a) Download the Apache 2.2.3 source files from http://httpd.apache.org
b) Extract the source from the gunzipped file using tar or gunzip
c) change the working directory to the directory containing the
extracted source files
d) Run the following command for basic apache installation
./configure --prefix=/usr/local
--with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql
--enable-shared=max --enable-module=rewrite --enable-module=so
--enable-shared=ssl --enable-ssl --with-ssl=/path/to/openssl-0.9.8d
make
make install
2. Installing PHP 5.2.0
a) Download the PHP 5.2.0 source files from http://www.php.net
b) Extract the source from the gunzipped file using tar or gunzip
c) change the working directory to the directory containing the
extracted source files
d) Run the following command for PHP installation
./configure --prefix=/usr/local/php5
--with-apxs2=/usr/local/apache2/bin/apxs
--with-libxml-dir=/usr/local/lib --with-zlib
--with-zlib-dir=/usr/local/lib --with-mysql=/usr/local/mysql
--with-mysqli-dir=/usr/bin/mysql_config --with-gd --enable-soap
--enable-sockets --with-jpeg-dir=/usr --enable-exif
e)Build the PHP configuration using the following command
make
f) Install PHP
make install
restart apachectl
if you get error like this " /usr/local/modules/libphp5.so: cannot
restore segment prot after reloc: Permission denied "
you need to
#setenforce 0
then restart apachectl
open ../conf/httpd.conf using your favorite editor, find AddType
directive and add after it the following lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
chk if you are getting the phpinfo.php page
3. Installing MySQL 5.x
a) Download the MysQL source files from http://www.mysql.com
b) Extract the source from the gunzipped file using tar or gunzip
c) Create the mysql user and group using the following commands
groupadd mysql
useradd -g mysql -c "MySQL Server" mysql
d) Create a symbolic link to the MySQL source directory in a directory
of your choice. (I use /usr/local/). Here is an example of the same
ln -s /software/mysql-max-4.1.22-pc-linux-gnu-i686 /usr/local/mysql
e) Change the working directory to the symbolic link that you have
created in the server.
f) Execute the following command
./scripts/mysql_install_db
The above command will install the mysql and the test database
g) Change the ownership of /usr/local/mysql using the following command
chown -R root:mysql /usr/local/mysql
Where root is the user and mysql is the group
h) Change the ownership of /usr/local/mysql/data using the following command
chown -R mysql:mysql /usr/local/mysql/data
i) Copy the default configuration file for the expected size of the
database (small, medium, large, huge)
cp support-files/my-medium.cnf /etc/my.cnf
chown root:sys /etc/my.cnf
chmod 644 /etc/my.cnf
j) Now we have to tell the system where to find some of the dynamic
libraries that MySQL will need to run. We use dynamic libraries
instead of static to keep the memory usage of the MySQL program itself
to a minimum.
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
ldconfig
k) Now create a startup script, which enables MySQL auto-start each
time your server is restarted.
cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
chmod +x /etc/rc.d/init.d/mysql
/sbin/chkconfig --level 3 mysql on
l) Then set up symlinks for all the MySQL binaries, so they can be run
from anyplace without having to include/specify long paths, , etc
cd /usr/local/mysql/bin
for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done
m) First, we will assume that only applications on the same server
will be allowed to access the database (i.e., not a program running
on a physically separate server). So we'll tell MySQL not to even
listen on port 3306 for TCP connections l ike it does by default.
Edit /etc/my.cnf and uncomment the
skip-networking
n) Start MySQL
--
--
How much disk space should I have available on my server?
The following is a GENERAL estimate. Acutal needs may vary from person to person and machine to machine.
A safe amount of disk space would be about 80-90MB. This includes the download of the qmailrocks.tar.gz software bundle and it's extraction. After a successfull installation, the total amount of needed space for a safely operating mail server could be brought down to about 15MB after the qmailrocks.tar.gz content is removed.
If your server is multiple partitions:
/ partition: About 70MB.
/var partition: About 10MB
/home partition: About 3MB for starters, although this will change as "/home/vpopmail" will be the place in which all e-mail is stored for all domains.
Some free advise: If the 80-90MB of estimated needed space is asking alot from your server, you might want to reconsider whether or not to use that server as a mail server. A mail server that is tight on disk space is a recipe for trouble. Just my opinion.
