasters. I only put this together to document all the commands/urls/procedures that I find myself repeating often. It's intended to have a bit of a "copy and paste" feel to it aimed at the impatient (me). If it's not sufficient for you, take the time to read the documentation of each package that's to be installed. There's no substitute for that.

  • Assumptions/Support

    This document assumes that you are familiar with Unix system administration, mail/web protocols, etc. You don't have to be a guru to make this work, but you will be patching and compiling source code, as well as editing configuration files. If you want a "point and click" install experience, this is not for you.

    These instructions come with no warranty or guarantee. If you blow up your server, and lose business in the process, that's your problem.

    Support is not provided. There are mailing lists for all these packages, as well as one specific to this toaster. See links in the appendix for more information.

    Commercial support is available. See http://merchbox.com/qmail.php for more information. There are also other sources of commercial support for the individual packages. See the respective documentation for each package for further information.

  • Prerequisites

    If you have installed a recent version of your Linux distribution, you shouldn't have any problems, especially if you did a "server" type of install rather than "Desktop". However, this install DOES require that you have the apache web server and PHP installed. Most distributions come with these now. PHP is only required for SquirrelMail. The main issues you might see are missing development libraries, or gdbm, stunnel, kerberos dev files, or openssl. If you are using an rpm based distro, an easy way to make sure they are installed is to use yum, which is likely installed already. Make sure the packages get installed if necessary using this command:

    yum install gcc g++ gcc-g++ gdbm gdbm-devel openssl openssl-devel stunnel krb5-devel bzip2 bzip2-devel

    Aliases Some distributions setup aliases for common commands that might interfere with this install. I recommend unaliasing some of the more common ones if you are unsure:

    unalias rm mv cp

    This orignial version of this document was written using RedHat Linux 9.0. However, I now use debian exclusively now, and I fully recommend it. Once you get comfortable with apt, you'll never go back!

  • Debian Notes

    The easy way to make sure you have all the proper debian packages installed is to just execute this command:

    apt-get install libgdbm-dev gcc g++ patch make libc-dev stunnel libssl-dev libapache2-mod-php4 wget bzip2

    In addition, you probably want these things installed as well:

    apt-get install man telnet

    Lots of Debian packages require an MTA, and Debian defaults to exim4. This obviously can be a problem for qmail. So lets fix that with a dummy equivs package:

    # install equivs
    apt-get install equivs

    # build the dummy mta package
    cd /tmp
    cp /usr/share/doc/equivs/examples/mail-transport-agent.ctl .
    equivs-build mail-transport-agent.ctl

    # remove exim4
    dpkg --ignore-depends=exim4 -r exim4
    dpkg --ignore-depends=exim4-daemon-light -r exim4-daemon-light
    dpkg --ignore-depends=exim4-base -r exim4-base
    dpkg --ignore-depends=exim4-base -r exim4-base

    # and install the dummy mta package
    dpkg -i /tmp/mta-local_1.0_all.deb
    mkdir /var/lock/subsys

    Apache's DocumentRoot is in /var/www instead of /var/www/html. What I do is use that, and put SquirrelMail's data directory in /etc/apache.

    Apache's cgi-bin directory by default is /usr/lib/cgi-bin. You should use that path when configuring qmailadmin.

    SpamAssassin needs many perl libraries. If you plan to use SpamAssassin, then install these libraries now:

    apt-get install libdigest-sha1-perl libnet-dns-perl \
    libmail-spf-query-perl libgeo-ipfree-perl razor pyzor libnet-ident-perl \
    libio-socket-ssl-perl libarchive-tar-perl libio-zlib-perl \
    libsys-hostname-long-perl libhtml-parser-perl

    ClamAV requires the zlib and zlib-dev packages:

    apt-get install zlib1g zlib1g-dev libbz2-dev libgmp3 libgmp3-dev

    QmailMRTG7 requires the mrtg package:

    apt-get install mrtg
  • Trustix Notes:

    Matthew Valentini provided some notes on using this toaster with Trustix 3.0. I have not tested them, I'm just making them available as-is.

