Qmail

Migration Tips

Stopping *mail from being installed on yum based systems during updates

cat >>/etc/yum.conf <<EOF
exclude=smtpdaemon exim* sendmail* postfix*
EOF

Migrating from one qmailrocks server to another

server1 & server 2

qmailctl stop

Firewalling is also a good idea to control the server while testing.

server2

   mv /home/vpopmail /home/vpopmail.new
   rsync -auv server1:/home/vpopmail/  /home/vpopmail/

   rsync -nauv /home/vpopmail.new/ /home/vpopmail/

rcpthosts, virtualdomains, users/assign

server2

  rsync -auv server1:/var/qmail/ /var/qmail.old/

  cp /var/qmail.old/control/virtualdomains  /var/qmail/control/virtualdomains
  cp /var/qmail.old/control/rcpthosts  /var/qmail/control/rcpthosts
  cp /var/qmail.old/users/assign /var/qmail/users/assign
  cp /var/qmail.old/users/cdb /var/qmail/users/cdb

  scp server1:/etc/tcp.smtp /etc/tcp.smtp
  qmailctl cdb

Edit /var/qmail/users/assign and /var/qmail/assign

to set the right uid/gid for vpopmail/vchkpw if necessary (/etc/passwd uid/gid values)

Edit /var/qmail/users2 as well ???

Vpopmail permissions

chown vpopmail.vchkpw -R /home/vpopmail

Squirrelmail

Edit /etc/httpd/conf/httpd.conf to set

DocumentRoot "/var/www/html/webmail"

Move qmailadmin and vqadmin images

cd /var/www/
mv images/* webmail/images/

http://www.squirrelmail.org/wiki/InvalidMailboxName

The delimiter in IMAP Settings was "/" when it should be "."

cd /var/www/html/webmail/config
./conf.pl

/var/www/html/webmail/config/config_local.php

$default_folder_prefix          = 'INBOX.';
$trash_folder = 'Trash';
$sent_folder = 'Sent';
$draft_folder = 'Drafts';

Addressbooks and Configuration

From Mandrake they were in /var/www/html/webmail/data on Centos they are in /var/lib/squirrelmail/prefs/

cd /var/www/html/webmail/data
rsync -av *.pref *.abook aleron3.pixite.net:/var/lib/squirrelmail/prefs/

Qmailrocks

Making a Brand New Qmailrocks installation

# (C)2005 Michael Best <mbest@pendragon.org>
# Feel free to distribute this document under the Open Content License
# http://opencontent.org/opl.shtml
 
###
# WARNING, although this looks like a shell script, parts of the
# install process are interactive in nature and will not work unattended
# I have tried to indicate these sections with a ### pause
###

###
# configuration info
###

export your_fqdn_hostname="www.example.com"
export admin_password="password"
export your_postmaster="postmaster"

###
# Centos 4.x
###

# install some perl rpms

yum -y install perl-HTML-Tagset perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-HTML-Parser perl-DateManip perl-Time-HiRes perl-Parse-Syslog perl-Statistics-Distributions expect squirrelmail perl-Digest-Nilsimsa perl-URI perl-suidperl

?? perl-doc perl-DB_File 
?? Pod::Usage


###

wget ftp://arix.com/cpan2rpm-2.027-1.noarch.rpm
rpm -Uvh cpan2rpm-2.027-1.noarch.rpm

cpan2rpm --install Pod::Usage

# db devel libraries are needed for courier-IMAP
yum -y install db4-devel gdbm-devel openssl-devel patchutils

###
# Part 1
###

mkdir /downloads
cd /downloads

wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz

tar zxvf qmailrocks.tar.gz

###
# Part 2
###

/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script

/downloads/qmailrocks/scripts/util/qmail_big_patches.script

cd /usr/src/qmail/qmail-1.03

make man && make setup check

./config-fast $your_fqdn_hostname

make cert

### pause

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/ser
vercert.pem

cd /usr/src/qmail/ucspi-tcp-0.88/

patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch

### pause

make && make setup check

cd /package/admin/daemontools-0.76/src

patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch

### pause

cd /package/admin/daemontools-0.76
package/install

###
# Part 3
###

cd /downloads/qmailrocks/

tar zxvf ezmlm-0.53-idx-0.41.tar.gz

cd ezmlm-0.53-idx-0.41

make && make setup

###
# Part 4
###

cd /downloads/qmailrocks

tar zxvf autorespond-2.0.5.tar.gz

cd autorespond-2.0.5

make && make install

###
# Part 5 - Vpopmail - no MySQL
###

cd /downloads/qmailrocks

tar zxvf vpopmail-5.4.9.tar.gz

cd vpopmail-5.4.9

./configure --enable-logging=p

make && make install-strip

###
# Part 6
###

cd /downloads/qmailrocks

tar zxvf vqadmin-2.3.6.tar.gz

cd vqadmin-2.3.6

./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html

make && make install-strip

cat <<HERE >> /etc/httpd/conf/httpd.conf

<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
HERE

cd /var/www/cgi-bin/vqadmin

cat <<HERE >.htaccess
AuthType Basic
AuthUserFile /etc/httpd/conf/vqadmin_passwd
AuthName vQadmin
require valid-user
satisfy any
HERE

chmod 644 .htaccess

htpasswd -bc /etc/httpd/conf/vqadmin_passwd admin $admin_password

chmod 644 /etc/httpd/conf/vqadmin_passwd

apachectl restart


###
# Part 7
###

cd /downloads/qmailrocks

tar zxvf maildrop-1.6.3.tar.gz

cd maildrop-1.6.3

./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota

make && make install-strip && make install-man

###
# Part 8
###

cd /downloads/qmailrocks

tar zxvf qmailadmin-1.2.3.tar.gz

cd qmailadmin-1.2.3

### ./configure --enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/y
our/html/directory

./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html

make && make install-strip


###
# Part 9
###

/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script

### pause

for i in /var/qmail/supervise/qmail-pop3d/run /var/qmail/supervise/qmail-smtpd/run
do
  perl -pi -e "s#mail.example.com#$your_fqdn_hostname#" $i
done

qmailctl stop

echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp

qmailctl cdb

for i in .qmail-root .qmail-postmaster .qmail-mailer-daemon; do echo $your_postmaster > /var/qmail/alias/$i; done

ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*


### 
# Part 10
###

# Remove Sendmail

/etc/rc.d/init.d/sendmail stop

rpm -e --nodeps $(rpm -qa | grep "sendmail")

# Remove Postfix

/etc/rc.d/init.d/postfix stop

rpm -e --nodeps $(rpm -qa | grep "postfix")


# Replacing default mailer with Qmail

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail

ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

###
# Part 11
###
/downloads/qmailrocks/scripts/util/qmr_inst_check

### pause

qmailctl stop

qmailctl start

qmailctl stat


###
# Part 12
###
cd /downloads/qmailrocks/

tar jxvf courier-authlib-0.55.tar.bz2

cd courier-authlib-0.55

./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat

make && make check

make install-strip && make install-configure

###

cd /downloads/qmailrocks/

tar jxvf courier-imap-3.0.8.tar.bz2

cd courier-imap-3.0.8

./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authdaemon --without-authldap --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat

make && make install-strip && make install-configure

/usr/local/sbin/mkimapdcert

cd /usr/local/etc

perl -pi -e "s#IMAPDSSLSTART=NO#IMAPDSSLSTART=YES#" imapd-ssl


export CHKHEADER="#
# chkconfig: - 80 30
# processname: couriertcpd
# description: courier imap daemon
#
"

filein=/usr/local/libexec/imapd.rc
fileout=/etc/rc.d/init.d/imap
NONCE=`wc -l $filein | awk '{print $1}'`; let BOTTOM="$NONCE - 5"
head -5 $filein > $fileout
echo "$CHKHEADER" >> $fileout
tail -${BOTTOM} $filein >> $fileout
chmod +x $fileout

filein=/usr/local/libexec/imapd-ssl.rc
fileout=/etc/rc.d/init.d/imaps
NONCE=`wc -l $filein | awk '{print $1}'`; let BOTTOM="$NONCE - 5"
head -5 $filein > $fileout
echo "$CHKHEADER" >> $fileout
tail -${BOTTOM} $filein >> $fileout
chmod +x $fileout


chkconfig imap on
chkconfig imaps on

/etc/rc.d/init.d/imap start

/etc/rc.d/init.d/imaps start


### courierpassd

cd /downloads/qmailrocks

tar zxvf courierpassd-1.1.0-RC1.tar.gz

cd courierpassd-1.1.0-RC1

./configure --with-couriersrc=/downloads/qmailrocks/courier-imap-3.0.8

make && make install


# xinetd

cd /etc/xinetd.d

cat > courierpassd <<HERE
service courierpassd
{
port = 106

socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from = 127.0.0.1
instances = 4
disable = no
}
HERE

echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /etc/services

/etc/rc.d/init.d/xinetd restart

/etc/rc.d/init.d/imap stop

/etc/rc.d/init.d/imaps stop

/etc/rc.d/init.d/imap start

/etc/rc.d/init.d/imaps start


###
# Part 13
###

ln -s /usr/share/squirrelmail /var/www/html/webmail
cd /var/www/html/webmail/plugins

wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_pass-2.7-1.4.x.tar.gz

tar zxvf change_pass-2.7-1.4.x.tar.gz

rm -rf change_pass-2.7-1.4.x.tar.gz

cd /var/www/html/webmail/config

./conf.pl


###
# Part 14
###

useradd -c "Qmail-Scanner Account" -s /bin/false qscand

yum -y install clamd clamav clamav-devel clamav-db
chkconfig clamd on

cd /downloads/qmailrocks/

perl -pi -e "s#User clamav#User qscand#" /etc/clamd.conf
perl -pi -e "s#DatabaseOwner clamav#DatabaseOwner qscand#" /etc/freshclam.conf
perl -pi -e "s#clamav.clamav#qscand.qscand#" /etc/cron.daily/freshclam

perl -pi -e "s#create 644 clamav clamav#create 644 qscand qscand#" /etc/logrotate.d/clamav /etc/logrotate.d/freshclam

# Make this a cronjob
find /var -user clamav -exec chown qscand "{}" \;
find /var -group clamav -exec chgrp qscand "{}" \;

/etc/init.d/clamd stop

/etc/init.d/clamd start 

yum -y install spamassassin

chkconfig spamassassin on

useradd -c "SpamAssassin User" spamd

cat <<HERE >/etc/sysconfig/spamassassin
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"
HERE

echo "required_hits 5" >> /etc/mail/spamassassin/local.cf

service spamassassin start


###
# Adding Vipul's Razor
###

cd /downloads/qmailrocks 

wget http://easynews.dl.sourceforge.net/sourceforge/razor/razor-agents-2.81.tar.bz2

tar -xvjf razor-agents-2.81.tar.bz2
cd razor-agents-2.81
perl Makefile.PL
make && make install

echo "use_razor2 1" >> /etc/mail/spamassassin/local.cf

/etc/init.d/spamassassin stop

/etc/init.d/spamassassin start

###
# Part 15
###

cd /downloads/qmailrocks

tar zxvf qmail-scanner-1.25.tgz

tar zxvf qms-analog-0.4.2.tar.gz

cd qms-analog-0.4.2

make all

export YYYYMMDD=20050219

cp qmail-scanner-1.25-st-qms-$YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.25/

cd /downloads/qmailrocks/qmail-scanner-1.25

patch -p1 < qmail-scanner-1.25-st-qms-$YYYYMMDD.patch 

cd /downloads/qmailrocks/qmail-scanner-1.25

perl -pi -e "s#yourdomain.com,yourotherdomain.com#$your_fqdn_hostname#" qms-config
perl -pi -e "s#yourdomain.com#$your_fqdn_hostname#" qms-config

chmod 755 qms-config

./qms-config

### pause

./qms-config install

### pause

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

chown -R qscand:qscand /var/spool/qmailscan


export filein=/var/qmail/supervise/qmail-smtpd/run.orig
export fileout=/var/qmail/supervise/qmail-smtpd/run
cp $fileout $filein
NONCE=`wc -l $filein | awk '{print $1}'`; let BOTTOM="$NONCE - 1"
head -1 $filein > $fileout
cat <<HERE >>$fileout
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
HERE
tail -${BOTTOM} $filein >> $fileout
chmod +x $fileout

perl -pi -e "s#/usr/local/bin/softlimit -m 30000000#/usr/local/bin/softlimit -m 40000000#" /var/qmail/supervise/qmail-smtpd/run


###
# Adding Blacklists
###
export filein=/var/qmail/supervise/qmail-smtpd/run.orig
export fileout=/var/qmail/supervise/qmail-smtpd/run
cp -f $fileout $filein
NONCE=`wc -l $filein | awk '{print $1}'`; let BOTTOM="$NONCE - 2"
head -2 $filein > $fileout
cat <<HERE >>$fileout
RBLSMTPD="/usr/local/bin/rblsmtpd"
HERE
tail -${BOTTOM} $filein >> $fileout
chmod +x $fileout

Replace (/var/qmail/supervise/qmail-smtpd/run ) ...

/var/qmail/bin/qmail-smtpd

with ...

$RBLSMTPD -a qmail.bondedsender.org  \
-r bl.spamcop.net  \
-r relays.ordb.org  \
-r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd



qmailctl stop

qmailctl start

qmailctl stat

### pause

cd /downloads/qmailrocks/qmail-scanner-1.25/contrib

chmod 755 test_installation.sh

./test_installation.sh -doit 


###
# Part 16
###

cd /downloads/qmailrocks/

tar zxvf qmailanalog-0.70.tar.gz

cd qmailanalog-0.70

patch < /downloads/qmailrocks/patches/0.70-errno.patch

make && make setup check



cd /downloads/qmailrocks/

tar zxvf qlogtools-3.1.tar.gz

cd qlogtools-3.1

patch < /downloads/qmailrocks/patches/qlogtools_errno.patch

make

./installer

cp /downloads/qmailrocks/qms-analog-0.4.2/qmailstats /var/qmail/bin



perl -pi -e "s#<your_postmaster>\@yourdomain.com#postmaster\@$your_fqdn_hostname#g" /var/qmail/bin/qmailstats

chmod 750 /var/qmail/bin/qmailstats

/var/qmail/bin/qmailstats

echo "0 3 * * * root /var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null" >> /etc/cron.d/qmailstats


###
# Part 17
###

# I think Qtrap isn't the best idea, it probably works a litte,
# but it's too simplistic 



###
# DJBDNS Rocks
###

SERVERIP="192.168.71.108"

###
# Part 2
###

cd /downloads

wget http://www.djbdnsrocks.org/downloads/djbdnsrocks.tar.gz

tar zxvf djbdnsrocks.tar.gz

cd djbdnsrocks 

###
# Part 3
###

tar zxvf djbdns-1.05.tar.gz

cd djbdns-1.05

patch < /downloads//djbdnsrocks/djbdns_errnopatch

make

make setup check

./install
./instcheck

###
# Part 4
###

/downloads/djbdnsrocks/scripts/add_users_rh.script

/usr/local/bin/tinydns-conf tinydns dnslog /etc/tinydns $SERVERIP

ln -s /etc/tinydns /service

###
# Part 5
###

dnscache-conf dnscache dnslog /etc/dnscache 127.0.0.1

ln -s /etc/dnscache /service

cp /etc/resolv.conf /etc/resolv.conf.orig

echo "nameserver 127.0.0.1" > /etc/resolv.conf


# External Cache for machines on the lan
http://flounder.net/djbdns/bind-to-djbdns.html#8

# Run dnscache-conf again, but this time use /etc/dnscachex instead of /etc/dnscache, and for the IP, put
# in your external IP instead of 127.0.0.1:

root:/# dnscache-conf dnscache dnslog /etc/dnscachex a.b.c.d

# If all went well, you should now have a directory similar to /etc/dnscache in /etc/dnscachex. The only
# difference is that now you must manually enter /etc/dnscachex/root/ip and add the networks that you'd
# like #to be able to query your server:

root:/# cd /etc/dnscachex/root/ip
root:/etc/dnscachex/root/ip# touch a.b.c


# Making the DNS cache use the local tinydns server for resolution
cd /etc/dnscachex/root/servers

for i in pixelart.ca pixite.net rscorp.ab.ca rwsoft.ca sandeman-allen.ca sikorskyi.ca; do echo 66.18.210.105 > $i; done

svc -h /etc/dnscache

cd /etc/dnscache/root/servers

for i in pixelart.ca pixite.net rscorp.ab.ca rwsoft.ca sandeman-allen.ca sikorskyi.ca; do echo 66.18.210.105 > $i; done

svc -h /etc/dnscachex

# Make the local caching nameservers uses a machine's internal interface to resolve queries
# We have our records flagged with IN or EX zones in a file called /etc/tinydns/root/zone-master
# The dns servers own IP address will be treated as a local request and needs a record such as
%IN:66.18.210.105

###
# Part 6 - VegaDNS
###

# Not installed at this time

Navigation

Page

User