qmail installation as per qmail rocks -- modified

How much disk space should I have available on my server?

The following is a GENERAL estimate. Acutal needs may vary from person to person and machine to machine.

A safe amount of disk space would be about 80-90MB. This includes the download of the qmailrocks.tar.gz software bundle and it's extraction. After a successfull installation, the total amount of needed space for a safely operating mail server could be brought down to about 15MB after the qmailrocks.tar.gz content is removed.

If your server is multiple partitions:

/ partition: About 70MB.

/var partition: About 10MB

/home partition: About 3MB for starters, although this will change as "/home/vpopmail" will be the place in which all e-mail is stored for all domains.

Some free advise: If the 80-90MB of estimated needed space is asking alot from your server, you might want to reconsider whether or not to use that server as a mail server. A mail server that is tight on disk space is a recipe for trouble. Just my opinion.

What software packages should I already have installed on my server?

1. The Apache Web Server - You can use either version 1.3.x or version 2.x. It shouldn't make that big of a difference.

2. PHP - Version 4.0.6 or higher. You will probably want to make sure that it's either compiled with imap and mysql support, or if you are installing from RPMs, install the php-imap and php-mysql packages alongside the php package.

3. Perl - I use version 5.8.0, but any version of 5 should work.

4. GCC - The gcc compiler. You should already have it installed, but if you don't you'd better.

5. MySQL - MySQL is only REALLY needed if you intend to use it with vpopmail. Also, you may run into trouble installing some packages if you don't have it installed. All in all, it's a good idea to have mysql server installed. Version 4.x works just fine, but 3.x will work too.

6. OpenSSL - Version 0.9.5a or higher.

7. OpenSSL-devel - For Redhat products and Fedora users.

8. libssl-dev, for Debian users.

9. wget - Downloading packages and software is alot easier with wget.

10. patch & patchutils - Available via RPM for Redhat, the ports collection for FreeBSD or apt-get for Debian. You'll need these packages to apply the needed patches along the way during the install

What software packages should NOT be installed?

1. Postfix - Redhat 9 often will have Postfix installed by default. If it's installed on your server, you will need to either uninstall it or disable it.

2. Any POP service - This includes Qpopper or any POP service that may be running out of xinetd. If your're server has a POP service running, you will need to disable it.

3. Any SMTP services

What Perl modules should be installed?

This list may vary depending on your setup, but here goes:

Digest::SHA1
Digest::HMAC

Net::DNS
Time::HiRes
HTML::Tagset

HTML::Parser

I'm am almost positive that someone out there will need more, so if you come across any other needed modules please drop me a line.

I'm running a firewall on my server. What ports should I open?

Outbound ports (tcp)

25 - SMTP
110 - POP services
143 - IMAP
783 - Spamassassin
993 - IMAPS

Inbound Ports (tcp)

25 - SMTP
80 - HTTP
110 - POP services
143 - IMAP
443 - HTTPS
783 - Spamassassin
993 - IMAPS

 

 

 

 

 

 

 

 

 

 

 

Part 1 - Download the Software

 

mkdir /downloads

cd /downloads

wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz

tar zxvf qmailrocks.tar.gz

run the following script

/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script  

 

Content of the script is as follows

#!/bin/sh
 PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
 
#An automation script to start the installation of qmail, ucspi-tcp and daemontools 
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux. :)
 
 
echo "Creating initial qmail directories..." 
echo
sleep 2
 
cd /downloads/qmailrocks
 
 mkdir -p /var/qmail
 
mkdir /usr/src/qmail
 
echo "Done!"
 echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2
 
#######
#Script to add users and groups for Redhat, Fedora, RHEL and Whitebox type distros
 
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaild 
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmailp
 groupadd qmail
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailr 
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmails
groupadd vchkpw
useradd -g vchkpw -d /home/vpopmail -s /sbin/nologin -p'*' vpopmail 
 