  • Toaster License

    This document is covered by the same license as Life With Qmail, and the license is detailed here:

    http://www.opencontent.org/opl.shtml

     

Getting Started

  • DNS

    Before we begin, make sure DNS (mx record) is properly setup. If you were using "merchbox.com" as your virtual domain, here's how your host lookups would look after setting up dns:

    [shupp@ns1 toaster]$ host -t mx merchbox.com
    merchbox.com. mail is handled by 0 mail.merchbox.com.
    [shupp@ns1 toaster]$ host -t a mail.merchbox.com
    mail.merchbox.com. has address 216.234.249.114
  • Remove existing smtp/pop/imap servers

    Now we must remove any existing installations of sendmail/postfix and disable pop/imap servers. To remove sendmail and postfix from an rpm based distribution, try this:

    rpm -e --nodeps sendmail postfix

    Unless you have other services that absolutely have to run on this machine, I recommend shutting down inetd or xinetd altogether and removing it from your startup scripts. The only thing you'll need (outside of what we're about to isntall) is ssh, which is probably installed already. This will likely shut off any pop3 or imap servers, as well as other unneccessary ports. Otherwise, disable them manually.

    To be sure that these services are disabled, try telnetting to ports 25, 110, and 143 and make sure your connections are refused.

  • Download Packages

    I keep my software source in /var/src. If you want to put it in another location, set the location below, and all paths will be updated.


    umask 0022
    mkdir -p /var/src/tar
    cd /var/src/tar
    wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
    wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
    wget http://shupp.org/software/netqmail-1.05.tar.gz
    wget http://shupp.org/software/libdomainkeys-0.68.tar.gz
    wget http://shupp.org/patches/libdomainkeys.diff
    wget http://shupp.org/patches/qmail-toaster-0.9.1.patch.bz2
    wget http://shupp.org/patches/doublebounce-trim.patch
    wget http://shupp.org/software/vpopmail-5.4.18.tar.gz
    wget http://shupp.org/patches/vpopmail-5.4.18-cumulative.patch
    wget http://shupp.org/software/autorespond-2.0.4.tar.gz
    wget http://shupp.org/patches/autorespond-2.0.4-2.0.5.patch
    wget http://shupp.org/software/qmailadmin-1.2.11.tar.gz
    wget http://shupp.org/software/qmailadmin-help-1.0.8.tar.gz
    wget http://cr.yp.to/software/ezmlm-0.53.tar.gz
    wget http://shupp.org/software/ezmlm-idx-0.443.tar.gz
    wget http://shupp.org/software/courier-imap-4.1.2.tar.bz2
    wget http://shupp.org/software/courier-authlib-0.59.1.tar.bz2
    wget http://shupp.org/patches/vpopmail_courier_cram-1.diff
    wget http://shupp.org/software/squirrelmail-1.4.9a.tar.bz2
    wget http://shupp.org/software/quota_usage-1.3.1-1.2.7.tar.gz
    wget http://shupp.org/software/toaster-scripts-0.9.0.tar.gz
    cd ../
    tar -xzf tar/netqmail-1.05.tar.gz
    cd netqmail-1.05
    ./collate.sh

Install Software

Now that you have downloaded all the software packages to /var/src, please go through each of these installation steps as the appear, and in this order, unless you really know what you're doing. (Because if you did, you wouldn't be reading this, right?)

The below steps assume that your "rc" directories are in /etc/ and your "init.d" path is "/etc/init.d" . If yours are different, please substitue paths accordingly.

  • daemontools

    daemontools is a collection of tools for managing UNIX services. It will monitor qmail-send, and qmail-smtpd, and qmail-pop3d services.

    Info: http://cr.yp.to/daemontools.html

    Install:

    mkdir -p /package
    chmod 1755 /package
    cd /package
    tar -xpzf /var/src/tar/daemontools-0.76.tar.gz
    cd admin/daemontools-0.76
    patch -p1 < /var/src/netqmail-1.05/other-patches/daemontools-0.76.errno.patch
    package/install

    # add the "clear" service

    cd ../
    mkdir clear
    touch clear/down

    cat > clear/run < #!/bin/sh
    yes '' | head -4000 | tr '\n' .

    # When you want to clear the service errors, just run this:
    # svc -o /service/clear
    EOF

    chmod +x clear/run
    chmod a-w clear/down

    ln -s /package/admin/clear /service/clear

To verify that daemontools is running, make sure that `ps ax` reports '/bin/sh /command/svscanboot' and 'svscan /service' as running.

ucspi-tcp

ucspi-tcp contains tcpserver and tcpclient, command line tools for building client-server applications.

Info: http://cr.yp.to/ucspi-tcp.html

Install:

cd /var/src
tar -xzf tar/ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch -p1 < /var/src/netqmail-1.05/other-patches/ucspi-tcp-0.88.errno.patch

# NOTE: If you are on the x86_64 platform, you need to remove the "-02" argument to gcc in conf-cc. See this for details

make
make setup check

 

qmail

qmail is allegedly the second most popular MTA in use, known for speed and security.

Info: http://www.qmail.org

The patch you will apply later is a composite of these existing patches:

  • smtp auth (cram-md5)
  • starttls support
  • support oversize dns packets (not necessary if you use dnscache)
  • qregex (regular expression matching in badmailfrom and badmailto)
  • reread concurrency via HUP
  • big concurrency (set the spawn limit above 255)
  • maildir++ patch
  • qmail-queue (to allow for virus scanners, part of netqmail)
  • chkuser (check for local users, envelope syntax) with user extensions enabled (for TMDA)
  • spam throttle
  • spf
  • surbl support in qmail-smtpd
  • domainkeys support

Install:

mkdir /var/qmail
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails

cd /var/src
tar -xzf tar/toaster-scripts-0.9.0.tar.gz
cd netqmail-1.05/netqmail-1.05

# NOTE: RedHat/Fedora users may need to link certain include files for the TLS patch.
# Issue the command below only if make fails:
ln -s /usr/kerberos/include/com_err.h /usr/kerberos/include/krb5.h \
/usr/kerberos/include/profile.h /usr/include/
# as well as remove the sendmail link if it still exists:
rm /usr/sbin/sendmail

make
make setup check
# NOTE: qmail will be patched AFTER vpopmail is installed

# turn on SPF checking
echo 3 > /var/qmail/control/spfbehavior

# Setup the primary administrator's email address.
# This address will receive mail for root, postmaster, and mailer-daemon.
# Replace "[email protected]" with your email address
(cd ~alias; echo "[email protected]" > .qmail-postmaster ;\
echo "[email protected]" > .qmail-mailer-daemon ;\
echo "[email protected]" > .qmail-root )
chmod 644 ~alias/.qmail*

./config-fast `hostname --long`

Configure:

add qmail man pages to MANPATH Edit /etc/man.config
  • Add "MANPATH /var/qmail/man"
  • NOTE: Debian users should set MANDATORY_MANPATH rather than MANPATH
cd /var/src
cp toaster-scripts-0.9.0/rc /var/qmail/rc
chmod 755 /var/qmail/rc
mkdir /var/log/qmail
echo ./Maildir/ >/var/qmail/control/defaultdelivery
cp toaster-scripts-0.9.0/qmailctl /var/qmail/bin/
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail

# Now create the supervise directories/scripts for the qmail services:
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
mkdir -p /var/qmail/supervise/qmail-pop3ds/log
cp /var/src/toaster-scripts-0.9.0/send.run /var/qmail/supervise/qmail-send/run
cp /var/src/toaster-scripts-0.9.0/send.log.run /var/qmail/supervise/qmail-send/log/run
cp /var/src/toaster-scripts-0.9.0/smtpd.run /var/qmail/supervise/qmail-smtpd/run
cp /var/src/toaster-scripts-0.9.0/smtpd.log.run /var/qmail/supervise/qmail-smtpd/log/run
cp /var/src/toaster-scripts-0.9.0/pop3d.run /var/qmail/supervise/qmail-pop3d/run
cp /var/src/toaster-scripts-0.9.0/pop3d.log.run /var/qmail/supervise/qmail-pop3d/log/run

# NOTE: If you are using stunnel version 4, you should use pop3ds.run.v4
# instead of pop3ds.run below.
# Type "stunnel -V" (v. 3) or "stunnel -version" (v. 4) to see what version is installed.
# You will also need to copy over stunnel.conf like so:
#
# cp /var/src/toaster-scripts-0.9.0/stunnel.conf /var/qmail/supervise/qmail-pop3ds/

cp /var/src/toaster-scripts-0.9.0/pop3ds.run /var/qmail/supervise/qmail-pop3ds/run

cp /var/src/toaster-scripts-0.9.0/pop3ds.log.run /var/qmail/supervise/qmail-pop3ds/log/run
echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
chmod 755 /var/qmail/supervise/qmail-pop3ds/run
chmod 755 /var/qmail/supervise/qmail-pop3ds/log/run
mkdir -p /var/log/qmail/smtpd
mkdir -p /var/log/qmail/pop3d
mkdir -p /var/log/qmail/pop3ds
chown -R qmaill /var/log/qmail

# allow daemontools to start qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service

# verify that it's running with qmailctl
sleep 5
qmailctl stat

Now let's compile libdomainkeys, we'll need that later:

cd /var/src
tar -xzf tar/libdomainkeys-0.68.tar.gz
cd libdomainkeys-0.68
patch -p0 < ../tar/libdomainkeys.diff
make

 

Vpopmail

Vpopmail is a virtual domain package add-on for qmail. It can handle multiple domains on a single IP address, and none of the user accounts are /etc/passwd or "system" accounts.

Info: http://vpopmail.sf.net

Install:

groupadd -g 89 vchkpw
useradd -u 89 -g vchkpw vpopmail

cd /var/src
tar -xzf tar/vpopmail-5.4.18.tar.gz
cd vpopmail-5.4.18
patch -p0 < ../tar/vpopmail-5.4.18-cumulative.patch

# NOTE: If you are on the x86_64 platform, you need to set the CFLAGS compiler environment by prefacing the next command with "CFLAGS=-fPIC" , like so: "CFLAGS=-fPIC ./configure ..."

./configure --enable-logging=v
make
make install-strip

# NOTE: If you are on the x86_64 platform, you need to edit cdb/compile to add the -fPIC argument to cc. It should look something like this: 'exec gcc -fPIC -02 -c ${1+"$@"}' After editing compile, do "make && make install-strip" again. see this post for more details

echo '127.:allow,RELAYCLIENT=""' > ~vpopmail/etc/tcp.smtp
(cd ~vpopmail/etc ; tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp)

# install the vpopmail start script
cp ../toaster-scripts-0.9.0/vpopmailctl /var/qmail/bin/vpopmailctl

chmod 755 /var/qmail/bin/vpopmailctl
ln -s /var/qmail/bin/vpopmailctl /usr/bin

# add qmail toaster patch now that vpopmail is installed
cd /var/src/netqmail-1.05/netqmail-1.05
bunzip2 -c ../../tar/qmail-toaster-0.9.1.patch.bz2 | patch -p0
make clean
make
qmailctl stop
make setup check

# NOTE: the following command needs to be run after any future re-installs of qmail as it will chown this directory back to qmail

chown -R vpopmail:vchkpw /var/qmail/spam

make cert
# enter your company's information
make tmprsadh
# NOTE: This may take a LONG time

# now add the followowing line to your crontab via `crontab -e` to update these temp keys each night
01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1

# start qmail back up
qmailctl start

# allow daemontools to start vpopmail
ln -s /var/qmail/supervise/qmail-pop3d /var/qmail/supervise/qmail-pop3ds /service

# verify that it's running with vpopmailctl
sleep 5
vpopmailctl stat

 

Courier-IMAP

Courier-IMAP will supply IMAP/SIMAP access.

Info: http://www.courier-mta.org/imap/

NOTE: If you are on a system that does not use GNU make, such as FreeBSD, install GNU make and substitue 'gmake' for 'make' during the install of courier-authlib and courier-imap. Most Linux systems use GNU make.

Install Courier's Auth Library:

cd /var/src
tar -xjf tar/courier-authlib-0.59.1.tar.bz2
cd courier-authlib-0.59.1
patch -p0 < ../tar/vpopmail_courier_cram-1.diff
./configure
# NOTE: RedHat/Fedora users need to add "--with-redhat"

make
make install-strip
make install-configure

cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 755 /etc/init.d/courier-authlib
ln -s ../init.d/courier-authlib /etc/rc0.d/K30courier-authlib
ln -s ../init.d/courier-authlib /etc/rc1.d/K30courier-authlib
ln -s ../init.d/courier-authlib /etc/rc2.d/S80courier-authlib
ln -s ../init.d/courier-authlib /etc/rc3.d/S80courier-authlib
ln -s ../init.d/courier-authlib /etc/rc4.d/S80courier-authlib
ln -s ../init.d/courier-authlib /etc/rc5.d/S80courier-authlib
ln -s ../init.d/courier-authlib /etc/rc6.d/K30courier-authlib

Configure:

Edit /usr/local/etc/authlib/authdaemonrc
  • Change authmodulelist= "..." to authmodulelist= "authvchkpw"
  • Start Authlib's Authdaemon Server
  • /etc/init.d/courier-authlib start

Install Courier-IMAP:

cd /var/src
tar -xjf tar/courier-imap-4.1.2.tar.bz2
cd courier-imap-4.1.2
# build as vpopmail
chown -R vpopmail:vchkpw ../courier-imap-4.1.2
su vpopmail
umask 0022
# configure may take some time...
./configure
# NOTE: RedHat/Fedora users need to add '--with-redhat'

make
exit
make install-strip
make install-configure

cp courier-imap.sysvinit /etc/init.d/courier-imap
chmod 755 /etc/init.d/courier-imap
ln -s ../init.d/courier-imap /etc/rc0.d/K30courier-imap
ln -s ../init.d/courier-imap /etc/rc1.d/K30courier-imap
ln -s ../init.d/courier-imap /etc/rc2.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc3.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc4.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc5.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc6.d/K30courier-imap

Configure:

Edit /usr/lib/courier-imap/etc/imapd
  • Change 'IMAPDSTART=NO' to 'IMAPDSTART=YES'
  • add " AUTH=CRAM-MD5" to IMAP_CAPABILITY to enable secure authentication (CRAM-MD5)
Edit /usr/lib/courier-imap/etc/imapd-ssl
  • Change 'IMAPDSSLSTART=NO' to 'IMAPDSSLSTART=YES'
  • optional: The first time courier-imap is started, the SSL certificate is first created using 'localhost' as the 'common name'. If you want to change this to match your hostname, you can customize the CN line in /usr/lib/courier-imap/etc/imapd.cnf (and pop3d.cnf of you choose to use courier's pop3d) so that the common name matches your server name BEFORE you start the server for the first time.

Start IMAP server

/etc/init.d/courier-imap start

 

SquirrelMail

SquirrelMail is a web based IMAP client

Info: http://www.squirrelmail.org

NOTE: This section assumes that your apache ServerRoot is /var/www and that your DocumentRoot is /var/www/html, and also that your web server runs as apache:apache

Install:

cd /var/src
tar -xjf tar/squirrelmail-1.4.9a.tar.bz2
cd squirrelmail-1.4.9a
cd plugins
tar -xzf ../../tar/quota_usage-1.3.1-1.2.7.tar.gz
cp quota_usage/config.php.sample quota_usage/config.php
cd ../
./configure

here you will have to set a few options:

  • go to Server Settings (2), Server Software (8) and change the Server Software from "other" to "courier" (a)
  • From the main menu, go to General Options (4) and change Data Direcotry (2) to "/var/www/data/" , change "Allow server thread sort" (10) to y, and change "Allow server-side sorting" (11) to y.
  • From the main menu, go to Plugins and enable the quota_usage plugin, along with any others you prefer
  • Save settings
  • quit

# move the data directory into place and change permissions to the user:group that the web server runs as:
mv data /var/www/
chown -R apache:apache /var/www/data

# install squirrelmail
cd ../
mv squirrelmail-1.4.9a /var/www/html/

 

autorespond

Autorespond is compatible autoresponder/vacation type tool that works well with vdelivermail and qmailadmin.

Info: http://qmailadmin.sf.net

Install:

cd /var/src
tar -xzf tar/autorespond-2.0.4.tar.gz
cd autorespond-2.0.4
patch -p1 < ../tar/autorespond-2.0.4-2.0.5.patch
make
make install

 

ezmlm-idx

Fast, full featured Mailing List Manager configureable from qmailadmin.

Info: http://www.ezmlm.org

Install:

cd /var/src
tar -xzf tar/ezmlm-0.53.tar.gz
tar -xzf tar/ezmlm-idx-0.443.tar.gz
mv ezmlm-idx-0.443/* ezmlm-0.53/
cd ezmlm-0.53
patch -p0 < idx.patch
make
make setup

 

  • QmailAdmin

    QmailAdmin can handle nearly all virtual email administration tasks for you from a web browser, except for adding and removing virtual domains.

    Info: http://sourceforge.net/projects/qmailadmin

    Install:

    cd /var/src
    tar -xzf tar/qmailadmin-1.2.11.tar.gz
    cd qmailadmin-1.2.11
    ./configure --enable-help --enable-htmldir=/var/www/html --enable-cgibindir=/var/www/cgi-bin
    make
    make install-strip

    cd ../
    tar -xzf tar/qmailadmin-help-1.0.8.tar.gz
    cd qmailadmin-help-1.0.8
    mkdir /var/www/html/p_w_picpaths/qmailadmin/help
    cp -rp * /var/www/html/p_w_picpaths/qmailadmin/help

    Your toaster installation is done! Now we're ready to take it for a test drive.

  •  

  • Test Drive

    Here we'll add a virtual domain, 'test.com', and test sending/receiving mail. Substitue 'test.com' for whatever domain you setup DNS for.

    # Add the domain to vpopmail
    /home/vpopmail/bin/vadddomain test.com [password]

    This creates the default "postmaster" account for test.com. You will use this account with qmailadmin. Try adding/removing users with qmailadmin here:

    http://mail.test.com/cgi-bin/qmailadmin

    To test out quota usage support, create a user with a 6MB quota like so:

    /home/vpopmail/bin/vadduser -q 6MB [email protected] [password]

    # verify the user settings, and create the "maildirsize" file
    /home/vpopmail/bin/vuserinfo [email protected]

    Now, to log into SquirrelMail as [email protected], point your browser here:

    http://mail.test.com/squirrelmail-1.4.9a/

    Send yourself a message. If you get it, it's likely you're up and running.

    To test your POP server, try telnetting to port 110 and logging in.

    # telnet localhost 110
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    +OK <25248.1175148975@localhost>
    user [email protected]
    +OK
    pass [password]
    +OK logged in.
    quit
    +OK
    Connection closed by foreign host.

    Test your IMAP server in the same way:

    # telnet localhost 143
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    * OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc. See COPYING for distribution information.
    a001 login [email protected] [password]
    a001 OK LOGIN Ok.
    a001 logout
    * BYE Courier-IMAP server shutting down
    a001 OK LOGOUT completed
    Connection closed by foreign host.

    To test our SSL/TLS connections, all you need to do is duplicate the same tests above, but use openssl's s_client tool to handle encryption.

    # for pop:
    openssl s_client -connect localhost:995

    # for imap:
    openssl s_client -connect localhost:993

    # for smtp/tls:
    openssl s_client -crlf -starttls smtp -connect localhost:25

    NOTE: If you get an error like this:

    20656:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:473:

    your qmail install might need the cipher lists. Debian does this, I don't know why. The following commands will fix it:

    openssl ciphers > /var/qmail/control/tlsclientciphers
    openssl ciphers > /var/qmail/control/tlsserverciphers

Options

Here, you can add 4 tools that together will prevent viruses from reaching your system via email, and tag spam for client filtering

SpamAssassin

SpamAssassin is the leading open source spam scanner. We'll be installing SpamAssassin via CPAN below.

NOTE: Debian users should have installed the SpamAssassin prerequisites during 'Debian Notes' eariler. RPM distributions may want to use 'yum install spamassassin' instead of CPAN below, so that you get all the dependencies. If the RPM of SpamAssassin is out of date, you could then simply do 'yum uninstall spamassassin', and follow the CPAN installation below, as you'll have the dependencies.

Info: http://www.spamassassin.org

Install:

cd /root
perl -MCPAN -e shell
o conf prerequisites_policy ask
install Mail::SpamAssassin
quit

# run spamd under daemontools
mkdir -p /var/qmail/supervise/spamd/log
mkdir -p /var/log/spamd
chown qmaill /var/log/spamd
cp /var/src/toaster-scripts-0.9.0/spamd.run /var/qmail/supervise/spamd/run
cp /var/src/toaster-scripts-0.9.0/spamd.log.run /var/qmail/supervise/spamd/log/run
chmod 755 /var/qmail/supervise/spamd/run
chmod 755 /var/qmail/supervise/spamd/log/run
cp /var/src/toaster-scripts-0.9.0/local.cf /etc/mail/spamassassin/local.cf
mkdir /etc/mail/spamassassin/.spamassassin/
chown vpopmail /etc/mail/spamassassin/.spamassassin/
ln -s /var/qmail/supervise/spamd /service

 

ClamAV

This open source virus scanner will be called by simscan.

Info: http://clamav.sf.net

NOTE: You need gmp-devel installed to verify the digital signatures of the virus database.

Install:

groupadd clamav
useradd -g clamav clamav
cd /var/src/tar
wget http://shupp.org/software/clamav-0.90.2.tar.gz
wget http://shupp.org/patches/clamav-0.90.2.patch
cd ../
tar -xzf tar/clamav-0.90.2.tar.gz
cd clamav-0.90.2
patch -p0 < ../tar/clamav-0.90.2.patch
./configure
make
make install-strip

# setup freshclam
touch /var/log/freshclam.log
chmod 600 /var/log/freshclam.log
chown clamav /var/log/freshclam.log
cp /var/src/toaster-scripts-0.9.0/freshclam /etc/init.d/freshclam
chmod 755 /etc/init.d/freshclam
ln -s ../init.d/freshclam /etc/rc0.d/K30freshclam
ln -s ../init.d/freshclam /etc/rc1.d/K30freshclam
ln -s ../init.d/freshclam /etc/rc2.d/S80freshclam
ln -s ../init.d/freshclam /etc/rc3.d/S80freshclam
ln -s ../init.d/freshclam /etc/rc4.d/S80freshclam
ln -s ../init.d/freshclam /etc/rc5.d/S80freshclam
ln -s ../init.d/freshclam /etc/rc6.d/K30freshclam

# add freshclam.log to logrotate
cp /var/src/toaster-scripts-0.9.0/freshclam.logrotate /etc/logrotate.d/freshclam

# run clamd under daemontools
mkdir -p /var/qmail/supervise/clamd/log
mkdir -p /var/log/clamd
chown clamav /var/log/clamd
cp ../toaster-scripts-0.9.0/clamd.run /var/qmail/supervise/clamd/run
cp ../toaster-scripts-0.9.0/clamd.log.run /var/qmail/supervise/clamd/log/run
chmod 755 /var/qmail/supervise/clamd/run
chmod 755 /var/qmail/supervise/clamd/log/run

# Start clamd and freshclam
ln -s /var/qmail/supervise/clamd /service
/etc/init.d/freshclam start

 

ripmime

ripmime is a tool for extracting MIME p_w_uploads from email, and is used by simscan.

Info: http://www.pldaniels.com/ripmime/

Install:

cd /var/src/tar
wget http://shupp.org/software/ripmime-1.4.0.6.tar.gz
cd ..
tar -xzf tar/ripmime-1.4.0.6.tar.gz
cd ripmime-1.4.0.6
make
make install

 

Simscan

Your qmail installation is already patched (qmail-queue patch) to support simscan, a new tool for using virus/spam scanners with qmail. The nice thing is that it prevents viruses (and optionally spam) from even getting into your queue. This is different from qmail-scanner, which will quarantine infected messages instead of stopping them at the SMTP level.

Info: http://inter7.com/?page=simscan

Install:

cd /var/src/tar
wget http://shupp.org/software/simscan-1.3.1.shupp2.tar.gz
cd ../
tar -xzf tar/simscan-1.3.1.shupp2.tar.gz
cd simscan-1.3.1.shupp2

./configure --enable-user=clamav \
--enable-clamav=y \
--enable-spam=y \
--enable-spam-passthru=y \
--enable-per-domain=y \
--enable-ripmime \
--enable-attach=y \
--enable-received=y

make
make install-strip

# add default rules for simscan
echo ":clam=yes,spam=yes,spam_passthru=yes,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif" > /var/qmail/control/simcontrol
# update /var/qmail/control/simcontrol.cdb
/var/qmail/bin/simscanmk
# put versions for received header in /var/qmail/control/simversions.cdb
/var/qmail/bin/simscanmk -g

# turn on scanning
echo ':allow,QMAILQUEUE="/var/qmail/bin/simscan"' >> ~vpopmail/etc/tcp.smtp
qmailctl cdb

 

TMDA

If you want the option to be very aggressive about spam control, TMDA (Tagged Message Delivery Agent) is a challenge based tool that requires a sender to confirm their sending address before the incoming message is delivered. I don't use it myself, but many people do.

Info: http://www.tmda.net

Install:

cd /var/src/tar
wget http://shupp.org/software/tmda-1.1.11.tgz
wget http://shupp.org/software/tmda-cgi-0.16.3.tar.bz2
wget http://shupp.org/patches/tmda-cgi-parent_re.patch

cd ../
tar -xzf tar/tmda-1.1.11.tgz
cd tmda-1.1.11
./compileall
cd ../
mv tmda-1.1.11 /usr/local/
ln -s /usr/local/tmda-1.1.11 /usr/local/tmda

# Now we'll install the vpopmail related scripts

cp /var/src/toaster-scripts-0.9.0/vadduser-tmda /home/vpopmail/bin/
cp /var/src/toaster-scripts-0.9.0/vpopmail-vdir.sh /home/vpopmail/bin/
cp /var/src/toaster-scripts-0.9.0/vtmdarc /home/vpopmail/etc/

# Setup tmda-ofmipd

mkdir -p /var/qmail/supervise/tmda-ofmipd/log
mkdir -p /var/qmail/supervise/tmda-ssl/log
mkdir /var/log/tmda-ofmipd/
mkdir /var/log/tmda-ssl/
chown vpopmail /var/log/tmda-*
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.run /var/qmail/supervise/tmda-ofmipd/run
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.log.run /var/qmail/supervise/tmda-ofmipd/log/run

# NOTE: If you are using stunnel version 4, you should use tmda.ssl.run.v4 instead of tmda-ofmipd.ssl.run below. Type 'stunnel -V' (v. 3) or 'stunnel -version' (v. 4) to see what version is installed. You will also need to copy over stunnel.conf like so: cp /var/src/toaster-scripts-0.9.0/tmda-stunnel.conf /var/qmail/supervise/tmda-ssl/stunnel.conf

cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.ssl.run /var/qmail/supervise/tmda-ssl/run

cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.ssl.log.run /var/qmail/supervise/tmda-ssl/log/run
chmod 755 /var/qmail/supervise/tmda-ofmipd/run
chmod 755 /var/qmail/supervise/tmda-ofmipd/log/run
chmod 755 /var/qmail/supervise/tmda-ssl/run
chmod 755 /var/qmail/supervise/tmda-ssl/log/run
ln -s /var/qmail/supervise/tmda-ofmipd /var/qmail/supervise/tmda-ssl /service/

# Setup tmda-cgi

cd /var/src
tar -xjf tar/tmda-cgi-0.16.3.tar.bz2
cd tmda-cgi-0.16.3
patch -p0 < ../tar/tmda-cgi-parent_re.patch
rm -r skel/uninstall/%\(Parent\)s/
cd ../
mv tmda-cgi-0.16.3 /usr/local/
cd /usr/local/tmda-cgi-0.16.3

./configure \
-t /var/www/cgi-bin/tmda.cgi \
-p /home/vpopmail/bin/vchkpw \
-m single-user \
-l "vpopmail1 /home/vpopmail/bin/vuserinfo ~" \
-i /usr/local/tmda-cgi-0.16.3/ \
-d /display
# NOTE: If you installed vpopmail somewhere other than /home/vpopmail, you'll need to update refernces in defaults.ini here

make
make install
chown vpopmail:vchkpw /var/www/cgi-bin/tmda.cgi
chmod ug+s /var/www/cgi-bin/tmda.cgi
  • Now, you'll need to add an alias directive to your web server. Add the following to /etc/httpd/httpd.conf (or where ever your conf file is), and restart Apache:

    Alias /display /usr/local/tmda-cgi-0.16.3/display/

Now, you should be able to point your browser to /cgi-bin/tmda.cgi, log in with your email address and password, and add/edit/remove tmda for your account. Note that the .qmail files created by tmda WILL show up in QmailAdmin.

 

QmailMRTG7

This is a great tool for graphing your mail server's activity.

Info: http://inter7.com/?page=qmailmrtg7

Install:

cd /var/src/tar
mkdir /var/www/html/qmailmrtg

wget http://shupp.org/software/qmailmrtg7-4.2.tar.gz
wget http://shupp.org/patches/qmailmrtg7-4.2-cfg.patch
cd ../
tar -xzf tar/qmailmrtg7-4.2.tar.gz
cd qmailmrtg7-4.2
patch -p0 < ../tar/qmailmrtg7-4.2-cfg.patch
make
make install

# Edit qmail.mrtg.cfg and change all instances of FQDN to your hostname

cp qmail.mrtg.cfg /etc/
indexmaker --section=title /etc/qmail.mrtg.cfg > /var/www/html/qmailmrtg/index.html

# now run mrtg 3 times to get rid of initial cron errors
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg

Add the following line to your crontab
0-55/5 * * * * env LANG=C /usr/bin/mrtg /etc/qmail.mrtg.cfg > /dev/null

 

http://www.shupp.org/toaster/?page=toc