NOTES/qmail

[ HOME | REFERENCE | FreeBSD | MySQL | PostgreSQL | Apache | qmail | PHP | Pure-FTPd ]

introduction

Faster, more stable, and more secure than sendmail, I started using qmail for the same reason I started using FreeBSD: someone walked me through it. I'm not going to go through the merits or flaws of qmail (even though I could think of only one disadvantage, which I'll mention in these NOTES), let's continue. By the way, this will be the most tedious of the NOTES.

These NOTES were done with qmail-spamcontrol 1.03.2415_1, cdb 0.75, ucspi-tcp 0.88, daemontools 0.76, vpopmail 5.4.13, courier-imap 4.1.1, qmailadmin 1.2.7, dspam 3.6.8, and maildrop 2.0.2.


track

  1. ports
  2. post ports
  3. scripts
  4. more configuration
  5. kill sendmail
  6. add domains
  7. start qmail
  8. using qmailadmin
  9. client setup
  10. references

i. ports

Install a whole bunch of programs

# (cd /usr/ports/mail/qmail-spamcontrol && make install clean)

Choose BIG_CONCURRENCY_PATCH, MAILDIRQUOTA_PATCH, EXTTODO_PATCH, REQBRACKETS, VERP, BIGTODO

# (cd /usr/ports/databases/cdb && make install clean)
# (cd /usr/ports/mail/qmail-contrib && make install clean)
# (cd /usr/ports/sysutils/ucspi-tcp && make install clean)

Choose MAN, RSS_DIFF, SSL

# (cd /usr/ports/sysutils/daemontools && make install clean)

If you plan on using vpopmail with MySQL, do the following:

# mysql -u root -p

Enter your password for MySQL if you did not already change it. If you did not change it just hit Enter. You should now see the MySQL prompt. Enter the following:

mysql> CREATE DATABASE vpopmail;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'vpopmail';
mysql> quit;

Continue the vpopmail installation with MySQL

# cd /usr/ports/mail/vpopmail
# make install WITH_QMAIL_EXT=yes WITH_MYSQL=yes WITH_VALIAS=yes WITH_SUID_VCHKPW=yes
# make clean
# echo "localhost|0|vpopmail|vpopmail|vpopmail" > /usr/local/vpopmail/etc/vpopmail.mysql

If you do not want to use MySQL with vpopmail, do this:

# cd /usr/ports/mail/vpopmail
# make install WITH_QMAIL_EXT=yes
# make clean

Continue to install the rest of the programs needed...

# (cd /usr/ports/mail/courier-imap && make install clean)

Choose OPENSSL, IPV6, AUTH_VCHKPW

Install qmailadmin

# cd /usr/ports/mail/qmailadmin
# make install WITH_MODIFY_QUOTA=yes WITH_HELP=yes WITH_SPAM_DETECTION=yes \
> SPAM_COMMAND="|preline /usr/local/bin/maildrop /usr/local/vpopmail/filter/default"
# make clean

Install maildrop

# cd /usr/ports/mail/maildrop
# make install WITH_AUTHLIB=yes MAILDROP_SUID=vpopmail MAILDROP_SGID=vchkpw
# make clean

When the options come up, use AUTH_VCHKPW

Install dspam

# cd /usr/ports/mail/dspam
# make install DSPAM_OWNER=vpopmail DSPAM_GROUP=vchkpw
# make clean

Choose the following options for dspam

This should not take long at all.


ii. post ports

Create necessary directories and other scripts.

First, we create the directories for our supervise scripts.

# mkdir -p /var/qmail/supervise/qmail-send/log
# mkdir -p /var/qmail/supervise/qmail-smtpd/log
# mkdir -p /var/qmail/supervise/qmail-pop3d/log
# chmod +t /var/qmail/supervise/qmail-send
# chmod +t /var/qmail/supervise/qmail-smtpd
# chmod +t /var/qmail/supervise/qmail-pop3d

Create directories for logging.

# mkdir /var/log/qmail
# mkdir /var/log/qmail/pop3d
# mkdir /var/log/qmail/smtpd
# mkdir /var/log/qmail/send
# chown qmaill /var/log/qmail
# chown qmaill /var/log/qmail/*

Now make a directory and create symbolic links for the supervise services.

# mkdir /var/service
# ln -s /var/qmail/supervise/* /var/service/

Create a symlink for control files

# ln -s /var/qmail/control /etc/qmail

Set concurrencyincoming for qmail

# echo 20 > /var/qmail/control/concurrencyincoming
# chmod 644 /var/qmail/control/concurrencyincoming

Set defaultdelivery

# echo ./Maildir/ > /var/qmail/control/defaultdelivery

Identify hostname

# echo `hostname` > /var/qmail/control/me
# echo `hostname` > /var/qmail/control/defaulthost
# echo `hostname` > /var/qmail/control/locals

Enable svscan in /etc/rc.conf

# ee /etc/rc.conf

svscan_enable="YES"

Save the file.

