Qmail + vpopmail + CourierIMAP + sqwebmail for BSDI 4.1 Tutorial (v1.0)
By Matt Simerson ( 9/15/00)

NOTICE: This document is deprecated! Please visit the Mail::Toaster pages for current project updates.

This HOW-TO makes some bold assumptions. First it assumes that you are a somewhat competent system administrator. If you're not, you still stand a decent chance of making it through but no guarantees. Second, it assumes you run BSDI 4.1 and are patched up. PAY ATTENTION to versions of software as listed below. Many of the software packages evolve and you'll need to tweak the configure scripts to make them match the way I've got them set here. Read the changelog files on newer packages and see what's changed before whining because something doesn't work.

Installation order IS important. Some of these programs check and configure themselves for use with each other. Build them in this order and your life will be better. Also, I'm aware the some are in the ports collection already. However, the versions there aren't worth updating so it's better to snag the latest copies which I've documented below. Last, this, near as I can tell, everything I had to do. Since some of it's post-mortem and

Now we'll show you how to build a BSDI mail server with all the following features:

SMTP E-Mail Server
POP3 Virtual/Local Domain Hosting
POP3 Virtual/Local Domain Users
AutoResponder
Mailing List
Web Based E-Mail (SSL)
Web Based Virtual/Local Domain/User Control Interface
Spell checking for Web based mail
Spam Blocking
Mail filtering
SMTP/POP3/SEND logging
POP-before SMTP roaming
IMAP & IMAP SSL

First we'll go out and collect all the following programs:

qmail-1.03.tar.gz : qmail!
ucspi-tcp-0.88.tar.gz : Inetd replacement
daemontools-0.70.tar.gz : Useful tools for managing daemons
qmailanalog-0.70.tar.gz: Tools for compiling qmail logs into useful info.
ezmlm-0.53.tar.gz: Mailing list manager
ezmlm-idx-0.40.tar.gz: Mailing list extensions
apache-ssl: Secure HTTP server
vpopmail-4.9.2.tar.gz : Virtual Domain/POP module
autorespond-1.0.0.tar.gz : Auto Responder module
gdbm-1.8.0.tar.gz : Database routines
maildrop-1.2: gives users optional mail filtering
qmailadmin-0.35.tar.gz : Web Control Interface
sqwebmail-0.99.tar.gz: Web mail interface
courier-IMAP-1.0.0: IMAP support for Maildir

# mkdir /usr/local/src/mail; cd /usr/local/src/mail
# lynx http://cr.yp.to/software/qmail-1.03.tar.gz
# lynx http://www.ckdhr.com/ckd/qmail-103.patch
# lynx http://cr.yp.to/daemontools/daemontools-0.70.tar.gz
# lynx http://cr.yp.to/software/qmailanalog-0.70.tar.gz
# lynx http://cr.yp.to/software/ezmlm-0.53.tar.gz
# lynx http://www.ezmlm.org/pub/patches/ezmlm-idx-0.40.tar.gz
# lynx http://www.inter7.com/vpopmail/vpopmail-4.9.2.tar.gz
# lynx http://www.vpopmail.cx/autorespond-1.0.0.tar.gz
# lynx ftp://prep.ai.mit.edu/gnu/gdbm/gdbm-1.8.0.tar.gz
# lynx http://download.sourceforge.net/courier/maildrop-1.1.20000805.tar.gz
# lynx http://www.inter7.com/qmailadmin/qmailadmin-0.37.tar.gz
# lynx ftp://download.sourceforge.net/pub/sourceforge/courier/sqwebmail-0.99.tar.gz
# lynx ftp://download.sourceforge.net/pub/sourceforge/courier/courier-imap-0.99.tar.gz

Make Users & Groups for Vpopmail & Apache-SSL

# addgroup nofiles
# adduser -g nofiles -H/var/qmail/alias -G,,, -s/dev/null -P'*' alias
# adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaild
# adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmaill
# adduser -g nofiles -H/var/qmail -G,,, -s/dev/null -P'*' qmailp
# addgroup qmail
# adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailq
# adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmailr
# adduser -g qmail -H/var/qmail -G,,, -s/dev/null -P'*' qmails
# addgroup vchkpw
# adduser -g vchkpw -H/home/vpopmail -G,,, -s/nonexistent -P'*' vpopmail
# addgroup www
# adduser -g www -H/usr/local/www -G,,, -s /nonexist -P'*' www

Make Users & Directories for Logging and Special Modules

# mkdir /var/log/qmail; cd /var/log/qmail
# mkdir qmail-send qmail-smtpd qmail-pop3d
# chown -R qmaill.wheel /var/log/qmail
# chmod -R 750 /var/log/qmail

# mkdir /var/qmail/supervise; cd /var/qmail/supervise
# mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
# chmod +t qmail-smtpd qmail-send qmail-pop3d

Install Qmail (with a few "standard" hacks)

# cd /usr/local/src/mail
# tar -xvf qmail-1.03.tar; cd qmail-1.03
# patch < ../qmail-103.patch
# vi conf-split
replace default # with 200
# vi conf-spawn
replace default # with 255
# make man
# make setup check
# ./config
# echo 255 > /var/qmail/control/concurrencyremote
# chmod 644 /var/qmail/control/concurrencyremote

Set up qmail config files

# vi /etc/tcp.smtp
127.0.0.1:allow,RELAYCLIENT=""
:allow

# vi /etc/rc (comment out sendmail stuff)
# chmod 0 /usr/sbin/sendmail
# mv /usr/sbin/sendmail /usr/sbin/sendmail.dist
# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

# echo username > ~alias/.qmail-root
# echo username > ~alias/.qmail-postmaster
# echo username > ~alias/.qmail-mailer-daemon

# /var/qmail/bin/maildirmake /usr/share/skel/skel.en_US/Maildir (only necessary if using /etc/passwd accounts)

Install UNIX Client-Server Program Interface for TCP

# tar -xvf ucspi-tcp-0.88.tar
# cd ucspi-tcp-0.88
# make; make man; make setup

Install Daemon Tools (Useful tools)

# tar -xvf cd daemontools-0.70.tar
# cd daemontools-0.70
# make; make setup

Install qmailanalog

# tar -xvf qmailanalog-0.70.tar
# cd qmailanalog-0.70
# make; make setup check

Install Ezmlm & Ezmlm-idx (Mailing List)

# tar -xvf ezmlm-0.53
# tar -xvf ezmlm-idx-0.40
# cd ezmlm-0.53
# mv ../ezmlm-idx-0.40/* ./
# patch < idx.patch
# make
# make man
# make setup

Install Apache-SSL www server

You'll need to use OpenSSL for the Apache-SSL to work for you. But, of course you've already got it installed right? Good, now go visit apache-ssl.org and RTFM, you need to fetch apache 1.3.12 and apache+ssl-1.4.0. Here's few config hints:

# change this in the "Global Environment)
Listen 443
Listen 80
BindAddress *

# insert this into the "main" server section
Port 443
SSLNoCAList
SSLRandomFile /dev/urandom 1024
SSLRandomFilePerConnection /dev/urandom 1024
SSLEnable
SSLCacheServerPath sbin/gcache
SSLCacheServerPort /var/log/cache_port
SSLCacheServerRunDir /tmp
SSLSessionCacheTimeout 15
#SSLCACertificatePath /usr/local/certs/ca/
#SSLCACertificateFile /usr/local/certs/some.CA.cert.pem
SSLCertificateFile /usr/local/certs/host.cert.cert
SSLCertificateKeyFile /usr/local/certs/host.cert.key
SSLVerifyClient 0
SSLVerifyDepth 10

SSLFakeBasicAuth
SSLBanCipher NULL-MD5:NULL-SHA

# Put this into the "Virtual Hosts" section
<VirtualHost _default_:80>
SSLDisable
Port 80
DocumentRoot /usr/local/www/htdocs
ErrorLog /var/log/httpd-error_log
CustomLog /var/log/httpd-access_log combined
</VirtualHost>

Create a signed certificate for testing:

# mkdir /usr/local/certs; cd /usr/local/certs
# openssl req -new > host.cert.csr
# openssl rsa -in privkey.pem -out host.cert.key
# openssl x509 -in host.cert.csr -out host.cert.cert -req -signkey host.cert.key -days 365

Fire up out web server, fix any problems, and set up the permissions for it.

# /usr/local/sbin/httpsdctl start
smile if it works. :-) I needed to edit the httpsdctl script to point at the httpsd.conf file.

Installing Vpopmail (Virtual Domain & POP)

# tar zxvf vpopmail-4.9.2.tar.gz
# cd vpopmail-4.9.2
# ./configure --enable-roaming-users=y --enable-logging=p --enable-apop=y
# make
# make install-strip

# crontab -e
40 * * * * /usr/home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
# ln -s ~vpopmail/doc/man_html /usr/local/www/htdocs/vpopmail

Now you can point your web browser at http://host.yourdomain.com/vpopmail and see the spiffy documentation that comes with vpopmail. Since your test certificate isn't signed by a CA you'll have to approve it manually. Older versions of IE didn't deal well with new certificates.

Install AutoResponder

# tar -xvf autorespond-1.0.0.tar
# cd autorespond-1.0.0
# gcc -Wall -o autorespond autorespond.c
# cp autorespond /usr/local/bin

Install GDBM (Database Routines)

# tar -xvf gdbm-1.8.0.tar
# cd gdbm-1.8.0
# ./configure
# make install

Install maildrop

# tar zxvf maildrop-1.1.20000805.tar.gz; cd maildrop-1.1.20000805
# ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
# make install-strip
(Version 1.2 should install stuff into /usr/local by default, prior versions do not!)

Install Qmailadmin (Web Control Interface)

# tar zxvf qmailadmin-0.35.tar.gz
# cd qmailadmin-0.35
# ./configure --enable-htmldir=/var/www/docs --enable-cgibindir=/var/www/cgi-bin
# make install-strip

OK, I told you it gets better, now point your web browser at http://host.yourdomain.com/cgi-bin/qmailadmin. Pretty cool eh? You can't do much because you haven't defined any virtual domains yet but hang in there. :-)

Install Sqwebmail (Web Based Email Checking)

# tar -xvf sqwebmail-0.99
# cd sqwebmail-0.99
# ./configure --with-cachedir --enable-webpass=vpopmail --with-module=authvchkpw --enable-https --enable-cgibindir=/var/www/cgi-bin --enable-imagedir=/var/www/docs --includedir=/usr/local/include --without-authdaemon --without-authcram
# make configure-check
# make check
# make install
# crontab -e
40 * * * * /usr/local/share/sqwebmail/cleancache.pl 2>&1 > /dev/null

# chmod -R 755 /var/www/docs/webmail
# chmod -R a+rx /usr/local/share/sqwebmail

Install Courier-IMAP

# tar zxvf courier-imap-1.0.tar.gz; cd courier-imap-1.0
# ./configure --prefix=/usr/local --exec-prefix=/usr/local --without-authldap --disable-root-check --with-ssl [--enable-workarounds-for-imap-client-bugs]
# make
# make install (install-strip is better but it fails for me)
# cp /usr/local/libexec/imap.rc & imapd-ssl.rc to /usr/local/etc/rc.d
# cd /usr/local/share; ./mkimapdcert
# vi /usr/local/etc/imapd.config (change AUTHMODULES="authvchkpw"
# sh /usr/local/etc/rc.d/imapd.rc start
# vi /usr/local/etc/imapd-ssl.config (change IMAPDSSLSTART=YES)
# sh /usr/local/etc/rc.d/imapd-ssl.rc start

At this point in time, we'll start to add, remove and edit configuration files. We will also accomplish a number of other fun things.

Edit DNS zone file - This is a very primitive example, you will need to get the dns properly configured for each domain you add. If your dns records are incorrect you will likely have problems with mail routing. For some helpful DNS links have a look at http://matt.cadillac.mi.us/computing/dns.html.

# vi domain.com.db

$TTL 86400
@ IN SOA server.domain.com. root.domain.com. (
20000524 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum

@ IN NS ns.domain.com.
server.domain.com. IN A 200.200.200.201
mail IN A 200.200.200.202
domain.com. IN MX 10 mail

Adding Domains

# ~vpopmail/bin/vadddomain domain.com [password-for-postmaster]
(optional flags -a for APOP auth, or "-q quotasize" for a domain quota)

vadddomain will modify the following qmail files (default locations used) :

/var/qmail/control/locals
/var/qmail/control/rcpthosts
/var/qmail/control/morercpthosts (if rcpthosts > than 50 lines)
/var/qmail/control/virtualdomains
/var/qmail/users/assign
/var/qmail/users/cdb

It will also create a domains directory

~vpopmail/domains/domain.com
~vpopmail/domains/domain.com/postmaster/Maildir ...
~vpopmail/domains/domain.com/vpasswd
~vpopmail/domains/domain.com/vpasswd.cdb

If you do not specify a password on the command line, it will prompt for a password for the postmaster.
Then it will send a kill -HUP signal to qmail-send telling it to re-read the control files.

VDELDOMAIN: Delete a virtual domain

# ~vpopmail/bin/vdeldomain domain.com

VADDUSER: Adding a pop user

# ~vpopmail/bin/vadduser newuser@domain.com [password-for-newuser]
(optional flags are "-a" for APOP, "-q quotasize" for a mailbox quota.)

In the case where the domain is specified (user@domain.com), the user is added to the ~vpopmail/domains/domain.com directory. If you don't enter a password on the command line, it will prompt for a password.

VDELUSER: Delete a pop user

# ~vpopmail/bin/vdeluser newuser@domain.com

VPASSWD: Changing a pop users password

# ~vpopmail/bin/vpasswd newuser@domain.com [password]

VSETUSERQUOTA

# ~vpopmail/bin/vsetuserquota domain.com 50M
# ~vpopmail/bin/vsetuserquota tiny@domain.com 500 (bytes unless K or M specified)
# ~vpopmail/bin/vsetuserquota super@user.com NOQUOTA

VMODUSER

vmoduser: usage: email_addr
-u(no dialup)
-d(no password changing)
-p(no pop access)
-w(no web mail access)
-i(no imap access)
-b(bounce mail)
-r(no external relay)
-c command (modify the comment/gecos field)
-x(clear all flags)

OK, now it's time to get qmail up and running. We're going to create a bunch of startup files that the daemontools package will monitor for us. Should one croak it'll restart it and it also gives us the ability to limit the daemons and give them some instructions on how to behave.

Supervise/Svscan Startup

# vi /var/qmail/rc

#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start '| /usr/local/bin/maildrop'

# cd /var/qmail/supervise
# vi qmail-pop3d/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 110 qmail-popup server.domain.com \
/usr/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1

# chmod 751 qmail-pop3d/run
# vi qmail-pop3d/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1

# chmod 751 qmail-pop3d/log/run
# vi qmail-smtpd/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec softlimit -m 2000000 tcpserver -p -R -x /etc/tcp.smtp.cdb \
-u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd qmail-smtpd 2>&1

# chmod 751 qmail-smtpd/run
# vi qmail-smtpd/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1

# chmod 751 qmail-smtpd/log/run
# vi qmail-send/run

#!/bin/sh
exec /var/qmail/rc

# chmod 751 qmail-send/run
# vi qmail-send/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1

# chmod 751 qmail-send/log/run
# vi /usr/local/bin/qmail

#!/bin/sh

PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH

case "$1" in
start)
echo -n "Starting qmail: svscan"
cd /var/qmail/supervise
env - PATH="$PATH" svscan &
echo $! > /var/run/svscan.pid
echo "."
;;
stop)
echo -n "Stopping qmail: svscan"
kill `cat /var/run/svscan.pid`
echo -n " qmail"
svc -dx /var/qmail/supervise/*
echo -n " logging"
svc -dx /var/qmail/supervise/*/log
echo "."
;;
stat)
cd /var/qmail/supervise
svstat * */log
;;
doqueue|alrm)
echo "Sending ALRM signal to qmail-send."
svc -a /var/qmail/supervise/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /var/qmail/supervise/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /var/qmail/supervise/qmail-send
echo "Pausing qmail-smtpd"
svc -p /var/qmail/supervise/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /var/qmail/supervise/qmail-send
echo "Continuing qmail-smtpd"
svc -c /var/qmail/supervise/qmail-smtpd
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /var/qmail/supervise/qmail-smtpd
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /var/qmail/supervise/qmail-send
echo "* Restarting qmail-smtpd."
svc -u /var/qmail/supervise/qmail-smtpd
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp*
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- sends qmail-send ALRM, scheduling queued messages for delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac

exit 0

# chmod 751 /usr/local/bin/qmail

Clean Directories (start fresh - DANGEROUS (only necessary on reinstalls))

# cd /var/qmail/supervise
# rm -r qmail-smtpd/supervise qmail-smtpd/log/supervise
# rm -r qmail-send/supervise qmail-send/log/supervise
# rm -r qmail-pop3d/supervise qmail-pop3d/log/supervise
# cd /var/log/qmail ; rm -rf qmail-pop3d/* ; rm -rf qmail-send/* ; rm -rf qmail-smtpd/*

Fire up qmail

# qmail start

What you should see in the process list:
# ps au

USER PID TT STAT STARTED TIME COMMAND
root 33322 p1 S 11:14PM 0:00.02 svscan
root 33323 p1 I 11:14PM 0:00.01 supervise qmail-send
root 33324 p1 I 11:14PM 0:00.01 supervise log
root 33325 p1 I 11:14PM 0:00.01 supervise qmail-smtpd
root 33326 p1 I 11:14PM 0:00.01 supervise log
root 33327 p1 I 11:14PM 0:00.01 supervise qmail-pop3d
root 33328 p1 I 11:14PM 0:00.00 supervise log
root 33329 p1 I 11:14PM 0:00.00 tcpserver -H -R -v -c100 0 pop3 qmail-popup pop.domain.com /home/vpopmail/bin/vchkpw qmail-pop3d Maildir
qmails 33330 p1 I 11:14PM 0:00.04 qmail-send
root 33331 p1 I 11:14PM 0:00.00 qmail-lspawn ./Maildir/
qmailr 33332 p1 I 11:14PM 0:00.00 qmail-rspawn
qmailq 33333 p1 I 11:14PM 0:00.00 qmail-clean
qmaill 33334 p1 I 11:14PM 0:00.00 multilog t s100000 n20 /var/log/qmail/qmail-smtpd
qmaild 33335 p1 I 11:14PM 0:00.01 tcpserver -p -R -x /etc/tcp.smtp.cdb -u 82 -g 81 0 smtp rblsmtpd qmail-smtpd
qmaill 33338 p1 I 11:14PM 0:00.00 multilog t s100000 n20 /var/log/qmail/qmail-send
qmaill 33339 p1 I 11:14PM 0:00.00 multilog t s100000 n20 /var/log/qmail/qmail-pop3d

OK, now your system is up and running and you're ready to have some real fun. Point a web browser at http://mail.domain.com/cgi-bin/qmailadmin. Lot in with postmaster, domain.com, and your password. Add a user named "user". Time to send some email:

# mail user@domain.com
Subject: test
test
.
# ls ~vpopmail/domains/domain.com/user/Maildir/*

You should see a file in the new directory. If not, head on over to /var/log/qmail and figure out why.

Users can now get their email at the following addresses:

# pop3://mail.domain.com
# imap://mail.domain.com
# imaps://mail.domain.com
# http://mail.domain.com/cgi-bin/sqwebmail (redirects to https)
# https://mail.domain.com/cgi-bin/sqwebmail

Domain administrators can add/edit/delete users, mailing lists, autoresponders, mail forwarding, and aliases by logging into the qmailadmin interface:

# http://mail.domain.com/cgi-bin/qmailadmin
# https://mail.domain.com/cgi-bin/qmailadmin

SYSTEM ADMIN stuff.

Convert Multilog date stamps to human readable date stamps

# tai64nlocal < logfile > qmaillog.tmp

Statistics about your mail queue:

Feed your qmail-send output through matchup and pipe it through a stats processor:
# /usr/local/qmailanalog/bin/matchup < /var/log/qmail/qmail-send/current | /usr/local/qmailanalog/bin/z*
where z* is one of the following
# zddist, zdeferrals, zfailures, zoverall, zrecipients, zrhosts, zrxdelay, zsenders, zsuccesses, zsuids

Modify the HTML interface:

Sqwebmail: html temples live in /usr/local/share/sqwebmail/html/en-us/
qmailadmin: html templates live in /usr/local/share/qmailadmin/html/