|
Qmail + vpopmail + CourierIMAP + sqwebmail for FreeBSD 4.2 Tutorial (v1.3)
Written by Matt Simerson and last updated 12/1/2000.
This HOW-TO makes some bold assumptions. First it assumes that you are
a moderately competent system administrator. If you're not, you still
stand a decent chance of making it through but no guarantees. Second,
it assumes you run FreeBSD and you track the -stable source tree. This
HOW-TO is written specifically for the 4-stable tree. PAY ATTENTION to
versions of software as listed below. Read the changelog files on newer
packages and see what's changed before whining because something doesn't
work.
Installation order IS important. Some of these programs check and configure
themselves for use with each other. Build them in this order and your
life will be better. Also, I'm aware the some are in the ports collection
already. If they did things the way I wanted, I'd use them.
Now I'll show you how to build a mail server with all the following features:
SMTP E-Mail Server
POP3 Virtual/Local Domain Hosting
POP3 Virtual/Local Domain Users
Auto Responder
Mailing List
Web Based E-Mail (SSL)
Web Based Virtual/Local Domain/User Control Interface
Spell checking for Web based mail
Spam Blocking
Mail filtering
SMTP/SEND logging
SMTP roaming with POP & IMAP AUTH
POP3 & POP3 SSL
IMAP & IMAP SSL
You will install the following programs:
qmail-1.03.tar.gz : qmail!
ucspi-tcp-0.88.tar.gz : Inetd replacement
daemontools-0.70.tar.gz : Useful tools for
managing daemons
qmailanalog-0.70.tar.gz: Tools for compiling
qmail logs into useful info.
ezmlm-idx-0.40.tar.gz: Mailing list management
apache-ssl: Secure HTTP server
vpopmail-4.9.6.tar.gz : Virtual Domain/POP module
autorespond-1.0.0.tar.gz : Auto Responder
module
gdbm-1.8.0.tar.gz : Database routines
ispell: Gives users a spell check for web mail
maildrop-1.2: gives users optional mail filtering
qmailadmin-0.39.tar.gz : Web Control Interface
sqwebmail-1.0.3.tar.gz: Web mail interface
courier-IMAP-1.2.2: IMAP & POP3 servers
for Maildir
Make Users & Groups for Vpopmail & Apache-SSL
# pw groupadd -n vchkpw -g 88
# pw useradd -n vpopmail -u 88 -g 88 -c Vpopmail-Master -d /usr/home/vpopmail
-s /sbin/nologin
# pw groupadd -n www -g 89
# pw useradd -n www -u 80 -g 89 -c https -d /usr/local/www -s /sbin/nologin
Make Users & Directories for Logging and Special Modules
# mkdir /var/log/mail; cd /var/log/mail
# mkdir send smtp pop3 pop3-ssl imap imap-ssl
# chown -R qmaill.wheel /var/log/mail
# chmod -R 750 /var/log/mail
# mkdir /var/qmail/supervise; cd /var/qmail/supervise
# mkdir -p smtp/log send/log
# chmod +t smtp send
Install Qmail (with a few "standard" hacks)
# cd /usr/ports/mail/qmail
# make ( fetches qmail and installs the dns patch to support non-RFC
>512 dns entries (bad AOL))
# cd work/qmail-1.03 # make clean
# vi conf-split
replace default # with 200
# vi conf-spawn
replace default # with 255
# make setup
# ./config-fast domain.com (or read INSTALL.ctl for control file settings)
# cd ../../; make clean
# echo 255 > /var/qmail/control/concurrencyremote
# chmod 644 /var/qmail/control/concurrencyremote
Edit config files
# vi ~vpopmail/etc/tcp.smtp
127.0.0.1:allow,RELAYCLIENT=""
:allow
# echo username > /var/qmail/alias/.qmail-root
# echo username > /var/qmail/alias/.qmail-postmaster
# echo username > /var/qmail/alias/.qmail-mailer-daemon
# /var/qmail/bin/maildirmake /usr/share/skel/Maildir ( necessary if
using /etc/passwd accounts)
Install UNIX Client-Server Program Interface
for TCP
# cd /usr/ports/sysutils/ucspi-tcp
# make install clean
Daemon Tools (Useful tools)
# cd /usr/ports/sysutils/daemontools
# make install clean
Qmailanalog
# cd /usr/ports/mail/qmailanalog
# make install clean
Install Ezmlm & Ezmlm-idx (Mailing List)
# cd /usr/ports/mail/ezmlm-idx
# make install
# cp /work/ezmlm-0.53/ezmlmrc /usr/local/bin
# make clean
Install Apache-SSL www server
# cd /usr/ports/www/apache13-ssl
# make install clean
# vi /usr/local/etc/apache/httpsd.conf
Apache config file changes
Create a signed certificate for testing:
# mkdir /usr/local/certs; cd /usr/local/certs
# openssl req -new > host.cert.csr
# openssl rsa -in privkey.pem -out host.cert.key
# openssl x509 -in host.cert.csr -out host.cert.cert -req -signkey host.cert.key
-days 365
Fire up our web server, fix any problems, and set up the permissions
for it.
# /usr/local/sbin/httpsdctl start
smile if it works. :-) I needed to edit the httpsdctl script to point
at the httpsd.conf file.
Vpopmail (Virtual Domain & POP)
# mkdir /usr/local/src; cd /usr/local/src
# lynx http://www.inter7.com/vpopmail/
# tar xvzf vpopmail-4.9.6.tar.gz
# cd vpopmail-4.9.6
# ./configure --enable-roaming-users=y --enable-logging=p --enable-hardquota=100000000
--enable-relay-clear-minutes=30
# make
# make install-strip
# crontab -e
9-59,10 * * * * /usr/home/vpopmail/bin/clearopensmtp 2>&1 >
/dev/null
# ln -s ~vpopmail/doc/man_html /usr/local/www/htdocs/vpopmail
Now you can point your web browser at https://host.yourdomain.com/vpopmail
and see the spiffy documentation that comes with vpopmail. Since your
test certificate isn't signed by a CA you'll have to approve it manually.
Older versions of IE didn't deal well with new certificates.
Auto Responder
# cd /usr/ports/mail/autorespond
# make install clean
GDBM (Database Routines)
# cd /usr/ports/databases/gdbm
# make install clean
Ispell
# cd /usr/ports/textproc/ispell
# make install clean
Maildrop
# cd /usr/local/src
# lynx http://www.flounder.net/~mrsam/maildrop/
# tar zxvf maildrop-1.2.2.tar.gz; cd maildrop-1.2.2
# ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root
--enable-maildrop-gid=vchkpw --enable-maildirquota
# make install-strip
# make install-man
Qmailadmin (Web Control Interface)
# cd /usr/local/src
# lynx http://www.inter7.com/qmailadmin/
# ./configure --enable-htmldir=/usr/local/www/htdocs --enable-cgibindir=/usr/local/www/cgi-bin
# make install-strip
OK, I told you it gets better, now point your web browser at http://host.yourdomain.com/cgi-bin/qmailadmin.
Pretty cool eh? You can't do much because you haven't defined any virtual
domains yet but hang in there. :-)
Sqwebmail (Web Based Email Checking)
# lynx http://www.inter7.com/sqwebmail
# ./configure --with-cachedir --enable-webpass=vpopmail --with-module=authvchkpw
--enable-https
# make configure-check
# make check
# make install
# crontab -e
40 * * * * /usr/local/share/sqwebmail/cleancache.pl 2>&1 >
/dev/null
# chmod -R 755 /usr/local/www/htdocs/webmail
# chmod -R a+rx /usr/local/share/sqwebmail
Courier-IMAP
# cd /usr/local/src
# lynx http://www.inter7.com/courierimap/
# tar zxvf courier-imap-1.2.2.tar.gz; cd courier-imap-1.2.2
# ./configure --prefix=/usr/local --exec-prefix=/usr/local --without-authldap
--disable-root-check --with-ssl [--enable-workarounds-for-imap-client-bugs]
# make
# make install (install-strip is better but it fails for me)
# cd /usr/local/share; ./mkimapdcert
# vi /usr/local/etc/imapd.config (change AUTHMODULES="authvchkpw"
# vi /usr/local/etc/imapd-ssl.config (change IMAPDSSLSTART=YES)
At this point in time, we'll start to add, remove and edit configuration
files. We will also accomplish a number of other fun things.
Edit DNS zone file - This is a very primitive example, you will need
to get the dns properly configured for each domain you add. If your dns
records are incorrect you will likely have problems with mail routing.
For some helpful DNS links have a look at http://matt.cadillac.mi.us/computing/dns.html.
# vi domain.com.db
$TTL 86400
@ IN SOA server.domain.com. root.domain.com. (
20000524 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
@ IN NS ns.domain.com.
server.domain.com. IN A 200.200.200.201
mail IN A 200.200.200.202
domain.com. IN MX 10 mail
Adding Domains
# ~vpopmail/bin/vadddomain domain.com [password-for-postmaster]
(optional flags -a for APOP auth, or "-q quotasize" for a
domain quota)
vadddomain will modify the following qmail files (default locations used)
:
/var/qmail/control/locals
/var/qmail/control/rcpthosts
/var/qmail/control/morercpthosts (if rcpthosts > than 50 lines)
/var/qmail/control/virtualdomains
/var/qmail/users/assign
/var/qmail/users/cdb
It will also create a domains directory
~vpopmail/domains/domain.com
~vpopmail/domains/domain.com/postmaster/Maildir ...
~vpopmail/domains/domain.com/vpasswd
~vpopmail/domains/domain.com/vpasswd.cdb
If you do not specify a password on the command line, it will prompt
for a password for the postmaster.
Then it will send a kill -HUP signal to qmail-send telling it to re-read
the control files.
VDELDOMAIN: Delete a virtual domain
# ~vpopmail/bin/vdeldomain domain.com
VADDUSER: Adding a pop user
# ~vpopmail/bin/vadduser newuser@domain.com [password-for-newuser]
(optional flags are "-a" for APOP, "-q quotasize"
for a mailbox quota.)
In the case where the domain is specified (user@domain.com), the user
is added to the ~vpopmail/domains/domain.com directory. If you don't enter
a password on the command line, it will prompt for a password.
VDELUSER: Delete a pop user
# ~vpopmail/bin/vdeluser newuser@domain.com
VPASSWD: Changing a pop users password
# ~vpopmail/bin/vpasswd newuser@domain.com [password]
VSETUSERQUOTA
# ~vpopmail/bin/vsetuserquota domain.com 50M
# ~vpopmail/bin/vsetuserquota tiny@domain.com 500 (bytes unless K or
M specified)
# ~vpopmail/bin/vsetuserquota super@user.com NOQUOTA
VMODUSER
vmoduser: usage: email_addr
-u(no dialup)
-d(no password changing)
-p(no pop access)
-w(no web mail access)
-i(no imap access)
-b(bounce mail)
-r(no external relay)
-c command (modify the comment/gecos field)
-x(clear all flags)
OK, now it's time to get qmail up and running. We're going to create
a bunch of startup files that the daemontools package will monitor for
us. Should one croak it'll restart it and it also gives us the ability
to limit the daemons and give them some instructions on how to behave.
Supervise/Svscan Startup
# cd /var/qmail/supervise
# vi smtp/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec softlimit -m 2000000 tcpserver -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb
\
-u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd qmail-smtpd 2>&1
# chmod 751 smtp/run
# vi smtp/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin/:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/mail/smtp 2>&1
# chmod 751 smtp/log/run
# vi send/run
#!/bin/sh
PATH="/var/qmail/bin:/usr/local/bin:/usr/bin:/bin"
export PATH
exec qmail-start ./Maildir/
# exec qmail-start '| maildrop'
# chmod 751 send/run
# vi send/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/mail/send 2>&1
# chmod 751 send/log/run
# vi /usr/local/etc/rc.d/qmail.sh
/usr/local/etc/rc.d/qmail.sh
# chmod 751 /usr/local/etc/rc.d/qmail.sh
# ln -s /usr/local/etc/rc.d/qmail.sh /usr/local/sbin/qmail
# qmail cdb (requires a new shell or full path to qmail script)
Clean Directories (start fresh - DANGEROUS (only necessary on reinstalls))
# cd /var/qmail/supervise
# rm -r smtp/supervise smtp/log/supervise
# rm -r send/supervise send/log/supervise
# cd /var/log/mail ; rm -rf send/* ; rm -rf smtp/*
Fire up qmail
# qmail start
What you should see in the process list:
# ps au
USER PID TT STAT STARTED TIME COMMAND
root 33322 p1 S 11:14PM 0:00.02 svscan
root 33323 p1 I 11:14PM 0:00.01 supervise send
root 33324 p1 I 11:14PM 0:00.01 supervise log
root 33325 p1 I 11:14PM 0:00.01 supervise smtp
root 33326 p1 I 11:14PM 0:00.01 supervise log
qmaill 33338 p1 I 11:14PM 0:00.00 multilog t s1000000 n20 /var/log/qmail/qmail-send
OK, now your system is up and running and you're ready to have some real
fun. Point a web browser at http://mail.domain.com/cgi-bin/qmailadmin.
Lot in with postmaster, domain.com, and your password. Add a user named
"user". Time to send some email:
# mail user@domain.com
Subject: test
test
.
# ls ~vpopmail/domains/domain.com/user/Maildir/*
You should see a file in the new directory. If not, head on over to /var/log/mail
and figure out why.
Now we want to get our POP3 and IMAP servers working. Install the following
startup scripts in /usr/local/etc/rc.d:
imap.sh
imap-ssl.sh
pop3.sh
pop3-ssl.sh
Once installed we'll make symbolic links to the scripts for easy administration:
# ln -s /usr/local/etc/rc.d/imap.sh /usr/local/sbin/imap
# ln -s /usr/local/etc/rc.d/imap-ssh.sh /usr/local/sbin/imapssl
# ln -s /usr/local/etc/rc.d/pop3.sh /usr/local/sbin/pop3
# ls -s /usr/local/etc/rc.d/pop3-ssl.sh /usr/local/sbin/pop3ssl
Now we can either reboot or start the servers manually:
# imap start
# imapssl start
# pop3 start
# pop3ssl start
Users can now get their email at the following addresses:
# pop3://mail.domain.com
# imap://mail.domain.com
# imaps://mail.domain.com
# http://mail.domain.com/cgi-bin/sqwebmail (redirects to https)
# https://mail.domain.com/cgi-bin/sqwebmail
Domain administrators can add/edit/delete users, mailing lists, autoresponders,
mail forwarding, and aliases by logging into the qmailadmin interface:
# http://mail.domain.com/cgi-bin/qmailadmin
# https://mail.domain.com/cgi-bin/qmailadmin
SYSTEM ADMIN stuff.
Convert Multilog date stamps to human readable date stamps
# tai64nlocal < logfile > qmaillog.tmp
Statistics about your mail queue:
Feed your qmail-send output through matchup and pipe it through a stats
processor:
# /usr/local/qmailanalog/bin/matchup < /var/log/qmail/qmail-send/current
| /usr/local/qmailanalog/bin/z*
where z* is one of the following
# zddist, zdeferrals, zfailures, zoverall, zrecipients, zrhosts, zrxdelay,
zsenders, zsuccesses, zsuids
Modify the HTML interface:
Sqwebmail: html temples live in /usr/local/share/sqwebmail/html/en-us/
qmailadmin: html templates live in /usr/local/share/qmailadmin/html/
Man pages:
vpopmail: http://mail.domain.com/vpopmail/
maildrop: http://mail.domain.com/maildrop
|