Note: For the next section, there's a simple script that I created that will copy all of the scripts below and configure them correctly in their respected directories. Use this script at your own risk, and it's best to go through NOTES step-by-step to see what's happening.

If you configured vpopmail with MySQL you will need to create a vpopmail user and a vpopmail database.


iii. scripts

This is where it's going to get real ugly.

Create /var/qmail/rc

# ee /var/qmail/rc

#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`" splogger qmail

Set mode for /var/qmail/rc

# chmod 750 /var/qmail/rc

Create the qmail control file which will be used to control qmail.

# ee /var/qmail/bin/qmailctl

#!/bin/sh     
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
case "$1" in
stat)
       cd /var/service
       svstat * */log
;;
doqueue|alrm)
       echo "Sending ALRM signal to qmail-send."
       svc -a /var/service/qmail-send
;;
queue)
       qmail-qstat
       qmail-qread
;;
reload|hup)
       echo "Sending HUP signal to qmail-send."
       svc -h /var/service/qmail-send
;;
pause)
       echo "Pausing qmail-send"
       svc -p /var/service/qmail-send
       echo "Pausing qmail-smtpd"
       svc -p /var/service/qmail-smtpd
       echo "Pausing qmail-pop3d"
       svc -p /var/service/qmail-pop3d
;;
cont)
       echo "Continuing qmail-send"
       svc -c /var/service/qmail-send
       echo "Continuing qmail-smtpd"
       svc -c /var/service/qmail-smtpd
       echo "Continuing qmail-pop3d"
       svc -c /var/service/qmail-pop3d
;;
restart)
       echo "Restarting qmail:"
       echo "* Stopping qmail-smtpd."
       svc -d /var/service/qmail-smtpd
       echo "* Stopping qmail-pop3d."
       svc -d /var/service/qmail-pop3d
       echo "* Sending qmail-send SIGTERM and restarting."
       svc -t /var/service/qmail-send
       echo "* Restarting qmail-pop3d."
       svc -u /var/service/qmail-pop3d
       echo "* Restarting qmail-smtpd."
       svc -u /var/service/qmail-smtpd
;;
cdb)
       tcprules ~vpopmail/etc/tcp.smtp.cdb ~vpopmail/etc/tcp.smtp.tmp < ~vpopmail/etc/tcp.smtp
       chmod 644 ~vpopmail/etc/tcp.smtp*
       echo "Reloaded ~vpopmail/etc/tcp.smtp."
;;
help)
       cat <<HELP
       pause -- temporarily stops mail service
       cont -- continues paused mail service
       stat -- displays status of mail service and all other possible services
       cdb -- rebuild the tcpserver cdb file for smtp
       restart -- stops and restarts smtp and pop3d, sends qmail-send a TERM & restarts it
       doqueue -- sends qmail-send ALRM, scheduling queued messages for delivery
       reload -- sends qmail-send HUP, rereading locals and virtualdomains
       queue -- shows status of queue
       alrm -- same as doqueue
       hup -- same as reload
       HELP
;;
*)
       echo "Usage: $0
       {restart|doqueue|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0

Change mode and symlink for normal access

# chmod 750 /var/qmail/bin/qmailctl
# ln -s /var/qmail/bin/qmailctl /usr/local/bin/qmailctl

Next, create three logging scripts for supervise.

# ee /var/qmail/supervise/qmail-send/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/send

# ee /var/qmail/supervise/qmail-smtpd/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/smtpd

# ee /var/qmail/supervise/qmail-pop3d/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill multilog t s2500000 /var/log/qmail/pop3d

Now create three other supervise scripts that control qmail-send, qmail-smtpd, and qmail-pop3d.

# ee /var/qmail/supervise/qmail-send/run

#!/bin/sh
exec /var/qmail/rc

# ee /var/qmail/supervise/qmail-smtpd/run

#!/bin/sh     
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
HOSTNAME=`cat /var/qmail/control/me`
exec softlimit -m 8000000 tcpserver -R -H -P -l $HOSTNAME -c $MAXSMTPD \
       -x /usr/local/vpopmail/etc/tcp.smtp.cdb \
       -u $QMAILUID -g $NOFILESGID 0 smtp \
       rblsmtpd -r blackholes.mail-abuse.org \
       qmail-smtpd 2>&1

# ee /var/qmail/supervise/qmail-pop3d/run

#!/bin/sh     
PATH=/usr/local/vpopmail/bin:/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
HOSTNAME=`cat /var/qmail/control/me`
exec tcpserver -l 0 -R -H -v -u $VPOPMAILUID -g $VPOPMAILGID 0 pop3 \
       qmail-popup $HOSTNAME vchkpw qmail-pop3d Maildir 2>&1