What software packages should I already have installed on my server?
1. The Apache Web Server - You can use either version 1.3.x or version 2.x. It shouldn't make that big of a difference.
2. PHP - Version 4.0.6 or higher. You will probably want to make sure that it's either compiled with imap and mysql support, or if you are installing from RPMs, install the php-imap and php-mysql packages alongside the php package.
3. Perl - I use version 5.8.0, but any version of 5 should work.
4. GCC - The gcc compiler. You should already have it installed, but if you don't you'd better.
5. MySQL - MySQL is only REALLY needed if you intend to use it with vpopmail. Also, you may run into trouble installing some packages if you don't have it installed. All in all, it's a good idea to have mysql server installed. Version 4.x works just fine, but 3.x will work too.
6. OpenSSL - Version 0.9.5a or higher.
7. OpenSSL-devel - For Redhat products and Fedora users.
8. libssl-dev, for Debian users.
9. wget - Downloading packages and software is alot easier with wget.
10. patch & patchutils - Available via RPM for Redhat, the ports collection for FreeBSD or apt-get for Debian. You'll need these packages to apply the needed patches along the way during the install
What software packages should NOT be installed?
1. Postfix - Redhat 9 often will have Postfix installed by default. If it's installed on your server, you will need to either uninstall it or disable it.
2. Any POP service - This includes Qpopper or any POP service that may be running out of xinetd. If your're server has a POP service running, you will need to disable it.
3. Any SMTP services
What Perl modules should be installed?
This list may vary depending on your setup, but here goes:
Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
I'm am almost positive that someone out there will need more, so if you come across any other needed modules please drop me a line.
I'm running a firewall on my server. What ports should I open?
Outbound ports (tcp)
25 - SMTP
110 - POP services
143 - IMAP
783 - Spamassassin
993 - IMAPS
Inbound Ports (tcp)
25 - SMTP
80 - HTTP
110 - POP services
143 - IMAP
443 - HTTPS
783 - Spamassassin
993 - IMAPS
Part 1 - Download the Software
mkdir /downloads
cd /downloads
wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
tar zxvf qmailrocks.tar.gz
run the following script
/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script
Content of the script is as follows
#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux. :)
echo "Creating initial qmail directories..."
echo
sleep 2
cd /downloads/qmailrocks
mkdir -p /var/qmail
mkdir /usr/src/qmail
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2
#######
#Script to add users and groups for Redhat, Fedora, RHEL and Whitebox type distros
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmailp
groupadd qmail
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmails
groupadd vchkpw
useradd -g vchkpw -d /home/vpopmail -s /sbin/nologin -p'*' vpopmail
#######
echo "Done!"
echo
sleep 2
echo "Unpacking qmail, ucspi-tcp and daemontools..."
echo
sleep 2
cd /usr/src/qmail
tar zxvf /downloads/qmailrocks/qmail-1.03.tar.gz
tar zxvf /downloads/qmailrocks/ucspi- tcp-0.88.tar.gz
mkdir -p /package
chmod 1755 /package
cd /packag
tar zxvf /downloads/qmailrocks/daemontools-0.76.tar.gz
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:root /var/log/qmail
chmod -R 750 /var/log/qmail
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d
echo "Setting conf-split and conf-spawn"
echo
sleep 2
echo 211 > /usr/src/qmail/qmail-1.03/conf-split
echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn
echo "All steps completed!"
echo
sleep 2
now run the following script
/downloads/qmailrocks/scripts/util/qmail_big_patches.script
#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/sbin
#So let's go...
cd /usr/src/qmail/qmail-1.03
#Apply John Simpson's gigantic all-in-one qmail patch
echo
echo "Applying John Simpson's all in one qmail patch..."
sleep 2
patch < /downloads/qmailrocks/patches/qmail-1.03-jms1.5.patch
sleep 2
#Next, we will apply the forcetls patch
echo
echo "Applying Ryan Schlesinger's forcetls patch"
sleep 2
patch < /downloads/qmailrocks/patches/qmail-1.03-forcetls-20040703.patch
sleep 2
echo "All done!"
Now we build Qmail...
cd /usr/src/qmail/qmail-1.03
make man && make setup check
./config-fast your_fqdn_hostname (ex: ./config-fast mail.mydomain.com )
when you type the above .. the following happens
Your fully qualified host name is mail.agnello.com.
Putting mail.agnello.com into /var/qmail/control/me
Putting agnello.com into control /var/qmail/defaultdomain
Putting agnello.com into control/var/qmail/plusdomain
Putting mail.agnello.com into /var/qmail/control/locals
Putting mail.agnello.com into /var/qmail/control/rcpthosts
Now qmail will refuse to accept SMTP messages except to mail.agnello.com.
Make sure to change rcpthosts if you add hosts to locals or virtualdomains!
NOW let's generate a secure certificate that will be used to encrypt your server's TLS encrypted SMTP sessions.Just like ssl for website , mail server should have transport layer socket that authenticates to other mail servers.
make cert command creates a self signed certificate and places it in /var/qmail/control/cert.pem file. Remember that this file contains both, the private key and public key...
make cert
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]: Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]: qmailrocks.org
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []: mail.qmailrocks.org
Email Address []:postmaster@thisdomain.org
The following happens :
If the cert is successfully generated it will do the following :
a.chmod 640 /var/qmail/control/servercert.pem
b.(default )chown qmaild.qmail /var/qmail/control/servercert.pem
we wud need to make the a change in the ownership
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
c.ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem
Now we set the right ownership for the newly create cert...
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
Now we build ucspi-tcp . what is it ?? tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications. The current ucspi-tcp interface is a refinement of the tcpserver/tcpclient interface in my 1991 clientserver package. tcpserver waits for incoming connections and, for each connection, runs a program of your choice. Your program receives environment variables showing the local and remote host names, IP addresses, and port numbers.
cd /usr/src/qmail/ucspi-tcp-0.88/
| RH 9/RHEL/Fedora/Slackware users: You will need to patch ucspi-tcp with an additional errno patch: patch < /downloads/qmailrocks/patches/ucspi- tcp-0.88.errno.patch |
make && make setup check
If you don't get any errors, that's it for ucspi-tcp!
Now we install daemontools-0.76
What is it?
daemontools is a collection of tools for managing UNIX services.
cd /package/admin/daemontools- 0.76
| RH 9/RHEL/Fedora/Slackware users: You will need to patch daemontools with an additional errno patch: cd /package/admin/daemontools- 0.76/src patch < /downloads/qmailrocks/patches/daemontools- 0.76.errno.patch cd /package/admin/daemontools- 0.76 |
package/install
Part 3 - EZmlm
EZmlm is a nice mailing list add-on to Qmail .EZmlm integrates seamlessly into Qmailadmin to provide a very user friendly mailing list management interface.
cd /downloads/qmailrocks/
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make && make setup
If you don't get any errors, then ezmlm is all set up and ready to go!
Part 4 - Autoresponder
It allows us to set up autoresponders for mailboxes and so forth
cd /downloads/qmailrocks
tar zxvf autorespond-2.0.5.tar.gz
cd autorespond-2.0.5
make && make install
Part 5 - Vpopmail
Vpopmail allows us to do virtual domain mail hosting.
So let's install it...
cd /downloads/qmailrocks
tar zxvf vpopmail-5.4.13.tar.gz
cd vpopmail-5.4.13
Now let's configure vpopmail...
./configure --enable-logging=p (logs errors with passwords )
this is what happens when you configure vpop mial withthe given switch
vpopmail directory = /home/vpopmail
uid = 507
gid = 502
roaming users = OFF --disable-roaming-users (default)
password learning = OFF --disable-learn-passwords (default)
md5 passwords = ON --enable-md5-passwords (default)
file locking = ON --enable-file-locking (default)
vdelivermail fsync = OFF --disable-file-sync (default)
make seekable = ON --enable-make-seekable (default)
clear passwd = ON --enable-clear-passwd (default)
user dir hashing = ON --enable-users-big-dir (default)
address extensions = OFF --disable-qmail-ext (default)
ip alias = OFF --disable-ip-alias-domains (default)
auth module = cdb --enable-auth-module=cdb (default)
auth inc = -Icdb
auth lib =
system passwords = OFF --disable-passwd (default)
pop syslog = show failed attempts with clear text password
--enable-logging=p
auth logging = ON --enable-auth-logging (default)
make && make install-strip
If you get this error, you will need to apply a patch to Vpopmail:
patch < /downloads/qmailrocks/patches/vmysql.patch
Once you've applied the patch, try running "make" and "make install" again and you should be ok.
Part 6 - Vqadmin
Vqadmin is simply a nice web based interface that will let us manage Vpopmail .Through the interface we can create new domains, new users, net quotas, enable services and much more.
So let's install it...
cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html
this is wat happen when you configure withthe above given switch
Current settings
---------------------------------------
vpopmail directory = /home/vpopmail
uid = 507
gid = 502
cgi-bin dir = /var/www/cgi-bin
vqadmin dir = /var/www/cgi-bin/vqadmin
mysql features = disabled
make && make install-strip
Now you will need to add the following to your server's Apache configuration file (usually httpd.conf)
<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
In addition, within the Apache master config file you will want to set the "AllowOveride" option to "All". Example: AllowOverride All
cd /var/www/cgi-bin/vqadmin
vi .htaccess
AuthType Basic
AuthUserFile /usr/local/etc/.htpasswd
AuthName vQadmin
require valid-user
satisfy any
chown apache .htaccess (you may need to change the chown to either "nobody", "apache" or "www" etc., depending on what user your installation of Apache is running as)
chmod 644 .htaccess
htpasswd -bc /usr/local/.htpasswd admin admin_password
chmod 644 /usr/local/etc/.htpasswd
( -rw-r--r-- 1 root root 20 Jul 22 12:03 .htpasswd )
Now restart Apache...
apachectl stop
apachectl start
If all has gone well, you should now be able to browse (in your web browser) to:
http://www.yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi
Enter the user "admin" and whatever password your assigned it.
Part 7- Maildrop
Maildrop is a mail filtering agent which can be used to filter messages as they arrive on the server
Let's install it...
cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip && make install-man
Part 8 - Qmailadmin
Qmailadmin is going to provide us with a nice web based interface for administering mail accounts once they are setup through Vpopmail (or Vqadmin)
Let's install it...
cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.9.tar.gz
cd qmailadmin-1.2.9
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html
following will happen wen we make install
qmailadmin 1.2.9
Current settings
---------------------------------------
cgi-bin dir = /var/www/cgi-bin
html dir = /var/www/html
image dir = /var/www/html/images/qmailadmin
image URL = /images/qmailadmin
template dir = /usr/local/share/qmailadmin
qmail dir = /var/qmail
vpopmail dir = /home/vpopmail
autorespond dir = /usr/bin
ezmlm dir = /usr/local/bin/ezmlm
ezmlm idx = yes
mysql for ezmlm = yes
help = no
modify quota = no
domain autofill = no
modify spam check = no
make && make install-strip
Part 9 - Finalizing Qmail
Bellow is what this script does
The first thing we're going to do is create the qmail supervise scripts, create the the qmail rc and qmailctl scripts and then set the needed permissions on all these scripts.
So let's run the script...
/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script
#!/bin/sh
echo "This scripts will perform 3 functions:\n
1. Copy all supervise scripts to their proper locations.\n
2. Copy the qmail rc and qmailctl scripts to their proper locations and create needed symlinks.\n
3. Set all needed permisions on all supervise scripts.\n"
echo
echo "Press ENTER to proceeed"
read
echo
sleep 2
echo "Copying supervise scripts to their correct locations..."
echo
sleep 2
cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_run /var/qmail/supervise/qmail-pop3d/run
cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_log /var/qmail/supervise/qmail-pop3d/log/run
cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_run /var/qmail/supervise/qmail-smtpd/run
cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_log /var/qmail/supervise/qmail-smtpd/log/run
cp /downloads/qmailrocks/scripts/finalize/linux/send_run /var/qmail/supervise/qmail-send/run
cp /downloads/qmailrocks/scripts/finalize/linux/send_log /var/qmail/supervise/qmail-send/log/run
echo Done!
echo
sleep 2
echo "Copying rc and qmailctl scripts to proper locations..."
echo
sleep 2
cp /downloads/qmailrocks/scripts/finalize/rc /var/qmail/
cp /downloads/qmailrocks/scripts/finalize/qmailctl /var/qmail/bin/
echo Done!
echo
sleep 2
echo "Setting needed permisions..."
echo
sleep 2
chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl
chmod 751 /var/qmail/supervise/qmail-pop3d/run
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run
chmod 751 /var/qmail/supervise/qmail-smtpd/run
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run
chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run
echo ./Maildir > /var/qmail/control/defaultdelivery
echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote
echo 30 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
echo "Done!"
echo
sleep 2
echo "Script Complete!"
echo
vi /var/qmail/supervise/qmail-pop3d/run
Find "mail.example.com " and change it to your server's hostname. For example: mail.mydomain.com.
vi /var/qmail/supervise/qmail-smtpd/run
Find "mail.example.com " and change it to your server's hostname. For example: mail.mydomain.com
qmailctl stop
We setup selective relaying for localhost...
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb
Now we create the common system aliases. These aliases are going to tell Qmail what to do with common server-generated mails. Stuff like bouncebacks, cron daily output and various other systemic sources. It's a good idea to redirect these aliases to a mailbox that you are going to check on a regular basis. You don't want to have your systemic mails piling up in some deep dark corner of your server doing no good and slowly filling your disk up.
echo some_address > /var/qmail/alias/.qmail-root
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address > /var/qmail/alias/.qmail-postmaster
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address > /var/qmail/alias/.qmail-mailer-daemon
where "some_address" is the system user or email address you want these addresses aliased to.
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*
Part 10 - Uninstalling Sendmail/Postfix
Removing Sendmail
rpm -qa | grep sendmail
/etc/rc.d/init.d/sendmail stop (to stop Sendmail)
rpm -e --nodeps sendmail-x.x.x.x
rpm -e --nodeps sendmail-doc-x.x.x.x
rpm -e --nodeps sendmail-devel-x.x.x.x
rpm -e --nodeps sendmail-cf-x.x.x.x
Removing Postfix
First, let's see if you actually have Postfix installed...
rpm -qa | grep postfix
If it's installed, you'll get an output similar to this:
postfix-x.x-x
So let's remove it...
/etc/rc.d/init.d/postfix stop
rpm -e --nodeps postfix-x.x-x
Establishing an "artificial" Sendmail path
Now we will need to set up an "artificial" Sendmail, which is just a symbolic link to Qmail's Sendmail. This is needed to ensure that the myriad of systemic mail scripts are still able to send mail! Qmail's "Sendmail" is nothing more than a direct injection into Qmail itself...
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
That's it! If all has gone well, Sendmail or Postfix should be uninstalled and the Qmail Sendmail should be in its place.
Part 11 - Starting qmail
let's run a script that will check the key components of the installation and make sure everything is alright.
/downloads/qmailrocks/scripts/util/qmr_inst_check
qmailctl stop
qmailctl start
qmailctl stat
You should see an output like this:
/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
Let's test your new server's POP3 service...
telnet localhost 110
you should see something like this:
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK < 16658.1054485137@yourserver.com>
user postmaster@mydomain.com (enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.
This is the sign of a successfull POP connection to the server!
This is the sign of a successfull POP connection to the server!
Now try sending mail to that same user from another location. Telnet to 110 again and run the "list" command and you should see the message that your send...
telnet localhost 110
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK < 16658.1054485137@yourserver.comt>
user postmaster@mydomain.com (again, remember to log in with the full email address of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.
And now let's test your server's SMTP service to make sure the TLS functionaltiy is there...
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 somewhere.anywhere.com ESMTP
ehlo localhost
250-somewhere.anywhere.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250- STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
[root@somewhere control]#
In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.
Part 12 - Installing Courier-imap/imaps with Courierpassd
For starters, we're going to install Courier-imap/imaps along with Courierpassd. We will also be installed the Courier-authlib package to enable proper authentication through courier-imap. Installing IMAP will, obviously, enable IMAP connections to the mail server and it is a necessary ingredient for most popular web based mail clients such as Horde, SQwebmail and Squirrelmail. Courier-imap is the preferred IMAP server to install because it has built in support the vchkpw mail user setup that Vpopmail utilizes. In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we're going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely. This will come in handy when we install Squirrelmail in the next step of the installation. Courierpassd will allow your mail users to change their passwords using the Squirrelmail interface. This will give your users more power over their account settings and, more importantly, keep them from pestering you whenever they want to change their passwords. Keep in mind that when we get to compiling courier-imap, it
So let's start by installing courier-authlib...
cd /downloads/qmailrocks/
tar jxvf courier-authlib-0.55.tar.bz2
cd courier-authlib-0.55
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat
make && make check
make install-strip && make install-configure
Now we will add a startup command for authedaemond to the /etc/rc.local file to ensure startup on boot...
vi /etc/rc.local
Add the following line:
/usr/local/sbin/authdaemond start
Now let's install courier-imap/imaps...
Remember, courier imap needs to be compiled by a NON-ROOT USER. For the purposes of this guide, I am going to use a NON ROOT user called bsmith. Anyone who doesn't read this and asks me who "bsmith" is will be smacked across the head.
cd /downloads/qmailrocks/
tar jxvf courier-imap-4.0.2.tar.bz2
chown -R agnello:wheel courier-imap-4.0.2
cd /downloads/qmailrocks/courier-imap-4.0.2
su - agnello
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat
Note: the configure process will take a few minutes. Go grab a snack...
make && make check
Now we will exit out of our NON-ROOT USER and go back to being root...
exit
make install-strip && make install-configure
Now let's create an SSL certificate for the IMAP-SSL server...
/usr/local/sbin/mkimapdcert
This will start and automated process that creates a self-signed imap-ssl X.509 certificate called imapd.pem. It should create this new certificate at /usr/local/share/imapd.pem. If the certificate already exists, the "mkimapdcert" tool will not let you overwrite it.
A Note on IMAP-SSL certificates: Keep in mind that since this SSL certificate is self-signed and is not from a "trusted" authority such as Verisign or Thawte, mail clients such as Outlook will give a warning when they attempt to connect to your IMAP-SSL server on port 993. The warning will state that the certificate is not from a "trusted" authority. While the warning is a bit ugly, it does NOT mean your IMAP-SSL connection is any less secure than it would be with a real certificate from Verisign or Thawte. All it means is that the SSL certificate was not generated by a company which Microsoft recognizes as a "trusted" authority. From a security standpoint, however, your IMAP-SSL server is every bit as secure as it would be if you bought the certificate from Verisign or Thawte. If the warning is too inconvenient for your purposes, you will need to purchase a "real" certificate from a "trusted" authority such as Verisign or Thawte. Be prepared to shell out a good chunk of change if you do so.
vi /usr/local/etc/imapd.cnf
change postmaser@example.com an administrative email address
Save and exit
vi /usr/local/etc/imapd
Make sure that the following configuration exists: IMAPDSTART=YES
vi /usr/local/etc/imapd-ssl
Make sure that the following configuration exists: IMAPDSSLSTART=YES
Make sure that the following configuration exists: TLS_CERTFILE=/usr/local/share/imapd.pem
Save and exit the file.
vi /usr/local/etc/authlib/authdaemonrc
Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so:
authmodulelist="authvchkpw"
Save and exit the file.
Now we create the startup scripts...
cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps
Now let's start up Authdaemond, IMAP and IMAPS. To be safe we'll stop each service before starting it...
/usr/local/sbin/authdaemond stop
/usr/local/sbin/authdaemond start
/etc/rc.d/init.d/imap stop
/etc/rc.d/init.d/imaps stop
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
If you run "nmap localhost", you should see both 143 and 993 now open and listening.
Now let's test it...
telnet localhost 143
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@mydomain.com my_password
a OK LOGIN Ok. (successful login!)
a logout (logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
Hint: The "a " that you see before my login commands is required.
If you were able to log in , as in the example above, you're all set. IMAP is installed! For further testing, you can configure a mail client such as Outlook to test both the IMAP and IMAP-SSL connetion to your server. IMAPS runs on port 993.
Now that Couroier-imap is installed, let's install Courierpassd. Remember, Courierpassd is going allow us to enable your mail users to change their own mail passwords via the Squirrelmail interface.
Note: Courierpassd will require that port 106 be open to at least local traffic (traffic from 127.0.0.1)
cd /downloads/qmailrocks
tar zxvf courierpassd-1.1.0-RC1.tar.gz
cd courierpassd-1.1.0-RC1
./configure
make && make install
OK. Courierpassd is installed now. Next, we are going to configure Xinetd/Inetd to run courierpassd. Most Redhat installations use Xinetd, but I've included Inetd directions just in case
If your server uses Xinetd, here's how you integrate Courierpassd into it:
cd /etc/xinetd.d
Here we create the xinetd script for courierpassd...
vi courierpassd
service courierpassd
{
port = 106
socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from = 127.0.0.1
instances = 4
disable = no
}
Note: You may want to add additional IP's to the "only_from" setting above, depending on your needs.
Save and exit.
Now let's add the Courierpassd service to the system's services file:
vi /etc/services
Append to following line to the /etc/services file:
courierpassd 106/tcp #for /etc/xinetd.d/courierpassd
If your system uses Xinetd, them we now want to restart Xinetd:
/etc/rc.d/init.d/xinetd restart
If your system uses Inetd, then we now want to restart Inetd
/etc/rc.d/init.d/inetd restart
Now let's test Courierpassd by trying the reset the password for a mail account. Here's what a successfull test should look like:
root@redbox:/# telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user postmaster@qmailrocks.org
200 Your password please.
pass my_password (don't be a dumbass. Put your own password here)
200 Your new password please.
newpass my_new_password (don't be a dumbass. Put your new password here)
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
root@redbox:/#
If the above session is successful for you, Courierpassd is working correctly
Part 13 - Installing Squirrelmail
Now that we have Qmail running with IMAP, we can install a webmail client to make mail accessible via a web browser. My choice for this was Squirrelmail.
Check is php is installed
Rpm- q php
Edit the /etc/php.ini
file_uploads = On
Installing Squirrelmail
Now that we have Qmail running with IMAP, we can install a webmail client to make mail accessible via a web browser.
Rpm –q php
2. Make sure you have PHP uploads turned ON. Here's the line you will want to check/edit:
file_uploads = On
That's it for the PHP setup.
Now let's download Squirrelmail... to cd /download/
Tar –zxvf squirrelmail-1.4.10a.tar.gz
Cd squirrelmail-1.4.10a
Mv squirrelmail-1.4.10a webmail
mkdir /var/sqattachements
chown -R apache:apache /var/sqattachements
cd webmail
chown -R apache:apache data (or whatever user apache runs as)
cd config
./conf.pl
This will run the Squirrelmail setup script which will allow you to customize the installation as well as set your server settings.
Bellow is the normal setting
General
-------
1. Domain :192.168.0.243
2. Invert Time : false
3. Sendmail or SMTP : SMTP
IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false
Once you've configured Squirrelmail to your liking, it's time to configure Apache to serve our new webmail interface
Vi http.conf
<VirtualHost 192.168.0.243:80>
ServerName mail.mydomain.com
ServerAlias mail.*
ServerAdmin postmaster@mydomain.com
DocumentRoot /download/webmail
</VirtualHost>
Ok, now that Apache is all configured, let's test the new webmail interface...
http://www.yourdomain.com/webmail or http://192.168.0.243/webmail
Starting Courier-imap on boot - make sure the following 2 lines exist in your server's /etc/rc.local file:
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
/etc/rc.d/init.d/httpd start
Maintaining administrative mailboxes
The destination for most the server's administrative addresses is usually determined by the aliases you have created at /var/qmail/aliases.
home/vpopmail - backs up all your domain information, including mailboxes, passwords and the messages themselves
var/qmail - backs up all of your qmail settings
following are important links
http://192.168.0.243/cgi-bin/qmailadmin
http://192.168.0.243/cgi-bin/vqadmin/vqadmin.cgi
http://http://192.168.0.243/webmail
Some example vpopmail commands :
To add a domain :
/home/vpopmail/bin/vadddomain yourdomain.com yourpassword
# this creates the domain and makes a mailbox postmaster@yourdomain.com
To add a mailbox:
/home/vpopmail/bin/vadduser someone@yourdomain.com apassword
(Or you can do it via qmailadmin)
To remove a mailbox
/home/vpopmail/bin/vdeluser someone@ yourdomain.com
(Or you can do it via qmailadmin)
To remove a domain :
/home/vpopmail/bin/vdeldomain yourdomain.com
To change a user's password
/home/vpopmail/bin/vpasswd someone@yourdomain.com newpassword
(Or you can do it via qmailadmin)
To lookup info about a user
/home/vpopmail/bin/vuserinfo someone@yourdomain.com
This gives you info such as name, crypted password, cleartext password, dir, quota, usage%, last auth.
It has a number of flags to let you see the individual fields, or you can see them all if you dont use any flags.
It also creates the maildirsize file in the users dir
--
