Qmail FreeBSD Mail Toaster

Our Mail Stuff
- Mail Toaster
- Test Email
- Qmail Toaster patch
- QQtool
- tcpserver+Mysql
- maillogs
- MATT::Bundle
- Toaster::Watcher

Toaster Modules
Mail::Toaster
Mail::Toaster::Apache
Mail::Toaster::CGI
Mail::Toaster::Darwin
Mail::Toaster::Ezmlm
Mail::Toaster::DNS
Mail::Toaster::FreeBSD
Mail::Toaster::Logs
Mail::Toaster::Mysql
Mail::Toaster::Passwd
Mail::Toaster::Perl
Mail::Toaster::Provision
Mail::Toaster::Qmail
Mail::Toaster::Setup
Mail::Toaster::Utility

Old Toasters
- 2.2, 2.1, 2.0 (mysql)
- 1.7 (mysql)
- 1.6 (cdb+mysql)
- 1.5 (mysql)
- 1.4 (cdb+mysql)
- 1.3, 1.2 (cdb)

Email Servers
- Qmail (Users), (Mirror)
- Sendmail
- Postfix
- Courier MTA

Web Mail
- Sqwebmail
- Squirrelmail
- Horde/IMP
- OpenWebMail

Spam & Filtering
- Qmail Scanner
- SpamAssassin
- Razor
- Qmail Anti-Spam HowTo
- MAPS
- SBL
- SORBS
- Anti-Relay
- Filtering FAQ
- Maildrop
- Procmail (workshop), (howto)
- UXN Spam Combat
- Qpsmtpd
- magic-smtpd

Qmail + vpopmail + CourierIMAP + sqwebmail + MySQL for FreeBSD 4.2 Tutorial (v1.4)
Written by Matt Simerson and last updated 12/13/2000.

This HOW-TO makes some bold assumptions. First it assumes that you are a moderately competent system administrator. If you're not, you still stand a decent chance of making it through but no guarantees. Second, it assumes you run FreeBSD and you track the -stable source tree. This HOW-TO is written specifically for the 4-stable tree. PAY ATTENTION to versions of software as listed below. Read the changelog files on newer packages and see what's changed before whining because something doesn't work.

Installation order IS important. Some of these programs check and configure themselves for use with each other. Build them in this order and your life will be better.

CAUTION: This version requires that the user is comfortable with hacking in C. I've hacked up the code a bit so that I can continue using cdb authentication while storing the open-smtp data in a MySQL database. If you aren't comfortable hacking around in the source code, then I recommend following the v1.3 instructions.

Now I'll show you how to build a mail server with all the following features:

SMTP E-Mail Server
POP3 Virtual/Local Domain Hosting
POP3 Virtual/Local Domain Users
Auto Responder
Mailing List
Web Based E-Mail (SSL)
Web Based Virtual/Local Domain/User Control Interface
Spell checking for Web based mail
Spam Blocking
SMTP/SEND logging
SMTP roaming with POP & IMAP AUTH
POP3 & POP3 SSL
IMAP & IMAP SSL

You will install the following programs:

qmail-1.03.tar.gz : qmail!
ucspi-tcp-0.88.tar.gz : Inetd replacement
daemontools-0.70.tar.gz : Useful tools for managing daemons
mysql-3.22 : Database engine
qmailanalog-0.70.tar.gz: Tools for compiling qmail logs into useful info.
ezmlm-idx-0.40.tar.gz: Mailing list management
apache-ssl: Secure HTTP server
OpenLDAP: LDAP server
vpopmail-4.9.7.tar.gz : Virtual Domain/POP module
autorespond-1.0.0.tar.gz : Auto Responder module
gdbm-1.8.0.tar.gz : Database routines
ispell: Gives users a spell check for web mail
qmailadmin-0.40.tar.gz : Web Control Interface
sqwebmail-1.1.2.tar.gz: Web mail interface
courier-IMAP-1.3.0: IMAP & POP3 servers for Maildir

Make Users & Groups for Vpopmail & Apache-SSL

# pw groupadd -n vchkpw -g 90
# pw useradd -n vpopmail -u 90 -g 90 -c Vpopmail-Master -d /usr/home/vpopmail -s /sbin/nologin
# pw groupadd -n www -g 91
# pw useradd -n www -u 91 -g 91 -c https -d /usr/local/www -s /sbin/nologin

Make Users & Directories for Logging and Special Modules

# mkdir /var/log/mail; cd /var/log/mail
# mkdir send smtp pop3 pop3-ssl imap imap-ssl
# chown -R qmaill.wheel /var/log/mail
# chmod -R 750 /var/log/mail

# mkdir -p /var/qmail/supervise; cd /var/qmail/supervise
# mkdir -p smtp/log send/log
# chmod +t smtp send

Install Qmail (with a few "standard" hacks)

# cd /usr/ports/mail/qmail
# make ( fetches qmail and installs the dns patch to support non-RFC >512 dns entries (bad AOL))
# make install
# make enable-qmail
# make deinstall
# make # cd work/qmail-1.03 # make clean
# vi conf-split
replace default # with 200
# vi conf-spawn
replace default # with 255
# make setup
# ./config-fast domain.com (or read INSTALL.ctl for control file settings)
# cd ../../; make clean
# echo 255 > /var/qmail/control/concurrencyremote
# chmod 644 /var/qmail/control/concurrencyremote

Edit config files

#mkdir -p ~vpopmail/etc
# vi ~vpopmail/etc/tcp.smtp
127.0.0.1:allow,RELAYCLIENT=""
:allow

# echo username > /var/qmail/alias/.qmail-root
# echo username > /var/qmail/alias/.qmail-postmaster
# echo username > /var/qmail/alias/.qmail-mailer-daemon

# /var/qmail/bin/maildirmake /usr/share/skel/Maildir ( necessary if using /etc/passwd accounts)

Install UNIX Client-Server Program Interface for TCP

# cd /usr/ports/sysutils/ucspi-tcp
# make install clean

Daemon Tools (Useful tools)

# cd /usr/ports/sysutils/daemontools
# make install clean

MySQL Database Engine

# cd /usr/ports/databases/mysql322-server
# make install clean

Qmailanalog

# cd /usr/ports/mail/qmailanalog
# make install clean

Install Ezmlm & Ezmlm-idx (Mailing List)

# cd /usr/ports/mail/ezmlm-idx
# make install
# cp work/ezmlm-0.53/ezmlmrc /usr/local/bin
# make clean

Install Apache-SSL www server

# cd /usr/ports/www/apache13-ssl
# make install clean
# vi /usr/local/etc/apache/httpsd.conf

Create a signed certificate for testing:

# mkdir /usr/local/certs; cd /usr/local/certs
# openssl req -new > host.cert.csr
# openssl rsa -in privkey.pem -out host.cert.key
# openssl x509 -in host.cert.csr -out host.cert.cert -req -signkey host.cert.key -days 365

Fire up our web server, fix any problems, and set up the permissions for it.

# /usr/local/sbin/httpsdctl start
smile if it works. :-) I needed to edit the httpsdctl script to point at the httpsd.conf file.

OpenLDAP

# cd /usr/ports/net/openldap
# make install clean

Vpopmail (Virtual Domain & POP)

# mkdir /usr/local/src; cd /usr/local/src
# lynx http://www.inter7.com/vpopmail/
# tar xvzf vpopmail-4.9.8.tar.gz
# cd vpopmail-4.9.8
# lynx http://matt.simerson.net/computing/qmail/vpopmail-patch
# patch -p1 < matt-vpopmail-4.9.7-patch
# autoconf
# ./configure --enable-roaming-users=mysql --enable-logging=p
--enable-relay-clear-minutes=60 --enable-hardquota=100000000
# make
# make install-strip
# crontab -e
9-59,10 * * * * /usr/home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
# ln -s ~vpopmail/doc/man_html /usr/local/www/htdocs/vpopmail

Now you can point your web browser at https://host.yourdomain.com/vpopmail and see the spiffy documentation that comes with vpopmail. Since your test certificate isn't signed by a CA you'll have to approve it manually. Older versions of IE didn't deal well with new certificates.

AutoResponder

# cd /usr/ports/mail/autorespond
# make install clean

GDBM (Database Routines)

# cd /usr/ports/databases/gdbm
# make install clean

Ispell

# cd /usr/ports/textproc/ispell
# make install clean

Qmailadmin (Web Control Interface)

# cd /usr/local/src
# lynx http://www.inter7.com/qmailadmin/
# ./configure --enable-htmldir=/usr/local/www/htdocs --enable-cgibindir=/usr/local/www/cgi-bin
# make install-strip
# (on reinstalls) cp qmailadmin /usr/local/www/cgi-bin

The reason you want to simply copy the qmailadmin binary to the cgi-bin directory is that the installer will clobber all your customized html.

OK, I told you it gets better, now point your web browser at http://host.yourdomain.com/cgi-bin/qmailadmin. Pretty cool eh? You can't do much because you haven't defined any virtual domains yet but hang in there. :-)

Sqwebmail (Web Based Email Checking)

# lynx http://www.inter7.com/sqwebmail
# ./configure --with-cachedir --enable-webpass=vpopmail --with-module=authvchkpw --enable-https --enable-logincache
# make configure-check
# make check
# make install (or upon reinstall) make install-exec
# crontab -e
40 * * * * /usr/local/share/sqwebmail/cleancache.pl 2>&1 > /dev/null

# chmod -R 755 /usr/local/www/htdocs/webmail
# chmod -R a+rx /usr/local/share/sqwebmail

Courier-IMAP

# cd /usr/local/src
# lynx http://www.inter7.com/courierimap/
# lynx courier patch
# tar zxvf courier-imap-1.3.0.tar.gz; cd courier-imap-1.3.0/authlib
# patch -p1 < ../../courier-1.3.0-patch.txt
# cd ../
# ./configure --prefix=/usr/local --exec-prefix=/usr/local --without-authldap --disable-root-check --with-ssl
# make
# make install-strip
# cd /usr/local/share; ./mkimapdcert
# vi /usr/local/etc/imapd.config (change AUTHMODULES="authvchkpw"
# vi /usr/local/etc/imapd-ssl.config (change IMAPDSSLSTART=YES)

At this point in time, we'll start to add, remove and edit configuration files. We will also accomplish a number of other fun things.

Edit DNS zone file - This is a very primitive example, you will need to get the dns properly configured for each domain you add. If your dns records are incorrect you will likely have problems with mail routing. For some helpful DNS links have a look at http://matt.cadillac.mi.us/computing/dns.html.

# vi domain.com.db

$TTL 86400
@ IN SOA server.domain.com. root.domain.com. (
20000524 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum

@ IN NS ns.domain.com.
server.domain.com. IN A 200.200.200.201
mail IN A 200.200.200.202
domain.com. IN MX 10 mail

Adding Domains

# ~vpopmail/bin/vadddomain domain.com [password-for-postmaster]
(optional flags -a for APOP auth, or "-q quotasize" for a domain quota)

vadddomain will modify the following qmail files (default locations used) :

/var/qmail/control/locals
/var/qmail/control/rcpthosts
/var/qmail/control/morercpthosts (if rcpthosts > than 50 lines)
/var/qmail/control/virtualdomains
/var/qmail/users/assign
/var/qmail/users/cdb

It will also create a domains directory

~vpopmail/domains/domain.com
~vpopmail/domains/domain.com/postmaster/Maildir ...
~vpopmail/domains/domain.com/vpasswd
~vpopmail/domains/domain.com/vpasswd.cdb

If you do not specify a password on the command line, it will prompt for a password for the postmaster.
Then it will send a kill -HUP signal to qmail-send telling it to re-read the control files.

VDELDOMAIN: Delete a virtual domain

# ~vpopmail/bin/vdeldomain domain.com

VADDUSER: Adding a pop user

# ~vpopmail/bin/vadduser newuser@domain.com [password-for-newuser]
(optional flags are "-a" for APOP, "-q quotasize" for a mailbox quota.)

In the case where the domain is specified (user@domain.com), the user is added to the ~vpopmail/domains/domain.com directory. If you don't enter a password on the command line, it will prompt for a password.

VDELUSER: Delete a pop user

# ~vpopmail/bin/vdeluser newuser@domain.com

VPASSWD: Changing a pop users password

# ~vpopmail/bin/vpasswd newuser@domain.com [password]

VSETUSERQUOTA

# ~vpopmail/bin/vsetuserquota domain.com 50M
# ~vpopmail/bin/vsetuserquota tiny@domain.com 500 (bytes unless K or M specified)
# ~vpopmail/bin/vsetuserquota super@user.com NOQUOTA

VMODUSER

vmoduser: usage: email_addr
-u(no dialup)
-d(no password changing)
-p(no pop access)
-w(no web mail access)
-i(no imap access)
-b(bounce mail)
-r(no external relay)
-c command (modify the comment/gecos field)
-x(clear all flags)

OK, now it's time to get qmail up and running. We're going to create a bunch of startup files that the daemontools package will monitor for us. Should one croak it'll restart it and it also gives us the ability to limit the daemons and give them some instructions on how to behave.

Supervise/Svscan Startup

# cd /var/qmail/supervise
# vi smtp/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec softlimit -m 2000000 tcpserver -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb \
-u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd qmail-smtpd 2>&1

# chmod 751 smtp/run
# vi smtp/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin/:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/mail/smtp 2>&1

# chmod 751 smtp/log/run
# vi send/run

#!/bin/sh
PATH="/var/qmail/bin:/usr/local/bin:/usr/bin:/bin"
export PATH
exec qmail-start ./Maildir/
# exec qmail-start '| maildrop'

# chmod 751 send/run
# vi send/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/mail/send 2>&1

# chmod 751 send/log/run
# vi /usr/local/etc/rc.d/qmail.sh

/usr/local/etc/rc.d/qmail.sh

# chmod 751 /usr/local/etc/rc.d/qmail.sh
# ln -s /usr/local/etc/rc.d/qmail.sh /usr/local/sbin/qmail
# qmail cdb (requires a new shell or full path to qmail script)

Clean Directories (start fresh - DANGEROUS (only necessary on reinstalls))

# cd /var/qmail/supervise
# rm -r smtp/supervise smtp/log/supervise
# rm -r send/supervise send/log/supervise
# cd /var/log/mail ; rm -rf send/* ; rm -rf smtp/*

Fire up qmail

# qmail start

What you should see in the process list:
# ps au

USER PID TT STAT STARTED TIME COMMAND
root 33322 p1 S 11:14PM 0:00.02 svscan
root 33323 p1 I 11:14PM 0:00.01 supervise send
root 33324 p1 I 11:14PM 0:00.01 supervise log
root 33325 p1 I 11:14PM 0:00.01 supervise smtp
root 33326 p1 I 11:14PM 0:00.01 supervise log
qmaill 33338 p1 I 11:14PM 0:00.00 multilog t s1000000 n20 /var/log/qmail/qmail-send

OK, now your system is up and running and you're ready to have some real fun. Point a web browser at http://mail.domain.com/cgi-bin/qmailadmin. Lot in with postmaster, domain.com, and your password. Add a user named "user". Time to send some email:

# mail user@domain.com
Subject: test
test
.
# ls ~vpopmail/domains/domain.com/user/Maildir/*

You should see a file in the new directory. If not, head on over to /var/log/mail and figure out why.

Now we want to get our POP3 and IMAP servers working. Install the following startup scripts in /usr/local/etc/rc.d:

imap.sh
imap-ssl.sh
pop3.sh
pop3-ssl.sh

Once installed we'll make symbolic links to the scripts for easy administration:

# ln -s /usr/local/etc/rc.d/imap.sh /usr/local/sbin/imap
# ln -s /usr/local/etc/rc.d/imap-ssh.sh /usr/local/sbin/imapssl
# ln -s /usr/local/etc/rc.d/pop3.sh /usr/local/sbin/pop3
# ls -s /usr/local/etc/rc.d/pop3-ssl.sh /usr/local/sbin/pop3ssl

Now we can either reboot or start the servers manually:

# imap start
# imapssl start
# pop3 start
# pop3ssl start

Users can now get their email at the following addresses:

# pop3://mail.domain.com
# imap://mail.domain.com
# imaps://mail.domain.com
# http://mail.domain.com/cgi-bin/sqwebmail (redirects to https)
# https://mail.domain.com/cgi-bin/sqwebmail

Domain administrators can add/edit/delete users, mailing lists, autoresponders, mail forwarding, and aliases by logging into the qmailadmin interface:

# http://mail.domain.com/cgi-bin/qmailadmin
# https://mail.domain.com/cgi-bin/qmailadmin

SYSTEM ADMIN stuff.

Convert Multilog date stamps to human readable date stamps

# tai64nlocal < logfile > qmaillog.tmp

Statistics about your mail queue:

Feed your qmail-send output through matchup and pipe it through a stats processor:
# /usr/local/qmailanalog/bin/matchup < /var/log/qmail/qmail-send/current | /usr/local/qmailanalog/bin/z*
where z* is one of the following
# zddist, zdeferrals, zfailures, zoverall, zrecipients, zrhosts, zrxdelay, zsenders, zsuccesses, zsuids

Modify the HTML interface:

Sqwebmail: html temples live in /usr/local/share/sqwebmail/html/en-us/
qmailadmin: html templates live in /usr/local/share/qmailadmin/html/

Man pages:

vpopmail: http://mail.domain.com/vpopmail/
maildrop: http://mail.domain.com/maildrop

© The Network People, Inc. 2003-2014.

Email suggestions or updates.
If you are a spammer, please blacklist yourself.