Now chmod all of them

# chmod 750 /var/qmail/supervise/qmail-send/run
# chmod 750 /var/qmail/supervise/qmail-send/log/run
# chmod 750 /var/qmail/supervise/qmail-smtpd/run
# chmod 750 /var/qmail/supervise/qmail-smtpd/log/run
# chmod 750 /var/qmail/supervise/qmail-pop3d/run
# chmod 750 /var/qmail/supervise/qmail-pop3d/log/run

Yes, that's a lot of scripts. We're not done yet, continue configuration.


iv. more configuration

Copy over the the base web files for qmailadmin

# cp -Rp /usr/local/www/cgi-bin.default/qmailadmin /usr/data/www/`hostname`/cgi-bin/
# cp -Rp /usr/local/www/data.default/qmailadmin/images /usr/data/www/`hostname`/

Note: If the directory structure above doesn't look familiar to you, then you didn't go over the Apache NOTES.

In order for the cgi directory to work properly, you'll need to edit /etc/httpd.conf

# ee /etc/httpd.conf

And add FollowSymLinks and ExecCGI options in the /usr/local/www/cgi-bin directive

<Directory "/usr/local/www/cgi-bin">
AllowOverride None
Options FollowSymLinks ExecCGI
Order allow,deny
Allow from all
</Directory>

It should looks similar like above. Just search for this <Directory "/usr/local/www/cgi-bin"> in /etc/httpd.conf. Save /etc/httpd.conf, you're done with Apache configuration.

Edit tcp.smtp

# ee /usr/local/vpopmail/etc/tcp.smtp

Insert the following

127.0.0.1:allow,RELAYCLIENT=""
:allow

Save it.

Ready to lock all relaying out except for localhost.

# chmod 4755 /usr/local/vpopmail/bin/vchkpw
# /usr/local/vpopmail/bin/clearopensmtp
# qmailctl cdb

Edit root's crontab to clear open relays every forty minutes.

# crontab -e

40	*	*	*	*	/usr/local/vpopmail/bin/clearopensmtp 2>&1

Note: Those are tabs, not spaces.

There's not much to it.


v. kill sendmail

First, make backups of the old symbolic links for sendmail and do not use mailwrapper! It can be faulty! After backing up old links, create new ones that uses qmail.

# mv /usr/sbin/sendmail /usr/sbin/sendmail.old
# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
# mv /usr/bin/mailq /usr/bin/mailq.old
# ln -s /var/qmail/bin/qmail-qread /usr/bin/mailq
# mv /usr/bin/newaliases /usr/bin/newaliases.old
# ln -s /var/qmail/bin/newaliases /usr/bin/newaliases
# mv /usr/sbin/hoststat /usr/sbin/hoststat.old
# ln -s /usr/bin/true /usr/sbin/hoststat
# mv /usr/sbin/purgestat /usr/sbin/purgestat.old
# ln -s /usr/bin/true /usr/sbin/purgestat

Edit /etc/rc.conf

# ee /etc/rc.conf

Look for the sendmail_enable line, set it to NONE.

sendmail_enable="NONE"

And remember to kill sendmail once and for all.

# killall sendmail

One time I forgot to kill sendmail. I didn't figure it out until a week later.


vi. add domains

Use vpopmail's vadddomain to add new domains.

# cd ~vpopmail/bin

Now you're in vpopmail's bin directory. You need to add your default domain. It should be the same name as you declared in the DEFAULT_DOMAIN option for vpopmail in ports.

# ./vadddomain name.com
Please enter password for postmaster:

And enter the password for the postmaster. Do this for all the domains you're going to host.


vii. start qmail

This may sound odd, but starting qmail is really easy... but don't do it, yet! The qmail NOTES isn't complete. Though, it doesn't really depend on it, PHP needs to be installed and Apache needs to be started. Having the web server up aids in the next section with qmailadmin. But, the easiest way to start qmail, when the time comes...

# /usr/local/etc/rc.d/svscan.sh start

When that happens, cross your fingers and hope you don't get ugly errors.

Also, qmail does come with its own set of man pages. You might want to add them to your manpath. As root, edit /etc/manpath.config

# ee /etc/manpath.config

You will find a place in /etc/manpath.config where you can add an OPTIONAL_MANPATH. Add one for /var/qmail/man

OPTIONAL_MANPATH /var/qmail/man  

Save the file.


viii. using qmailadmin

After you finished PHP NOTES and after you started the web server, then you administer any of the domains you've added with the following URL:

http://machine.name.com/cgi-bin/qmailadmin/qmailadmin

It should be quite explanatory after that.


ix. client setup

For email clients such as Eudora and MS Outlook, POP usernames are actually user@domain.com or user%domain.com.


x. references

 


Valid XHTML 1.0!QUESTIONS/COMMENTS/CORRECTIONS? notes@twinwork.net
$NOTES: /qmail/, v.0.32 2010/12/11 13:44:35 PST /10235/ NkM$
Maintainer: Neafevoc K. Marindale