###### checklist.php ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Qmailrocks.org Pre-Installation Checklist
A successful QMR Qmail installation requires certain packages be installed and
certain configurations be present on your server. I've put together this page
to provide a general checklist for visitors to use before they begin the
installation. Keep in mind that, since setups will vary from server to server,
you may find some requirements that are not listed here. This list is by no
means a finished list, so if you find a requirement that you feel is vital and
is not present on this page, please feel free to let me know.
How much disk space should I have available on my server?
The following is a GENERAL estimate. Acutal needs may vary from person to
person and machine to machine.
A safe amount of disk space would be about 80-90MB. This includes the download
of the qmailrocks.tar.gz software bundle and it's extraction. After a
successfull installation, the total amount of needed space for a safely
operating mail server could be brought down to about 15MB after the
qmailrocks.tar.gz content is removed.
If your server is multiple partitions:
/ partition:About 70MB.
/var partition: About 10MB
/home partition: About 3MB for starters, although this will change as "/home/
vpopmail" will be the place in which all e-mail is stored for all domains.
Some free advise:If the 80-90MB of estimated needed space is asking alot from
your server, you might want to reconsider whether or not to use that server as
a mail server. A mail server that is tight on disk space is a recipe for
trouble. Just my opinion.
What software packages should I already have installed on my server?
1. The Apache Web Server - You can use either version 1.3.x or version 2.x. It
shouldn't make that big of a difference.
2. PHP - Version 4.0.6 or higher. You will probably want to make sure that it's
either compiled with imap and mysql support, or if you are installing from
RPMs, install the php-imap and php-mysql packages alongside the php package.
3. Perl - I use version 5.8.0, but any version of 5 should work.
4. GCC - The gcc compiler. You should already have it installed, but if you
don't you'd better.
5. MySQL - MySQL is only REALLY needed if you intend to use it with vpopmail.
Also, you may run into trouble installing some packages if you don't have it
installed. All in all, it's a good idea to have mysql server installed. Version
4.x works just fine, but 3.x will work too.
6. OpenSSL- Version 0.9.5a or higher.
7. OpenSSL-devel - For Redhat products and Fedora users.
8. libssl-dev, for Debian users.
9. wget - Downloading packages and software is alot easier with wget.
10. patch & patchutils - Available via RPM for Redhat, the ports collection for
FreeBSD or apt-get for Debian. You'll need these packages to apply the needed
patches along the way during the install.
A SPECIAL NOTE TO FEDORA 3 USERS:
Frequently, Fedora 3 boxes will have the "selinux" package installed. The
selinux package interferes with vpopmail and vqadmin's abilitiy to function
correctly. If you are installing Fedora 3 yourself, the install will give you a
chance to disable selinux. If you are working on a a Fedora 3 box that's
already been setup, make sure you disable selinux before proceeding with this
installation guide.
What software packages should NOT be installed?
1. Postfix - Redhat 9 often will have Postfix installed by default. If it's
installed on your server, you will need to either uninstall it or disable it.
2. Any POP service - This includes Qpopper or any POP service that may be
running out of xinetd. If your're server has a POP service running, you will
need to disable it.
3. Any SMTP services
What about Sendmail?It's ok to have Sendmail installed, because we'll uninstall
it during the qmail installation.
What Perl modules should be installed?
This list may vary depending on your setup, but here goes:
Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
I'm am almost positive that someone out there will need more, so if you come
across any other needed modules please drop me a line.
I'm running a firewall on my server. What ports should I open?
IMPORTANT NOTE: Keep in mind the the following ports are what are required to
be open for only the QMR install. More than likely, a fully functioning
webserver is going to have more ports open for various other services. So, do
not use the port listing below to construct a NEW firewall without first
determining what other ports you will need to open. If you are are interested
in constructing a complete firewall for your server, check out the iptables
tutorial at http://www.iptablesrocks.org.
Outbound ports (tcp)
25 - SMTP
110 - POP services
143 - IMAP
783 - Spamassassin
993 - IMAPS
Inbound Ports (tcp)
25 - SMTP
80 - HTTP
110 - POP services
143 - IMAP
443 - HTTPS
783 - Spamassassin
993 - IMAPS
proceed_to_the_Qmailrocks.org_qmail_installation
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### download.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 1 - Download the Software
The first thing you'll need to do to get started is to download all the needed
software packages for the entire qmail installation process. To make things
easier for everyone, I've combined all the needed packages into 1 giant tarball
(.tar.gz) bundle that you can download in one easy step. Most of the included
packages are the latest versions as of November, 2004 (there are a few
intentional exceptions) and I will make efforts keep the software bundle up to
date as new versions are released. If your going to be using the Qmailrocks
installation guide to install qmail, I would strongly reccomend that you
download my software bundle. I've included several ready-made scripts and so
forth, so everything will make more sense if you're on the same page as I am
when going through the install.
So let's start the installation by getting the needed software. You will notice
that below I create a new directory called /downloads and I place the
Qmailrocks tarball in that directory before unpacking it. I would strongly
reccomend you do this as the rest of the instructions on this site are geared
toward this source directory structure. Anyway, lets get down to business.
mkdir /downloads
cd /downloads
Now download the Qmailrocks.org software bundle. The command below will
download the bundle from the qmailrocks.org main server in Texas, USA. You can
also download the bundle from a qmailrocks_mirror_site, if you wish)
wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
(Alternatively, if you'd like to download individual packages or view a listing
of all the packages, you may do so right_here.)
Once you've downloaded qmailrocks.tar.gz, were going to place in a directory
called "downloads" and then unpack it...
tar zxvf qmailrocks.tar.gz
Proceed_to_Part_2
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### qmail.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 2 - Installing Qmail Itself
Now that you've downloaded all the needed packages, we can start the install.
At this point you should have a qmailrocks source directory located at /
downloads/qmailrocks. If you don't, go back to step 1. This step involves the
setup of the very heart of you new qmail server. In this step, we'll install
qmail itself, ucspi-tcp and daemontools. These 3 packages are the core of the
qmail server and will be the foundation on which we build everything else. So
don't screw it up!
(RH 9/RHEL/Fedora/Slackware users:click_here before you start.)
To start things off, I've created a handy little shell script that takes care
of the first portion of getting qmail, ucspi-tcp and daemontools intalled.
Simply run this script from the command prompt of your Solaris box and you
should be golden. The script will tell you what it's doing along the way.
/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script (click_here
to view this script)
If all goes well, you should have all the needed user and groups created as
well as all the needed directories, permissions and ownership settings needed
for the installation of qmail, ucspi-tcp and daemontools
Before we start to compile and install qmail, ucspi-tcp and daemontools, we're
going to apply a group of patches to qmail. These patches will build all sorts
of cool functionality directly into qmail before we install it. In total, we're
going to add around 15 patches, but fortunately John_Simpson has combined all
but one of these patches into one giant patch file. But it gets even easier
because I've thrown together a shell script that applies ALL the patches in one
quick step. I'm making this so easy for you it's almost sickening. :)
Here's the basic gist of these patches: All critical patches included in this
bundle will be automatically integrated in your qmail server's functioning.
However, there are a few non-critical patches that have to be configured in
order to work. These non-critical patches are included merely to give you a few
extra little goodies that you can play with on your own time. Some of these
"extra little goodies" are new to me too, so as I learn more about them I will
certainly go into more detail.
So that you're not completely ignorant as to what theses patches are going to
be doing to your qmail server, here's a quick list of what patches are
included. I have color coded these patches so that you will know which ones are
critical and which ones are not.
red patch= critical patch, as far as the QMR install is concerned, that is
automatically integrated into your qmail server and requires no additional work
on your part.
blue patch= a non-critical patch that merely adds some cool functionality. Blue
asterisk patches also will be automatically integrated and require no
additional work.
green patch = a non-critical patch that merely add some cool functionality, but
which needs to be configured in order to be active.
_____________________________________________________________________________
|maxrcpt patch- Allows the sysadmin to set limits a message's number of |
|recipients. The default for this patch is set to 100. |
|mfcheck patch - causes qmail-smtpd to reject messages where the domain |
|portion of the envelope sender is not a valid domain |
|quota patch - Turns "over quota" errors into HARD errors, not soft. A wake up|
|call for those 2 or 3 jackasses on your server who never check their mail. |
|date-localtime patch - causes qmail to use the local timezone in any headers |
|it generates. |
|qmailqueue - the classic patch that allows qmail-smtpd to call other programs|
|to process messages. Through qmailqueue, we will later tie in Clam Antivirus |
|and Spamassassin. However, many ofther programs can also be tied in if you so|
|desire. |
|jms1-antispam patch - An anti-spam patch created by John Simpson, which works|
|within qmail-scanner to trick spam servers into believing a spam message is |
|delivered, when in fact it isn't. This is inactive by default, but you can |
|play around with this if you want. |
|errno.patch - patches error.h to work correctly with libc-2.3, which is used |
|by RedHat 9 and a few other Linux distributions |
|smtp-auth patch - good old smtp authentication |
|STARTTLS/AUTH patch - patch from qmail.org, modified by John Simpson to not |
|advertise AUTH unless the command line elements are there, AND adding a check|
|to not advertise or support AUTH unless the connection is secure. |
|forcetls patch - a patch created by Ryan Schlesinger to compensate for mail |
|clients that do not support TLS. Using this patch, your qmail server will |
|always accept an smtp connection encrypted with TLS. However, if any of your |
|users have a mail client that does NOT support TLS, they will still be able |
|to connect with just a plain AUTH connection. This is the default setting |
|that this patch installs with. However, if you're a security nazi, this patch|
|allows you to set your server so it will REQUIRE a TLS smtp connection no |
|matter what. This patch simply gives you some flexibility with your TLS |
|enabled qmail server. |
|The SPF patch - adds SPF checking to qmail-smtpd. SPF is a system where the |
|owners of domain names can "publish" the list of IP addresses from which |
|their users send mail. If another mail server sees an incoming message |
|claiming to be "From" that domain, but not coming from an IP on their SPF |
|list, that server can reliably reject the message as spam. More info can be |
|found here. |
|qmail-0.0.0.0 patch - fixes a difference between how Linux interprets the IP |
|address "0.0.0.0" and how the *BSD systems handle it. According to RFC 1122, |
|the IP address 0.0.0.0 should always be treated as an address for "this host,|
|this network". Part of qmail's loop-detection logic is determining whether or|
|not a given IP address "is" the current machine. This patch "teaches" qmail |
|that 0.0.0.0 is always the local machine. |
|qmail_local patch - fixes a possible bug in qmail-local having to do with how|
|the first line of a .qmail file is interpreted, when it starts with |
|whitespace. |
|sendmail-flagf patch - fixes how the "-f" option to /var/qmail/bin/sendmail |
|is handled, so that it more closely matches how the original "sendmail" |
|program's "-f" option worked. |
|bind-interfacepatch - a patch that lets you control the "source IP" from |
|which outgoing connections appear from a machine with multiple IP addresses. |
|This_page_on_qmail.org describes the patch more clearly, as well as the |
|format of the /var/qmail/control/bindroutes file which it uses. |
|8k-buffer-patch - increases the size of the memory buffer that qmail uses |
|when_querying_the_system_for_a_list_of_all_local_IP_addresses._______________|
Ok, so enough talk. Let's apply these mega-patches and get this patching
business out of the way...
/downloads/qmailrocks/scripts/util/qmail_big_patches.script (click_here_to
view_this_script)
Now we build Qmail...
cd /usr/src/qmail/qmail-1.03
make man && make setup check
./config-fast your_fqdn_hostname(ex: ./config-fast mail.mydomain.com)
OK, qmail itself is now built and installed. Now let's generate a secure
certificate that will be used to encrypt your server's TLS encrypted SMTP
sessions...
make cert
When you run the above command you will be asked a series of questions
regarding the generation of your certificate. They are non-technical
questions...such as your location, business name, organaization name, common
name and so forth. If you've ever generated an SSL cert before, this should be
familiar stuff to you. If you haven't, simply follow the directions. It's easy.
If you have trouble following the directions, you might as well give up now
because you're a RETARD. Since the cert you are generating is already NOT from
a trusted_authority such as Verisign or Thawte, the information you provide
here is not really THAT important, so don't sweat it.
Here's a sample of my cert cert configs. Don't be an idiot. Substitute in your
own information.
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]:qmailrocks.org
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []:mail.qmailrocks.org
Email Address []:postmaster@thisdomain.org
If the cert is successfully generated it will be automatically installed at /
var/qmail/control/servercert.pem, along with a symlink to that cert at /var/
qmail/control/clientcert.pem
Now we set the right ownership for the newly create cert...
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/
servercert.pem
Now we build ucspi-tcp...
cd /usr/src/qmail/ucspi-tcp-0.88/
________________________________________________________________________
|RH 9/RHEL/Fedora/Slackware users: You will need topatch ucspi-tcpwith an|
|additional errno patch: |
|____patch_<_/downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch____|
make && make setup check
If you don't get any errors, that's it for ucspi-tcp!
Now we build the daemontools....
cd /package/admin/daemontools-0.76
_________________________________________________________________________
|RH 9/RHEL/Fedora/Slackware users:You will need topatch daemontoolswith an|
|additional errno patch: |
| cd /package/admin/daemontools-0.76/src |
| patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch |
|___________________cd_/package/admin/daemontools-0.76____________________|
package/install
If no errors are reported, you've successfully compiled the daemontools
package!
All done for now...
If you run take a look at the running processes on your server at this point,
you should see the daemon "svscanboot" running. You can usually do this with a
"ps -aux" command. Here's a screenshot of it. If you see "svscanboot" running,
you're in good shape.
OK, Qmail is almost totally installed but we're going to pause right here and
install a bunch of handy tools and features that will make Qmail pretty and
fun! After that, we'll make some final changes to Qmail and then crank it up!
Proceed_to_Part_3
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### ezmlm.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 3 - EZmlm
EZmlm is a nice mailing list add-on to Qmail. I've used it several times myself
and its actually one of the better mailing list programs out there. When we
install Qmailadmin later on, you'll see that EZmlm integrates seamlessly into
Qmailadmin to provide a very user friendly mailing list management interface.
As an added bonus, Vpopmail (which we will install as well) will let you
control what users can and cannot use mailing lists! Can't beat that!
So let's install it...
cd /downloads/qmailrocks/
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make && make setup
If you don't get any errors, then ezmlm is all set up and ready to go!
Proceed_to_Part_4
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### autoresponder.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 4 - Autoresponder
Autoresponder does exactly what you think it does. It allows us to set up
autoresponders for mailboxes and so forth.
So let's install it...
cd /downloads/qmailrocks
tar zxvf autorespond-2.0.5.tar.gz
cd autorespond-2.0.5
make && make install
If you don't get any errors, then autoresponder is all set up and ready to go!
Proceed_to_Part_5
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### vpopmail.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 5 - Vpopmail
PLease choose one of the following vpopmail installation options:
I_would_like_to_install_vpopmail_without_MySQL_intregation
(recommened for smaller email servers and for qmail/mysql newbies)
or
I_would_like_to_install_vpopmail_with_MySQL_integration
(Requires that mysql server be installed on your server. Recommended for larger
email servers & ONLY for experienced mysql users)
_____________________________________________________________________________
|Which option is best for me? |
|First of all, don't feel that a vpopmail installation without mysql is |
|somehow inferior or inadequate. It's not. The choice of whether or not to use|
|mysql with vpopmail, in my opinion, is a personal preference and basically |
|comes down to 2 things: |
|1. How large is you mail server going to be? |
|If you are only planning on hosting a handful of domains on your mail server,|
|I don't think it's really worth integrating mysql into it. I have a server |
|that hosts about 50 domains on it right now and it does NOT have mysql |
|integrated into vpopmail. It works perfectly fine. The qmailrocks.org mail |
|server also does NOT have mysql built into it. It runs great. However, if you|
|plan to host more than 50 domains or so, I'd say go with mysql. It makes it |
|easier to manage a lot of domains and also makes porting the mail server to |
|new equipment and locations easier. Of course, the decision is up to you. If |
|you really want to use vpopmail with mysql on a server that hosts only 1 |
|domain, knock yourself out. My opinion though, is that unless you are hosting|
|a ton of domains, integrating mysql into vpopmail is simply making your mail |
|server more complex than it needs to be. And as we all know, the more complex|
|the plumbing, the easier it is to stop up the drain. |
|2. How comfortable are you with mysql? |
|If you're a newbie and you don't know jack shit about mysql, don't be a |
|jackass. Just use the default vpopmail installation and save yourself the |
|aggravation. I can't hold you hand though installing and setting up mysql, |
|and you'll be hard pressed to find someone else that will. In short, don't |
|get_in_over_your_head._______________________________________________________|
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### vqadmin.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 6 - Vqadmin
Vqadmin is simply a nice web based interface that will let us manage Vpopmail.
Through the interface we can create new domains, new users, net quotas, enable
services and much more.
So let's install it...
cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure--enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/
your/html/directory
(Example: ./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/
var/www/html )
make && make install-strip
If the installation is successfull, Vqadmin should install itself in the cgi-
bin directory of your default website. Unless you tell it otherwise, that
usually defaults to /var/www/cgi-bin. You can specify another location in the
./configure command above.
Now you will need to add the following to your server's Apache configuration
file (usually httpd.conf)
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
In addition, within the Apache master config file you will want to set the
"AllowOveride" option to "All". Example: AllowOverride All
cd /path/to/your/cgi-bin/vqadmin
Now you will want to create a .htaccess file to password protect the Vqadmin
interface. There should already be a .htaccess file in the vqadmin directory,
so all you need to do is configure it. We'll use the ever useful vi editor for
this.
vi .htaccess
AuthType Basic
AuthUserFile /path/to/where/you/want/to/store/the/password/file/.htpasswd
AuthName vQadmin
require valid-user
satisfy any
chown apache .htaccess(you may need to change the chown to either "nobody",
"apache" or "www" etc., depending on what user your installation of Apache is
running as)
chmod 644 .htaccess
Now you need to create a corresponding .htpasswd file that's going to contain
the username and encrypted password for the Vqadmin administrator...
htpasswd -bc /path/to/where/you/want/to/store/the/password/file/.htpasswd admin
admin_password
chmod 644 /path/to/where/you/want/to/store/the/password/file/.htpasswd
_____________________________________________________________________________
|Question: |
| But what if I want to user another username other than "admin"? |
|Answer:: You will notice that in the above line, I'm adding an admin user |
|called "admin". The name of the user needs to be "admin" because that is the |
|username which Vqadmin sets up by default to have full admin rights. If you |
|want to use a username other than "admin", you will need to edit the /cgi- |
|bin/vqadmin/vqadmin.acl file and add your custom user to that file along with|
|whatever rights you want it to have. Within that file, you will see where the|
|user called "admin" is already set up to have all rights. That line looks |
|like this: |
|admin VIMUDCA admin1user |
|In this line, the "admin" part specifies the username, the "VIMUDCA" part |
|specifies that user's rights (a chart of all the possible rights is right |
|above this line), and the "admin1user" part specifies the common name for the|
|user which will be displayed when you log into Vqadmin. The common name is |
|purely_for_aesthetic_purposes._______________________________________________|
Now restart Apache...
apachectl stop
apachectl start
If all has gone well, you should now be able to browse (in your web browser)
to:
http://www.yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi
Note: make sure you include "vqadmin.cgi" in the path or you will get a 403
forbidden error!
Enter the user "admin" and whatever password your assigned it.
You should now see the Vqadmin interface. Go ahead and add a new domain to your
server! Pretty cool, huh? The "postmaster" user serves as the admin user for
any new domain and we will use it to log into Qmailadmin, when we install that.
As soon as we complete the install, that domain will be instantly able to get
mail (assuming the MX is correctly pointing to your server). The nice thing
about Vpopmail and Vqadmin is that you do not need to restart anything after
you add a domain. Once you add it, it simply works! We're almost done!
Proceed_to_Part_7
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### maildrop.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 7- Maildrop
Maildrop is a mail filtering agent which can be used to filter messages as they
arrive on the server. You will probably notice, once this installation in
complete, that you don't really use maildrop. However, it's a cool tool and
it's worth having around if you ever decide to get crazy with filtering your
imcoming mail. You can find documentation on maildrop right_here.
Let's install it...
cd /downloads/qmailrocks
tar zxvfmaildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-
uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip &&make install-man
If you didn't get any errors, maildrop should be all set!
Proceed_to_Part_8
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### qmailadmin.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 8 - Qmailadmin
Qmailadmin is going to provide us with
a nice web based interface for
administering mail accounts once they
are setup through Vpopmail (or
Vqadmin). From Qmailadmin we can create
mailboxes, aliases, fowards, mail click_for_full_size_preview
robots, mailing lists. You'll also find
a few other handy functions as well.
Qmailadmin is sort of the icing on the
Qmail cake.
Let's install it...
cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.3.tar.gz
cd qmailadmin-1.2.3
./configure--enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/
your/html/directory
note: The paths in the above configure script will need to be custom tailored
to your systems configuration
make && make install-strip
That's it! Now browse to http://www.yourdomain.com/cgi-bin/qmailadmin and you
should see the login screen. Login with the postmaster account and password for
the domain that you created a while back using Vqadmin. Pretty cool, isn't it?
Go ahead and create some additional mailboxes for your domain(s).
If you didn't get any errors, Qmailadmin should be all set!
note: if it's late and you're looking for a place to stop so you can sleep,
this is a good place. Sendmail should still be handling mail on the server.
After this page it's Qmail or bust!
Proceed_to_Part_9
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### finalize.php ######
$ip = $_SERVER['REMOTE_ADDR']; $ref = $_SERVER['HTTP_REFERER']; $date = date
("n/j/y g:i:s A"); $fp=fopen("./backoffice/finalizelogs.htm","a"); fwrite
($fp,"$ip $ref $date
\n"); fclose($fp); ?>
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 9 - Finalizing Qmail
Ok, we've installed a bunch of bells of whistles onto our qmail installation.
Now it's time to wrap up the configuration for qmail itself. After that, we
will stop and remove Sendmail from the server and then it's time to crank qmail
up!
The first thing we're going to do is create the qmail supervise scripts, create
the the qmail rc and qmailctl scripts and then set the needed permissions on
all these scripts. Lucky for you, I've created a script to do all this for you.
The script will give you a breakdown of what it is doing while it's running. If
any errors occur, you'll see them. However, if you've configured everything
right up until now, you shouldn't have any problems. You can check out the
contents of this scripts right_here.
So let's run the script...
/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script
Hey, that was easy. Now there are just a couple tweaks to make to these new
scripts we just created...
vi /var/qmail/supervise/qmail-pop3d/run
Find "mail.example.com" and change it to your server's hostname. For example:
mail.mydomain.com.
vi /var/qmail/supervise/qmail-smtpd/run
Find "mail.example.com" and change it to your server's hostname. For example:
mail.mydomain.com
Next, we'll kill any running qmail processes so that we can implement some
final configurations.
qmailctl stop
We setup selective relaying for localhost...
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb
Now we create the common system aliases. These aliases are going to tell Qmail
what to do with common server-generated mails. Stuff like bouncebacks, cron
daily output and various other systemic sources. It's a good idea to redirect
these aliases to a mailbox that you are going to check on a regular basis. You
don't want to have your systemic mails piling up in some deep dark corner of
your server doing no good and slowly filling your disk up.
echo some_address > /var/qmail/alias/.qmail-root
where "some_address" is the system user or email address you want these
addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-postmaster
where "some_address" is the system user or email address you want these
addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-mailer-daemon
where "some_address" is the system user or email address you want these
addresses aliased to.
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*
Alright. We've got qmail ready to go. One of the last things we need to do is
to disable/uninstall Sendmail on the server and replace the Sendmail binary
with a symlink to qmail, so that our server won't freak out with Sendmail being
gone.
Proceed_to_Part_10
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### remove_slackware.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 10 - Uninstalling Sendmail
(Slackware)
Well, the moment you've been waiting for is finally here. We're going to
uninstall Sendmail from the server. However, since Sendmail is such a commonly
used item among tons of server operations and cronjobs, you will see that,
after we uninstall Sendmail, we will actually make an artificial Sendmail that
is nothing more than a direct injection into Qmail.
Anyway, let's uninstall it...
/etc/rc.d/rc.sendmail stop (to stop Sendmail)
We will first attempt to uninstall the packages version of Sendmail, if you
have Sendmail installed as a package...
pkgtool
Select the "Remove" option.
The pkgtool will scan the sysem for installed packages. If Sendmail is
installed as a tgz package, you should see it on the list. You can then
uninstall Sendmail easily by selecting the Sendmail package with the space bar,
and then pressing "ok".
That's it. The Sendmail package should now be unintalled. Keep in mind that if
you ever wanted to re-install Sendmail, you could use the "pkgtool" utility to
do so.
However, if Sendmail does not show up on the "pkgtool" list, you may have
installed it from source. In that case, you will need to disable Sendmail
manually, like so:
mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/bin/sendmail /usr/bin/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
chmod 0 /usr/lib/sendmail.old /usr/bin/sendmail.old /usr/sbin/sendmail.old
At this point, whether you had Sendmail installed as a package or from source,
it should now be disabled or uninstalled.
Now we will need to set up an "artificial" Sendmail, which is just a symbolic
link to qmail's Sendmail. This is needed to ensure that the myriad of systemic
mail scripts are still able to send mail! qmail's "Sendmail" is nothing more
than a direct injection into Qmail itself...
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/bin/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
That's it! If all has gone well, Sendmail should be uninstalled and the Qmail
Sendmail should be in its place.
Now it's time to give qmail a final test and then crank it up!
Proceed_to_Part_11
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### start_qmail.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 11 - Starting qmail
Alright, qmail should be ready to go! But before we crank it up, let's run a
script that will check the key components of the installation and make sure
everything is alright.
To do this test, I have borrowed Dave Sill's "inst_check" script, but I've made
a few custom modifications to accomodate for the subtle differences between the
Qmailrocks installation and the Life With Qmail installation. Basically, the
Qmailrocks installation has a slightly different logging setup and some slight
variations in permissions settings. If you've installed according to this site,
use my version of the script, as using Dave's version will result in a lot of
"error" detections that are false positives due to the differences in the 2
installs. When you run the script, it will check for some key required files
and folders and will also check permissions and owership settings on many key
items. It a needed file does not exist or if the ownership/permissions settings
are wrong on a key file, it will tell you and then make a suggestion as to how
to correct the error. This script does NOT check the CONTENT or SYNTAX of your
scripts, but only for the scripts' existence and their ownership/permissions
settings.If you've screwed up the syntax of on the run scripts, this tool will
not detect it.So you ready? Let's do it...
/downloads/qmailrocks/scripts/util/qmr_inst_check
If you get a "congratulations" type of message, you're all set. If you get some
errors, just follow the directions to fix the errors and then re-run the script
until you get all errors corrected and you get a "congratulations" message.
Assuming, you've passed the installation check script, let's crank Qmail up!
qmailctl stop
qmailctl start
You can find out how things are running by:
qmailctl stat
You should see an output like this:
/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
If you, don't see anything like that or if you see error messages, click_here
for troubleshooting tips.
Congratulations, Qmail is now officially up and running and you should be able
to send and receive mail on the server.
Let's test your new server's POP3 service...
telnet localhost 110
you should see something like this:
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@yourserver.com>
user postmaster@mydomain.com (enter your username here. remember to use the
full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.
This is the sign of a successfull POP connection to the server!
Now try sending mail to that same user from another location. Telnet to 110
again and run the "list" command and you should see the message that your
send...
telnet localhost 110
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@yourserver.comt>
user postmaster@mydomain.com (again, remember to log in with the full email
address of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.
And now let's test your server's SMTP service to make sure the TLS
functionaltiy is there...
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 somewhere.anywhere.com ESMTP
ehlo localhost
250-somewhere.anywhere.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
[root@somewhere control]#
In the above SMTP session, I have higlighted the important aspects in DARK RED.
After you give the server the initial "ehlo localhost" command, you should get
a response back that lists "250-STARTTLS", signaling that the server is in fact
equipped for TLS functionality. Then, after you issue the "starttls" command,
you should get the :"220 ready for tls" response if the server is able to
successfully start the TLS session.
_____________________________________________________________________________
|If you happen to get an error that states "454 TLS not available: missing RSA|
|private key (#4.3.0)" after you issue the "starttls" command, you will want |
|to check 2 things: |
|1) Verify that the cert actually exists at /var/qmail/control/servercert.pem.|
|If it's not there, go back to step 2 and repeat the cert creation step. |
|2) Verify that the cert is owned by vpopmail:vchkpw. If it's not, then make |
|it so like this: |
|chown_vpopmail:qmail_/var/qmail/control/servercert.pem_______________________|
Alright! If you have reached this point, then Qmail is now successfully up and
running. Technically speaking, you could quit right here and have a functioning
mail server. However, we still have a few options that we're going to plug into
Qmail before we're done. In the next pages we will:
Install Courier IMAP & IMAP SSL.
Install Squirrelmail web based mail interface (requires that IMAP be
installed).
Install Qmail-Scanner, an alternative queueing device.
Install Spamassassin, to tag all incoming spam.
Install Clam Anti Virus - To quarantine e-mails containing known viruses
Install qmailanalog, so that you can get nightly server stats.
Install Qtrap, to filter out messages containing undesirable words that may
make it past Spamassassin.
Proceed_to_Part_12
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### imap_slackware.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 12 - Installing Courier-imap/imaps with Courierpassd
(Slackware)
Now that you have qmail up and running, we're going to add a few extras onto
it. For starters, we're going to install Courier-imap/imaps along with
Courierpassd. Installing IMAP will, obviously, enable IMAP connections to the
mail server and it is a necessary ingredient for most popular web based mail
clients such as Horde, SQwebmail and Squirrelmail. Courier-imap is the
preferred IMAP server to install because it has built in support the vchkpw
mail user setup that Vpopmail utilizes. In short, Courier IMAP works with
Vpopmail and virtual domains. In addition to installing Courier-imap, we're
going to install Courierpassd. Courierpassd is a utility that allows users to
change their mailbox passwords remotely. This will come in handy when we
install Squirrelmail in the next step of the installation. Courierpassd will
allow your mail users to change their passwords using the Squirrelmail
interface. This will give your users more power over their account settings
and, more importantly, keep them from pestering you whenever they want to
change their passwords. ;)
So let's start by installing Courier-imap/imaps
cd /downloads/qmailrocks/
tar jxvf courier-imap-3.0.8.tar.bz2
cd courier-imap-3.0.8
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --
without-authdaemon --without-authldap --disable-root-check --with-ssl --with-
authchangepwdir=/usr/local/libexec/authlib
Hint: Since the above config line runs over 1 line, it'll be easier if you
simply cut and past the entire config statement.
Note: the configure process will take a few minutes. Go grab a snack...
make && make install-strip &&make install-configure
cd /usr/local/etc
Make sure that the files "imapd" and "imapd-ssl" exist. If they do not exist,
do the following:
cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl
Now let's create an SSL certificate for the IMAP-SSL server...
/usr/local/sbin/mkimapdcert
This will start and automated process that creates a self-signed imap-ssl X.509
certificate called imapd.pem. It should create this new certificate at /usr/
local/share/imapd.pem. If the certificate already exists, the "mkimapdcert"
tool will not let you overwrite it.
A Note on IMAP-SSL certificates: Keep in mind that since this SSL certificate
is self-signed and is not from a "trusted" authority such as Verisign or
Thawte, mail clients such as Outlook will give a warning when they attempt to
connect to your IMAP-SSL server on port 993. The warning will state that the
certificate is not from a "trusted" authority. While the warning is a bit ugly,
it does NOT mean your IMAP-SSL connection is any less secure than it would be
with a real certificate from Verisign or Thawte. All it means is that the SSL
certificate was not generated by a company which Microsoft recognizes as a
"trusted" authority. From a security standpoint, however, your IMAP-SSL server
is every bit as secure as it would be if you bought the certificate from
Verisign or Thawte. If the warning is too inconvenient for your purposes, you
will need to purchase a "real" certificate from a "trusted" authority such as
Verisign or Thawte. Be prepared to shell out a good chunk of change if you do
so.
vi imapd-ssl
Make sure that the following configuration exists:IMAPDSSLSTART=YES
Make sure that the following configuration exists:TLS_CERTFILE=/usr/local/
share/imapd.pem
Save and exit the file.
_____________________________________________________________________________
|Special note for people running a small home or office network: |
|If you are planning on having multiple users connect to your IMAP server from|
|a single IP address, such as in a small home or office network, you may want |
|to increase the "MAXPERIP" setting with the /usr/local/etc/imapd config file.|
|This setting establishes the maximum number of IMAP connections that can be |
|made from a single IP address. An example of this might be if you have a |
|small office network runing on a single DSL or Cable IP address and your mail|
|server is outside of that network. While each computer in your internal |
|network may have it's own private IP address, to the outside world anyone |
|coming from your network has the single routeable IP address assigned to your|
|DSL or Cable connection. The default setting for "MAXPERIP" is 4 so f you |
|have a similar network setup and more than 4 people trying to access your |
|IMAP server, you may want to increase this setting accordingly to avoid |
|connection errors. Within the /usr/local/etc/imapd file, the line you are |
|looking for looks like this: |
|MAXPERIP=4___________________________________________________________________|
Now we create the startup scripts...
cp /usr/local/libexec/imapd.rc /etc/rc.d/rc.imap
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/rc.imaps
Now let's start up IMAP and IMAP SSL...
/etc/rc.d/rc.imap start
/etc/rc.d/rc.imaps start
If you run "nmap localhost", you should see both 143 and 993 now open and
listening.
Now let's test it...
telnet localhost 143
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-
2003 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@mydomain.com my_password
a OK LOGIN Ok. (successful login!)
a logout (logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
Hint: The "a" that you see before my login commands is required.
If you were able to log in , as in the example above, you're all set. IMAP is
installed! For further testing, you can configure a mail client such as Outlook
to test both the IMAP and IMAP-SSL connection to your server. IMAPS runs on
port 993.
Now that Courier-imap is installed, let's install Courierpassd. Remember,
Courierpassd is going allow us to enable your mail users to change their own
mail passwords via the Squirrelmail interface.
Note: Courierpassd will require that port 106 be open to at least local traffic
(traffic from 127.0.0.1)
cd /downloads/qmailrocks
tar zxvf courierpassd-1.1.0-RC1.tar.gz
cd courierpassd-1.1.0-RC1
./configure
make && make install
OK. Courierpassd is installed now. Next, we are going to configure Inetd/Xinetd
to run courierpassd...
________________________________________________________________________
|If your server uses Inetd, here's how integrate Courierpassd into it: |
|vi /etc/inetd.conf |
|Add the following line: |
|courierpassd stream tcp nowait root /usr/local/sbin/courierpassd -s imap|
|Save_and_exit.__________________________________________________________|
___________________________________________________________________________
|If your server uses Xinetd, here's how you integrate Courierpassd into it: |
|cd /etc/xinetd.d |
|Here we create the xinetd script for courierpassd... |
|vi courierpassd |
|service courierpassd |
|{ |
|port = 106 |
|socket_type = stream |
|protocol = tcp |
|user = root |
|server = /usr/local/sbin/courierpassd |
|server_args = -s imap |
|wait = no |
|only_from = 127.0.0.1 |
|instances = 4 |
|disable = no |
|} |
|Note: You may want to add additional IP's to the "only_from" setting above,|
|depending on your needs. |
|Save_and_exit._____________________________________________________________|
Now let's add the Courierpassd service to the system's services file:
vi /etc/services
Append to following line to the /etc/services file:
courierpassd 106/tcp #for /etc/xinetd.d/courierpassd
If your system uses Inetd, then we now want to restart Inetd
/etc/rc.d/rc.inetd restart
If your system uses Xinetd, them we now want to restart Xinetd:
/etc/rc.d/rc.xinetd restart
Now let's test Courierpassd by trying the reset the password for a mail
account. Here's what a successful test should look like:
root@slackbox:/# telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user postmaster@qmailrocks.org
200 Your password please.
pass my_password(don't be a dumbass. Put your own password here)
200 Your new password please.
newpass my_new_password(don't be a dumbass. Put your new password here)
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
root@slackbox:/#
If the above session is successful for you, Courierpassd is working correctly!
Now that we've got Courier-imap and Courierpassd installed, let's install the
webmail client - Squirrelmail.
Proceed_to_Part_13
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### webmail_rh_slack.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 13 - Installing Squirrelmail
Now that we have Qmail running with IMAP, we can install a webmail client to
make mail accessible via a web browser. My choice for this was Squirrelmail.
Squirrelmail is both easy to install and it has lots of nice plugins to broaden
its abilities. I know that a lot of people out there like to use Horde. I like
Horde myself and I've installed it on my Qmail server alongside Squirrelmail.
However, Horde is a major pain in the ass to install. Anyone who's ever
intalled it will tell you that. I just don't want to take the responsibility
for it on this site. Some people also like to use SQwebmail. No offense, but I
don't like SQwebmail.
Anyway, let's install Squirrelmail...
The first order of business to make sure PHP is installed and correctly
configured. So let's get that out of the way...
In order for Squirrelmail to work correctly, you'll need to check a couple
things about your PHP installation:
1. First of all, make sure some rendition of PHP 4 is installed. If it's not,
kick yourself in the ass and then go install it. Sorry, I'm not going to give a
PHP installation tutorial. To be safe, you will want the following config
options to be active in your PHP installation.
--enable-track-vars
--enable-force-cgi-redirect
--with-gettext
--with-mysql
If you're running Redhat, however, PHP can be easily installed as an RPM either
manually or with "up2date". A default RPM installation of PHP will usually
cover you. The only extra RPMs you'll want to install is "php-mysql".
2. Make sure you have PHP uploads turned ON. This is done by editing a line in
your php.ini file. The location of the php.ini file can vary, but it's usually
located at /etc/php.ini. If it's not, don't panic. Just run the old "locate
php.ini" command. ;) Here's the line you will want to check/edit:
file_uploads = On
That's it for the PHP setup. Now let's download Squirrelmail...
You can download the latest stable version of Squirrelmail from: http://
www.squirrelmail.org/download.php
I recommend downloading the .tar.gz version of the latest release.
Now change directories to the web directory of the website you want to serve
Squirrelmail off of. In my case, I used /var/www/html
tar zxvf /path/to/squirrelmail-x.x.x.tar.gz(enter whatever version you
downloaded)
Now rename the untarred folder to something more friendly...
mv squirrelmail-x.x.x webmail
And now let's configure Squirrelmail...
mkdir /var/sqattachements
chown -R apache:apache /var/sqattachements(or whatever user apache runs as)
cd webmail
chown -R apache:apache data(or whatever user apache runs as)
cd config
./conf.pl
This will run the Squirrelmail setup script which will allow you to customize
the installation as well as set your server settings. Most of the important
settings are in area #2, which is dubbed "Server Settings". Here are the specs
I recommend:
General
-------
1. Domain : 1.2.3.4 (Enter the IP of your server here. Don't be an idiot and
actually use 1.2.3.4)
2. Invert Time : false
3. Sendmail or SMTP : SMTP
IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false
Depending on what version of Squirrelmail you are installing, the setup menu
may differ slightly. But you get the idea. If you like, there a several other
features of Squirrelmail you can customize that, while not critical, are
sometimes fun. Also, check out Squirrelmail's_site for tons of cool plugins.
Make sure you save all settings before exiting the configuration menu.
Once you've configured Squirrelmail to your liking, it's time to configure
Apache to serve our new webmail interface...
Notice:The following Apache configuration entry below will show you what I
MYSELF have for my server's Apache configuration. Apache configurations will
vary, so this may or may not work for you. Also, this is not meant to be a
lesson in how to configure Apache. If you are confused about configuring
Apache, I would reccomend that you STOP here and go find a tutorial on Apache.
Please do not email me asking me to explain Apache configuration methods to
you. I am currently working on a comprehensive Apache tutorial site
(apacherocks.org), but until it's complete, you will need to seek Apache help
and advice elsewhere.
There are probably about a million ways to do this, but here's what I do. I
edit the httpd.conf Apache configuration file and add the following block:
ServerName mail.mydomain.com
ServerAlias mail.*
ServerAdmin postmaster@mydomain.com
DocumentRoot /var/www/webmail
Here's a breakdown of what's above:
- This indicates I'm setting up my mail interface as a
virtual host, rather than IP based. Obviously, you're going to want to replace
1.2.3.4 with the IP address of your web server. Additionally, what you have
here may vary from server to server and is dependent on how you have your
Apache configured. Be cautious!
ServerName mail.mydomain.com - The official name of the webmail server virtual
host.
ServerAlias mail.* - This line establishes a wildcard serveralias called
mail.*. With this setup, any domain that is pointed to your server and that has
an A record called "mail", will be able to get to the webmail interface by
simply going to http://mail.whateverdomain.com. This is a pretty cool little
feature and makes accessing the webmail interface easy for all of your users.
ServerAdmin postmaster@mydomain.com - The server administrative contact. This
is not required, but I like to include it.
DocumentRoot /var/www/webmail- The document root of your webmail interface.
This will vary, depending on where you chose to install Squirrelmai. In this
example, you can see that I installed it at /var/www/webmail
- The closing tag to the virtualhost.
Make sure you restart Apache after making the above changes.
Ok, now that Apache is all configured, let's test the new webmail interface...
http://www.yourdomain.com/webmail
We'll sign in with the postmaster account under the domain you should have
created earlier using Vqadmin...
Username: postmaster@yourdomain.com
Password: your_password
If all has gone well, Squirrelmail should log your right into your account!
From here you will be able to both send and receive mail as well as a host of
other additional functions. Again, Squirrelmail has tons of really cool
plugins, and you can check them out at Squirrelmail's_plugins_page. Installing
the plugins is pretty easy and their site can help you out. Now that was nice
and painless, wasn't it? If I had tried to explain installing Horde instead,
you would probably be holding a gun to your head right now, wishing for quick
end to the misery. OK, I'm only kidding. :)
Now, I'm going to cover the addition of 1 Squirrelmail plugin. Keep in mind,
there are tons of other plugins available. We're going to install the
"change_pass" plugin which will allow our mail users to change their passwords
from the Squirrelmail interface. This is made possible by the installation of
Courierpassd that we did when we installed Courier-imap in the previous step.
So here goes...
cd /path/to/squirrelmail_directory/plugins(example: cd /var/www/webmail/
plugins)
Download the module...
wget http://squirrelmail.org/
countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_pass-
2.7-1.4.x.tar.gz
Unpack the module...
tar zxvf change_pass-2.7-1.4.x.tar.gz
Remove the tarball of the module...
rm -rf change_pass-2.7-1.4.x.tar.gz
Now let's go and add the module into Squirrelmail...
cd /path/to/squirrelmail_directory/config
Run the Squirrelmail configuration tool...
./conf.pl
Choose the option for "plugins". On my version of Squirrelmail, this was option
8. Once you are in the modules menu you should see the "change_pass" module on
the list of available, but inactive, modules. You can add the "change_pass"
module by simply typing the number associated with the module and then hitting
enter. Once the module appears on the active module list, go ahead and save the
configuration changes and then exit out of the configuration tool.
Alright! You should be all set now. All that's left to do log into Squirrelmail
and try out the password change tool!
That's it for Squirrelmail. Now let's move on to the next step.
Proceed_to_Part_14
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### clamspam_slackware.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 14 - Clam Antivirus & SpamAssassin
(Slackware)
Alright, the next 2 steps are going to be the trickiest of the entire
installation. First, on this page, we're going to install Clam Antivirus and
Spamassassin. Then, on the next page, we will install qmail-scanner which will
tie ClamAV and Spamassassin into the operation of our qmail server. I'm going
to warn you again that these next two steps are typically a pain in the ass. I
am constantly trying to make these steps as universal and easy as possible, but
the ease of these steps depends heavily on how your system is configured and
how experienced you are. If you've never done this before, you can pretty much
bet you're going to have a problem or 2 along the way. But don't give up. If
you get into a bind, feel free to consult the qmailrocks mailing_list, mailing
list_archive, IRC_channel or chat_forum. Using these 4 resources, you've got an
excellent chance of getting any help you may need. OK, it's time to put some
hair on your chest!
First, let's make sure you have all the required perl modules and required
packages. All of the perl modules below are required for Spamassassin and
Qmail-Scanner to work. I'll talk more about this further down in the install.
You will need these Perl Modules:
Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Suid Perl isn't installed by default on Slackware systems. This is because of
historical security problems. Instead, there's a way to build a suid style
wrapper around the qmail scanner module.
_____________________________________________________________________________
| - Helpful Hints - |
|______________________Checking/Installing_Perl_Modules_______________________|
|How_do_I_know_if_my_server_has_these_perl_modules? |
|The following script will check your system for the above modules. |
|You MUST run this script as a NON-ROOT user!! |
|/downloads/qmailrocks/scripts/util/check_perlmods.script |
|If you see an output similar to this: /usr/lib/perl5/5.6.1/i386-linux/Time/ |
|HiRes.pmYour are good to go! However, if you get a "not found" type response |
|for any of the above modules, you will need to install them. |
|Ok,_so_if_I_don't_have_the_module(s),_how_do_I_download_and_install_it(them)?|
|There are 2 main ways you can do this: |
|2. Qmailrocks included source packages:I've included source versions of all |
|needed perl modules. These can be found in the "perlmods" directory of the |
|Qmailrocks package. If you want to see an example of how to install these |
|source packages, click_here. I try to keep these packages as current as |
|possible, but you can always fine the latest versions at CPAN. |
|1. Directly from CPAN: Go to http://www.cpan.org, get the module and install |
|it. Alternatively, you can use the command line CPAN utility to connect to |
|CPAN_and_install_the_module._________________________________________________|
Ok, so at this point you should have all of the above Perl modules installed on
your system. In addition, as noted above, you will also need to have "unzip"
and "perl-suidperl" packages installed. So let's install Clam Anti Virus and
Spammassin..
Installing Clam Anti Virus...
cd /path/to/qmailrocks/
tar -xzf clamav-x.xx.tar.gz
cd clamav-x.xx
groupadd clamav
useradd clamav -g clamav -s /sbin/nologin
./configure --prefix=/usr --sysconfdir=/etc
make && make check &&make install
Ok, this is where I do thing a bit differently with ClamAV. Under normal
conditions, you would use the daemonized version of ClamAV, by way of a program
called clamdscan. However, I've never had anything but trouble when using clamd
with qmail. Instead, I choose to only use the clamscan utility, which is the
non-daemonized version of Clam Antivirus. The most thorough way to ensure that
clamdscan is 100% bypassed it to simple remove the real clamdscan and replace
it with a simply symlink to clamscan.
I do it like this...
mv /usr/bin/clamdscan /usr/bin/clamdscan.orig
ln -s /usr/bin/clamscan /usr/bin/clamdscan
Now we'll do a few configuration settings to the /etc/clamd.conf file. This
file won't get use much, since we aren't going be using the daemonized version
of ClamAV, but it does get accessed occasionally by other processes.
vi /etc/clamd.conf
"Example" - should be commented out.
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"ScanMail" - should be uncommented.
Ok, Clam AV is now installed, but let's go ahead and set it up so that it will
auto-update every night with the latest virus definitions! First we will want
to set up the proper logging for the updater....
/usr/bin/freshclam -l /var/log/clamav/clam-update.log
If the server is able to get updates, you should see an output similar to this:
[root@crescent clamav]# freshclam -l /var/log/clamav/clamav-update.log
ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder:
ccordes)
Woohoo! You're updated with the latest virus definiations from the Clam
database!
Now we just set a crontab to run every night, which will run the auto-update
procedure! In the example below, I've set mine to run every day at 1:15 AM. The
odd run time came reccomended from ClamAV, if you're wondering. Running
freshclam at times other than the top of an hour reduces the load on their
servers. so feel free to adjust the time to something even more offbeat, like
1:19 AM or something. The guys at ClamAV will thank you.
crontab -e (make sure you run this command as root)
15 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log
Now save your new crontab and exit.
That's it! We're all done with Clam Anti Virus! You will now have a server-wide
e-mail virus scanner that updates itself every night with the latest and
greatest virus definitions!
_____________________________________________________________________________
| - Helpful Hints - |
|___________________________Knowing_Clam_Anti_Virus___________________________|
|1) Clam AV works pretty well right out of the box. However, there is a |
|configuration file created at /etc/clamav.conf in case you want to customize |
|it to your liking. |
|3) Clam logs to /var/log/clamav.log (in above scenario) |
|4) When Clam detects an e-mail that contains a potential virus, the following|
|will happen: |
|- a) Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine |
|- b) Clam AV will send a notification of the detection and quarantine to |
|whoever you configure it to send notifications to. When we install Qmail- |
|Scanner further down this page, we will tell it what people to notify when a |
|virus is detected. If you configure Qmail-Scanner by my rules, it will send 1|
|notification to the system administrator. However, it can also send a |
|notification to the sender and the recipient as well, if you configure it to |
|do_so._______________________________________________________________________|
Now let's install Spamassassin...
Note: Spamassassin utilizes port 783 to properly scan and release e-mail. If
you have a firewall on your server, you will need to open up port 783 going in
and out.
If you don't have the Mail::Spamassassin Perl module installed on your system,
let's install it now...
cd /path/to/qmailrocks/perlmods/source
tar zxvf Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.63
perl Makefile.PL(This will ask some configuration questions. Use your best
judgment)
make && make install
Alright. Now we're going to add a user/group called "spamd" under which
Spamassassin will be run...
groupadd spamd
useradd -g spamd -s /bin/false spamd
We'll need to create a startup script for spamassassin - normally stored as /
etc/rc.d/rc.spamd
vi /etc/rc.d/rc.spamd
#!/bin/sh
# Spamd init script for Slackware 9.0
# August, 2th 2003
# Martin Ostlund, nomicon
# Modified slightly by Troy Belding for Qmailrocks - February 23, 2004
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DAEMON=/usr/bin/spamd
NAME=spamd
SNAME=rc.spamd
DESC="SpamAssassin Mail Filter Daemon"
PIDFILE="/var/run/$NAME.pid"
PNAME="spamd"
DOPTIONS="-x -u spamd -H /home/spamd -d --pidfile=$PIDFILE"
KILL="/bin/kill"
KILLALL="/bin/killall"
# Defaults - don't touch, edit /etc/mail/spamassassin/local.cf
ENABLED=0
OPTIONS=""
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
$PNAME $OPTIONS $DOPTIONS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
$KILL -9 `cat $PIDFILE`
/bin/rm $PIDFILE
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
$0 stop
$0 start
echo "$NAME."
;;
*)
ME=/etc/rc.d/$SNAME
echo "Usage: $ME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
Save and exit from this new init script and then set permissions on it...
chmod 755 /etc/rc.d/rc.spamd
And now let's set some config options...
vi /etc/mail/spamassassin/local.cf
Replace the contents of the local.cf file with the following config settings:
rewrite_subject 1
required_hits 5
Save and exit from the file.
Now start up Spamassassin...
/etc/rc.d/rc.spamd start
Now let's see if Spamassassin is running...
ps aux | grep spamd
You should the following info concerning spamassassin. The PID might differ on
your system, but you get the idea.
spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /
home/spamd -d
If all has gone well, both Spamassassin and Clam Anti Virus should now be
installed! With both of these programs installed, we can now install Qmail-
Scanner.
Proceed_to_Part_15
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### qmailscanner_slackware.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 15 - qmail-scanner w/qms-analog
(Slackware)
If you will recall, when we compiled qmail earlier in this installation, we
applied a patch to qmail called "qmailqueue.patch". This patch allows qmail to
be configured to run with a substitute queuing mechanism. That's exactly what
were about to do here. We're going to tell qmail to use Qmail-Scanner as the
queuing mechanism.Qmail-scanner is going to allow us to integrate Clam
Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-
scanner is installed, there will be a master script that is filled with
configuration options that help you to tailor the functionality of Clam
Antivirus and SpamAssassin to your needs. To expand the number of configuration
options, we are also going to apply a patch to qmail-scanner. For this patch,
we will be using Mark_Teel's_qms-analog_patch. Qms-analog incorporated the
widely used qmail-scanner-st patch but it also adds some cool reporting
functionality as well which we will utilize later in this installation guide.
So let's get on it!
cd /downloads/qmailrocks
Unpack qmail-scanner...
tar zxvf qmail-scanner-1.22.tgz
Now unpack qms-analog...
tar zxvf qms-analog-0.3.4.tar.gz
Install qms-analog itself. This will come in handy in the next step when we
install Qmailanalog.
cd qms-analog-0.3.4
make all
Next, we copy needed qms-analog files to the qmail-scanner source directory...
cp qmail-scanner-1.22-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-
scanner-1.22/
cp qms-config-script-cwrapper /downloads/qmailrocks/qmail-scanner-1.22/
Now, let's apply the qms-analog patch...
cd /downloads/qmailrocks/qmail-scanner-1.22
chmod 755 qms-config-script-cwrapper
patch -p1 < qmail-scanner-1.22-st-qms-YYYYMMDD.patch
Now continue with the qmail-scanner installation...
groupadd qscand
useradd -g qscand -c "Qmail-Scanner Account" -s /bin/false qscand
Now we will configure qmail-scanner and install it. Ordinarily, you would run
the ./configure script to configure and install qmail-scanner. However, Mark
Teel has donated a handy little config script that does most of the work for
you.This script is called "qms-config-script" and, if you look above, you
should have already copied this config script into the qmail-scanner source
directory.
By default, Slackware is setup to NOT allow setuid. Therefore, we'll start off
with instructions based on a server that does not allow setuid. However, if you
know for a fact that your server has been setup for setuid functionality, the
redhat installation instructions for qmail-scanner should suffice.
So let's do it...
cd /downloads/qmailrocks/qmail-scanner-1.22/contrib
make install
Now we will customize the qmail-scanner configuration script...
cd /downloads/qmailrocks/qmail-scanner-1.22
vi qms-config-script-cwrapper
You will notice several fields that need to be customized to fit your needs.
Let's have a look. I've highlighted the fields you should customize in RED
#!/bin/sh
if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi
./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify admin \
--skip-setuid-test \
"$INSTALL"
Now save and exit out of the config file. That was easy, wasn't it.
And now we will run a test config for qmail-scanner...
./qms-config-script-cwrapper
Answer YES to all questions. If you get no errors, you can then run the script
in "install" mode and this will install qmail-scanner on your server. If you do
get errors, check out these troubleshooting_tips.
./qms-config-script-cwrapper install
Again, answer YES to all questions. If you get no errors, you can then run the
script in "install" mode and this will install qmail-scanner on your server. If
you do get errors, check out these troubleshooting_tips.
vi /var/qmail/bin/qmail-scanner-queue.pl
Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl
to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.)
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl
And now all that's left for qmail-scanner is to initiate the version file and
the perlscanner database...
First, we'll initialize the version file. This command also helps to keep your
server's /var/spool/qmailscan folder clear of rogue files that can develop when
SMTP sessions are dropped. You may want to stick this command into your
server's crontab and run it once a day. You'll see more on this in the
"maintaining your qmail server" step near the end of this tutorial.. So let's
run it...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
And now we will generate a new perlscanner database for qmailp-scanner. For
future reference, it's a good idea to run this next command whenever you
upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail
server" step near the end of this tutorial. So let's do i t...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-
attachments.txt
perlscanner: total of 9 entries.
And now one final ownership check...
chown -R qscand:qscand /var/spool/qmailscan
Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into
qmail itself.
vi /var/qmail/supervise/qmail-smtpd/run
To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we
add the following line to the SMTP "run" script right under the first line (#!/
bin/sh):
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE
..and we change the "softlimit" in that same script...
change softlimit to 40000000
Note: It is absolutely vital that you change the "Softlimit" setting in this
script. If you don't, qmail may fail to deliver mail!!!
So now the qmail-smtp/run file should look like this:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ];
then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD"
\
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
Once you've got the qmail-smtpd file modified, save the changes and exit from
the file. Now we will finalize the qmail-scanner installation by going over
some post-install configuration options. After that, we'll fire everything up
and take qmail-scanner for a test drive!.
To activate all the changes we just made, we're going to have to completely
stop and restart qmail...
Stop it...
qmailctl stop
and start it...
qmailctl start
And a quick check of the qmail processes, just to be safe..
qmailctl stat
Now it's time to test the whole damn thing to see if Qmail-Scanner,
Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner
comes with it's own testing script that does a fantastic job. So let's test it!
cd /downloads/qmailrocks/qmail-scanner-1.22/contrib
chmod 755 test_installation.sh
setuidgid qscand ./test_installation.sh -doit
A successful test should produce the following output. 2 messages should be
quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages
should be set to whatever mailbox you specified in the Qmail-scanner
configuration script. Don't worry if you don't get virus notification emails.
The normal notification emails that get sent out upon virus detection usually
don't work during the test.
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by
commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using
SpamAssassin...
Done!
Finished test. Now go and check Email for postmaster@mydomain.com
If you get 2 messages in your inbox and you see 2 messages in the quarantine
folder, it's time to crack open a cold one! You've successfully installed all 3
packages! Woohoo!
_____________________________________________________________________________
| - Helpful Hints - |
|______________Post_Install_configuration_tips_for_Qmail-Scanner______________|
|Although Qmail-Scanner should work pretty much "out of the box" so to speak, |
|you can make some customizations to it's configuration by editing the qmail- |
|scanner-queue.pl script located at /var/qmail/bin/qmail-scanner-queue.pl. The|
|qmail-scanner-queue.pl script controls a lot of the functionality of both |
|Clam AV and Spamassassin. Check it out for yourself and you will see that |
|there are quite a few items you have control over. I wouldn't recommend |
|touching most of them. In fact, the only setting that I changed in mine is in|
|the Spamassassin section: |
|Can I have Spamassassin tag suspected spam with a custom subject line? |
|Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl file and find the |
|following line: |
|my $spamc_subject=``; |
|Now type a custom spam subject. This subject line will be added to any mails |
|that Spamassassin tags as suspected spam. Here's an example: |
|my $spamc_subject=`Hi, I'm Spam`; |
|The "spamc_subject" setting determines what message Spamassassin will append |
|to the "subject" of e-mails which it deems as SPAM. |
|Can I delete e-mails that Spamassassin labels as spam? |
|Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl l file and find the |
|following line: |
|my $sa_delete='0'; |
|Now replace the '0' with a number that represents how far above your |
|SpamAssassin "required_hits" variable that Qmail-scanner should start |
|deleting messages at. For example, if you SpamAssassin required_hits variable|
|is set to "5" and you set the "sa_delete" variable to "1.0", then any message|
|that has a spam score of 1.0 over the "5" mark would be deleted. In other |
|words, any mail with a score of 6 or more would be trashed automatically. So |
|for this example, you would change the "sa_delete" variable as follows: |
|my $sa_delete='1.0'; |
|Is is safe to tell qmail-scanner to delete e-mails that SpamAssassin marks as|
|spam? |
|Spamassassin has been tested to have up to a 99% accuracy rating in terms of |
|detecting real spam and leaving legitimate e-mail alone. I've been using it |
|for over a year now and have never gotten a false positive. Therefore, I feel|
|safe in telling it to just delete the stuff. |
|There are a host of other Spam and Virus handling directives that can be |
|customized with the qmail-scanner.pl file. You can check out the qmail- |
|scanner patch website at http://xoomer.virgilio.it/j.toribio/qmail-scanner/ |
|for all the details. |
|Other_than_that,_I_left_my_qmail-scanner-queue.pl_script_as_is.______________|
Summary of functionality:
If you've gotten to this point, you should have Clam Anti-Virus, Spamassassin
and Qmail-Scanner all working together. When a messages comes into the server,
Qmail-Scanner takes the message and pipes it out to both Clam Anti-Virus and
Spamassassin. If the message contains a virus, Clam AV quarantines it a /var/
spool/qmailscan/quarantine and then send a notification e-mail to whoever you
specified in the Qmail-Scanner installation. If the message does not contain a
virus, it is then scanned by Spamassassin. Depending on the score that
Spamassassin assigns to the message and whether or not that score breaks the
SPAM threshold set by you in the /var/qmail/.spamassassin/user_prefs file,
Spamassassin will either let the message go unaltered to its destination or it
will tag the message as SPAM. If the message is tagged as SPAM, it will still
arrive at its destination, but with an altered "subject" that will signal to
the recipient that this was tagged as SPAM. The text that gets appended to the
"subject" of the e-mail is set in the /var/qmail/bin/qmail-scanner-queue.pl
file. (For example: If you set qmail-scanner-queue.pl to tag all SPAM with "HI,
I'M SPAM!", mail tagged as such will be delivered to the recipient with "HI,
I'M SPAM" added to the subject. Once the message is tagged, the recipient can
then configure his/her mail client to deal with those tagged message in
whatever manner he/she sees fit. Alternatively, you can tell Spamassassin to
delete all suspected spam messages (like I do). You can find directions for
this in the "Hints" box above.
Proceed_to_Part_16
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### qmailanalog.htm ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 16 - QmailAnalog w/qlogtools & qms-analog
Qmailanalog performs some basic log analysis on those qmail log files and then
outputs them to a desired location. In my case, I run qmailanalog every night
and output the results to e-mail. Along with qmailanalog, we're going to install
the "qlogtools" package. Qlogtools, as its name implies, provides an array of
tools which can be used to analyze the qmail logs. We're going to use one of the
qlogtool packages, tai64n2tai, to convert the timestamps on the log files from a
machine readable format to a human readable format which will come to us when we
get the finished report. After we've installed both Qmailstats and Qlogtools, we
will create a script which you can run on a nightly basis to generate e-mail
stats. The script will also incorporation qms-analog, which we installed with
qmail-scanner previously. The qms-analog output will give add qmail-scanner
stats to our nightly report.
First, let's install qmailanalog...
cd /downloads/qmailrocks/
tar zxvf qmailanalog-0.70.tar.gz
cd qmailanalog-0.70
____________________________________________________________________________
|RH 9/RHEL/Fedora/Slackware users: You will need to patch qmailanalog with an|
|additional errno patch: |
|___________patch_<_/downloads/qmailrocks/patches/0.70-errno.patch___________|
make && make setup check
That's it. Qmailanalog is installed!
Now let's install qlogtools...
cd /downloads/qmailrocks/
tar zxvf qlogtools-3.1.tar.gz
cd qlogtools-3.1
__________________________________________________________________________
|RH 9/RHEL/Fedora/Slackware users: You will need to patch qlogtools with an|
|additional errno patch: |
|_______patch_<_/downloads/qmailrocks/patches/qlogtools_errno.patch________|
mkdir /usr/local/man(if directory already exists, you're good to go)
make
./installer
OK. The qlogtools library of tools should now be installed.
Now we will implement a script to run Qmailanalog and then you can hook that
script into the server's crontab to get stats generated every night.
The script below is a solid script that sends an email to the server
administrator with both the qmailanalog output as well as qms-analog's readout
of qmail-scanner's activities. Pretty sweet, huh?
cp /downloads/qmailrocks/qms-analog-0.4.1/qmailstats /var/qmail/bin
vi /var/qmail/bin/qmailstats
#!/bin/sh
## qms-analog and qmailanalog invocation script
##
## Note: For better readability of the nightly stats email, set your email
## client font to a fixed width font - then all the columns line up
## very nicely.
##
PATH=/usr/local/qmailanalog/bin:/var/qmail/bin:/bin:/usr/bin:/usr/local/bin
QMAILSTATS="/tmp/q.$$"
EMAILMSG="/tmp/qms.$$"
umask 077
DATE=`date +'%D'`
## prepare qmail log entries for qmailanalog routines
cat /var/log/qmail/qmail-send/* /var/log/qmail/qmail-pop3d/* /var/log/qmail/
qmail-smtpd/* | tai64n2tai | awk '{$1=substr($1,1,index($1,".")+6);print}' |
matchup > $QMAILSTATS 5>/dev/null
## build the email message header
echo "To: your_postmaster@yourdomain.com" > $EMAILMSG
echo "From: your_postmaster@yourdomain.com" >> $EMAILMSG
echo "Subject: Nightly Qmail Stats Report for $DATE" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
## qms-analog invocation
#
# USAGE: qms-analog hours-of-history
#
# hours-of-history (0 - n) hours of history to collect
# 0 => all records
# sort-key (optional) sort key for account statistics
# msgbw (default) msg bandwidth - successful msgs
# alpha alphanumeric by account name
# virus number of viruses received
# saavg Spamassassin avg score
# sadet Spamassassin msgs detected
#
# Examples:
# "qms-analog 24" - use only records within the last 24 hours,
# sort by msg bandwidth
# "qms-analog 168" - use only records within the last 7 days,
# sort by msg bandwidth
# "qms-analog 0" - use all records, sort by msg bandwidth
# "qms-analog 0 alpha" - use all records, sort alphabetically
# "qms-analog 0 saavg" - use all records, sort by Spam average score
#
# Note: Add or remove statistical time frames to suit your preference -
# "last 24 hours" and "all records" are uncommented below by default.
##
#### Last 24 hours
echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 2 4 H o u r s
~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 24 >> $EMAILMSG
####
#### Last 7 days
#echo "" >> $EMAILMSG
#echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 7 D a y s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 168 >> $EMAILMSG
####
#### Last 30 days
#echo "" >> $EMAILMSG
#echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 3 0 D a y s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 5040 >> $EMAILMSG
####
#### All records in qms-events.log
echo "" >> $EMAILMSG
echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ A l l R e c o r d s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 0 >> $EMAILMSG
####
## qmailanalog invocation
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
zoverall < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
zfailures < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo
"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
>> $EMAILMSG
zdeferrals < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
## pipe the message into qmail-inject
cat $EMAILMSG | qmail-inject
## delete temp files
rm -f $QMAILSTATS
rm -f $EMAILMSG
Now set the script executable...
chmod 750 /var/qmail/bin/qmailstats
Now run the script...
/var/qmail/bin/qmailstats
Check your email and you should get a report with some pretty cool stuff in it!
Your report should look something_like_this.
OK, if the qmailstats script is working, you will now want to create a crontab
entry to run this script every night.
So, as the "root" user let's set up a cron entry...
crontab -e
0 3 * * * /var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null
Save and exit from the crontab editor and you should be all set. The above entry
will run the qmailstats script every night at 3:00AM.
Proceed_to_Part_17
______________________________________________________________________________
|______________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|______________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|______________________________________|installer.__________________________|
|__|_____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|________________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|______________________________________|hyperlinks._________________________|
|__|__________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|______________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### qtrap.php ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 17 - Installing Qtrap
Our final ingredient in this installation is going to be a domain level word
filter, which I've named "Qtrap". This script is applied on a per domain basis
and serves as a "bad word" scanner to catch any spam that Spamassassin may have
missed. This filter serves as the last defense against SPAM before it arrived
in your inbox. I like this filter because it helps to get rid of any SPAM that
happens to make it by Spamassassin. Without any protection at all, my mailbox
gets a shit ton of SPAM every day. Within the first 3 months I enacted the
Qtrap filter, Qtrap logged over 9,000 deleted SPAM messages, none of which were
legitimate e-mails. My keyboard's delete key was very appreciated the extra
rest.
Any emails that are scanned and contain a banned word will be automatically
deleted and logged by the qtrap script. A whitelist feature now exists so that
individual addresses or domains can be exempt from the qtrap scan.
So let's install it...
cd /home/vpopmail
mkdir -p qtrap/logs
cd qtrap
cp /downloads/qmailrocks/scripts/qtrap/qtrap-2.0.0 ./qtrap.sh
Defnining your whitelist:
vi qtrap.sh
You will see a block of code for the whitelist that looks like this:
whitelist_check () {
case $WHITELIST in
address@somewhere.com|address@somewhereelse.com|*entiredomain.com)
echo $SENDER found in whitelist on `date "+%D %H:%M:%S"` >> /home/vpopmail/
qtrap/logs/qtrap.log
exit 0;;
*)
;;
esac
}
The email addresses in the bold red text above should be substituted with any
email addresses that you wish to whitelist against the qtrap filter process.
Whitelisted addresses will be allowed to send you mail that contains "banned"
words. Un-whitelisted address will be scanned and their message deleted if it
contains a banned word. As you can see above, you can specify an individual
address (address@somewhere.com) or you can simply whitelist an entire domain
(*entiredomain.com).
Defining your "banned word" list:
within the qtrap.sh script you should see another section, below the whitelist
section of code, that looks like this:
checkall () {
case $BANNED_WORDS in
porn|PORN|Sex|SEX)
printout $BANNED_WORDS
echo MESSAGE DROPPED from $SENDER because of $BANNED_WORDS on `date "+%D %H:%M:
%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 99;;
*)
;;
esac
}
The portion of the above section that I've highlighted in RED is the array of
"banned" words. Edit this array to your satisfaction. Make sure that each word
is seperated by a pipe "|" and keep in mind that the array is case sensitive.
So the words "SEX" and "Sex" are 2 different words. Also, excercise caution
here. You don't want to ban words that are used in everyday e-mails. For
example, you wouldn't want to ban the word "hello" or something like that. You
should only ban words that you are 100% sure you would never see in a
legitimate e-mail.
Now let's set up the logging directory...
touch /home/vpopmail/qtrap/logs/qtrap.log
chown -R vpopmail:vchkpw /home/vpopmail/qtrap
chmod -R 755 /home/vpopmail/qtrap
Now we will add this script into the mail path for a domain on our server.
cd /home/vpopmail/domains/yourdomain.com
vi .qmail-default
add the following line above the line that is already there
| /home/vpopmail/qtrap/qtrap.sh
Here's an example:
.qmail-default before:
| /home/vpopmail/bin/vdelivermail '' delete
,qmail-default after:
| /home/vpopmail/qtrap/qtrap.sh
| /home/vpopmail/bin/vdelivermail '' delete
Save these changes and that should be it. You don't have to restart anything.
To test this last rule, try sending an e-mail to your mailbox and make sure
that the test e-mail contains one of the words that you entered into the "bad
word" list in the Qtrap script. If the filter is working right, the message
should NOT arrive in your inbox. You should then be able to view the log file
at /home/vpopmail/qtrap/logs/qtrap.log and see a log of the dropeed message
corresponding to the time at which you sent the test message. The drop log
should look something like this:
MESSAGE DROPPED from someone@somewhere.com because of some_banned_word onon 06/
13/03 02:37:51
If the test was successfull, then that's it! Congratulations, you've completed
the Qmailrocks.org Qmail installation. Have fun. The next couple steps discuss
cleanup as well as some closing notes and suggestions.
Proceed_to_Part_18
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_
###### maintain.php ######
$geturl = $_SERVER['SERVER_NAME'] ?>
QMR_in_PDF/Text_format
How_to_mirror_qmailrocks.org!
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
Part 18 - Maintaining your qmail server
Once you've got your qmail server up and running, how do you take care of it?
This page will cover the many answers to that question. So here goes.
___________________________________________
|Table of contents: |
|Making_sure_that_all_services_start_on_boot|
|Maintaining_the_qmail_queue |
|Maintaining_qmail-scanner |
|Maintaining_SpamAssassin |
|Maintaining_Clam_Antivirus |
|Maintaining_current_software_versions |
|Maintaining_the_qmail_logs |
|Maintaining_administrative_mailboxes |
|Maintaining_other_mailboxes |
|Backing_up_your_qmail_server_______________|
Making sure that all services start on boot
If you've installed qmail correctly, it should already automatically start when
you boot your server. However, you will want to make sure that all of the other
needed services start as well.
--For Redhat users--
Starting Courier-imap on boot - make sure the following 2 lines exist in your
server's /etc/rc.local file:
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
Starting SpamAssassin on boot
Try running the "setup" command and check the system services area to see if
SpamAssassin is listed and marked with a "*" to start on boot. If SpamAssassin
is not present in the system's "setup" tool, you can start it on boot by added
the following line to the server's /etc/rc.local file
/etc/rc.d/init.d/spamd start
Starting Apache on boot
Try running the "setup" command and check the system services area to see if
the "httpd" service is listed and marked with a "*" to start on boot. If it is
not present in the system's "setup" tool, you can start it on boot by added the
following line to the server's /etc/rc.local file
/etc/rc.d/init.d/httpd start
--For Slackware users--
Make sure the following startup commands exist in your system's /etc/rc.local
file:
Starting Courier-imap
/etc/rc.d/rc.imap start
/etc/rc.d/rc.imaps start
Starting SpamAssassin
/etc/rc.d/rc.spamd start
Starting Apache
/etc/rc.d/rc.httpd start(If you already have Apache configured to start on
boot, you can omit this line)
Maintaining the qmail queue
It's usually not a bad idea to keep your qmail server's queue in check. Your
qmail server's queue is located at /var/qmail/queue. However, it's just about
impossible to look directly at the queue folders and be able to tell what's
going on.
qmailctl stat - This, of course, shows you your qmail server's current status.
Included in the stats is the current condition of the queue. You can use this
to see how many messages are sitting in the queue.
qmHandle - This add-on tool allows more in depth viewing of the queue and it
also allows you to perform administrative functions on the queue. You can find
instructions about installing qmHandle here. Once qmHandle is properly
installed, running the command
"qmHandle" will provide a listing of all the possible commands possible. I'll
go over a couple of them right now.The "qmHandle -l" command will give you a
complete listing all every message in the queue and a summary containing the
date the message was sent, the sender and the intended recipient. The output
for a single message might look like this:
6406395 (195, R)
Return-path: bob@somewhere.com[]
From: Bob Smith
To: Frank Smith
Subject: Re: This weekend
Date: Mon, 16 Feb 2004 12:14:31 -0700
Size: 1482 bytes
The message number, 6406395, can be seen at the top of the message. If we
wanted to delete this single message from the queue, we could do so with a
command of "qmHandle -d6406395". The entire queue can be cleared out with the
command "qmHandle -D".
queuelifetime - The "queuelifetime" setting for qmail determines how long
messages can stay in the queue. By default, your qmail server will keep
messages in the queue for 604,800 seconds, or 7 days. However, you can set a
custom queuelifetime by creating a file called /var/qmail/control/
queuelifetime. The content of that file is a single line containing a number
which represents the number of seconds the queue will hold any given message.
If you want to set a custom queuelifetime, you might want to whip out the old
calculator.
A little advice on handling your queue
You need to keep in mind that a queued message is NOT necessarily a BAD thing.
The only time a message is queued for any length of time is when it is
undeliverable at the time it is originally sent. A message is usually
undeliverable for 1 of 2 reasons:
1) The receiving mail server is offline. If this is the case, when that mail
server comes back online at a later time your qmail server will then be able to
deliver that message. A perfect example of this is the Qmailrocks.org mailing
list. At any given time there lots of messages in the mailing list server's
queue. However, these messages usually get delivered eventually. As you can
imagine, some people on the mailing list are probably using a new qmail server
to house the mailbox with which they have signed up on the list with. Well, of
course, since that person is new the qmail there is a chance that their server
may go down for periods of time while they are working on it and perfecting
their qmail skills. It is at these times when their server is unreachable and
when my list server then queues the message for later delivery. No big deal.
2) The recipient address is bogus or incorrect. If you get hit with a lot of
spam on your server, or if you have a spammer on your server, this will
probably happen to you at some point. Your queue gets filled with message bound
for bogus addresses OR it gets filled with bounce messages that your server is
trying to deliver back to spammers who sent spam to bogus addresses on your
server. A good way to cut down on this is to set the domains on your server to
"delete" catchall mail instead of bouncing it. This can be done from within the
Qmailadmin interface. Setting a domain's catchall setting to "bounce" is a bad
idea in my experience as it only results in a queue full of bounced bounce
messages. If you don't need a catchall for your domain, do yourself a favor and
set it to "delete". This is also the case if you are running Qmail-scanner.
Qmail-scanner has an option to notify the sender when a virus is found in an e-
mail. Bad idea. Most of the time, the address from which that virus laden e-
mail came is bogus. So trying to "notify" the sender usually results in nothing
but a bunch of double bounces flying all over your server.
Fortunately, since your qmail server has a built in queue lifetime, messages
will eventually drop out of the queue if they are undeliverable. The last thing
I want to mention is that it is a common misconception that if your queue is
full, mail being sent presently will not be delivered quickly. This is a
misconception. As I said, the queue is a repository for messages that are not
immediately deliverable. If a message is being sent to a valid address it will
get sent immediately, regardless of the size of the queue. So, in summary, you
don't need to panic every time you have messages in your queue. Most of the
time, the best thing to do is to just let your queue take care of itself.
However, there are time when you may deem it necessary to clean out the queue
or take other administrative action, and that's what the "qmHandle" tool above
is good for.
Maintaining qmail-scanner
Qmail-scanner is fairly easy to maintain. Once you get it configured how you
want it to be, the main items your going to want to worry about are 1) the log
files and 2) the virus quarantine area. Here's some info on both.
1) qmail-scanner logs - Qmail-scanner, when Clam Anti Virus and SpamAssassin
are hooked into it, logs the virus scanning activities to /var/spool/qmailscan/
qmail-queue.log. This log file can get REALLY big, so you will want to keep it
in check. You may want to set up a rotation schedule for this log file or some
other sort of scheduled task that deals with this log file on a routine basis.
If this log file exceeds the linux file size limit of 2GB, your mail server
will start freaking out and all hell will break lose. So do yourself a favor
and keep an eye on this log file.
2) The virus quarantine area- When qmail-scanner pipes the mail out to Clam
Anti Virus and virus is found, the virus laden message is quarantined at /var/
spool/qmailscan/quarantine/new. Those e-mails will usually not pose any threat
to your server, since there are very few Linux/Unix viruses and since they are
not being executed. However, on a busy mail server, that folder can get filled
up pretty quickly, so you may want to keep an eye on it and have it emptied on
a routine basis. I empty mine out with a crontab that runs once a week.
Anytime you upgrade qmail-scanner, it's a good idea to refresh the qmail-
scanner perlscanner database:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g or /var/qmail/bin/
qmail-scanner-queue -g(for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g or /var/qmail/
bin/qmail-scanner-queue -g (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
Maintaining SpamAssassin
SpamAssassin is relatively maintenance free one you get it up and running. It
logs it's activities to /var/log/maillog, so you can always reference the logs
for any investigations. New versions of SpamAssassin are released fairly often,
so you may want to occasionally check http://www.spamassassin.org to see if
there have been any new releases. In my experience, I've always been able to
install the new version over the older version with no problems. If you
upgrade, just make sure the /etc/mail/spamassassin/local.cf file still contains
the setting you want and you should be in good shape.
Anytime you upgrade SpamAssassin, it's a good idea to refresh the qmail-scanner
perlscanner database:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g or /var/qmail/bin/
qmail-scanner-queue -g(for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g or /var/qmail/
bin/qmail-scanner-queue -g (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
Maintaining Clam Antivirus
The only things you really need to do to maintain Clam AV are:
1) Make sure your server is running the automatic virus definition updates on a
regular basis. I run the following command out of crontab on a routine basis:
/usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log
2) Keep your version relatively current. New releases are put out fairly often,
so keep an eye on it. Again, in my experience I've been able to install the
newer version over the older one with no problems.
3) Anytime you do decide to upgrade Clam Antivirus, you will need to update
qmail-scanner's version file. This is easily done by running the following
command:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z or /var/qmail/
bin/qmail-scanner-queue -z (for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z or /var/qmail/
bin/qmail-scanner-queue -z (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
Maintaining current software versions in general
Naturally, as time passes new and improved versions of software will be
released from their respective venders. It's always nice to have to latest
versions of everything, but unless the newer version fixes a security hole or a
major bug you don't need to lose sleep over it. You can check the venders'
websites every now and then to see if a new version is out. I try to keep the
QMR software package as current as possible and I'm pretty good at it. Most of
the time, the qmailrocks.tar.gz package will contain the latest versions of
everything.
I've never had any big problems with upgrading any of the software. For source
packages. you can usually simply compile and install the latest version right
over the older version with no problems. I mention this in the above paragraphs
on SpamAssassin and Clam AV, but it generally applies to all of the software
found on this site. The same goes for RPMs. You can usually just install the
new RPM right over the older one using the command syntax "rpm -Uvh
whatever.rpm".
Qmail itself has not had a new version release in a very long time, but you can
bet if there is a new release I will have it here. As you probably know by this
point, the current qmail version is version 1.03. Many people have noticed that
qmail.org offers a version of qmail called "netqmail-1.05". At first glance
this may appear to be a newer version of qmail. IT IS NOT. Netqmail is simply
qmail-1.03 with some of the patches (which I use on this site anyway) already
built in. If you follow the QMR installation guide using 1.03, the resulting
installation of qmail is not different that if you used netqmail. Understand?
If you don't trust me, check out the full description of netqmail here.
Maintaining the qmail logs
Fortunately, qmail's logs take care of themselves. They automatically rotate
all on their own, so you never have to worry about them. The only thing worth
noting is that you CAN customize the rotation schedule for the logs. This is
done the "logs" supervise script for each supervised function. Confused? Ok,
I'll explain.
In the QMR qmail installation, there are 3 supervise scripts and, subsequently,
3 logs for those scripts.
/var/qmail/supervise/qmail-pop3d/run operated the pop server and is logged via
/var/qmail/supervise/qmail-pop3d/log/run
/var/qmail/supervise/qmail-smtpd/run operates the smtp server and is logged via
/var/qmail/supervise/qmail-smtpd/log/run
/var/qmail/supervise/qmail-send/run operates the mail processor and is logged
via /var/qmail/supervise/qmail-send/log/run
Each of the above "log/run" scripts tells the server how it wants those
activities logged. Let's take the /var/qmail/supervise/qmail-pop3d/log/run
logging script as an example:
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
The last line of this script sets some of the logging options. We can break
that last line into several parts:
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
So let's break it down:
exec setuidgid qmaill multilog- run the multilog program as the "qmail" user.
t- inserts an @, a precise timestamp, and a space in front of each line.
The above "t" is why the rotated logs take on names like this:
@40000000402d1c562cbf3534.s
s100000- logs will rotate when they reach 100000 bytes.
n20- number of rotations to keep on hand before they fall off.
/var/log/qmail/qmail-pop3d 2>&1 - the directory to where the logs will be
written, silently.
Maintaining administrative mailboxes
This may seem a bit silly, but you'd be surprised how many people neglect the
administrative e-mail account on their server. But what is the administrative
e-mail account? Well, that depends on you. Administrative mail would be mail
destined for the server's root user as well as any notification settings you
may have. The destination for most the server's administrative addresses is
usually determined by the aliases you have created at /var/qmail/aliases. If
you've followed the QMR install guide, you should have a "postmaster" alias as
well as "root", "mailer-daemon" and "anonymous" aliases. If you're like me, you
direct all of these aliases to a single mailbox on your qmail server. For
example, on the qmailrocks.org server, I direct all of these aliases to the
qmailrocks.org postmaster account. This means that my postmaster account gets
all of the administrative mail on the server. I get bounce failure messages,
crontab reports, log watch reports and many other admin type emails. In
addition, since I also have qmail-scanner set up to send virus reports to this
same address. So, as you can see, my postmaster account is the central locus
for all the server's administrative mail. You probably want to do the same with
your server, as these administrative e-mails can often help you to find and
correct problems that might otherwise go unnoticed. A mistake that people make
a lot is to have the administrative mail directed to some mail account that
they never check. This inevitably leads to that person being surprised when
they find out that they have a mailbox on their server that's a couple Gigs in
size. These people will also be surprised when they find that that mailbox is
full of error messages that have been coming in for months indicating that
something on the server is misconfigured. They never checked the mailbox, so
they never knew. Well, I guess ignorance is bliss. So my point of this whole
paragraph is that you should keep your administrative mail configuration
organized and well cared for. It will save you a lot of heartache down the
road.
Maintaining other mailboxes
Managing all other mailboxes on your server is made easy my simply setting
quotas on all domains. It is inevitable that if you host mail on your server,
there will be some idiot who either never checks his mailbox or decides that he
has to store a lifetime worth of mail on the server. Setting quotas for your
domains is a way of keeping these idiots in check and preventing you from
having a disk space crisis because of these idiots. If you have a 120GB drive
in your server and no quotas, there WILL be some fool who fills up all 120GB
with his mail. So take my advise and set rigid quotas for your domains.
Backing up your qmail server
Backing up a qmail server is relatively easy. While different people may give
you slightly different recommendations, you can ensure a safe backup of your
qmail server if you backup the following 2 directories on a routine basis.
/home/vpopmail - backs up all your domain information, including mailboxes,
passwords and the messages themselves.
/var/qmail - backs up all of your qmail settings. The /var/qmail/control
directory is the most important directory in there to back up, but it won't
hurt to just back up the whole damn qmail directory.
Proceed_to_Part_19
_____________________________________________________________________________
|_____________________Color_Coded_Qmail_Installation_Key______________________|
| | Regular Black Text | Qmail installation notes and |
|__|_____________________________________|summaries_by_the_author._Me_talking.|
| | Bold Black Text | Commands to be run by you, the |
|__|_____________________________________|installer.__________________________|
|__|____________________Bold_Maroon_Text_|_Special_notes_for_Redhat_9_users.__|
|__|_______________________Bold_Red_Text_|_Vital_and/or_critical_information._|
| | Regular/Bold Purple text | Denotes helpful tips and hints or |
|__|_____________________________________|hyperlinks._________________________|
|__|_________________Regular_Orange_Text_|_Command_line_output._______________|
|Cp| Regular green text | Denotes the contents of a file or |
|__|_____________________________________|script._____________________________|
home | about | the_installation | utilities | faq | contact | journal | mailing
list | list_archive | forum | links | donate | merchandise
_The_Rocks_Project_