Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tighar:qmail [2010/08/02 14:38]
moleski
tighar:qmail [2017/07/13 20:33] (current)
Line 1: Line 1:
 +====== qmail ======
 +
 +[[blog:​qmail|qmail setup blog.]]
 +
 +===== info needed by clients =====
 +
 +<​code>​
 +
 + ​incoming mail server: tighar.org
 +
 +          POP3s (TLS): port 110
 +
 +          IMAPs (TLS): port 143
 +
 +          SMTPs server: tighar.org, port 465
 +
 +</​code>​
 +
 +
 +
 +===== basic commands =====
 +
 +qmailctl stop
 +
 +qmailctl start
 +
 +qmailctl restart
 +
 +qmailctl stat
 +
 +qmailctl {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help
 +
 +/​var/​qmail/​bin/​qmail-qstat
 +
 +/​var/​qmail/​bin/​qmail-qread
 +
 +Following commands can delete all mails from your qmail mail server queue.
 +
 +<​code>​
 +qmailctl stop
 +find /​var/​qmail/​queue/​mess -type f -exec rm {} \;
 +find /​var/​qmail/​queue/​info -type f -exec rm {} \;
 +find /​var/​qmail/​queue/​local -type f -exec rm {} \;
 +find /​var/​qmail/​queue/​intd -type f -exec rm {} \;
 +find /​var/​qmail/​queue/​todo -type f -exec rm {} \;
 +find /​var/​qmail/​queue/​remote -type f -exec rm {} \;
 +qmailctl start
 +</​code>​
 +
 +===== run script for TLS/​authentication =====
 +
 +The crucial line.  I got rid of softlimit, for good or for ill.  I also had to remove the fully qualified domain name after ...qmail-smtpd. ​ Dunno why that prevented vchkpw from working.
 +
 +<​code>​
 +
 +exec \
 +
 +/​usr/​local/​bin/​tcpserver -v -R -l "​$LOCAL"​ -c "​$MAXSMTPD"​ \
 +
 +-u "​$QMAILDUID"​ -g "​$NOFILESGID"​ 0 465 \
 +
 +/​var/​qmail/​bin/​qmail-smtpd /​home/​vpopmail/​bin/​vchkpw bin/true 2>&1
 +
 +</​code>​
 +
 +===== Thunderbird configuration for SMTP auth =====
 +
 +  * Server name: tighar.org
 +
 +  * Port: 465
 +
 +  * Use name and password
 +
 +  * STARTTLS
 +
 +
 +
 +
 +
 +====== vpopmail ======
 +
 +===== configuration =====
 +
 +
 +
 +[[http://​bowe.id.au/​michael/​isp/​vpopmail-mysql.htm|Some helpful notes.]]
 +
 +
 +
 +All the configuration options (obtained by running ''​ ./configure --help''​).
 +
 +
 +
 +<​code>​
 +
 +  --disable-FEATURE ​      do not include FEATURE (same as --enable-FEATURE=no)
 +
 +  --enable-FEATURE[=ARG] ​ include FEATURE [ARG=yes]
 +
 +  --disable-dependency-tracking ​ speeds up one-time build
 +
 +  --enable-dependency-tracking ​  do not reject slow dependency extractors
 +
 +  --enable-non-root-build ​   Build vpopmail as a non-root user, only if you know what you are doing. see README.non-root
 +
 +  --enable-qmaildir=DIR ​     Directory where qmail control and user directories are installed /var/qmail.
 +
 +  --enable-qmail-newu=PATH ​  Full path to qmail-newu program.
 +
 +  --enable-qmail-inject=PATH Full path to qmail-inject program.
 +
 +  --enable-qmail-newmrh=PATH Full path to qmail-newmrh program.
 +
 +  --enable-vpopuser=USER ​    User name allocated to vpopmail vpopmail.
 +
 +  --enable-vpopgroup=GROUP ​  Group name allocated to vpopmail vchkpw.
 +
 +  --enable-roaming-users ​    ​Enable POP-before-SMTP functionality.
 +
 +  --enable-tcprules-prog=PATH ​   Full path to tcprules program /​usr/​{local/​}bin/​tcprules.
 +
 +  --enable-tcpserver-file=PATH ​  File where tcpserver -x relay information is stored /​home/​vpopmail/​etc/​tcp.smtp.
 +
 +  --disable-rebuild-tcpserver-file ​ Disable rebuilding of tcpserver relay control file.
 +
 +  --enable-relay-clear-minutes=# ​   Expire time for roaming users after pop authentication [180].
 +
 +  --enable-learn-passwords ​  If no password is stored for a user, learn it the first time they authenticate.
 +
 +  --disable-md5-passwords ​   Use DES crypt() instead of MD5 encryption for passwords.
 +
 +  --disable-file-locking ​    ​Don'​t use file locking.
 +
 +  --enable-file-sync ​        ​Enable file sync after each message is delivered.
 +
 +  --disable-make-seekable ​   Don't try to make input to vdelivermail seekable.
 +
 +  --disable-clear-passwd ​    ​Don'​t store a cleartext version of the password in addition to the encrypted version.
 +
 +  --disable-users-big-dir ​   Disable hashing of user directories.
 +
 +  --enable-sqwebmail-pass ​   Store a copy of the user's password in the the user's maildir for use by pre-v3 sqwebmail.
 +
 +  --enable-qmail-ext ​        ​Enable qmail email address extension support.
 +
 +  --enable-ip-alias-domains ​ Enable mapping of default domain via reverse ip lookup table.
 +
 +  --enable-onchange-script ​  ​Enable onchange script. See README.onchange for more info.
 +
 +  --enable-spamassassin ​     Enable spamassassin. See  README.spamassassin for more info.
 +
 +  --enable-spamc-prog=PATH ​  Full path to spamc program /​usr/​{local/​}bin/​spamc.
 +
 +  --enable-maildrop ​         Enable maildrop. See  README.maildrop for more info.
 +
 +  --enable-maildrop-prog=PATH ​   Full path to maildrop program /​usr/​{local/​}bin/​maildrop.
 +
 +  --enable-domains-dir=TEXT ​ Directory in ~vpopmail to store domains (default=domains).
 +
 +  --enable-incdir=DIR ​       Your MySQL/​Oracle '​include'​ directory.
 +
 +  --enable-libdir=DIR ​       Your MySQL/​Oracle '​lib'​ directory.
 +
 +  --enable-auth-module=MOD ​  ​Nominate how to store the vpopmail account information (cdb (default), mysql, pgsql, ldap, oracle, or syba                      se).
 +
 +  --enable-passwd ​           Enable /etc/passwd (or shadow) accounts in addition to virtual domains.
 +
 +  --enable-logging=OPT ​      Log to syslog: n=nothing, e=errors only (default), y=all attempts, p=errors with passwords, v=verbose (all                       ​attempts,​ with passwords).
 +
 +  --enable-log-name=TEXT ​    Set syslog name vpopmail.
 +
 +  --disable-auth-logging ​    ​Don'​t record time and ip of last auth attempt. Valid only for CDB, MySQL, PGSQL, LDAP.
 +
 +  --enable-sql-logging ​      ​Enable authentication logging to MySQL/​Postgres.
 +
 +  --enable-mysql-limits ​     Use MySQL to store limits instead of .qmailadmin-limits files.
 +
 +  --enable-mysql-replication Enable support for replicated MySQL auth servers.
 +
 +  --enable-valias ​           Store email aliases in SQL table instead of .qmail files.
 +
 +  --disable-many-domains ​    ​Creates a table for each virtual domain instead of storing all users in a single table. Only valid for MyS                      QL and PostgreSQL
 +
 +</​code>​
 +
 +
 +
 +<​code>​
 +
 +cd /​usr/​local/​src/​{vpopmail folder}
 +
 +
 +
 +./configure \
 +
 +--enable-vpopuser=vpopmail \
 +
 +--enable-vpopgroup=vchkpw \
 +
 +--disable-roaming-users \
 +
 +--enable-tcprules-prog=/​usr/​local/​bin/​tcprules \
 +
 +--enable-tcpserver-file=/​home/​vpopmail/​etc/​tcp.smtp \
 +
 +--enable-logging=p \
 +
 +--disable-passwd \
 +
 +--enable-clear-passwd \
 +
 +--disable-domain-quotas \
 +
 +--enable-auth-module=mysql \
 +
 +--enable-auth-logging \
 +
 +--enable-sql-logging \
 +
 +--enable-valias \
 +
 +--disable-mysql-limits \
 +
 +--enable-libdir=/​usr/​lib64/​mysql
 +
 +
 +
 +configure options for vpopmail that relate to roaming users :
 +
 +--enable-tcprules-prog=/​usr/​local/​bin/​tcprules
 +
 +--enable-tcpserver-file=/​home/​vpopmail/​etc/​tcp.smtp
 +
 +--enable-relay-clear-minutes=minutes ​ <- defaults to 180
 +
 +
 +
 +make
 +
 +make install-strip
 +
 +</​code>​
 +
 +
 +
 +===== vpopmail permissions =====
 +
 +
 +
 +chmod 775 ~vpopmail? ​ That is probably more permissive than originally intended. ​ I don't remember now why I wrote that...
 +
 +
 +
 +==== 1. fix permissions for dovecot ====
 +
 +
 +
 +Run [[http://​qmail.jms1.net/​scripts/​vfixpermissions|John Simpson'​s vfixpermissions script.]] ​ Without this fix, trying to login via IMAP or POP results in the error message: "​setgid 89 failed"​.
 +
 +
 +
 +==== 2. set sticky bit for vchkpw ====
 +
 +[[http://​blog.kurthbemis.com/​2008/​11/​24/​vpopmail-netqmail-106-and-smtp-auth-patches/​]]
 +
 +<​code>​
 +
 +chown vpopmail:​vchkpw ~vpopmail/​bin/​vchkpw
 +
 +chmod 4711 ~vpopmail/​bin/​vchkpw
 +
 +chmod u+s ~vpopmail/​bin/​vchkpw
 +
 +</​code>​
 +
 +
 +
 +==== 3. relax permissions for vpopmail.mysql ====
 +
 +
 +
 +I used ''​chmod 775 ~vpopmail/​etc/​vpopmail.mysql''​. ​ I'm sure it's too loose for best security, but I'm not willing to track down the right setting just now.
 +
 +
 +
 +====== qmailadmin ======
 +
 +
 +
 +[[http://​www.inter7.com/​index.php?​page=qmailadmindocs]]
 +
 +<​code>​
 +
 +./configure \
 +
 +  --enable-vpopmaildir=/​home/​vpopmail \
 +
 +  --enable-htmldir=/​var/​www/​html \
 +
 +  --enable-cgibindir=/​var/​www/​cgi-bin \
 +
 +  --enable-imageurl=http://​tighar.org/​images/​qmailadmin \
 +
 +  --enable-imagedir=/​var/​www/​html/​images/​qmailadmin \
 +
 +  --enable-qmaildir=/​var/​qmail \
 +
 +  --enable-vpopuser=vpopmail \
 +
 +  --enable-vpopgroup=vchkpw \
 +
 +  --enable-autoresponder-path=/​usr/​local/​bin \
 +
 +  --enable-help ​
 +
 +</​code>​
 +
 +  ​
 +
 +===== settings =====
 +
 +
 +
 +<​code>​
 +
 +       ​cgi-bin dir = /​var/​www/​cgi-bin
 +
 +          html dir = /​var/​www/​html
 +
 +         image dir = /​var/​www/​html/​images/​qmailadmin
 +
 +         image URL = http://​tighar.org/​images/​qmailadmin
 +
 +      template dir = /​usr/​local/​share/​qmailadmin
 +
 +         qmail dir = /var/qmail
 +
 +      vpopmail dir = /​home/​vpopmail
 +
 +   ​autorespond dir = /​usr/​local/​bin
 +
 +         ezmlm dir = /​usr/​local/​bin/​ezmlm
 +
 +         ezmlm idx = yes
 +
 +   mysql for ezmlm = yes
 +
 +              help = yes
 +
 +      modify quota = no
 +
 +   ​domain autofill = no
 +
 + ​modify spam check = no
 +
 +</​code>​
 +
 +
 +
 +===== help files =====
 +
 +
 +
 +<​code>​
 +
 +mkdir /​var/​www/​html/​images/​qmailadmin/​help
 +
 +
 +
 +cp -rp * /​var/​www/​html/​images/​qmailadmin/​help
 +
 +
 +
 +note: ./configure option --enable-htmldir=/​var/​www/​html
 +
 +</​code>​
 +
 +
 +
 +====== Dovecot ======
 +
 +===== compiling =====
 +
 +
 +
 +[[http://​wiki.dovecot.org/​CompilingSource]]
 +
 +
 +
 +AS NON-ROOT USER (I used joomla):
 +
 +<​code>​
 +
 +su joomla
 +
 +./​autogen.sh
 +
 +./configure \
 +
 +  --with-vpopmail \
 +
 +  --with-mysql \
 +
 +  --with-ssldir=/​etc/​pki/​tls-ssl \
 +
 +  --with-storages=maildir \
 +
 +  --enable-maintainer-mode
 +
 +gmake
 +
 +exit # return to root id
 +
 +gmake install ​
 +
 +  ​
 +
 +for later updates:
 +
 +
 +
 +hg pull
 +
 +hg update
 +
 +gmake
 +
 +sudo gmake install ​
 +
 +</​code>​
 +
 +
 +
 +[[http://​qmail.jms1.net/​dovecot.shtml]]
 +
 +<​code>​
 +
 +useradd -M -d /nohome -s /bin/false -c '​Dovecot user' dovecot
 +
 +</​code>​
 +
 +
 +
 +  * -M make no home directory
 +
 +  * -d directory (nohome for dovecot)
 +
 +  * -s shell
 +
 +  * -c comment (name)
 +
 +
 +
 +===== configuration =====
 +
 +Location of file: **/​usr/​local/​etc/​dovecot.conf**
 +
 +Some snippets that took me a couple of tries to get organized correctly.  ​
 +
 +<​code>​
 +
 +##
 +
 +## Mailbox locations and namespaces
 +
 +##
 +
 +
 +
 +# Location for users' mailboxes.
 +
 +#
 +
 +# See <​doc/​wiki/​Variables.txt>​ for full list.
 +
 +#
 +
 +# <​doc/​wiki/​MailLocation.txt>​
 +
 +#
 +
 +   ​mail_location = maildir:​~/​Maildir
 +
 +
 +
 +# System user and group used to access mails. If you use multiple, userdb
 +
 +# can override these by returning uid or gid fields. You can use either numbers
 +
 +# or names. <​doc/​wiki/​UserIds.txt>​
 +
 +mail_uid =89
 +
 +mail_gid =89
 +
 +
 +
 +##
 +
 +## Mail processes
 +
 +##
 +
 +#
 +
 +# http://​qmail.jms1.net/​dovecot.shtml
 +
 +# http://​forum.qmailrocks.org/​showthread.php?​t=5872
 +
 +# http://​ansani.it/​2008/​08/​14/​qmailtoaster-dovecot-imap/​
 +
 +
 +
 +# Enable mail process debugging. This can help you figure out why Dovecot
 +
 +# isn't finding your mails.
 +
 +mail_debug = no
 +
 +verbose_proctitle = yes
 +
 +first_valid_uid = 89
 +
 +last_valid_uid = 89
 +
 +first_valid_gid = 89
 +
 +last_valid_gid = 89
 +
 +
 +
 +##
 +
 +## IMAP specific settings
 +
 +##
 +
 +
 +
 +protocol imap {
 +
 +     ​listen = 173.45.236.139:​143
 +
 +     ​ssl_listen = 173.45.236.139:​993
 +
 +}
 +
 +  ​
 +
 +##
 +
 +## POP3 specific settings
 +
 +##
 +
 +
 +
 +protocol pop3 {
 +
 +     ​listen = 173.45.236.139:​110
 +
 +     ​ssl_listen = 173.45.236.139:​995
 +
 +}
 +
 +
 +
 +##
 +
 +## Authentication processes
 +
 +##
 +
 +auth default {
 +
 +  mechanisms = plain
 +
 +  passdb checkpassword {
 +
 +    args = /​home/​vpopmail/​bin/​vchkpw
 +
 +  }
 +
 +  userdb prefetch {
 +
 +    # args = uid=89 gid=89 home=/​home/​vpopmail/​domains/​%d/​%u
 +
 +  }
 +
 +  count = 1
 +
 +}
 +
 +
 +
 +</​code>​
 +
 +
 +
 +
 +
 +====== SquirrelMail configuration ======
 +
 +===== Installation =====
 +
 +  * [[http://​www.squirrelmail.org]]
 +
 +===== cron job =====
 +
 +
 +
 +Slight mod needed for cron job to clean up attachments directory. ​ Following the most recent installation script, **/​var/​local/​squirrelmail/​attach/​** is my attachment directory.
 +
 +
 +
 +Nice instructions for the cron job from [[https://​www.timekiller.org/​howtos/​qmail-rh9.html|Setting up Qmail on Redhat 9]].  To delete any files that are more than 2 days old from the SquirrelMail attachment dir, run ''​cronjob -e''​ and append the following line:
 +
 +<​code>​
 +
 +0 0 * * * find /​var/​local/​squirrelmail/​attach/​* -atime +2 -exec /bin/rm {} \; 
 +
 +</​code>​
 +
 +===== Couldn'​t connect to localhost =====
 +
 +configtest.php returned ''​Error connecting to IMAP server "​localhost:​143"​.Server error: (0)''​.
 +
 +
 +
 +I switched the setting in **config.php** to //​tighar.org//​ on port 993 from localhost on 143.  Then it worked very well.
 +
 +
 +
 +The interesting lines from the configuration:​
 +
 +<​code>​
 +
 +$domain ​                = '​tighar.org';​
 +
 +$imapServerAddress ​     = '​tighar.org';​
 +
 +$imapPort ​              = 993;
 +
 +$imap_auth_mech ​        = '​login';​
 +
 +$use_imap_tls ​          = true;
 +
 +</​code>​
 +
 +
 +
 +====== clear proctitle error messages ======
 +
 +[[http://​projects.standblue.net/​docs/​qmail.html#​service-resetproctitles]]
 +
 +<​code>​
 +
 +mkdir /​var/​service/​resetproctitles
 +
 +  cd /​var/​service/​resetproctitles
 +
 +  touch down
 +
 +  echo '#​!/​bin/​sh'​ > run
 +
 +  echo echo -n $(for i in `seq 1 500`; do echo -n .; done) >> run
 +
 +  chmod 755 run
 +
 +  ln -s /​var/​service/​resetproctitles /​service/​resetproctitles
 +
 +</​code>​
 +
 +
 +
 +====== see if it's working ======
 +
 +
 +
 +===== test mail with telnet =====
 +
 +
 +
 +<​code>​
 +
 +telnet tighar.org 25
 +
 +HELO
 +
 +MAIL FROM: newuser@canisius.edu
 +
 +RCPT TO: martin.
 +newuser@tighar.org
 +
 +DATA
 +
 +Subject: testing with telnet
 +
 +This is a test.  I hope it gets rejected.
 +
 +That is the way things are SUPPOSED to work!
 +
 +.
 +
 +QUIT
 +
 +</​code>​
 +
 +
 +
 +===== mailx =====
 +
 +
 +
 +A quick way to test sendmail
 +
 +<​code>​
 +
 +mailx -s "mailx test message"​ newuser@canisius.edu
 +
 +  type the body
 +
 +  ...
 +
 +  EOT (Ctrl+d)
 +
 +</​code>​
 +
 +mailx and mail rely on sendmail
 +
 +
 +
 +====== Disable quotas for tighar.org ======
 +
 +
 +
 +[[http://​nick.vargish.org/​clues/​qmail-vpopmail-hints.html|qmail + vpopmail cheat sheet by Nick Vargish]]:
 +
 +<​code>​
 +
 +/​usr/​local/​src/​vpopmail-5.4.27/​vmoduser -q NOQUOTA user@tighar.org
 +
 +/​usr/​local/​src/​vpopmail-5.4.27/​vmoduser -q NOQUOTA tighar.org
 +
 +</​code>​
 +
 +
 +
 +vmoduser is in our build directory:
 +
 +
 +
  
 
tighar/qmail.txt ยท Last modified: 2017/07/13 20:33 (external edit)
 
Recent changes RSS feed Creative Commons License Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki