====== qmail ======
[[blog:qmail|qmail setup blog.]]
===== info needed by clients =====
incoming mail server: tighar.org
POP3s (TLS): port 110
IMAPs (TLS): port 143
SMTPs server: tighar.org, port 465
===== basic commands =====
qmailctl stop
qmailctl start
qmailctl restart
qmailctl stat
qmailctl {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help
/var/qmail/bin/qmail-qstat
/var/qmail/bin/qmail-qread
Following commands can delete all mails from your qmail mail server queue.
qmailctl stop
find /var/qmail/queue/mess -type f -exec rm {} \;
find /var/qmail/queue/info -type f -exec rm {} \;
find /var/qmail/queue/local -type f -exec rm {} \;
find /var/qmail/queue/intd -type f -exec rm {} \;
find /var/qmail/queue/todo -type f -exec rm {} \;
find /var/qmail/queue/remote -type f -exec rm {} \;
qmailctl start
===== run script for TLS/authentication =====
The crucial line. I got rid of softlimit, for good or for ill. I also had to remove the fully qualified domain name after ...qmail-smtpd. Dunno why that prevented vchkpw from working.
exec \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw bin/true 2>&1
===== Thunderbird configuration for SMTP auth =====
* Server name: tighar.org
* Port: 465
* Use name and password
* STARTTLS
====== vpopmail ======
===== configuration =====
[[http://bowe.id.au/michael/isp/vpopmail-mysql.htm|Some helpful notes.]]
All the configuration options (obtained by running '' ./configure --help'').
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-non-root-build Build vpopmail as a non-root user, only if you know what you are doing. see README.non-root
--enable-qmaildir=DIR Directory where qmail control and user directories are installed /var/qmail.
--enable-qmail-newu=PATH Full path to qmail-newu program.
--enable-qmail-inject=PATH Full path to qmail-inject program.
--enable-qmail-newmrh=PATH Full path to qmail-newmrh program.
--enable-vpopuser=USER User name allocated to vpopmail vpopmail.
--enable-vpopgroup=GROUP Group name allocated to vpopmail vchkpw.
--enable-roaming-users Enable POP-before-SMTP functionality.
--enable-tcprules-prog=PATH Full path to tcprules program /usr/{local/}bin/tcprules.
--enable-tcpserver-file=PATH File where tcpserver -x relay information is stored /home/vpopmail/etc/tcp.smtp.
--disable-rebuild-tcpserver-file Disable rebuilding of tcpserver relay control file.
--enable-relay-clear-minutes=# Expire time for roaming users after pop authentication [180].
--enable-learn-passwords If no password is stored for a user, learn it the first time they authenticate.
--disable-md5-passwords Use DES crypt() instead of MD5 encryption for passwords.
--disable-file-locking Don't use file locking.
--enable-file-sync Enable file sync after each message is delivered.
--disable-make-seekable Don't try to make input to vdelivermail seekable.
--disable-clear-passwd Don't store a cleartext version of the password in addition to the encrypted version.
--disable-users-big-dir Disable hashing of user directories.
--enable-sqwebmail-pass Store a copy of the user's password in the the user's maildir for use by pre-v3 sqwebmail.
--enable-qmail-ext Enable qmail email address extension support.
--enable-ip-alias-domains Enable mapping of default domain via reverse ip lookup table.
--enable-onchange-script Enable onchange script. See README.onchange for more info.
--enable-spamassassin Enable spamassassin. See README.spamassassin for more info.
--enable-spamc-prog=PATH Full path to spamc program /usr/{local/}bin/spamc.
--enable-maildrop Enable maildrop. See README.maildrop for more info.
--enable-maildrop-prog=PATH Full path to maildrop program /usr/{local/}bin/maildrop.
--enable-domains-dir=TEXT Directory in ~vpopmail to store domains (default=domains).
--enable-incdir=DIR Your MySQL/Oracle 'include' directory.
--enable-libdir=DIR Your MySQL/Oracle 'lib' directory.
--enable-auth-module=MOD Nominate how to store the vpopmail account information (cdb (default), mysql, pgsql, ldap, oracle, or syba se).
--enable-passwd Enable /etc/passwd (or shadow) accounts in addition to virtual domains.
--enable-logging=OPT Log to syslog: n=nothing, e=errors only (default), y=all attempts, p=errors with passwords, v=verbose (all attempts, with passwords).
--enable-log-name=TEXT Set syslog name vpopmail.
--disable-auth-logging Don't record time and ip of last auth attempt. Valid only for CDB, MySQL, PGSQL, LDAP.
--enable-sql-logging Enable authentication logging to MySQL/Postgres.
--enable-mysql-limits Use MySQL to store limits instead of .qmailadmin-limits files.
--enable-mysql-replication Enable support for replicated MySQL auth servers.
--enable-valias Store email aliases in SQL table instead of .qmail files.
--disable-many-domains Creates a table for each virtual domain instead of storing all users in a single table. Only valid for MyS QL and PostgreSQL
cd /usr/local/src/{vpopmail folder}
./configure \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--disable-roaming-users \
--enable-tcprules-prog=/usr/local/bin/tcprules \
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp \
--enable-logging=p \
--disable-passwd \
--enable-clear-passwd \
--disable-domain-quotas \
--enable-auth-module=mysql \
--enable-auth-logging \
--enable-sql-logging \
--enable-valias \
--disable-mysql-limits \
--enable-libdir=/usr/lib64/mysql
configure options for vpopmail that relate to roaming users :
--enable-tcprules-prog=/usr/local/bin/tcprules
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp
--enable-relay-clear-minutes=minutes <- defaults to 180
make
make install-strip
===== vpopmail permissions =====
chmod 775 ~vpopmail? That is probably more permissive than originally intended. I don't remember now why I wrote that...
==== 1. fix permissions for dovecot ====
Run [[http://qmail.jms1.net/scripts/vfixpermissions|John Simpson's vfixpermissions script.]] Without this fix, trying to login via IMAP or POP results in the error message: "setgid 89 failed".
==== 2. set sticky bit for vchkpw ====
[[http://blog.kurthbemis.com/2008/11/24/vpopmail-netqmail-106-and-smtp-auth-patches/]]
chown vpopmail:vchkpw ~vpopmail/bin/vchkpw
chmod 4711 ~vpopmail/bin/vchkpw
chmod u+s ~vpopmail/bin/vchkpw
==== 3. relax permissions for vpopmail.mysql ====
I used ''chmod 775 ~vpopmail/etc/vpopmail.mysql''. I'm sure it's too loose for best security, but I'm not willing to track down the right setting just now.
====== qmailadmin ======
[[http://www.inter7.com/index.php?page=qmailadmindocs]]
./configure \
--enable-vpopmaildir=/home/vpopmail \
--enable-htmldir=/var/www/html \
--enable-cgibindir=/var/www/cgi-bin \
--enable-imageurl=http://tighar.org/images/qmailadmin \
--enable-imagedir=/var/www/html/images/qmailadmin \
--enable-qmaildir=/var/qmail \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-autoresponder-path=/usr/local/bin \
--enable-help
===== settings =====
cgi-bin dir = /var/www/cgi-bin
html dir = /var/www/html
image dir = /var/www/html/images/qmailadmin
image URL = http://tighar.org/images/qmailadmin
template dir = /usr/local/share/qmailadmin
qmail dir = /var/qmail
vpopmail dir = /home/vpopmail
autorespond dir = /usr/local/bin
ezmlm dir = /usr/local/bin/ezmlm
ezmlm idx = yes
mysql for ezmlm = yes
help = yes
modify quota = no
domain autofill = no
modify spam check = no
===== help files =====
mkdir /var/www/html/images/qmailadmin/help
cp -rp * /var/www/html/images/qmailadmin/help
note: ./configure option --enable-htmldir=/var/www/html
====== Dovecot ======
===== compiling =====
[[http://wiki.dovecot.org/CompilingSource]]
AS NON-ROOT USER (I used joomla):
su joomla
./autogen.sh
./configure \
--with-vpopmail \
--with-mysql \
--with-ssldir=/etc/pki/tls-ssl \
--with-storages=maildir \
--enable-maintainer-mode
gmake
exit # return to root id
gmake install
for later updates:
hg pull
hg update
gmake
sudo gmake install
[[http://qmail.jms1.net/dovecot.shtml]]
useradd -M -d /nohome -s /bin/false -c 'Dovecot user' dovecot
* -M make no home directory
* -d directory (nohome for dovecot)
* -s shell
* -c comment (name)
===== configuration =====
Location of file: **/usr/local/etc/dovecot.conf**
Some snippets that took me a couple of tries to get organized correctly.
##
## Mailbox locations and namespaces
##
# Location for users' mailboxes.
#
# See for full list.
#
#
#
mail_location = maildir:~/Maildir
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names.
mail_uid =89
mail_gid =89
##
## Mail processes
##
#
# http://qmail.jms1.net/dovecot.shtml
# http://forum.qmailrocks.org/showthread.php?t=5872
# http://ansani.it/2008/08/14/qmailtoaster-dovecot-imap/
# Enable mail process debugging. This can help you figure out why Dovecot
# isn't finding your mails.
mail_debug = no
verbose_proctitle = yes
first_valid_uid = 89
last_valid_uid = 89
first_valid_gid = 89
last_valid_gid = 89
##
## IMAP specific settings
##
protocol imap {
listen = 173.45.236.139:143
ssl_listen = 173.45.236.139:993
}
##
## POP3 specific settings
##
protocol pop3 {
listen = 173.45.236.139:110
ssl_listen = 173.45.236.139:995
}
##
## Authentication processes
##
auth default {
mechanisms = plain
passdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb prefetch {
# args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%u
}
count = 1
}
====== SquirrelMail configuration ======
===== Installation =====
* [[http://www.squirrelmail.org]]
===== cron job =====
Slight mod needed for cron job to clean up attachments directory. Following the most recent installation script, **/var/local/squirrelmail/attach/** is my attachment directory.
Nice instructions for the cron job from [[https://www.timekiller.org/howtos/qmail-rh9.html|Setting up Qmail on Redhat 9]]. To delete any files that are more than 2 days old from the SquirrelMail attachment dir, run ''cronjob -e'' and append the following line:
0 0 * * * find /var/local/squirrelmail/attach/* -atime +2 -exec /bin/rm {} \;
===== Couldn't connect to localhost =====
configtest.php returned ''Error connecting to IMAP server "localhost:143".Server error: (0)''.
I switched the setting in **config.php** to //tighar.org// on port 993 from localhost on 143. Then it worked very well.
The interesting lines from the configuration:
$domain = 'tighar.org';
$imapServerAddress = 'tighar.org';
$imapPort = 993;
$imap_auth_mech = 'login';
$use_imap_tls = true;
====== clear proctitle error messages ======
[[http://projects.standblue.net/docs/qmail.html#service-resetproctitles]]
mkdir /var/service/resetproctitles
cd /var/service/resetproctitles
touch down
echo '#!/bin/sh' > run
echo echo -n $(for i in `seq 1 500`; do echo -n .; done) >> run
chmod 755 run
ln -s /var/service/resetproctitles /service/resetproctitles
====== see if it's working ======
===== test mail with telnet =====
telnet tighar.org 25
HELO
MAIL FROM: newuser@canisius.edu
RCPT TO: martin.
newuser@tighar.org
DATA
Subject: testing with telnet
This is a test. I hope it gets rejected.
That is the way things are SUPPOSED to work!
.
QUIT
===== mailx =====
A quick way to test sendmail
mailx -s "mailx test message" newuser@canisius.edu
type the body
...
EOT (Ctrl+d)
mailx and mail rely on sendmail
====== Disable quotas for tighar.org ======
[[http://nick.vargish.org/clues/qmail-vpopmail-hints.html|qmail + vpopmail cheat sheet by Nick Vargish]]:
/usr/local/src/vpopmail-5.4.27/vmoduser -q NOQUOTA user@tighar.org
/usr/local/src/vpopmail-5.4.27/vmoduser -q NOQUOTA tighar.org
vmoduser is in our build directory: