QUESTIONS/COMMENTS/CORRECTIONS? notes@twinwork.net
$NOTES: /qmail/, v.0.31 2006/09/24 12:35:30 PDT /4872/ NkM$
Maintainer: Neafevoc K. Marindale
[ HOME | REFERENCE | FreeBSD | MySQL | PostgreSQL | Apache | qmail | PHP | Pure-FTPd ]
Faster, more stable, and more secure than sendmail, I started using qmail for the same reason I started using FreeBSD: someone walked me through it. I'm not going to go through the merits or flaws of qmail (even though I could think of only one disadvantage, which I'll mention in these NOTES), let's continue. By the way, this will be the most tedious of the NOTES.
These NOTES were done with qmail-spamcontrol 1.03.2415_1, cdb 0.75, ucspi-tcp 0.88, daemontools 0.76, vpopmail 5.4.13, courier-imap 4.1.1, qmailadmin 1.2.7, dspam 3.6.8, and maildrop 2.0.2.
Install a whole bunch of programs
# (cd /usr/ports/mail/qmail-spamcontrol && make install clean)
Choose BIG_CONCURRENCY_PATCH, MAILDIRQUOTA_PATCH, EXTTODO_PATCH, REQBRACKETS, VERP, BIGTODO
# (cd /usr/ports/databases/cdb && make install clean)
# (cd /usr/ports/mail/qmail-contrib && make install clean)
# (cd /usr/ports/sysutils/ucspi-tcp && make install clean)
Choose MAN, RSS_DIFF, SSL
# (cd /usr/ports/sysutils/daemontools && make install clean)
If you plan on using vpopmail with MySQL, do the following:
# mysql -u root -p
Enter your password for MySQL if you did not already change it. If you did not change it just hit Enter. You should now see the MySQL prompt. Enter the following:
mysql> CREATE DATABASE vpopmail;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'vpopmail';
mysql> quit;
Continue the vpopmail installation with MySQL
# cd /usr/ports/mail/vpopmail
# make install
WITH_QMAIL_EXT=yes WITH_MYSQL=yes
WITH_VALIAS=yes WITH_SUID_VCHKPW=yes
# make clean
# echo "localhost|0|vpopmail|vpopmail|vpopmail" > /usr/local/vpopmail/etc/vpopmail.mysql
If you do not want to use MySQL with vpopmail, do this:
# cd /usr/ports/mail/vpopmail
#
make install WITH_QMAIL_EXT=yes
#
make clean
Continue to install the rest of the programs needed...
# (cd /usr/ports/mail/courier-imap && make install clean)
Choose OPENSSL, IPV6, AUTH_VCHKPW
Install qmailadmin
# cd /usr/ports/mail/qmailadmin
# make install WITH_MODIFY_QUOTA=yes WITH_HELP=yes WITH_SPAM_DETECTION=yes \
> SPAM_COMMAND="|preline /usr/local/bin/maildrop /usr/local/vpopmail/filter/default"
# make clean
Install maildrop
# cd /usr/ports/mail/maildrop
# make install WITH_AUTHLIB=yes MAILDROP_SUID=vpopmail MAILDROP_SGID=vchkpw
# make clean
When the options come up, use AUTH_VCHKPW
Install dspam
# cd /usr/ports/mail/dspam
# make install DSPAM_OWNER=vpopmail DSPAM_GROUP=vchkpw
# make clean
Choose the following options for dspam
This should not take long at all.
Create necessary directories and other scripts.
First, we create the directories for our supervise scripts.
# mkdir -p /var/qmail/supervise/qmail-send/log
# mkdir -p /var/qmail/supervise/qmail-smtpd/log
# mkdir -p /var/qmail/supervise/qmail-pop3d/log
# chmod +t /var/qmail/supervise/qmail-send
# chmod +t /var/qmail/supervise/qmail-smtpd
# chmod +t /var/qmail/supervise/qmail-pop3d
Create directories for logging.
# mkdir /var/log/qmail
# mkdir /var/log/qmail/pop3d
# mkdir /var/log/qmail/smtpd
# mkdir /var/log/qmail/send
# chown qmaill /var/log/qmail
# chown qmaill /var/log/qmail/*
Now make a directory and create symbolic links for the supervise services.
# mkdir /var/service
# ln -s /var/qmail/supervise/* /var/service/
Create a symlink for control files
# ln -s /var/qmail/control /etc/qmail
Set concurrencyincoming for qmail
# echo 20 > /var/qmail/control/concurrencyincoming
# chmod 644 /var/qmail/control/concurrencyincoming
Set defaultdelivery
# echo ./Maildir/ > /var/qmail/control/defaultdelivery
Identify hostname
# echo `hostname` > /var/qmail/control/me
# echo `hostname` > /var/qmail/control/defaulthost
# echo `hostname` > /var/qmail/control/locals
Enable svscan in /etc/rc.conf
# ee /etc/rc.conf
svscan_enable="YES"
Save the file.
Note: For the next section, there's a simple script that I created that will copy all of the scripts below and configure them correctly in their respected directories. Use this script at your own risk, and it's best to go through NOTES step-by-step to see what's happening.
If you configured vpopmail with MySQL you will need to create a vpopmail user and a vpopmail database.
This is where it's going to get real ugly.
Create /var/qmail/rc
# ee /var/qmail/rc
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`" splogger qmail
Set mode for /var/qmail/rc
# chmod 750 /var/qmail/rc
Create the qmail control file which will be used to control qmail.
# ee /var/qmail/bin/qmailctl
#!/bin/shPATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATHcase "$1" in stat) cd /var/service svstat * */log ;; doqueue|alrm) echo "Sending ALRM signal to qmail-send." svc -a /var/service/qmail-send ;; queue) qmail-qstat qmail-qread ;; reload|hup) echo "Sending HUP signal to qmail-send." svc -h /var/service/qmail-send ;; pause) echo "Pausing qmail-send" svc -p /var/service/qmail-send echo "Pausing qmail-smtpd" svc -p /var/service/qmail-smtpd echo "Pausing qmail-pop3d" svc -p /var/service/qmail-pop3d ;; cont) echo "Continuing qmail-send" svc -c /var/service/qmail-send echo "Continuing qmail-smtpd" svc -c /var/service/qmail-smtpd echo "Continuing qmail-pop3d" svc -c /var/service/qmail-pop3d ;; restart) echo "Restarting qmail:" echo "* Stopping qmail-smtpd." svc -d /var/service/qmail-smtpd echo "* Stopping qmail-pop3d." svc -d /var/service/qmail-pop3d echo "* Sending qmail-send SIGTERM and restarting." svc -t /var/service/qmail-send echo "* Restarting qmail-pop3d." svc -u /var/service/qmail-pop3d echo "* Restarting qmail-smtpd." svc -u /var/service/qmail-smtpd ;; cdb) tcprules ~vpopmail/etc/tcp.smtp.cdb ~vpopmail/etc/tcp.smtp.tmp < ~vpopmail/etc/tcp.smtp chmod 644 ~vpopmail/etc/tcp.smtp* echo "Reloaded ~vpopmail/etc/tcp.smtp." ;; help) cat <<HELP pause -- temporarily stops mail service cont -- continues paused mail service stat -- displays status of mail service and all other possible services cdb -- rebuild the tcpserver cdb file for smtp restart -- stops and restarts smtp and pop3d, sends qmail-send a TERM & restarts it doqueue -- sends qmail-send ALRM, scheduling queued messages for delivery reload -- sends qmail-send HUP, rereading locals and virtualdomains queue -- shows status of queue alrm -- same as doqueue hup -- same as reload HELP ;; *) echo "Usage: $0 {restart|doqueue|reload|stat|pause|cont|cdb|queue|help}" exit 1 ;; esacexit 0
Change mode and symlink for normal access
# chmod 750 /var/qmail/bin/qmailctl
# ln -s /var/qmail/bin/qmailctl /usr/local/bin/qmailctl
Next, create three logging scripts for supervise.
# ee /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/send
# ee /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/smtpd
# ee /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/pop3d
Now create three other supervise scripts that control qmail-send, qmail-smtpd, and qmail-pop3d.
# ee /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec /var/qmail/rc
# ee /var/qmail/supervise/qmail-smtpd/run
#!/bin/shPATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATHQMAILUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` HOSTNAME=`cat /var/qmail/control/me`exec softlimit -m 8000000 tcpserver -R -H -P -l $HOSTNAME -c $MAXSMTPD \ -x /usr/local/vpopmail/etc/tcp.smtp.cdb \ -u $QMAILUID -g $NOFILESGID 0 smtp \ rblsmtpd -r blackholes.mail-abuse.org \ qmail-smtpd 2>&1
# ee /var/qmail/supervise/qmail-pop3d/run
#!/bin/shPATH=/usr/local/vpopmail/bin:/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATHVPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` HOSTNAME=`cat /var/qmail/control/me`exec tcpserver -l 0 -R -H -v -u $VPOPMAILUID -g $VPOPMAILGID 0 pop3 \ qmail-popup $HOSTNAME vchkpw qmail-pop3d Maildir 2>&1
Now chmod all of them
# chmod 750 /var/qmail/supervise/qmail-send/run
# chmod 750 /var/qmail/supervise/qmail-send/log/run
# chmod 750 /var/qmail/supervise/qmail-smtpd/run
# chmod 750 /var/qmail/supervise/qmail-smtpd/log/run
# chmod 750 /var/qmail/supervise/qmail-pop3d/run
# chmod 750 /var/qmail/supervise/qmail-pop3d/log/run
Yes, that's a lot of scripts. We're not done yet, continue configuration.
Copy over the the base web files for qmailadmin
# cp -Rp /usr/local/www/cgi-bin.default/qmailadmin /usr/data/www/`hostname`/cgi-bin/
# cp -Rp /usr/local/www/data.default/qmailadmin/images /usr/data/www/`hostname`/
Note: If the directory structure above doesn't look familiar to you, then you didn't go over the Apache NOTES.
In order for the cgi directory to work properly, you'll need to edit /etc/httpd.conf
# ee /etc/httpd.conf
And add FollowSymLinks and ExecCGI options in the /usr/local/www/cgi-bin directive
<Directory "/usr/local/www/cgi-bin">
AllowOverride None
Options FollowSymLinks ExecCGI
Order allow,deny
Allow from all
</Directory>
It should looks similar like above. Just search for this <Directory "/usr/local/www/cgi-bin"> in /etc/httpd.conf. Save /etc/httpd.conf, you're done with Apache configuration.
Edit tcp.smtp
# ee /usr/local/vpopmail/etc/tcp.smtp
Insert the following
127.0.0.1:allow,RELAYCLIENT=""
:allow
Save it.
Ready to lock all relaying out except for localhost.
# chmod 4755 /usr/local/vpopmail/bin/vchkpw
# /usr/local/vpopmail/bin/clearopensmtp
# qmailctl cdb
Edit root's crontab to clear open relays every forty minutes.
# crontab -e
40 * * * * /usr/local/vpopmail/bin/clearopensmtp 2>&1
Note: Those are tabs, not spaces.
There's not much to it.
First, make backups of the old symbolic links for sendmail and do not use mailwrapper! It can be faulty! After backing up old links, create new ones that uses qmail.
# mv /usr/sbin/sendmail /usr/sbin/sendmail.old
# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
# mv /usr/bin/mailq /usr/bin/mailq.old
# ln -s /var/qmail/bin/qmail-qread /usr/bin/mailq
# mv /usr/bin/newaliases /usr/bin/newaliases.old
# ln -s /var/qmail/bin/newaliases /usr/bin/newaliases
# mv /usr/sbin/hoststat /usr/sbin/hoststat.old
# ln -s /usr/bin/true /usr/sbin/hoststat
# mv /usr/sbin/purgestat /usr/sbin/purgestat.old
# ln -s /usr/bin/true /usr/sbin/purgestat
Edit /etc/rc.conf
# ee /etc/rc.conf
Look for the sendmail_enable line, set it to NONE.
sendmail_enable="NONE"
And remember to kill sendmail once and for all.
# killall sendmail
One time I forgot to kill sendmail. I didn't figure it out until a week later.
Use vpopmail's vadddomain to add new domains.
# cd ~vpopmail/bin
Now you're in vpopmail's bin directory. You need to add your default domain. It should be the same name as you declared in the DEFAULT_DOMAIN option for vpopmail in ports.
# ./vadddomain name.com
Please enter password for postmaster:
And enter the password for the postmaster. Do this for all the domains you're going to host.
This may sound odd, but starting qmail is really easy... but don't do it, yet! The qmail NOTES isn't complete. Though, it doesn't really depend on it, PHP needs to be installed and Apache needs to be started. Having the web server up aids in the next section with qmailadmin. But, the easiest way to start qmail, when the time comes...
# /usr/local/etc/rc.d/svscan.sh start
When that happens, cross your fingers and hope you don't get ugly errors.
Also, qmail does come with its own set of man pages. You might want to add them to your manpath. As root, edit /etc/manpath.config
# ee /etc/manpath.config
You will find a place in /etc/manpath.config where you can add an OPTIONAL_MANPATH. Add one for /var/qmail/man
OPTIONAL_MANPATH /var/qmail/man
Save the file.
After you finished PHP NOTES and after you started the web server, then you administer any of the domains you've added with the following URL:
http://machine.name.com/cgi-bin/qmailadmin/qmailadmin
It should be quite explanatory after that.
For email clients such as Eudora and MS Outlook, POP usernames are actually user@domain.com or user%domain.com.
QUESTIONS/COMMENTS/CORRECTIONS? notes@twinwork.net
$NOTES: /qmail/, v.0.31 2006/09/24 12:35:30 PDT /4872/ NkM$
Maintainer: Neafevoc K. Marindale