====== qmail-ldap Installation ======
You will need to get the following software:
* qmail http://cr.yp.to/software/qmail-1.03.tar.gz
* qmail-ldap patch http://www.nrg4u.com/qmail
From your distro install slapd (openldap), phpldapadmin, daemontools-run, and ucspi-tcp-ipv6.
Optional:
*
tar xvzf qmail-1.03.tar.gz cd qmail-1.03; gzip -dc ../qmail-ldap-1.03-xxxxxxxx.patch.gz | patch -p1You will need to edit the qmail-1.03/Makefile and make sure that the definitions at the top are correct. Especially make sure the entries for
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
are uncommented!
Copy qmail-1.03/qmail.schema to usr/local/etc/openldap/schema and add the following 3 lines to /usr/local/etc/openldap/slapd.conf after the first include line
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema
/usr/sbin/groupadd -g 200 vmail
/usr/sbin/useradd -u 200 -g vmail -d /var/qmail/maildirs -m -k /dev/null -s /bin/true -c 'qmail vmail user' vmail
User | Primary Group | Home Directory | Shell |
alias | nofiles | /var/qmail/alias | /usr/bin/true |
qmaild | nofiles | /var/qmail | /usr/bin/true |
qmaill | nofiles | /var/qmail | /usr/bin/true |
qmailp | nofiles | /var/qmail | /usr/bin/true |
qmailq | qmail | /var/qmail | /usr/bin/true |
qmailr | qmail | /var/qmail | /usr/bin/true |
qmails | qmail | /var/qmail | /usr/bin/true |
/usr/sbin/groupadd -g 201 nofiles
/usr/sbin/groupadd -g 202 qmail
/usr/sbin/useradd -u 201 -g nofiles -d /var/qmail/alias -m -k /dev/null -s /bin/true -c 'qmail server' alias
/usr/sbin/useradd -u 202 -g nofiles -d /var/qmail -s /bin/true -c 'qmail server' qmaild
/usr/sbin/useradd -u 203 -g nofiles -d /var/qmail -s /bin/true -c 'qmail server' qmaill
/usr/sbin/useradd -u 204 -g nofiles -d /var/qmail -s /bin/true -c 'qmail server' qmailp
/usr/sbin/useradd -u 205 -g qmail -d /var/qmail -s /bin/true -c 'qmail server' qmailq
/usr/sbin/useradd -u 206 -g qmail -d /var/qmail -s /bin/true -c 'qmail server' qmailr
/usr/sbin/useradd -u 207 -g qmail -d /var/qmail -s /bin/true -c 'qmail server' qmails
dn: dc=MrZesty,dc=net
objectclass: dcObject
objectclass: organization
o: MrZesty dot Net
dc: MrZesty
dn: cn=Manager,dc=MrZesty,dc=net
objectclass: organizationalRole
cn: Manager
dn: ou=qmail, dc=MrZesty, dc=net
objectclass: top
objectclass: organizationalUnit
ou: qmail
Now load the ldif file into the LDAP directory:
ldapadd -vxc -h localhost -D 'cn=manager,dc=mrzesty,dc=net' -w managers_password -f qmail-ldap.ldif
./config-fast mail.mrzesty.net
echo 'localhost' > /var/qmail/control/ldapserver
echo 'ou=qmail, dc=mrzesty, dc=net' > /var/qmail/control/ldapbasedn
echo `id -u vmail` > /var/qmail/control/ldapuid
echo `id -g vmail` > /var/qmail/control/ldapgid
echo '/var/qmail/maildirs' > /var/qmail/control/ldapmessagestore
echo '20000000' > /var/qmail/control/defaultquotasize
echo 'You are near your quota for email. You will need to delete some messages from the server.' > /var/qmail/control/quotawarning
echo 5 > /var/qmail/control/tarpitcount
echo '/var/qmail/bin/dirmaker.sh' > /var/qmail/control/dirmaker
echo 'mrzesty.net' > /var/qmail/control/defaulthost
echo 0 > /var/qmail/control/ldaplocaldelivery
cp dirmaker /var/qmail/bin/
chmod 755 /var/qmail/bin/dirmaker
echo 'qmail@MrZesty.net' > ~alias/.qmail-postmaster; chmod 644 ~alias/.qmail-postmaster
echo '|cat /dev/null' > ~alias/.qmail-mailer-daemon; chmod 644 ~alias/.qmail-mailer-daemon
echo 'qmail@MrZesty.net' > ~alias/.qmail-root; chmod 644 ~alias/.qmail-root
echo 'qmail@MrZesty.net' > ~alias/.qmail-abuse; chmod 644 ~alias/.qmail-abuse
cp qmail.run /var/qmail/rc
chmod 755 /var/qmail/rc
cd /etc/rc.d/init.d; ln -s /var/qmail/bin/qmailctl qmail
cd /etc/rc.d/rc0.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc.d/rc1.d; ln -s ../init.d/qmail K30qmail
cd /etc/rc.d/rc2.d; ln -s ../init.d/qmail S30qmail
cd /etc/rc.d/rc3.d; ln -s ../init.d/qmail S80qmail
cd /etc/rc.d/rc6.d; ln -s ../init.d/qmail K30qmail
Remember to make it executable (755).
Now configure daemontools:
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
Create /var/qmail/supervise/qmail-send/run:
#!/bin/sh
ulimit -n 4096
exec /var/qmail/rc
Create /var/qmail/supervise/qmail-send/log/run:
#!/bin/sh
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s999999 /var/log/qmail
cp qmail-smtpd.run /var/qmail/supervise/qmail-smtpd/run
Create /var/qmail/supervise/qmail-smtpd/log/run:
#!/bin/sh
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s999999 /var/log/qmail/smtpd
Set the new scripts as executable:
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /etc/service /service
update-service --add /var/qmail/supervise/qmail-send
update-service --add /var/qmail/supervise/qmail-smtpd
start svscan
/etc/init.d/qmail-ldap stop
127.0.0.1:allow,RELAYCLIENT='',RBLSMTPD='',SMTPAUTH=''
192.168.1.:allow,RELAYCLIENT='',RBLSMTPD='',SMTPAUTH=''
:allow,DENYMAIL='DNSCHECK',SMTPAUTH='',RCPTCHECK=''
From /var/qmail/control, run: make
/dev/hda6 /var reiserfs defaults,noatime,nodiratime 0 0(Of course you'll have to reboot before this takes effect...) You may want to read
chmod 640 /var/qmail/control/cert.pem
chown qmaild:qmail /var/qmail/control/cert.pem
Assuming that you set ldaplocaldelivery to 0 (as above), then the line in your virtualdomains file would look like:
pic.ab.ca:mrzesty
and create a file called ~alias/.qmail-mrzesty-default that contains:
| forward ${DEFAULT}@mrzesty.net
If you left ldaplocaldelivery on (1 or no file), then you must specify the user to handle the email aliasing. Your virtualdomains line would be:
pic.ab.ca:alias-mrzesty
if you wanted the user 'alias' to handle the direction of the mail. If you wanted a regular user to handle the mail, you could just as easily make it
pic.ab.ca:ian
then by creating a ~ian/.qmail-default file, all mail for pic.ab.ca would be directed through the instructions in ~ian/.qmail-default
====== SMTP_AUTH: ======421 out of memory (#4.3.0)
You need to check the permissions on /var/qmail/bin/auth_smtp! auth_smtp must be executable by qmaild. Try a chmod 755 /var/qmail/bin/auth_smtp
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth plain
421 out of memory (#4.3.0)
535 auth failure
quit
If you want to test smtp-auth and 'auth login' you will need to generate base64 encoded versions of your username and password (I'm using PHP here):
echo '' | php
aWFu
echo '' | php
cGFzc3dvcmQ=
... then supply when prompted by VXNlcm5hbWU6 (Username:) and UGFzc3dvcmQ6 (Password:)
telnet localhost 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.mrzesty.net ESMTP
helo mrzesty.net
250 mail.mrzesty.net
auth login
334 VXNlcm5hbWU6
aWFu
334 UGFzc3dvcmQ6
cGFzc3dvcmQ=
235 go ahead
rset
250 flushed
quit
If you authenticate successfully, you will see '235 go ahead'.
====== ezmlm: ======
I would suggest getting the ezmlm-idx patch | cat - /var/qmail/alias/maillist/text/footer to the beginning of the ezmlm-send line.
For example:
|/usr/local/bin/ezmlm/ezmlm-reject
| cat - /var/qmail/alias/maillist/text/footer |/usr/local/bin/ezmlm/ezmlm-send '/var/qmail/alias/maillist'
|/usr/local/bin/ezmlm/ezmlm-warn '/var/qmail/alias/maillist' || exit 0
Then create the /var/qmail/alias/maillist/text/footer file with instructions or notes about the mailing list.
====== OpenLDAP Replication notes: ======
Add the following to the primary openldap server's slapd.conf:
replogfile /usr/local/var/openldap-slurp/slurpd.replog
replica host=ldap2.mrzesty.net:389 binddn='cn=manager,dc=mrzesty,dc=net' bindmethod=simple credentials=managers-password
Add the following two lines to the slave's slapd.conf:
updatedn 'cn=manager,dc=mrzesty,dc=net'
updateref ldap://ldap1.mrzesty.net
Start slapd and slurpd on the primary ldap server, and start slapd on the secondary. If you already have data in the ldap database - you should manually copy the /usr/local/var/openldap-ldbm directory and its files to the slave server - before starting slapd and slurpd.