| Ownership: |
rw-rw-r-- ian main |
| Modified: |
14 Aug 10, 23:22 |
| Modified by: |
Ian Samuel (ian) |
| Rev.: |
61 (Old) |
|
|
| Ownership: |
rw-rw-r-- ian main |
| Modified: |
15 Aug 10, 10:31 |
| Modified by: |
Ian Samuel (ian) |
| Rev.: |
62 (Current) |
|
|
|
|
|
+ %TITLE%
<toc>
* You will need to get the following software:
|
+ %TITLE%
<toc>
* You will need to get the following software:
|
* ((http://cr.yp.to/software/qmail-1.03.tar.gz)(qmail))
|
* ((ftp://cr.yp.to/software/qmail-1.03.tar.gz)(qmail))
|
* ((http://www.nrg4u.com/qmail/)(qmail-ldap patch))
* ((http://www.openldap.org/software/download/)(OpenLDAP))
* ((http://phpqladmin.bayour.com/)(phpQLAdmin))
|
* ((http://www.nrg4u.com/qmail/)(qmail-ldap patch))
* ((http://www.openldap.org/software/download/)(OpenLDAP))
* ((http://phpqladmin.bayour.com/)(phpQLAdmin))
|
* You will probably want the following patches:
* ((http://qmail.org/doublebounce-trim.patch)(doublebounce-trim.patch))
* ((http://www.mail-archive.com/qmail-ldap@qmail-ldap.org/msg07158/qmail-ldap-1.03-20060201-dovecot.v0.5.patch)(qmail-ldap-1.03-20060201-dovecot.v0.5.patch)) (when using dovecot)
* ((http://sourceforge.net/projects/simscan/)(qmail-queue-custom-error.patch)) (when using simscan)
|
|
Additional (Optional) Packages:
* http://cr.yp.to/software/ezmlm-0.53.tar.gz [ezmlm notes|#ezmlm] - mailing list manager ( Requires the dash-trick patch if you plan to set up LDAP users to have mailing lists, rather than just real users )
* http://qmail-scanner.sourceforge.net/ ((qmail-scanner)) - Use qmail-scanner to check for viruses (using an antivirus program like NAI's ((http://www.mcafeeb2b.com/products/virusscan/)(VirusScan)))
* Untar qmail, and apply the current qmail-ldap patch:
<pre>
cd qmail-1.03; gzip -dc ../qmail-ldap-1.03-xxxxxxxx.patch.gz | patch -p1
</pre>
You will need to edit the qmail-1.03/Makefile and make sure that the definitions at the top are correct. Especially make sure the entries for
<code>
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
</code>
are uncommented!
|
Additional (Optional) Packages:
* http://cr.yp.to/software/ezmlm-0.53.tar.gz [ezmlm notes|#ezmlm] - mailing list manager ( Requires the dash-trick patch if you plan to set up LDAP users to have mailing lists, rather than just real users )
* http://qmail-scanner.sourceforge.net/ ((qmail-scanner)) - Use qmail-scanner to check for viruses (using an antivirus program like NAI's ((http://www.mcafeeb2b.com/products/virusscan/)(VirusScan)))
* Untar qmail, and apply the current qmail-ldap patch:
<pre>
cd qmail-1.03; gzip -dc ../qmail-ldap-1.03-xxxxxxxx.patch.gz | patch -p1
</pre>
You will need to edit the qmail-1.03/Makefile and make sure that the definitions at the top are correct. Especially make sure the entries for
<code>
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
</code>
are uncommented!
|
|
* If you are installing qmail on a glibc 2.3 based system, you will need to apply these patches:
<code>
patch -p1 < ../glibc-2.3-1.patch
patch -p1 < ../glibc-2.3-2.patch
diff -naur qmail-1.03.clean/cdb_seek.c qmail-1.03/cdb_seek.c
--- qmail-1.03.clean/cdb_seek.c Mon Jun 15 13:53:16 1998
+++ qmail-1.03/cdb_seek.c Tue Jan 21 08:09:19 2003
@@ -1,6 +1,5 @@
#include <sys/types.h>
#include <errno.h>
-extern int errno;
#include "cdb.h"
#ifndef SEEK_SET
diff -naur qmail-1.03.clean/dns.c qmail-1.03/dns.c
--- qmail-1.03.clean/dns.c Mon Jun 15 13:53:16 1998
+++ qmail-1.03/dns.c Tue Jan 21 08:09:04 2003
@@ -7,8 +7,6 @@
#include <errno.h>
extern int res_query();
extern int res_search();
-extern int errno;
-extern int h_errno;
#include "ip.h"
#include "ipalloc.h"
#include "fmt.h"
diff -naur qmail-1.03.clean/error.h qmail-1.03/error.h
--- qmail-1.03.clean/error.h Mon Jun 15 13:53:16 1998
+++ qmail-1.03/error.h Tue Jan 21 08:08:30 2003
@@ -1,7 +1,6 @@
#ifndef ERROR_H
#define ERROR_H
-
-extern int errno;
+#include <errno.h>
extern int error_intr;
extern int error_nomem;
</code>
|
* Install OpenLDAP
<code>
./configure && make && make install
</code>
* Edit /usr/local/etc/openldap/slapd.conf and replace where possible:
* =schemacheck= - to on
* =suffix= - use either ="dc=domianname, dc=com"= -or- ="o=~MrZesty, c=CA"= (organization, country)
* =rootdn= - ="cn=Manager, dc=mrzesty, dc=net"= - must match suffix above
* =rootpw=- change your password from 'secret'
* =index objectclass,mail,~mailAlternateAddress,uid eq=
Edit =/usr/local/etc/openldap/ldap.conf= and set your BASE dn:
* =BASE dc=mrzesty, dc=net=
Copy =qmail-1.03/qmail.schema= to =/usr/local/etc/openldap/schema/= and add the following 3 lines to =/usr/local/etc/openldap/slapd.conf= after the first include line
<code>
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/qmail.schema
</code>
* Add OpenLDAP to the startup ( /etc/rc.d/rc.local ):
<code>
echo "Starting OpenLDAP"
/usr/local/libexec/slapd -u daemon
</code>
Because you're running slapd as daemon now, instead of root - you will have to make a couple of ownership changes:
<code>
chown daemon /usr/local/etc/openldap/slapd.conf
chown -R daemon /usr/local/var/openldap-*
</code>
Start openldap using the command above before you continue.
* The idea here is that all email will be handled through virtual accounts, not =/etc/passwd= accounts. Create those now:
* =mkdir -p /var/qmail=
* Add a group =vmail=
* Add a user =vmail=, home directory is =/var/qmail/maildirs=, and shell is =/bin/true=
<code>
/usr/sbin/groupadd -g 200 vmail
/usr/sbin/useradd -u 200 -g vmail -d /var/qmail/maildirs -m -k /dev/null -s /bin/true -c "qmail vmail user" vmail
</code>
* Create the other users and groups needed for qmail to operate: Create 2 groups =nofiles= and =qmail=, then create these users:
<table>
| User | Primary Group | Home Directory | Shell
| alias | nofiles | /var/qmail/alias | /usr/bin/true
| qmaild | nofiles | /var/qmail | /usr/bin/true
| qmaill | nofiles | /var/qmail | /usr/bin/true
| qmailp | nofiles | /var/qmail | /usr/bin/true
| qmailq | qmail | /var/qmail | /usr/bin/true
| qmailr | qmail | /var/qmail | /usr/bin/true
| qmails | qmail | /var/qmail | /usr/bin/true
</table>
or you can look at the file INSTALL.ids for commands for your O/S.
For linux I use:
<code>
/usr/sbin/groupadd -g 201 nofiles
/usr/sbin/groupadd -g 202 qmail
/usr/sbin/useradd -u 201 -g nofiles -d /var/qmail/alias -m -k /dev/null -s /bin/true -c "qmail server" alias
/usr/sbin/useradd -u 202 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmaild
/usr/sbin/useradd -u 203 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmaill
/usr/sbin/useradd -u 204 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmailp
/usr/sbin/useradd -u 205 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmailq
/usr/sbin/useradd -u 206 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmailr
/usr/sbin/useradd -u 207 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmails
</code>
* Create the initial entries in the LDAP database for the qmail-ldap structure. Create a file =qmail-ldap.ldif= with the following contents, modified as needed for your setup:
<code>
dn: dc=MrZesty,dc=net
objectclass: dcObject
objectclass: organization
o: MrZesty dot Net
dc: MrZesty
dn: cn=Manager,dc=MrZesty,dc=net
objectclass: organizationalRole
cn: Manager
dn: ou=qmail, dc=MrZesty, dc=net
objectclass: top
objectclass: organizationalUnit
ou: qmail
</code>
Now load the ldif file into the LDAP directory:
=ldapadd -vxc -h localhost -D "cn=manager,dc=mrzesty,dc=net" -w managers_password -f qmail-ldap.ldif=
* Make sure you are in your qmail-1.03 source directory, and run:
=make setup check=
(On the FreeBSD machine I was using, gmake was not installed but pmake was, and the make failed complaining about "Makefile", line 78: Need an operator. Install gmake and try again: /usr/local/bin/gmake setup check)
If you get:
/usr/local/lib/libldap.so: undefined reference to `res_query'
/usr/local/lib/libldap.so: undefined reference to `dn_expand'
Add -lresolv to the end of line 14 in your Makefile:
=LDAPLIBS=-L/usr/local/lib -lldap -llber -lresolv=
* Configure qmail with default values (use the mail server name - not the machine name below):
<code>
./config-fast mail.mrzesty.net
echo "localhost" > /var/qmail/control/ldapserver
echo "ou=qmail, dc=mrzesty, dc=net" > /var/qmail/control/ldapbasedn
echo `id -u vmail` > /var/qmail/control/ldapuid
echo `id -g vmail` > /var/qmail/control/ldapgid
echo "/var/qmail/maildirs" > /var/qmail/control/ldapmessagestore
echo "20000000" > /var/qmail/control/defaultquotasize
echo "You are near your quota for email. You will need to delete some messages from the server." > /var/qmail/control/quotawarning
echo 5 > /var/qmail/control/tarpitcount
echo "/var/qmail/bin/dirmaker.sh" > /var/qmail/control/dirmaker
echo "mrzesty.net" > /var/qmail/control/defaulthost
echo 0 > /var/qmail/control/ldaplocaldelivery
</code>
* Create a dirmaker.sh script in /var/qmail/bin/dirmaker.sh
<code>
#!/bin/sh
mkdir -m 700 -p $1
</code>
Make sure you make it executable (chmod 755)
* Create default system aliases, and define who receives them:
<code>
echo "qmail@MrZesty.net" > ~alias/.qmail-postmaster; chmod 644 ~alias/.qmail-postmaster
echo "|cat /dev/null" > ~alias/.qmail-mailer-daemon; chmod 644 ~alias/.qmail-mailer-daemon
echo "qmail@MrZesty.net" > ~alias/.qmail-root; chmod 644 ~alias/.qmail-root
echo "qmail@MrZesty.net" > ~alias/.qmail-abuse; chmod 644 ~alias/.qmail-abuse
</code>
* Create the file /var/qmail/rc
<code>
|
* Install OpenLDAP
<code>
./configure && make && make install
</code>
* Edit /usr/local/etc/openldap/slapd.conf and replace where possible:
* =schemacheck= - to on
* =suffix= - use either ="dc=domianname, dc=com"= -or- ="o=~MrZesty, c=CA"= (organization, country)
* =rootdn= - ="cn=Manager, dc=mrzesty, dc=net"= - must match suffix above
* =rootpw=- change your password from 'secret'
* =index objectclass,mail,~mailAlternateAddress,uid eq=
Edit =/usr/local/etc/openldap/ldap.conf= and set your BASE dn:
* =BASE dc=mrzesty, dc=net=
Copy =qmail-1.03/qmail.schema= to =/usr/local/etc/openldap/schema/= and add the following 3 lines to =/usr/local/etc/openldap/slapd.conf= after the first include line
<code>
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/qmail.schema
</code>
* Add OpenLDAP to the startup ( /etc/rc.d/rc.local ):
<code>
echo "Starting OpenLDAP"
/usr/local/libexec/slapd -u daemon
</code>
Because you're running slapd as daemon now, instead of root - you will have to make a couple of ownership changes:
<code>
chown daemon /usr/local/etc/openldap/slapd.conf
chown -R daemon /usr/local/var/openldap-*
</code>
Start openldap using the command above before you continue.
* The idea here is that all email will be handled through virtual accounts, not =/etc/passwd= accounts. Create those now:
* =mkdir -p /var/qmail=
* Add a group =vmail=
* Add a user =vmail=, home directory is =/var/qmail/maildirs=, and shell is =/bin/true=
<code>
/usr/sbin/groupadd -g 200 vmail
/usr/sbin/useradd -u 200 -g vmail -d /var/qmail/maildirs -m -k /dev/null -s /bin/true -c "qmail vmail user" vmail
</code>
* Create the other users and groups needed for qmail to operate: Create 2 groups =nofiles= and =qmail=, then create these users:
<table>
| User | Primary Group | Home Directory | Shell
| alias | nofiles | /var/qmail/alias | /usr/bin/true
| qmaild | nofiles | /var/qmail | /usr/bin/true
| qmaill | nofiles | /var/qmail | /usr/bin/true
| qmailp | nofiles | /var/qmail | /usr/bin/true
| qmailq | qmail | /var/qmail | /usr/bin/true
| qmailr | qmail | /var/qmail | /usr/bin/true
| qmails | qmail | /var/qmail | /usr/bin/true
</table>
or you can look at the file INSTALL.ids for commands for your O/S.
For linux I use:
<code>
/usr/sbin/groupadd -g 201 nofiles
/usr/sbin/groupadd -g 202 qmail
/usr/sbin/useradd -u 201 -g nofiles -d /var/qmail/alias -m -k /dev/null -s /bin/true -c "qmail server" alias
/usr/sbin/useradd -u 202 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmaild
/usr/sbin/useradd -u 203 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmaill
/usr/sbin/useradd -u 204 -g nofiles -d /var/qmail -s /bin/true -c "qmail server" qmailp
/usr/sbin/useradd -u 205 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmailq
/usr/sbin/useradd -u 206 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmailr
/usr/sbin/useradd -u 207 -g qmail -d /var/qmail -s /bin/true -c "qmail server" qmails
</code>
* Create the initial entries in the LDAP database for the qmail-ldap structure. Create a file =qmail-ldap.ldif= with the following contents, modified as needed for your setup:
<code>
dn: dc=MrZesty,dc=net
objectclass: dcObject
objectclass: organization
o: MrZesty dot Net
dc: MrZesty
dn: cn=Manager,dc=MrZesty,dc=net
objectclass: organizationalRole
cn: Manager
dn: ou=qmail, dc=MrZesty, dc=net
objectclass: top
objectclass: organizationalUnit
ou: qmail
</code>
Now load the ldif file into the LDAP directory:
=ldapadd -vxc -h localhost -D "cn=manager,dc=mrzesty,dc=net" -w managers_password -f qmail-ldap.ldif=
* Make sure you are in your qmail-1.03 source directory, and run:
=make setup check=
(On the FreeBSD machine I was using, gmake was not installed but pmake was, and the make failed complaining about "Makefile", line 78: Need an operator. Install gmake and try again: /usr/local/bin/gmake setup check)
If you get:
/usr/local/lib/libldap.so: undefined reference to `res_query'
/usr/local/lib/libldap.so: undefined reference to `dn_expand'
Add -lresolv to the end of line 14 in your Makefile:
=LDAPLIBS=-L/usr/local/lib -lldap -llber -lresolv=
* Configure qmail with default values (use the mail server name - not the machine name below):
<code>
./config-fast mail.mrzesty.net
echo "localhost" > /var/qmail/control/ldapserver
echo "ou=qmail, dc=mrzesty, dc=net" > /var/qmail/control/ldapbasedn
echo `id -u vmail` > /var/qmail/control/ldapuid
echo `id -g vmail` > /var/qmail/control/ldapgid
echo "/var/qmail/maildirs" > /var/qmail/control/ldapmessagestore
echo "20000000" > /var/qmail/control/defaultquotasize
echo "You are near your quota for email. You will need to delete some messages from the server." > /var/qmail/control/quotawarning
echo 5 > /var/qmail/control/tarpitcount
echo "/var/qmail/bin/dirmaker.sh" > /var/qmail/control/dirmaker
echo "mrzesty.net" > /var/qmail/control/defaulthost
echo 0 > /var/qmail/control/ldaplocaldelivery
</code>
* Create a dirmaker.sh script in /var/qmail/bin/dirmaker.sh
<code>
#!/bin/sh
mkdir -m 700 -p $1
</code>
Make sure you make it executable (chmod 755)
* Create default system aliases, and define who receives them:
<code>
echo "qmail@MrZesty.net" > ~alias/.qmail-postmaster; chmod 644 ~alias/.qmail-postmaster
echo "|cat /dev/null" > ~alias/.qmail-mailer-daemon; chmod 644 ~alias/.qmail-mailer-daemon
echo "qmail@MrZesty.net" > ~alias/.qmail-root; chmod 644 ~alias/.qmail-root
echo "qmail@MrZesty.net" > ~alias/.qmail-abuse; chmod 644 ~alias/.qmail-abuse
</code>
* Create the file /var/qmail/rc
<code>
|
cp qmail.run /var/qmail/rc
|
#!/bin/sh
# Using stdout for logging
exec env - PATH="/var/qmail/bin:$PATH" qmail-start "./Maildir/"
|
</code>
and make it executable (chmod 755)
* Shutdown then remove sendmail:
=killall sendmail; rpm -e sendmail=
Link qmail's pseudo-sendmail script to existing sendmail locations:
<code>
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
</code>
* Download http://www.lifewithqmail.org/qmailctl-script-dt70 and install it as =/var/qmail/bin/qmailctl=.
<code>
|
</code>
and make it executable (chmod 755)
* Shutdown then remove sendmail:
=killall sendmail; rpm -e sendmail=
Link qmail's pseudo-sendmail script to existing sendmail locations:
<code>
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
</code>
* Download http://www.lifewithqmail.org/qmailctl-script-dt70 and install it as =/var/qmail/bin/qmailctl=.
<code>
|
cd /etc/init.d; ln -s /var/qmail/bin/qmailctl qmail
cd /etc/rc0.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc1.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc2.d; ln -s ../init.d/qmail S30qmail
cd /etc/rc3.d; ln -s ../init.d/qmail S80qmail
cd /etc/rc6.d; ln -s ../init.d/qmail K30qmail
|
cd /etc/rc.d/init.d; ln -s /var/qmail/bin/qmailctl qmail
cd /etc/rc.d/rc0.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc.d/rc1.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc.d/rc2.d; ln -s ../init.d/qmail S30qmail
cd /etc/rc.d/rc3.d; ln -s ../init.d/qmail S80qmail
cd /etc/rc.d/rc6.d; ln -s ../init.d/qmail K30qmail
|
</code>
Remember to make it executable (755).
|
</code>
Remember to make it executable (755).
|
* Download and install ((http://cr.yp.to/ucspi-tcp/install.html)(ucspi-tcp)) ((http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20050405.patch.gz)(ssl patch)) and ((http://cr.yp.to/daemontools/install.html)(daemontools)). You will again need to apply glibc-2.3-2.patch from above in ucspi-tcp-0.xx and daemontools-0.xx/src.
* If you are installing qmail on a glibc 2.3 based system, you will need to apply the patch to daemontools:
<code>
diff -naur daemontools-0.76.clean/src/error.h qmail-1.03/error.h
--- daemontools-0.76.clean/src/error.h Mon Jun 15 13:53:16 1998
+++ daemontools-0.76/src/error.h Tue Jan 21 08:08:30 2003
@@ -1,7 +1,6 @@
#ifndef ERROR_H
#define ERROR_H
-
-extern int errno;
+#include <errno.h>
extern int error_intr;
extern int error_nomem;
</code>
|
* Download and install ((http://cr.yp.to/ucspi-tcp/install.html)(ucspi-tcp)) and ((http://cr.yp.to/daemontools/install.html)(daemontools)). You will again need to apply glibc-2.3-2.patch from above in ucspi-tcp-0.xx and daemontools-0.xx/src.
|
Now configure daemontools:
* =mkdir -p /var/qmail/supervise/qmail-send/log=
* =mkdir -p /var/qmail/supervise/qmail-smtpd/log=
|
Now configure daemontools:
* =mkdir -p /var/qmail/supervise/qmail-send/log=
* =mkdir -p /var/qmail/supervise/qmail-smtpd/log=
|
|
* Create =/var/qmail/supervise/qmail-send/run=:
<code>
#!/bin/sh
ulimit -n 4096
exec /var/qmail/rc
</code>
|
* Create =/var/qmail/supervise/qmail-send/log/run=:
<code>
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s999999 /var/log/qmail
</code>
* Create =/var/qmail/supervise/qmail-smtpd/run=:
<code>
|
* Create =/var/qmail/supervise/qmail-send/log/run=:
<code>
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s999999 /var/log/qmail
</code>
* Create =/var/qmail/supervise/qmail-smtpd/run=:
<code>
|
cp ./qmail-smtpd.run /var/qmail/supervise/qmail-smtpd/run
|
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=20
DENYMAIL="DNSCHECK" export DENYMAIL
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -H -l 0 -x /var/qmail/control/qmail-smtpd.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd 2>&1
|
</code>
|
</code>
|
Here are several public RBL servers are currently available:
|
If you want to use the MAPS lists from mail-abuse.org - you will have to patch your ucspi-tcp ( patch -p1 < ../ucspi-rss.diff ):
http://www.mail-abuse.org/rss/qmail/ucspi-rss.diff
http://www.nlc.net.au/pub/linux/mail/qmail/ucspi-rss.patch
http://www.cqc.com/~pacman/projects/rblsmtpd-rss/
Here are 2 public RBL servers are currently available:
|
((http://www.sorbs.net/)(SORBS))
|
((http://www.ordb.org/)(Open Relay Database))
|
((http://www.spamcop.net/bl)(SpamCop))
|
((http://www.spamcop.net/bl)(SpamCop))
|
to use them add to your /var/qmail/control/rbllist:
|
to use them your run file should look like this:
|
<code>
|
<code>
|
# baseaddress action matchon Message
#========================================================================
b.barracudacentral.org reject any See http://www.barracudacentral.org/rbl/
safe.dnsbl.sorbs.net reject any See http://www.dnsbl.us.sorbs.net/
zen.spamhaus.org reject any See http://www.spamhaus.org/zen/
psbl.surriel.com reject any See http://psbl.surriel.com/
dnsbl.njabl.org reject any See http://njabl.org/
bl.spamcop.net reject any See http://spamcop.net/
|
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=20
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -H -l 0 -x /var/qmail/control/qmail-smtpd.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -rrelays.ordb.org -rbl.spamcop.net \
/var/qmail/bin/qmail-smtpd 2>&1
|
</code>
* Create =/var/qmail/supervise/qmail-smtpd/log/run=:
<code>
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s999999 /var/log/qmail/smtpd
</code>
* Set the new scripts as executable:
<code>
|
</code>
* Create =/var/qmail/supervise/qmail-smtpd/log/run=:
<code>
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s999999 /var/log/qmail/smtpd
</code>
* Set the new scripts as executable:
<code>
|
|
chmod 755 /var/qmail/supervise/qmail-send/run
|
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
kill -HUP 1
|
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
kill -HUP 1
|
ps -fwwC svscanboot
|
ps -axww | grep [s]vscan
|
/var/qmail/bin/qmailctl stop
</code>
* Set up relay permissions for certain IP's in =/var/qmail/control/qmail-smtpd.cdb=:
<code>
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",SMTPAUTH=""
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",SMTPAUTH=""
:allow,DENYMAIL="DNSCHECK",SMTPAUTH="",RCPTCHECK=""
</code>
From =/var/qmail/control=, run: =make=
* Install qmail-pop3d according to http://www.lifewithqmail.org/lwq.html#pop-imap-servers (ignore refernces to checkpassword - it's not used for qmail-ldap). Your =/var/qmail/supervise/qmail-pop3d/run= should look like (notice the change from =/bin/checkpassword= to =/var/qmail/bin/auth_pop=, and the change to =5000000= !):
<code>
#!/bin/sh
export POP3_LOGLEVEL=2
ME=`head -1 /var/qmail/control/me`
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -H -l 0 -x /var/qmail/control/qmail-pop3d.cdb 0 110 /var/qmail/bin/qmail-popup \
$ME /var/qmail/bin/auth_pop /var/qmail/bin/qmail-pop3d Maildir 2>&1
</code>
* Install Courier IMAP http://www.courier-mta.org/download.php#imap. You must be a non-root user when you untar and =./configure= Courier.
<code>
./configure --enable-workarounds-for-imap-client-bugs --without-authdaemon && make
su -c "make install install-configure"
</code>
Modify the =/usr/lib/courier-imap/libexec/imapd.rc= file to use qmail's auth_imap authentication module:
-- snip --
<code>
start)
LIBAUTHMODULES="/var/qmail/bin/auth_imap"
# for f in `echo $AUTHMODULES`
# do
# LIBAUTHMODULES="$LIBAUTHMODULES ${exec_prefix}/libexec/authlib/$f"
# done
# if test -x ${libexecdir}/authlib/authdaemond
# then
# /usr/bin/env - ${libexecdir}/authlib/authdaemond start
# fi
ulimit -d $IMAP_ULIMITD
</code>
-- snip --
You will probabaly also want to check the value of =MAXPERIP= in the =/usr/lib/courier-imap/etc/imapd= and make sure it's high enough (especially if you want to use ((webmail)(http://www.horde.org/imp)) or have an office full of people accessing the server through a NAT gateway).
You can start Courier IMAPd using:
=/usr/lib/courier-imap/libexec/imapd.rc start=
You can set up imapd-ssl.rc using the same steps as above. You will need a valid x509 certificate as described in the courier-imap install docs.
=vi /usr/lib/courier-imap/etc/imapd.cnf=
=/usr/lib/courier-imap/share/mkimapdcert=
* Untar phpQLAdmin into a convenient place where Apache can reach it. Move all the files from the include directory into PHP's include path, or just move them into the root folder with the rest of the phpQLAdmin documents. Make the necessary configuration changes to the config.inc file, including the following:
<code>
define("PQL_HOSTMASTER","postmaster@mrzesty.net");
define("PQL_LDAP_BASEDN","ou=qmail, dc=mrzesty, dc=net");
define("PQL_LDAP_ROOTDN", "cn=manager, dc=mrzesty, dc=net");
define("PQL_LDAP_ROOTPW", "your-manager-password");
define("PQL_LDAP_CONTROL_USE", false);
</code>
Your PHP must have compiled in ldap support ( =--with-ldap= )! I would also suggest using --with-mhash in your PHP configure, and setting MD5 in define("PQL_PW_HASH","MD5"); so that passwords longer than 8 characters are recognized (and not just truncated to 8 characters).
* If you're using ReiserFS partitions, you may want to optimze the performance of the partition containing your /var/qmail/queue directory.
Add =noatime,nodiratime= to your =/etc/fstab= file. For example:
<pre>
/dev/hda6 /var reiserfs defaults,noatime,nodiratime 0 0
</pre>
(Of course you'll have to reboot before this takes effect...) You may want to read http://www.jedi.claranet.fr/reiserfs-tuning.html for a more detailed explanation.
* Unknown to me - you end up with TLS SMTP encryption installed - without even asking! qmail will advertise the capability of receiving encrypted SMTP messages, but it won't work until you set up a server certificate (This one is a self-signed certificate for 4 years - 1461 days):
=openssl req -new -x509 -nodes -out /var/qmail/control/cert.pem -days 1461 -keyout /var/qmail/control/cert.pem=
=chmod 640 /var/qmail/control/cert.pem=
=chown qmaild:qmail /var/qmail/control/cert.pem=
or copy from your imap-ssl install
=cp /usr/lib/courier-imap/share/imapd.pem /var/qmail/control/cert.pem=
=chown qmaild:qmail /var/qmail/control/cert.pem=
=chmod 640 /var/qmail/control/cert.pem=
* Start it up and see if it works! =/etc/rc.d/init.d/qmail start= Test your TLS installation by sending a test message to tag-ping@tbs-internet.com and look for the return header something like:
Received: from unknown (HELO www.TBS-satellite.com) (213.186.35.102) (envelope-sender )
by 0 (qmail-ldap-1.03) with RC4-SHA encrypted SMTP
+ virtualdomains (wildcard domain aliasing):
I have an old domain pic.ab.ca - I wanted to set up anything@pic.ab.ca to be automatically rewritten to sameuser@~MrZesty.net
To do that you must add the domain to the control/rcpthosts file *only!* (not to locals like you would normally do), then create a file called virtualdomains in your qmail/control directory.
Assuming that you set ldaplocaldelivery to 0 (as above), then the line in your virtualdomains file would look like:
<code>
pic.ab.ca:mrzesty
</code>
and create a file called ~alias/.qmail-mrzesty-default that contains:
<code>
| forward ${DEFAULT}@mrzesty.net
</code>
If you left =ldaplocaldelivery= on (1 or no file), then you must specify the user to handle the email aliasing. Your virtualdomains line would be:
=pic.ab.ca:alias-mrzesty=
if you wanted the user 'alias' to handle the direction of the mail. If you wanted a regular user to handle the mail, you could just as easily make it
=pic.ab.ca:ian=
then by creating a ~ian/.qmail-default file, all mail for pic.ab.ca would be directed through the instructions in ~ian/.qmail-default
+ SMTP_AUTH:
http://www.lifewithqmail.org/ldap/#SMTP%20AUTH
If you get:
=421 out of memory (#4.3.0)=
You need to check the permissions on /var/qmail/bin/auth_smtp! auth_smtp must be executable by qmaild. Try a chmod 755 /var/qmail/bin/auth_smtp
<code>
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth plain
421 out of memory (#4.3.0)
535 auth failure
quit
</code>
My final =/service/qmail-smtpd/run= file looks like this:
<code>
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=20
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /var/qmail/control/qmail-smtpd.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -rrelays.ordb.org -rbl.spamcop.net \
/var/qmail/bin/qmail-smtpd /var/qmail/bin/auth_smtp /bin/true 2>&1
</code>
If you want to test smtp-auth and 'auth login' you will need to generate base64 encoded versions of your username and password (I'm using PHP here):
<code>
echo '<? print base64_encode("ian")."\n"; ?>' | php
aWFu
echo '<? print base64_encode("password")."\n"; ?>' | php
cGFzc3dvcmQ=
</code>
... then supply when prompted by VXNlcm5hbWU6 (Username:) and UGFzc3dvcmQ6 (Password:)
<code>
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth login
334 VXNlcm5hbWU6
aWFu
334 UGFzc3dvcmQ6
cGFzc3dvcmQ=
235 go ahead
rset
250 flushed
quit
</code>
If you authenticate successfully, you will see "235 go ahead".
+ ezmlm:
I would suggest getting the ezmlm-idx patch http://ezmlm.org/, it has a lot more features and the ability to use MySQL or PostreSQL for the list storage.
To add a footer to each message sent to the list for regular ezmlm-0.53, edit the ~user/maillist/editor file and add:
=| cat - /var/qmail/alias/maillist/text/footer= to the beginning of the ezmlm-send line.
For example:
<code>
|/usr/local/bin/ezmlm/ezmlm-reject
| cat - /var/qmail/alias/maillist/text/footer |/usr/local/bin/ezmlm/ezmlm-send '/var/qmail/alias/maillist'
|/usr/local/bin/ezmlm/ezmlm-warn '/var/qmail/alias/maillist' || exit 0
</code>
Then create the /var/qmail/alias/maillist/text/footer file with instructions or notes about the mailing list.
+ OpenLDAP Replication notes:
Add the following to the primary openldap server's slapd.conf:
replogfile /usr/local/var/openldap-slurp/slurpd.replog
replica host=ldap2.mrzesty.net:389 binddn="cn=manager,dc=mrzesty,dc=net" bindmethod=simple credentials=managers-password
Add the following two lines to the slave's slapd.conf:
updatedn "cn=manager,dc=mrzesty,dc=net"
updateref ldap://ldap1.mrzesty.net
Start slapd and slurpd on the primary ldap server, and start slapd on the secondary. If you already have data in the ldap database - you should manually copy the /usr/local/var/openldap-ldbm directory and its files to the slave server - before starting slapd and slurpd.
|
/var/qmail/bin/qmailctl stop
</code>
* Set up relay permissions for certain IP's in =/var/qmail/control/qmail-smtpd.cdb=:
<code>
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",SMTPAUTH=""
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",SMTPAUTH=""
:allow,DENYMAIL="DNSCHECK",SMTPAUTH="",RCPTCHECK=""
</code>
From =/var/qmail/control=, run: =make=
* Install qmail-pop3d according to http://www.lifewithqmail.org/lwq.html#pop-imap-servers (ignore refernces to checkpassword - it's not used for qmail-ldap). Your =/var/qmail/supervise/qmail-pop3d/run= should look like (notice the change from =/bin/checkpassword= to =/var/qmail/bin/auth_pop=, and the change to =5000000= !):
<code>
#!/bin/sh
export POP3_LOGLEVEL=2
ME=`head -1 /var/qmail/control/me`
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -H -l 0 -x /var/qmail/control/qmail-pop3d.cdb 0 110 /var/qmail/bin/qmail-popup \
$ME /var/qmail/bin/auth_pop /var/qmail/bin/qmail-pop3d Maildir 2>&1
</code>
* Install Courier IMAP http://www.courier-mta.org/download.php#imap. You must be a non-root user when you untar and =./configure= Courier.
<code>
./configure --enable-workarounds-for-imap-client-bugs --without-authdaemon && make
su -c "make install install-configure"
</code>
Modify the =/usr/lib/courier-imap/libexec/imapd.rc= file to use qmail's auth_imap authentication module:
-- snip --
<code>
start)
LIBAUTHMODULES="/var/qmail/bin/auth_imap"
# for f in `echo $AUTHMODULES`
# do
# LIBAUTHMODULES="$LIBAUTHMODULES ${exec_prefix}/libexec/authlib/$f"
# done
# if test -x ${libexecdir}/authlib/authdaemond
# then
# /usr/bin/env - ${libexecdir}/authlib/authdaemond start
# fi
ulimit -d $IMAP_ULIMITD
</code>
-- snip --
You will probabaly also want to check the value of =MAXPERIP= in the =/usr/lib/courier-imap/etc/imapd= and make sure it's high enough (especially if you want to use ((webmail)(http://www.horde.org/imp)) or have an office full of people accessing the server through a NAT gateway).
You can start Courier IMAPd using:
=/usr/lib/courier-imap/libexec/imapd.rc start=
You can set up imapd-ssl.rc using the same steps as above. You will need a valid x509 certificate as described in the courier-imap install docs.
=vi /usr/lib/courier-imap/etc/imapd.cnf=
=/usr/lib/courier-imap/share/mkimapdcert=
* Untar phpQLAdmin into a convenient place where Apache can reach it. Move all the files from the include directory into PHP's include path, or just move them into the root folder with the rest of the phpQLAdmin documents. Make the necessary configuration changes to the config.inc file, including the following:
<code>
define("PQL_HOSTMASTER","postmaster@mrzesty.net");
define("PQL_LDAP_BASEDN","ou=qmail, dc=mrzesty, dc=net");
define("PQL_LDAP_ROOTDN", "cn=manager, dc=mrzesty, dc=net");
define("PQL_LDAP_ROOTPW", "your-manager-password");
define("PQL_LDAP_CONTROL_USE", false);
</code>
Your PHP must have compiled in ldap support ( =--with-ldap= )! I would also suggest using --with-mhash in your PHP configure, and setting MD5 in define("PQL_PW_HASH","MD5"); so that passwords longer than 8 characters are recognized (and not just truncated to 8 characters).
* If you're using ReiserFS partitions, you may want to optimze the performance of the partition containing your /var/qmail/queue directory.
Add =noatime,nodiratime= to your =/etc/fstab= file. For example:
<pre>
/dev/hda6 /var reiserfs defaults,noatime,nodiratime 0 0
</pre>
(Of course you'll have to reboot before this takes effect...) You may want to read http://www.jedi.claranet.fr/reiserfs-tuning.html for a more detailed explanation.
* Unknown to me - you end up with TLS SMTP encryption installed - without even asking! qmail will advertise the capability of receiving encrypted SMTP messages, but it won't work until you set up a server certificate (This one is a self-signed certificate for 4 years - 1461 days):
=openssl req -new -x509 -nodes -out /var/qmail/control/cert.pem -days 1461 -keyout /var/qmail/control/cert.pem=
=chmod 640 /var/qmail/control/cert.pem=
=chown qmaild:qmail /var/qmail/control/cert.pem=
or copy from your imap-ssl install
=cp /usr/lib/courier-imap/share/imapd.pem /var/qmail/control/cert.pem=
=chown qmaild:qmail /var/qmail/control/cert.pem=
=chmod 640 /var/qmail/control/cert.pem=
* Start it up and see if it works! =/etc/rc.d/init.d/qmail start= Test your TLS installation by sending a test message to tag-ping@tbs-internet.com and look for the return header something like:
Received: from unknown (HELO www.TBS-satellite.com) (213.186.35.102) (envelope-sender )
by 0 (qmail-ldap-1.03) with RC4-SHA encrypted SMTP
+ virtualdomains (wildcard domain aliasing):
I have an old domain pic.ab.ca - I wanted to set up anything@pic.ab.ca to be automatically rewritten to sameuser@~MrZesty.net
To do that you must add the domain to the control/rcpthosts file *only!* (not to locals like you would normally do), then create a file called virtualdomains in your qmail/control directory.
Assuming that you set ldaplocaldelivery to 0 (as above), then the line in your virtualdomains file would look like:
<code>
pic.ab.ca:mrzesty
</code>
and create a file called ~alias/.qmail-mrzesty-default that contains:
<code>
| forward ${DEFAULT}@mrzesty.net
</code>
If you left =ldaplocaldelivery= on (1 or no file), then you must specify the user to handle the email aliasing. Your virtualdomains line would be:
=pic.ab.ca:alias-mrzesty=
if you wanted the user 'alias' to handle the direction of the mail. If you wanted a regular user to handle the mail, you could just as easily make it
=pic.ab.ca:ian=
then by creating a ~ian/.qmail-default file, all mail for pic.ab.ca would be directed through the instructions in ~ian/.qmail-default
+ SMTP_AUTH:
http://www.lifewithqmail.org/ldap/#SMTP%20AUTH
If you get:
=421 out of memory (#4.3.0)=
You need to check the permissions on /var/qmail/bin/auth_smtp! auth_smtp must be executable by qmaild. Try a chmod 755 /var/qmail/bin/auth_smtp
<code>
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth plain
421 out of memory (#4.3.0)
535 auth failure
quit
</code>
My final =/service/qmail-smtpd/run= file looks like this:
<code>
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=20
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /var/qmail/control/qmail-smtpd.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -rrelays.ordb.org -rbl.spamcop.net \
/var/qmail/bin/qmail-smtpd /var/qmail/bin/auth_smtp /bin/true 2>&1
</code>
If you want to test smtp-auth and 'auth login' you will need to generate base64 encoded versions of your username and password (I'm using PHP here):
<code>
echo '<? print base64_encode("ian")."\n"; ?>' | php
aWFu
echo '<? print base64_encode("password")."\n"; ?>' | php
cGFzc3dvcmQ=
</code>
... then supply when prompted by VXNlcm5hbWU6 (Username:) and UGFzc3dvcmQ6 (Password:)
<code>
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth login
334 VXNlcm5hbWU6
aWFu
334 UGFzc3dvcmQ6
cGFzc3dvcmQ=
235 go ahead
rset
250 flushed
quit
</code>
If you authenticate successfully, you will see "235 go ahead".
+ ezmlm:
I would suggest getting the ezmlm-idx patch http://ezmlm.org/, it has a lot more features and the ability to use MySQL or PostreSQL for the list storage.
To add a footer to each message sent to the list for regular ezmlm-0.53, edit the ~user/maillist/editor file and add:
=| cat - /var/qmail/alias/maillist/text/footer= to the beginning of the ezmlm-send line.
For example:
<code>
|/usr/local/bin/ezmlm/ezmlm-reject
| cat - /var/qmail/alias/maillist/text/footer |/usr/local/bin/ezmlm/ezmlm-send '/var/qmail/alias/maillist'
|/usr/local/bin/ezmlm/ezmlm-warn '/var/qmail/alias/maillist' || exit 0
</code>
Then create the /var/qmail/alias/maillist/text/footer file with instructions or notes about the mailing list.
+ OpenLDAP Replication notes:
Add the following to the primary openldap server's slapd.conf:
replogfile /usr/local/var/openldap-slurp/slurpd.replog
replica host=ldap2.mrzesty.net:389 binddn="cn=manager,dc=mrzesty,dc=net" bindmethod=simple credentials=managers-password
Add the following two lines to the slave's slapd.conf:
updatedn "cn=manager,dc=mrzesty,dc=net"
updateref ldap://ldap1.mrzesty.net
Start slapd and slurpd on the primary ldap server, and start slapd on the secondary. If you already have data in the ldap database - you should manually copy the /usr/local/var/openldap-ldbm directory and its files to the slave server - before starting slapd and slurpd.
|
