Linux/SUSE/Qmail Notes

From Notes

The following are notes from Iain, about installing qmail on SuSE Pro 9.3 and SLES 9.0. 

(Used qmailrocks.tar.gz, version 2.20, March'2005 
following the RedHat instructions for the most part, then Slackware for reference/issues. )
EXAMPLES used:  YOURDOMAIN.COM YOURHOST  YOURNAME , i.e. YOURNAME@YOURHOST.YOURDOMAIN.COM

Contents

[edit]

Software & Sources

List of packages/versions it includes: 

(For more details, see http://qmailrocks.org/#includes or http://downloads.qmailrocks.org/ )

A successful qmailrocks qmail installation will leave you with the following:

[edit]

Qmail itself - qmail, ucspi-tcp, daemontools w/enhanced logging.

  • daemontools-0.76.tar.gz
  • qmail-1.03.tar.gz
  • ucspi-tcp-0.88.tar.gz
[edit]

John Simpson's massive qmail patch, which includes (among others) qmailqueue, smtp-auth and TLS smtp encryption.

  • patches
  • scripts
  • tools
[edit]

EZmlm - A fast and easy to use mailing list manager that works through qmail.

  • ezmlm-0.53-idx-0.41.tar.gz
[edit]

Autoresponder - Enables auto-responder capabilities on your qmail server.

  • autorespond-2.0.5.tar.gz
  • qmail-autoresponder-0.96.1.tbz
[edit]

Vpopmail - Enables virtual e-mail hosting for multiple domains. Available with or without mysql integration.

  • vpopmail-5.4.9.tar.gz
[edit]

Vqadmin - A web based interface to manage Vpopmail virtual domains on your qmail server.

  • vqadmin-2.3.6.tar.gz
[edit]

Maildrop - A server-wide mail filtering tool.

  • maildrop-1.6.3.tar.gz
[edit]

Qmailadmin - A web based interface for managing vpopmail virtual e-mail accounts.

  • qmailadmin-1.2.3.tar.gz
[edit]

Courier-imap/imap-ssl - The popular IMAP/IMAP-SSL server.

  • courier-authlib-0.55.tar.bz2
  • courier-imap-3.0.8.tar.bz2
  • courier-imap-4.0.2.tar.bz2
  • courierpassd-1.1.0-RC1.tar.gz
[edit]

Squirrelmail - A web based mail client with a boat load of cool plugins available.

[edit]

Clam Antivirus - a virus scanner for all incoming e-mail. Tied in via qmail-scanner.

  • clamav-0.80.tar.gz
  • clamav-0.83-1.i386.rpm
  • clamav-0.83.tar.gz
  • clamav-devel-0.83-1.i386.rpm
[edit]

SpamAssassin - Tied in via Qmail-scanner. A server-wide SPAM filter.

  • Mail-SpamAssassin-2.63.tar.gz
  • Mail-SpamAssassin-3.0.2.tar.gz
  • p5-Mail-SpamAssassin-3.0.1_2.tgz
  • spamassassin-3.0.2-1.i386.rpm
  • spamassassin-tools-3.0.2-1.i386.rpm
[edit]

qmail-scanner - The alternate queueing mechanism that allows for the use of Clam Anti-virus, Spamassassin and much more.

  • qmail-scanner-1.22.tgz
  • qmail-scanner-1.25.tgz
[edit]

qms-analog - a patch for qmailscanner that allows for extra options as well as enhanced server stats.

  • qms-analog-0.3.4.tar.gz
  • qms-analog-0.4.2.tar.gz
[edit]

qmailanalog - A qmail log analysis tool, made better by qms-analog. Analyzes qmail logs and then sends reports via e-mail.

  • qlogtools-3.1.tar.gz
  • qlogtools-solaris-3.1
[edit]

q-trap - A domain level word based e-mail filter. The last line of defense against SPAM!

[edit]

Base system packages, required before any installation 

perl-suidperl-5.8.0-88.3.i386.rpm  (may just need to chmod +s /usr/bin/suidperl)
perlmods
unzip-5.50-33.i386.rpm
vqregister-2.5.tar.gz
qmailanalog-0.70.tar.gz
[edit]

Pre-Installation Checklist

1. The Apache Web Server

2. PHP - Version 4.0.6 or higher.

  •  ? Support with imap and mysql
  •  ? Install the php-imap and php-mysql packages

3. Perl - use version 5.8.0, (or any version of 5+)

  • (Also needs the following standard modules)
  • Digest::SHA1 , Digest::HMAC , Net::DNS , Time::HiRes , HTML::Tagset , HTML::Parser

4. GCC - The gcc compiler. (SusE Pro 9.3, need to install)

5. MySQL - Version 4.x ( 3.x will work too )

6. OpenSSL - Version 0.9.5a or higher.

7. OpenSSL-devel - SusE Pro 9.3, need to install
Will also install glibc-devel, and libstdc++-devel.

8. Other SUSE install packages

  • gdm (SLES 9.0, need to install)

9. wget

10. patch & patchutils

11. Firewall exceptions (use ports for the services that will be used) 

Outbound ports (tcp)

25 - SMTP
110 - POP services
143 - IMAP
783 - Spamassassin
993 - IMAPS

Inbound Ports (tcp)

25 - SMTP
80 - HTTP
110 - POP services
143 - IMAP
443 - HTTPS
783 - Spamassassin
993 - IMAPS
[edit]

Installation Steps

(Start with, http://qmailrocks.org/install_slackware.htm , 20 sections)

[edit]

Part 1 - Download All the Needed Items for the Qmail installation

mkdir /downloads
cd /downloads
wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
tar zxvf qmailrocks.tar.gz
[edit]

Part 2 - Installing Qmail itself

/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script  
/downloads/qmailrocks/scripts/util/qmail_big_patches.script
cd /usr/src/qmail/qmail-1.03
make man && make setup check
./config-fast your.domain.com
make cert

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Your State
Locality Name (eg, city) [Newbury]:Your City
Organization Name (eg, company) [My Company Ltd]:Your Organization Name
Organizational Unit Name (eg, section) []:Your sub-title
Common Name (eg, your name or your server's hostname) []:your.domain.com
Email Address []:postmaster-qmail@your.domain.com

Note: Installed in /var/qmail/control/servercert.pem, along with a symlink to that cert at /var/qmail/control/clientcert.pem 

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem

cd /usr/src/qmail/ucspi-tcp-0.88/
patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch
make && make setup check

cd /package/admin/daemontools-0.76/src
patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch
cd /package/admin/daemontools-0.76 
package/install

Note: You should see the daemon "svscanboot" running with a "ps -aux" command.

[edit]

Part 3- Installing EZmlm and EZmlm-idx 

cd /downloads/qmailrocks/
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make && make setup
[edit]

Part 4- Installing Autoresponder 

cd /downloads/qmailrocks
tar zxvf autorespond-2.0.5.tar.gz
cd autorespond-2.0.5
make && make install
[edit]

Part 5- Installing Vpopmail (without mysql interaction) 

cd /downloads/qmailrocks
tar zxvf vpopmail-5.4.9.tar.gz
cd vpopmail-5.4.9
./configure --enable-logging=p
make && make install-strip
[edit]

Part 6- Installing VQadmin

(skip if VQAdmin function is not desired) 

cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure --enable-cgibindir=/var/www/local/cgi-bin --enable-htmldir=/var/www/local/vqadmin/
 ( ????? /var/www/local/cgi-bin /var/www/local/vqadmin/ )
 ( ????? Problems with 'x86_64_unknown' type servers )

make && make install-strip

vi /etc/apache2/default-server.conf
 (????? /etc/apache2/default-server.conf or where your vhost site is defined)

<Directory "/var/www/local/cgi-bin/vqadmin">
     deny from all
     Options ExecCGI
     AllowOverride AuthConfig
     Order deny,allow
</Directory>

 (????? /var/www/local/cgi-bin/vqadmin )

cd /var/www/local/cgi-bin/vqadmin
vi .htaccess

AuthType Basic
AuthUserFile /etc/apache2/vqadmin.htpasswd
AuthName vQadmin
require valid-user
satisfy any

chown www-data .htaccess 
chmod 644 .htaccess
/usr/bin/htpasswd2 -bc /etc/apache2/vqadmin.htpasswd admin admin_password
chmod 644 /etc/apache2/vqadmin.htpasswd

Restart apache2. 

/etc/init.d/apache2 restart

Check functionality. 

http://localhost/cgi-bin/vqadmin/vqadmin.cgi
[edit]

Part 7- Installing maildrop 

cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip && make install-man
[edit]

Part 8- Installing QmailAdmin 

cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.3.tar.gz
cd qmailadmin-1.2.3
./configure --enable-cgibindir=/var/www/local/cgi-bin/ --enable-htmldir=/var/www/local
( /var/www/local/cgi-bin /var/www/local  ?????)
make && make install-strip
[edit]

Part 9 - Finalizing the qmail installation 

/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script

vi /var/qmail/supervise/qmail-pop3d/run

Find "mail.example.com" and change it to your server's hostname. For example: myhost.mydomain.com. 

vi /var/qmail/supervise/qmail-smtpd/run

Find "mail.example.com" and change it to your server's hostname. For example: myhostd


Next, we'll kill any running qmail processes so that we can implement some final configurations. 

qmailctl stop

We setup selective relaying for localhost... 

echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp

qmailctl cdb

Now we create the common system aliases. (USERNAME is your own username of the system) 

echo admin > /var/qmail/alias/.qmail-root
echo admin > /var/qmail/alias/.qmail-abuse
echo admin > /var/qmail/alias/.qmail-postmaster
echo admin > /var/qmail/alias/.qmail-mailer-daemon
echo admin > /var/qmail/alias/.qmail-anonymous
echo YOURNAME-admin    > /var/qmail/alias/.qmail-admin
chmod 644 /var/qmail/alias/.qmail*

touch ~YOURNAME/.qmail-admin
chown YOURNAME:users ~YOURNAME/.qmail-admin
[edit]

Part 10 - Uninstalling Sendmail 

mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/bin/sendmail /usr/bin/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
chmod 0 /usr/lib/sendmail.old /usr/bin/sendmail.old /usr/sbin/sendmail.old

Put in qmail redirections for programs which expect sendmail programs. 

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/bin/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
[edit]

Part 11 - Starting up qmail 

qmailctl stop
qmailctl start

You can find out how things are running by: 

qmailctl stat

You should see an output like this: 

/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

If you, don't see anything like that or if you see error messages, click here for troubleshooting tips.

Congratulations, Qmail is now officially up and running and you should be able to send and receive mail on the server.

Let's test your new server's POP3 service... 

telnet localhost 110

you should see something like this: 

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@MYHOST.MYDOMAIN.COM
user postmaster@MYDOMAIN.COM (enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.

This is the sign of a successfull POP connection to the server!

Now try sending mail to that same user from another location. Telnet to 110 again and run the "list" command and you should see the message that your send... 

telnet localhost 110

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@MYHOST.MYDOMAIN.COM>
user postmaster@MYDOMAIN.COM (again, remember to log in with the full email address  of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.

And now let's test your server's SMTP service to make sure the TLS functionaltiy is there... 

telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 MYHOST.MYDOMAIN.COM ESMTP
ehlo localhost
250-MYHOST.MYDOMAIN.COM
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
[edit]

Part 12 - Installing Courier-imap/imaps with Courierpassd 

cd /downloads/qmailrocks/
tar jxvf courier-imap-3.0.8.tar.bz2
cd courier-imap-3.0.8
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authdaemon \
--without-authldap --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib

Hint: Since the above config line runs over 1 line, it'll be easier if you simply cut and past the entire config statement.

Note: the configure process will take a few minutes. Go grab a snack... 

make && make install-strip && make install-configure
cd /usr/local/etc

Make sure that the files "imapd" and "imapd-ssl" exist. If they do not exist, do the following: 

cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl

Now let's create an SSL certificate for the IMAP-SSL server... 

/usr/local/sbin/mkimapdcert
[edit]

Part 13 - Installation of the Squirrelmail web mail program

[edit]

Part 14 - Clam Anti Virus & SpamAssassin

[edit]

Part 15 - Installing qmail-scanner w/qms-analog

[edit]

Part 16- Installing Qmailanalog & Qlogtools

[edit]

Part 17 - Installing Qtrap

[edit]

Part 18 - Maintaining your qmail server

[edit]

Part 19 - Mail client configuration

[edit]

Part 20 - Feedback

[edit]

Items to test

  • open relayed email
  • SPAM / faked email
  • @YOURHOST.com email
  • email address, cross check with existing accounts
[edit]

Gotchas to watch for

  • Bad permissions on qmail control files.
Retrieved from "http://notes.homelinux.org/index.php/Linux/SUSE/Qmail_Notes"
(GURF)