#######
 
echo "Done!"
echo
 sleep 2
echo "Unpacking qmail, ucspi-tcp and daemontools..."
echo
sleep 2
 
cd /usr/src/qmail
 
tar zxvf /downloads/qmailrocks/qmail-1.03.tar.gz
 
tar zxvf /downloads/qmailrocks/ucspi- tcp-0.88.tar.gz
 
mkdir -p /package
 
chmod 1755 /package
  
cd /packag
 
tar zxvf /downloads/qmailrocks/daemontools-0.76.tar.gz
 
 echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
 echo
sleep 2
 
mkdir /var/log/qmail
 
cd /var/log/qmail 
 
mkdir qmail-send qmail-smtpd qmail-pop3d
 
chown -R qmaill:root /var/log/qmail
  
chmod -R 750 /var/log/qmail
 
echo "Done!"
echo
sleep 2 
echo "And set up the supervise script directories..."
echo
sleep 2
 
 mkdir /var/qmail/supervise
 
cd /var/qmail/supervise
 
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log 
 
chmod +t qmail-smtpd qmail-send qmail-pop3d
 
echo "Setting conf-split and conf-spawn" 
echo
sleep 2
 
echo 211 > /usr/src/qmail/qmail-1.03/conf-split
  
echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn
 
echo "All steps completed!"
 echo
sleep 2

 

now run the following script

 

/downloads/qmailrocks/scripts/util/qmail_big_patches.script  

 

#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/sbin 
 
#So let's go...
 
cd /usr/src/qmail/qmail-1.03
  
#Apply John Simpson's gigantic all-in-one qmail patch
 
echo
echo "Applying John Simpson's all in one qmail patch..." 
sleep 2
patch < /downloads/qmailrocks/patches/qmail-1.03-jms1.5.patch
sleep 2
 
#Next, we will apply the forcetls patch
 
echo
echo "Applying Ryan Schlesinger's forcetls patch" 
sleep 2
patch < /downloads/qmailrocks/patches/qmail-1.03-forcetls-20040703.patch
 
sleep 2 
echo "All done!"

 

Now we build Qmail...

cd /usr/src/qmail/qmail-1.03

make man && make setup check

./config-fast your_fqdn_hostname (ex: ./config-fast mail.mydomain.com )

 

 

when you type the above .. the following happens

 

Your fully qualified host name is mail.agnello.com.

Putting mail.agnello.com into /var/qmail/control/me

Putting agnello.com into control /var/qmail/defaultdomain

Putting agnello.com into control/var/qmail/plusdomain

Putting mail.agnello.com into /var/qmail/control/locals

Putting mail.agnello.com into /var/qmail/control/rcpthosts

Now qmail will refuse to accept SMTP messages except to mail.agnello.com.

Make sure to change rcpthosts if you add hosts to locals or virtualdomains!

 

 

NOW let's generate a secure certificate that will be used to encrypt your server's TLS encrypted SMTP sessions.Just like ssl for website , mail server should have transport layer socket that authenticates to other mail servers.

make cert command creates a self signed certificate and places it in /var/qmail/control/cert.pem file. Remember that this file contains both, the private key and public key...

make cert

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]: Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]: qmailrocks.org
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []: mail.qmailrocks.org
Email Address []:postmaster@thisdomain.org

 

 

 

 

 

The following happens :

If the cert is successfully generated it will do the following :

a.chmod 640 /var/qmail/control/servercert.pem

b.(default )chown qmaild.qmail /var/qmail/control/servercert.pem

we wud need to make the a change in the ownership

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem

c.ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem

Now we set the right ownership for the newly create cert...

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem

 

 

Now we build ucspi-tcp . what is it ?? tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications. The current ucspi-tcp interface is a refinement of the tcpserver/tcpclient interface in my 1991 clientserver package. tcpserver waits for incoming connections and, for each connection, runs a program of your choice. Your program receives environment variables showing the local and remote host names, IP addresses, and port numbers.

  cd /usr/src/qmail/ucspi-tcp-0.88/

RH 9/RHEL/Fedora/Slackware users: You will need to patch ucspi-tcp with an additional errno patch:

patch < /downloads/qmailrocks/patches/ucspi- tcp-0.88.errno.patch

make && make setup check

If you don't get any errors, that's it for ucspi-tcp!

 

 

Now we install daemontools-0.76

What is it?

daemontools is a collection of tools for managing UNIX services.

cd /package/admin/daemontools- 0.76

RH 9/RHEL/Fedora/Slackware users: You will need to patch daemontools with an additional errno patch:

cd /package/admin/daemontools- 0.76/src

patch < /downloads/qmailrocks/patches/daemontools- 0.76.errno.patch

cd /package/admin/daemontools- 0.76

package/install

Part 3 - EZmlm

EZmlm is a nice mailing list add-on to Qmail .EZmlm integrates seamlessly into Qmailadmin to provide a very user friendly mailing list management interface.

 

cd /downloads/qmailrocks/

tar zxvf ezmlm-0.53-idx-0.41.tar.gz

cd ezmlm-0.53-idx-0.41

make && make setup

If you don't get any errors, then ezmlm is all set up and ready to go!

Part 4 - Autoresponder

It allows us to set up autoresponders for mailboxes and so forth

 

cd /downloads/qmailrocks

tar zxvf autorespond-2.0.5.tar.gz

cd autorespond-2.0.5

make && make install

Part 5 - Vpopmail

Vpopmail allows us to do virtual domain mail hosting.

 

So let's install it...

cd /downloads/qmailrocks

tar zxvf vpopmail-5.4.13.tar.gz

cd vpopmail-5.4.13

Now let's configure vpopmail...

./configure --enable-logging=p  (logs errors with passwords )

this is what happens when you  configure vpop mial withthe given switch

vpopmail directory = /home/vpopmail

               uid = 507

               gid = 502

     roaming users = OFF --disable-roaming-users (default)

 password learning = OFF --disable-learn-passwords (default)

     md5 passwords = ON  --enable-md5-passwords (default)

      file locking = ON  --enable-file-locking (default)

vdelivermail fsync = OFF --disable-file-sync (default)

     make seekable = ON  --enable-make-seekable (default)

      clear passwd = ON  --enable-clear-passwd (default)

 user dir hashing  = ON  --enable-users-big-dir (default)

address extensions = OFF --disable-qmail-ext (default)

          ip alias = OFF --disable-ip-alias-domains (default)

       auth module = cdb  --enable-auth-module=cdb (default)

          auth inc = -Icdb

          auth lib =

  system passwords = OFF --disable-passwd (default)

        pop syslog = show failed attempts with clear text password

                     --enable-logging=p

      auth logging = ON  --enable-auth-logging (default)

 

make && make install-strip

If you get this error, you will need to apply a patch to Vpopmail:

patch < /downloads/qmailrocks/patches/vmysql.patch

Once you've applied the patch, try running "make" and "make install" again and you should be ok.

Part 6 - Vqadmin

Vqadmin is simply a nice web based interface that will let us manage Vpopmail .Through the interface we can create new domains, new users, net quotas, enable services and much more.

So let's install it...

cd /downloads/qmailrocks

tar zxvf vqadmin-2.3.6.tar.gz

cd vqadmin-2.3.6

./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html

 

this is wat happen when you configure withthe above given switch

 

Current settings

---------------------------------------

vpopmail directory = /home/vpopmail

               uid = 507

               gid = 502

       cgi-bin dir = /var/www/cgi-bin

       vqadmin dir = /var/www/cgi-bin/vqadmin

    mysql features = disabled

 

make && make install-strip

 

Now you will need to add the following to your server's Apache configuration file (usually httpd.conf)

<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>

 

In addition, within the Apache master config file you will want to set the "AllowOveride" option to "All". Example: AllowOverride All

cd /var/www/cgi-bin/vqadmin

vi .htaccess

AuthType Basic
AuthUserFile
  /usr/local/etc/.htpasswd
AuthName vQadmin
require valid-user
satisfy any

chown apache .htaccess (you may need to change the chown to either "nobody", "apache" or "www" etc., depending on what user your installation of Apache is running as)

chmod 644 .htaccess

htpasswd -bc /usr/local/.htpasswd admin admin_password

chmod 644 /usr/local/etc/.htpasswd

( -rw-r--r--    1 root     root           20 Jul 22 12:03 .htpasswd )

Now restart Apache...

apachectl stop

apachectl start

If all has gone well, you should now be able to browse (in your web browser) to:
http://www.yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi

Enter the user "admin" and whatever password your assigned it.

Part 7- Maildrop

Maildrop is a mail filtering agent which can be used to filter messages as they arrive on the server

Let's install it...

cd /downloads/qmailrocks

tar zxvf maildrop-1.6.3.tar.gz

cd maildrop-1.6.3

./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota

make && make install-strip && make install-man

 

Part 8 - Qmailadmin

Qmailadmin is going to provide us with a nice web based interface for administering mail accounts once they are setup through Vpopmail (or Vqadmin)

 

Let's install it...

cd /downloads/qmailrocks

tar zxvf qmailadmin-1.2.9.tar.gz

cd qmailadmin-1.2.9

./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html

following will happen wen we make install 

qmailadmin 1.2.9

            Current settings

---------------------------------------

       cgi-bin dir = /var/www/cgi-bin

          html dir = /var/www/html

         image dir = /var/www/html/images/qmailadmin

         image URL = /images/qmailadmin

      template dir = /usr/local/share/qmailadmin

         qmail dir = /var/qmail

      vpopmail dir = /home/vpopmail

   autorespond dir = /usr/bin

         ezmlm dir = /usr/local/bin/ezmlm

         ezmlm idx = yes

   mysql for ezmlm = yes

              help = no

      modify quota = no

   domain autofill = no

 modify spam check = no

make && make install-strip

Part 9 - Finalizing Qmail

Bellow is what this script does

The first thing we're going to do is create the qmail supervise scripts, create the the qmail rc and qmailctl scripts and then set the needed permissions on all these scripts.

So let's run the script...

/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script

 

#!/bin/sh
 
echo "This scripts will perform 3 functions:\n 
 
1. Copy all supervise scripts to their proper locations.\n
 
2. Copy the qmail rc and qmailctl scripts to their proper locations and create needed symlinks.\n 
 
3. Set all needed permisions on all supervise scripts.\n"
 
echo
 echo "Press ENTER to proceeed"
read
 
echo
sleep 2
  
echo "Copying supervise scripts to their correct locations..."
echo
sleep 2
  
cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_run /var/qmail/supervise/qmail-pop3d/run
 
cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_log /var/qmail/supervise/qmail-pop3d/log/run 
 
cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_run /var/qmail/supervise/qmail-smtpd/run
 
 cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_log /var/qmail/supervise/qmail-smtpd/log/run
 
cp /downloads/qmailrocks/scripts/finalize/linux/send_run /var/qmail/supervise/qmail-send/run 
 
cp /downloads/qmailrocks/scripts/finalize/linux/send_log /var/qmail/supervise/qmail-send/log/run
 
 echo Done!
echo
sleep 2
 
echo "Copying rc and qmailctl scripts to proper locations..." 
echo
sleep 2
 
cp /downloads/qmailrocks/scripts/finalize/rc /var/qmail/
  
cp /downloads/qmailrocks/scripts/finalize/qmailctl /var/qmail/bin/
 
echo Done!
echo  
sleep 2
 
echo "Setting needed permisions..."
echo
sleep 2 
 
chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl
 
chmod 751 /var/qmail/supervise/qmail-pop3d/run 
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run
 
chmod 751 /var/qmail/supervise/qmail-smtpd/run
 chmod 751 /var/qmail/supervise/qmail-smtpd/log/run
 
chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run 
 
echo ./Maildir > /var/qmail/control/defaultdelivery
 
echo 255 > /var/qmail/control/concurrencyremote 
 
chmod 644 /var/qmail/control/concurrencyremote
 
echo 30 > /var/qmail/control/concurrencyincoming 
 
chmod 644 /var/qmail/control/concurrencyincoming
 
ln -s /var/qmail/bin/qmailctl /usr/bin 
 
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
 
 echo "Done!"
echo
sleep 2
 
echo "Script Complete!" 
echo

 

 

 

vi /var/qmail/supervise/qmail-pop3d/run

Find "mail.example.com " and change it to your server's hostname. For example: mail.mydomain.com.

vi /var/qmail/supervise/qmail-smtpd/run

Find "mail.example.com " and change it to your server's hostname. For example: mail.mydomain.com

qmailctl stop

We setup selective relaying for localhost...

echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp

qmailctl cdb

Now we create the common system aliases. These aliases are going to tell Qmail what to do with common server-generated mails. Stuff like bouncebacks, cron daily output and various other systemic sources. It's a good idea to redirect these aliases to a mailbox that you are going to check on a regular basis. You don't want to have your systemic mails piling up in some deep dark corner of your server doing no good and slowly filling your disk up.

echo some_address > /var/qmail/alias/.qmail-root

where "some_address" is the system user or email address you want these addresses aliased to.

echo some_address > /var/qmail/alias/.qmail-postmaster

where "some_address" is the system user or email address you want these addresses aliased to.

echo some_address > /var/qmail/alias/.qmail-mailer-daemon

where "some_address" is the system user or email address you want these addresses aliased to.

ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous

chmod 644 /var/qmail/alias/.qmail*

Part 10 - Uninstalling Sendmail/Postfix

Removing Sendmail

rpm -qa | grep sendmail

/etc/rc.d/init.d/sendmail stop (to stop Sendmail)

rpm -e --nodeps sendmail-x.x.x.x
rpm -e --nodeps sendmail-doc-x.x.x.x
rpm -e --nodeps sendmail-devel-x.x.x.x
rpm -e --nodeps sendmail-cf-x.x.x.x

Removing Postfix

First, let's see if you actually have Postfix installed...

rpm -qa | grep postfix

If it's installed, you'll get an output similar to this:

postfix-x.x-x

So let's remove it...

/etc/rc.d/init.d/postfix stop

rpm -e --nodeps postfix-x.x-x

Establishing an "artificial" Sendmail path

Now we will need to set up an "artificial" Sendmail, which is just a symbolic link to Qmail's Sendmail. This is needed to ensure that the myriad of systemic mail scripts are still able to send mail! Qmail's "Sendmail" is nothing more than a direct injection into Qmail itself...

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail

ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

That's it! If all has gone well, Sendmail or Postfix should be uninstalled and the Qmail Sendmail should be in its place.

Part 11 - Starting qmail

let's run a script that will check the key components of the installation and make sure everything is alright.

/downloads/qmailrocks/scripts/util/qmr_inst_check

qmailctl stop

qmailctl start

qmailctl stat

You should see an output like this:

/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

Let's test your new server's POP3 service...

telnet localhost 110

you should see something like this:

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK < 16658.1054485137@yourserver.com>
user postmaster@mydomain.com
(enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK

quit
+OK
Connection closed by foreign host.

This is the sign of a successfull POP connection to the server!

This is the sign of a successfull POP connection to the server!

Now try sending mail to that same user from another location. Telnet to 110 again and run the "list" command and you should see the message that your send...

telnet localhost 110

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK < 16658.1054485137@yourserver.comt>
user postmaster@mydomain.com
(again, remember to log in with the full email address of the user)
+OK
pass your_password
+OK
list
+OK
1 323
(there's your message!)
.

quit
+OK
Connection closed by foreign host.

And now let's test your server's SMTP service to make sure the TLS functionaltiy is there...

telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 somewhere.anywhere.com ESMTP
ehlo localhost
250-somewhere.anywhere.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-
STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
[root@somewhere control]#

In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.

Part 12 - Installing Courier-imap/imaps with Courierpassd

For starters, we're going to install Courier-imap/imaps along with Courierpassd. We will also be installed the Courier-authlib package to enable proper authentication through courier-imap. Installing IMAP will, obviously, enable IMAP connections to the mail server and it is a necessary ingredient for most popular web based mail clients such as Horde, SQwebmail and Squirrelmail. Courier-imap is the preferred IMAP server to install because it has built in support the vchkpw mail user setup that Vpopmail utilizes. In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we're going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely. This will come in handy when we install Squirrelmail in the next step of the installation. Courierpassd will allow your mail users to change their passwords using the Squirrelmail interface. This will give your users more power over their account settings and, more importantly, keep them from pestering you whenever they want to change their passwords. Keep in mind that when we get to compiling courier-imap, it

 

So let's start by installing courier-authlib...

cd /downloads/qmailrocks/

tar jxvf courier-authlib-0.55.tar.bz2

cd courier-authlib-0.55

./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat

make && make check

make install-strip && make install-configure

Now we will add a startup command for authedaemond to the /etc/rc.local file to ensure startup on boot...

vi /etc/rc.local

Add the following line:

/usr/local/sbin/authdaemond start

Now let's install courier-imap/imaps...

Remember, courier imap needs to be compiled by a NON-ROOT USER. For the purposes of this guide, I am going to use a NON ROOT user called bsmith. Anyone who doesn't read this and asks me who "bsmith" is will be smacked across the head.

cd /downloads/qmailrocks/

tar jxvf courier-imap-4.0.2.tar.bz2

chown -R agnello:wheel courier-imap-4.0.2

cd /downloads/qmailrocks/courier-imap-4.0.2

su - agnello

./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat

Note: the configure process will take a few minutes. Go grab a snack...

make && make check

Now we will exit out of our NON-ROOT USER and go back to being root...

exit

make install-strip && make install-configure

Now let's create an SSL certificate for the IMAP-SSL server...

/usr/local/sbin/mkimapdcert

This will start and automated process that creates a self-signed imap-ssl X.509 certificate called imapd.pem. It should create this new certificate at /usr/local/share/imapd.pem. If the certificate already exists, the "mkimapdcert" tool will not let you overwrite it.

A Note on IMAP-SSL certificates: Keep in mind that since this SSL certificate is self-signed and is not from a "trusted" authority such as Verisign or Thawte, mail clients such as Outlook will give a warning when they attempt to connect to your IMAP-SSL server on port 993. The warning will state that the certificate is not from a "trusted" authority. While the warning is a bit ugly, it does NOT mean your IMAP-SSL connection is any less secure than it would be with a real certificate from Verisign or Thawte. All it means is that the SSL certificate was not generated by a company which Microsoft recognizes as a "trusted" authority. From a security standpoint, however, your IMAP-SSL server is every bit as secure as it would be if you bought the certificate from Verisign or Thawte. If the warning is too inconvenient for your purposes, you will need to purchase a "real" certificate from a "trusted" authority such as Verisign or Thawte. Be prepared to shell out a good chunk of change if you do so.

vi /usr/local/etc/imapd.cnf

change postmaser@example.com an administrative email address

Save and exit

vi /usr/local/etc/imapd

Make sure that the following configuration exists: IMAPDSTART=YES

vi /usr/local/etc/imapd-ssl

Make sure that the following configuration exists: IMAPDSSLSTART=YES

Make sure that the following configuration exists: TLS_CERTFILE=/usr/local/share/imapd.pem

Save and exit the file.

vi /usr/local/etc/authlib/authdaemonrc

Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so:

authmodulelist="authvchkpw"

Save and exit the file.

Now we create the startup scripts...

cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap

cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps

Now let's start up Authdaemond, IMAP and IMAPS. To be safe we'll stop each service before starting it...

/usr/local/sbin/authdaemond stop

/usr/local/sbin/authdaemond start

/etc/rc.d/init.d/imap stop

/etc/rc.d/init.d/imaps stop

/etc/rc.d/init.d/imap start

/etc/rc.d/init.d/imaps start

If you run "nmap localhost", you should see both 143 and 993 now open and listening.

Now let's test it...

telnet localhost 143

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@mydomain.com my_password
a OK LOGIN Ok.
(successful login!)
a logout
(logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.

Hint: The "a " that you see before my login commands is required.

If you were able to log in , as in the example above, you're all set. IMAP is installed! For further testing, you can configure a mail client such as Outlook to test both the IMAP and IMAP-SSL connetion to your server. IMAPS runs on port 993.

Now that Couroier-imap is installed, let's install Courierpassd. Remember, Courierpassd is going allow us to enable your mail users to change their own mail passwords via the Squirrelmail interface.

Note: Courierpassd will require that port 106 be open to at least local traffic (traffic from 127.0.0.1)

cd /downloads/qmailrocks

tar zxvf courierpassd-1.1.0-RC1.tar.gz

cd courierpassd-1.1.0-RC1

./configure

make && make install

OK. Courierpassd is installed now. Next, we are going to configure Xinetd/Inetd to run courierpassd. Most Redhat installations use Xinetd, but I've included Inetd directions just in case

If your server uses Xinetd, here's how you integrate Courierpassd into it:

cd /etc/xinetd.d

Here we create the xinetd script for courierpassd...

vi courierpassd

service courierpassd
{
port = 106
socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from = 127.0.0.1
instances = 4
disable = no
}

Note: You may want to add additional IP's to the "only_from" setting above, depending on your needs.

Save and exit.

Now let's add the Courierpassd service to the system's services file:

vi /etc/services

Append to following line to the /etc/services file:

courierpassd 106/tcp #for /etc/xinetd.d/courierpassd

If your system uses Xinetd, them we now want to restart Xinetd:

/etc/rc.d/init.d/xinetd restart

If your system uses Inetd, then we now want to restart Inetd

/etc/rc.d/init.d/inetd restart

Now let's test Courierpassd by trying the reset the password for a mail account. Here's what a successfull test should look like:

root@redbox:/# telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user postmaster@qmailrocks.org
200 Your password please.
pass
my_password (don't be a dumbass. Put your own password here)
200 Your new password please.
newpass
my_new_password (don't be a dumbass. Put your new password here)
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
root@redbox:/#

If the above session is successful for you, Courierpassd is working correctly

Part 13 - Installing Squirrelmail

Now that we have Qmail running with IMAP, we can install a webmail client to make mail accessible via a web browser. My choice for this was Squirrelmail.

 

Check is php is installed

Rpm- q php

 

Edit the /etc/php.ini

file_uploads = On

 

Installing Squirrelmail

Now that we have Qmail running with IMAP, we can install a webmail client to make mail accessible via a web browser.

 

  1. First of all, make sure some rendition of PHP 4 is installed.

Rpm –q  php

 

2. Make sure you have PHP uploads turned ON. Here's the line you will want to check/edit:

file_uploads = On

That's it for the PHP setup.

Now let's download Squirrelmail... to cd /download/

Tar –zxvf squirrelmail-1.4.10a.tar.gz

Cd squirrelmail-1.4.10a

Mv squirrelmail-1.4.10a webmail

mkdir /var/sqattachements

 

chown -R apache:apache /var/sqattachements

cd webmail

 

chown -R apache:apache data (or whatever user apache runs as)

cd config

./conf.pl

This will run the Squirrelmail setup script which will allow you to customize the installation as well as set your server settings.

Bellow is the normal setting

General
-------
1. Domain :192.168.0.243

2. Invert Time : false
3. Sendmail or SMTP : SMTP

IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect

SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false

Once you've configured Squirrelmail to your liking, it's time to configure Apache to serve our new webmail interface

Vi http.conf

<VirtualHost 192.168.0.243:80>
ServerName
mail.mydomain.com
ServerAlias mail.*
ServerAdmin
postmaster@mydomain.com
DocumentRoot
/download/webmail

 </VirtualHost>

 

Ok, now that Apache is all configured, let's test the new webmail interface...

http://www.yourdomain.com/webmail   or  http://192.168.0.243/webmail

Starting Courier-imap on boot - make sure the following 2 lines exist in your server's /etc/rc.local file:

/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start

/etc/rc.d/init.d/httpd start

Maintaining administrative mailboxes

The destination for most the server's administrative addresses is usually determined by the aliases you have created at /var/qmail/aliases.

 

Backing up your qmail server

home/vpopmail - backs up all your domain information, including mailboxes, passwords and the messages themselves

var/qmail - backs up all of your qmail settings

 

following are important links

http://192.168.0.243/cgi-bin/qmailadmin

http://192.168.0.243/cgi-bin/vqadmin/vqadmin.cgi

http://http://192.168.0.243/webmail

 

 

 

Some example vpopmail commands :

To add a domain :

/home/vpopmail/bin/vadddomain yourdomain.com yourpassword

# this creates the domain and makes a mailbox postmaster@yourdomain.com

To add a mailbox:

/home/vpopmail/bin/vadduser someone@yourdomain.com apassword

(Or you can do it via qmailadmin)

To remove a mailbox

/home/vpopmail/bin/vdeluser someone@ yourdomain.com

(Or you can do it via qmailadmin)

To remove a domain :

/home/vpopmail/bin/vdeldomain yourdomain.com

To change a user's password

/home/vpopmail/bin/vpasswd someone@yourdomain.com newpassword

(Or you can do it via qmailadmin)

To lookup info about a user

/home/vpopmail/bin/vuserinfo someone@yourdomain.com

This gives you info such as name, crypted password, cleartext password, dir, quota, usage%, last auth.
It has a number of flags to let you see the individual fields, or you can see them all if you dont use any flags.

It also creates the maildirsize file in the users dir

 


--

Other Articles

Enter your email address: