Part 19 - Mail Client Configuration

So now you've got a fully functioning mail server. Well, now it's time to make use of that mail server and configure a remote mail client to retrieve mail from the server and send mail through the server. For my example, I've chosen Microsoft's Outlook XP. Outlook Express varies slightly, but you should be able to get the general idea. Likewise, if you using some other mail client you should be able to get the idea. Please do not e-mail me asking for instructions on another mail client. This is the only one I'm going to provide for now.
Anyway, let's configure Outlook...
For this example, let's set the following pre-conditions:
1. I have used Vqadmin to set up a new domain on my server called "domain.com"
2. Since I have set the domain up using Vqadmin, there should already be a main user for the domain called "postmaster@domain.com".
3. I'm going to set up Outlook to check mail for and "postmaster@domain.com" and will also use that user for SMTP authentication, so that I can send mail.

Step 1: Go to E-mail account configuration

Select "E-mail Accounts" under Tools.

Step 2: Add a new E-mail account

When finished, click "Next".

Step 3: It's a POP3 type of account

When finished, click "Next".

Step 4: Configure the account

Click on "More Settings" once you've filled out the above information.

Step 5: Enable SMTP Authentication (under the "more settings" area):

Save all changes and give it a go! You should be all set. Now that wasn't so hard, was it?

SMTP Settings Troubleshooting Tip

You may find that when you configure Outlook to use your Qmail server as the outgoing SMTP server, those connection attempts get blocked. You may get an error message like "Could not connect to server". Often, this is due to your ISP blocking foreign connetions to port 25 (smtp). Most large ISP's these days will block attempts to connect to a foreign SMTP server. This is an anti-spam measure. The solution is to use your ISP's SMTP server instead of your own. Let's take a real-life example: Earthlink, for example, blocks connection attempts to foreign SMTP servers. I use Earthlink DSL, therefore I have to configure Outlook to use Earthlink's SMTP servers (mail.earthlink.net) instead of my Qmail server's. So, in the SMTP server setting in Outlook, I stick in "mail.earthlink.net" instead of my server's address. Of course, whether or not you configure Outlook to use SMTP authentication at this point is strictly determined by what your ISP's SMTP connection rules are. If you need help, contact your ISP.

Read more

Part 18 - Maintaining your qmail server

Once you've got your qmail server up and running, how do you take care of it? This page will cover the many answers to that question. So here goes.

Table of contents: Making sure that all services start on boot Maintaining the qmail queue Maintaining qmail-scanner Maintaining SpamAssassin Maintaining Clam Antivirus Maintaining current software versions Maintaining the qmail logs Maintaining administrative mailboxes Maintaining other mailboxes Backing up your qmail server

Making sure that all services start on boot
If you've installed qmail correctly, it should already automatically start when you boot your server. However, you will want to make sure that all of the other needed services start as well.
--For Redhat users--
Starting Courier-imap on boot - make sure the following 2 lines exist in your server's /etc/rc.local file:
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
Starting SpamAssassin on boot
Try running the "setup" command and check the system services area to see if SpamAssassin is listed and marked with a "*" to start on boot. If SpamAssassin is not present in the system's "setup" tool, you can start it on boot by added the following line to the server's /etc/rc.local file
/etc/rc.d/init.d/spamd start
Starting Apache on boot
Try running the "setup" command and check the system services area to see if the "httpd" service is listed and marked with a "*" to start on boot. If it is not present in the system's "setup" tool, you can start it on boot by added the following line to the server's /etc/rc.local file
/etc/rc.d/init.d/httpd start
--For Slackware users--
Make sure the following startup commands exist in your system's /etc/rc.local file:
Starting Courier-imap
/etc/rc.d/rc.imap start
/etc/rc.d/rc.imaps start
Starting SpamAssassin
/etc/rc.d/rc.spamd start
Starting Apache
/etc/rc.d/rc.httpd start (If you already have Apache configured to start on boot, you can omit this line)
Maintaining the qmail queue
It's usually not a bad idea to keep your qmail server's queue in check. Your qmail server's queue is located at /var/qmail/queue. However, it's just about impossible to look directly at the queue folders and be able to tell what's going on.
qmailctl stat - This, of course, shows you your qmail server's current status. Included in the stats is the current condition of the queue. You can use this to see how many messages are sitting in the queue.
qmHandle - This add-on tool allows more in depth viewing of the queue and it also allows you to perform administrative functions on the queue. You can find instructions about installing qmHandle here. Once qmHandle is properly installed, running the command
"qmHandle" will provide a listing of all the possible commands possible. I'll go over a couple of them right now. The "qmHandle -l" command will give you a complete listing all every message in the queue and a summary containing the date the message was sent, the sender and the intended recipient. The output for a single message might look like this:
6406395 (195, R)
Return-path: bob@somewhere.com[]
From: Bob Smith
To: Frank Smith
Subject: Re: This weekend
Date: Mon, 16 Feb 2004 12:14:31 -0700
Size: 1482 bytes
The message number, 6406395, can be seen at the top of the message. If we wanted to delete this single message from the queue, we could do so with a command of "qmHandle -d6406395". The entire queue can be cleared out with the command "qmHandle -D".
queuelifetime - The "queuelifetime" setting for qmail determines how long messages can stay in the queue. By default, your qmail server will keep messages in the queue for 604,800 seconds, or 7 days. However, you can set a custom queuelifetime by creating a file called /var/qmail/control/queuelifetime. The content of that file is a single line containing a number which represents the number of seconds the queue will hold any given message. If you want to set a custom queuelifetime, you might want to whip out the old calculator.
A little advice on handling your queue
You need to keep in mind that a queued message is NOT necessarily a BAD thing. The only time a message is queued for any length of time is when it is undeliverable at the time it is originally sent. A message is usually undeliverable for 1 of 2 reasons:
1) The receiving mail server is offline. If this is the case, when that mail server comes back online at a later time your qmail server will then be able to deliver that message. A perfect example of this is the Qmailrocks.org mailing list. At any given time there lots of messages in the mailing list server's queue. However, these messages usually get delivered eventually. As you can imagine, some people on the mailing list are probably using a new qmail server to house the mailbox with which they have signed up on the list with. Well, of course, since that person is new the qmail there is a chance that their server may go down for periods of time while they are working on it and perfecting their qmail skills. It is at these times when their server is unreachable and when my list server then queues the message for later delivery. No big deal.
2) The recipient address is bogus or incorrect. If you get hit with a lot of spam on your server, or if you have a spammer on your server, this will probably happen to you at some point. Your queue gets filled with message bound for bogus addresses OR it gets filled with bounce messages that your server is trying to deliver back to spammers who sent spam to bogus addresses on your server. A good way to cut down on this is to set the domains on your server to "delete" catchall mail instead of bouncing it. This can be done from within the Qmailadmin interface. Setting a domain's catchall setting to "bounce" is a bad idea in my experience as it only results in a queue full of bounced bounce messages. If you don't need a catchall for your domain, do yourself a favor and set it to "delete". This is also the case if you are running Qmail-scanner. Qmail-scanner has an option to notify the sender when a virus is found in an e-mail. Bad idea. Most of the time, the address from which that virus laden e-mail came is bogus. So trying to "notify" the sender usually results in nothing but a bunch of double bounces flying all over your server.
Fortunately, since your qmail server has a built in queue lifetime, messages will eventually drop out of the queue if they are undeliverable. The last thing I want to mention is that it is a common misconception that if your queue is full, mail being sent presently will not be delivered quickly. This is a misconception. As I said, the queue is a repository for messages that are not immediately deliverable. If a message is being sent to a valid address it will get sent immediately, regardless of the size of the queue. So, in summary, you don't need to panic every time you have messages in your queue. Most of the time, the best thing to do is to just let your queue take care of itself. However, there are time when you may deem it necessary to clean out the queue or take other administrative action, and that's what the "qmHandle" tool above is good for.
Maintaining qmail-scanner
Qmail-scanner is fairly easy to maintain. Once you get it configured how you want it to be, the main items your going to want to worry about are 1) the log files and 2) the virus quarantine area. Here's some info on both.
1) qmail-scanner logs - Qmail-scanner, when Clam Anti Virus and SpamAssassin are hooked into it, logs the virus scanning activities to /var/spool/qmailscan/qmail-queue.log. This log file can get REALLY big, so you will want to keep it in check. You may want to set up a rotation schedule for this log file or some other sort of scheduled task that deals with this log file on a routine basis. If this log file exceeds the linux file size limit of 2GB, your mail server will start freaking out and all hell will break lose. So do yourself a favor and keep an eye on this log file.
2) The virus quarantine area - When qmail-scanner pipes the mail out to Clam Anti Virus and virus is found, the virus laden message is quarantined at /var/spool/qmailscan/quarantine/new. Those e-mails will usually not pose any threat to your server, since there are very few Linux/Unix viruses and since they are not being executed. However, on a busy mail server, that folder can get filled up pretty quickly, so you may want to keep an eye on it and have it emptied on a routine basis. I empty mine out with a crontab that runs once a week.
Anytime you upgrade qmail-scanner, it's a good idea to refresh the qmail-scanner perlscanner database:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g  or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g   or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
Maintaining SpamAssassin
SpamAssassin is relatively maintenance free one you get it up and running. It logs it's activities to /var/log/maillog, so you can always reference the logs for any investigations. New versions of SpamAssassin are released fairly often, so you may want to occasionally check http://www.spamassassin.org to see if there have been any new releases. In my experience, I've always been able to install the new version over the older version with no problems. If you upgrade, just make sure the /etc/mail/spamassassin/local.cf file still contains the setting you want and you should be in good shape.
Anytime you upgrade SpamAssassin, it's a good idea to refresh the qmail-scanner perlscanner database:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g  or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g   or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
Maintaining Clam Antivirus
The only things you really need to do to maintain Clam AV are:
1) Make sure your server is running the automatic virus definition updates on a regular basis. I run the following command out of crontab on a routine basis:
/usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log
2) Keep your version relatively current. New releases are put out fairly often, so keep an eye on it. Again, in my experience I've been able to install the newer version over the older one with no problems.
3) Anytime you do decide to upgrade Clam Antivirus, you will need to update qmail-scanner's version file. This is easily done by running the following command:
Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z   or   /var/qmail/bin/qmail-scanner-queue -z (for non setuid setups)
Debian:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z    or   /var/qmail/bin/qmail-scanner-queue -z (for non setuid setups)
Slackware:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
Maintaining current software versions in general
Naturally, as time passes new and improved versions of software will be released from their respective venders. It's always nice to have to latest versions of everything, but unless the newer version fixes a security hole or a major bug you don't need to lose sleep over it. You can check the venders' websites every now and then to see if a new version is out. I try to keep the QMR software package as current as possible and I'm pretty good at it. Most of the time, the qmailrocks.tar.gz package will contain the latest versions of everything.
I've never had any big problems with upgrading any of the software. For source packages. you can usually simply compile and install the latest version right over the older version with no problems. I mention this in the above paragraphs on SpamAssassin and Clam AV, but it generally applies to all of the software found on this site. The same goes for RPMs. You can usually just install the new RPM right over the older one using the command syntax "rpm -Uvh whatever.rpm".
Qmail itself has not had a new version release in a very long time, but you can bet if there is a new release I will have it here. As you probably know by this point, the current qmail version is version 1.03. Many people have noticed that qmail.org offers a version of qmail called "netqmail-1.05". At first glance this may appear to be a newer version of qmail. IT IS NOT. Netqmail is simply qmail-1.03 with some of the patches (which I use on this site anyway) already built in. If you follow the QMR installation guide using 1.03, the resulting installation of qmail is not different that if you used netqmail. Understand? If you don't trust me, check out the full description of netqmail here.
Maintaining the qmail logs
Fortunately, qmail's logs take care of themselves. They automatically rotate all on their own, so you never have to worry about them. The only thing worth noting is that you CAN customize the rotation schedule for the logs. This is done the "logs" supervise script for each supervised function. Confused? Ok, I'll explain.
In the QMR qmail installation, there are 3 supervise scripts and, subsequently, 3 logs for those scripts.
/var/qmail/supervise/qmail-pop3d/run operated the pop server and is logged via /var/qmail/supervise/qmail-pop3d/log/run
/var/qmail/supervise/qmail-smtpd/run operates the smtp server and is logged via /var/qmail/supervise/qmail-smtpd/log/run
/var/qmail/supervise/qmail-send/run operates the mail processor and is logged via /var/qmail/supervise/qmail-send/log/run
Each of the above "log/run" scripts tells the server how it wants those activities logged. Let's take the /var/qmail/supervise/qmail-pop3d/log/run logging script as an example:
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
The last line of this script sets some of the logging options. We can break that last line into several parts:
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
So let's break it down:
exec setuidgid qmaill multilog - run the multilog program as the "qmail" user.
t - inserts an @, a precise timestamp, and a space in front of each line.
The above "t" is why the rotated logs take on names like this: @40000000402d1c562cbf3534.s
s100000 - logs will rotate when they reach 100000 bytes.
n20 - number of rotations to keep on hand before they fall off.
/var/log/qmail/qmail-pop3d 2>&1 - the directory to where the logs will be written, silently.
Maintaining administrative mailboxes
This may seem a bit silly, but you'd be surprised how many people neglect the administrative e-mail account on their server. But what is the administrative e-mail account? Well, that depends on you. Administrative mail would be mail destined for the server's root user as well as any notification settings you may have. The destination for most the server's administrative addresses is usually determined by the aliases you have created at /var/qmail/aliases. If you've followed the QMR install guide, you should have a "postmaster" alias as well as "root", "mailer-daemon" and "anonymous" aliases. If you're like me, you direct all of these aliases to a single mailbox on your qmail server. For example, on the qmailrocks.org server, I direct all of these aliases to the qmailrocks.org postmaster account. This means that my postmaster account gets all of the administrative mail on the server. I get bounce failure messages, crontab reports, log watch reports and many other admin type emails. In addition, since I also have qmail-scanner set up to send virus reports to this same address. So, as you can see, my postmaster account is the central locus for all the server's administrative mail. You probably want to do the same with your server, as these administrative e-mails can often help you to find and correct problems that might otherwise go unnoticed. A mistake that people make a lot is to have the administrative mail directed to some mail account that they never check. This inevitably leads to that person being surprised when they find out that they have a mailbox on their server that's a couple Gigs in size. These people will also be surprised when they find that that mailbox is full of error messages that have been coming in for months indicating that something on the server is misconfigured. They never checked the mailbox, so they never knew. Well, I guess ignorance is bliss. So my point of this whole paragraph is that you should keep your administrative mail configuration organized and well cared for. It will save you a lot of heartache down the road.
Maintaining other mailboxes
Managing all other mailboxes on your server is made easy my simply setting quotas on all domains. It is inevitable that if you host mail on your server, there will be some idiot who either never checks his mailbox or decides that he has to store a lifetime worth of mail on the server. Setting quotas for your domains is a way of keeping these idiots in check and preventing you from having a disk space crisis because of these idiots. If you have a 120GB drive in your server and no quotas, there WILL be some fool who fills up all 120GB with his mail. So take my advise and set rigid quotas for your domains.
Backing up your qmail server
Backing up a qmail server is relatively easy. While different people may give you slightly different recommendations, you can ensure a safe backup of your qmail server if you backup the following 2 directories on a routine basis.
/home/vpopmail - backs up all your domain information, including mailboxes, passwords and the messages themselves.
/var/qmail - backs up all of your qmail settings. The /var/qmail/control directory is the most important directory in there to back up, but it won't hurt to just back up the whole damn qmail directory.

Read more

Part 17 - Installing Qtrap

Our final ingredient in this installation is going to be a domain level word filter, which I've named "Qtrap". This script is applied on a per domain basis and serves as a "bad word" scanner to catch any spam that Spamassassin may have missed. This filter serves as the last defense against SPAM before it arrived in your inbox. I like this filter because it helps to get rid of any SPAM that happens to make it by Spamassassin. Without any protection at all, my mailbox gets a shit ton of SPAM every day. Within the first 3 months I enacted the Qtrap filter, Qtrap logged over 9,000 deleted SPAM messages, none of which were legitimate e-mails. My keyboard's delete key was very appreciated the extra rest.
Any emails that are scanned and contain a banned word will be automatically deleted and logged by the qtrap script. A whitelist feature now exists so that individual addresses or domains can be exempt from the qtrap scan.
So let's install it...
cd /home/vpopmail
mkdir -p qtrap/logs
cd qtrap
cp /downloads/qmailrocks/scripts/qtrap/qtrap-2.0.0 ./qtrap.sh
Defnining your whitelist:
vi qtrap.sh
You will see a block of code for the whitelist that looks like this:
whitelist_check () {
case $WHITELIST in
address@somewhere.com|address@somewhereelse.com|*entiredomain.com)
echo $SENDER found in whitelist on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 0;;
*)
;;
esac
}
The email addresses in the bold red text above should be substituted with any email addresses that you wish to whitelist against the qtrap filter process. Whitelisted addresses will be allowed to send you mail that contains "banned" words. Un-whitelisted address will be scanned and their message deleted if it contains a banned word. As you can see above, you can specify an individual address (address@somewhere.com) or you can simply whitelist an entire domain (*entiredomain.com).
Defining your "banned word" list:
within the qtrap.sh script you should see another section, below the whitelist section of code, that looks like this:
checkall () {
case $BANNED_WORDS in
porn|PORN|Sex|SEX)
printout $BANNED_WORDS
echo MESSAGE DROPPED from $SENDER because of $BANNED_WORDS on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 99;;
*)
;;
esac
}
The portion of the above section that I've highlighted in RED is the array of "banned" words. Edit this array to your satisfaction. Make sure that each word is seperated by a pipe "|" and keep in mind that the array is case sensitive. So the words "SEX" and "Sex" are 2 different words. Also, excercise caution here. You don't want to ban words that are used in everyday e-mails. For example, you wouldn't want to ban the word "hello" or something like that. You should only ban words that you are 100% sure you would never see in a legitimate e-mail.
Now let's set up the logging directory...
touch /home/vpopmail/qtrap/logs/qtrap.log
chown -R vpopmail:vchkpw /home/vpopmail/qtrap
chmod -R 755 /home/vpopmail/qtrap
Now we will add this script into the mail path for a domain on our server.
cd /home/vpopmail/domains/yourdomain.com
vi .qmail-default
add the following line above the line that is already there
| /home/vpopmail/qtrap/qtrap.sh
Here's an example:
.qmail-default before:
| /home/vpopmail/bin/vdelivermail '' delete
,qmail-default after:
| /home/vpopmail/qtrap/qtrap.sh
| /home/vpopmail/bin/vdelivermail '' delete
Save these changes and that should be it. You don't have to restart anything. To test this last rule, try sending an e-mail to your mailbox and make sure that the test e-mail contains one of the words that you entered into the "bad word" list in the Qtrap script. If the filter is working right, the message should NOT arrive in your inbox. You should then be able to view the log file at /home/vpopmail/qtrap/logs/qtrap.log and see a log of the dropeed message corresponding to the time at which you sent the test message. The drop log should look something like this:
MESSAGE DROPPED from someone@somewhere.com because of some_banned_word on on 06/13/03 02:37:51
If the test was successfull, then that's it! Congratulations, you've completed the Qmailrocks.org Qmail installation. Have fun. The next couple steps discuss cleanup as well as some closing notes and suggestions.

Read more

Part 16 - QmailAnalog w/qlogtools & qms-analog

Qmailanalog performs some basic log analysis on those qmail log files and then outputs them to a desired location. In my case, I run qmailanalog every night and output the results to e-mail. Along with qmailanalog, we're going to install the "qlogtools" package. Qlogtools, as its name implies, provides an array of tools which can be used to analyze the qmail logs. We're going to use one of the qlogtool packages, tai64n2tai, to convert the timestamps on the log files from a machine readable format to a human readable format which will come to us when we get the finished report. After we've installed both Qmailstats and Qlogtools, we will create a script which you can run on a nightly basis to generate e-mail stats. The script will also incorporation qms-analog, which we installed with qmail-scanner previously. The qms-analog output will give add qmail-scanner stats to our nightly report.
First, let's install qmailanalog...
cd /downloads/qmailrocks/
tar zxvf qmailanalog-0.70.tar.gz
cd qmailanalog-0.70

RH 9/RHEL/Fedora/Slackware users: You will need to patch qmailanalog with an additional errno patch: patch < /downloads/qmailrocks/patches/0.70-errno.patch

make && make setup check
That's it. Qmailanalog is installed!
Now let's install qlogtools...
cd /downloads/qmailrocks/
tar zxvf qlogtools-3.1.tar.gz
cd qlogtools-3.1

RH 9/RHEL/Fedora/Slackware users: You will need to patch qlogtools with an additional errno patch: patch < /downloads/qmailrocks/patches/qlogtools_errno.patch

mkdir /usr/local/man (if directory already exists, you're good to go)
make
./installer
OK. The qlogtools library of tools should now be installed.
Now we will implement a script to run Qmailanalog and then you can hook that script into the server's crontab to get stats generated every night.
The script below is a solid script that sends an email to the server administrator with both the qmailanalog output as well as qms-analog's readout of qmail-scanner's activities. Pretty sweet, huh?
cp /downloads/qmailrocks/qms-analog-0.4.2/qmailstats /var/qmail/bin
vi /var/qmail/bin/qmailstats

#!/bin/sh
## qms-analog and qmailanalog invocation script
##
## Note: For better readability of the nightly stats email, set your email
## client font to a fixed width font - then all the columns line up
## very nicely.
##
PATH=/usr/local/qmailanalog/bin:/var/qmail/bin:/bin:/usr/bin:/usr/local/bin
QMAILSTATS="/tmp/q.$$"
EMAILMSG="/tmp/qms.$$"
umask 077
DATE=`date +'%D'`

## prepare qmail log entries for qmailanalog routines
cat /var/log/qmail/qmail-send/* /var/log/qmail/qmail-pop3d/* /var/log/qmail/qmail-smtpd/* | tai64n2tai | awk '{$1=substr($1,1,index($1,".")+6);print}' | matchup > $QMAILSTATS 5>/dev/null

## build the email message header
echo "To: your_postmaster@yourdomain.com" > $EMAILMSG
echo "From: your_postmaster@yourdomain.com" >> $EMAILMSG
echo "Subject: Nightly Qmail Stats Report for $DATE" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG

## qms-analog invocation
#
# USAGE: qms-analog hours-of-history
#
# hours-of-history (0 - n) hours of history to collect
# 0 => all records
# sort-key (optional) sort key for account statistics
# msgbw (default) msg bandwidth - successful msgs
# alpha alphanumeric by account name
# virus number of viruses received
# saavg Spamassassin avg score
# sadet Spamassassin msgs detected
#
# Examples:
# "qms-analog 24" - use only records within the last 24 hours,
# sort by msg bandwidth
# "qms-analog 168" - use only records within the last 7 days,
# sort by msg bandwidth
# "qms-analog 0" - use all records, sort by msg bandwidth
# "qms-analog 0 alpha" - use all records, sort alphabetically
# "qms-analog 0 saavg" - use all records, sort by Spam average score
#
# Note: Add or remove statistical time frames to suit your preference -
# "last 24 hours" and "all records" are uncommented below by default.
##
#### Last 24 hours
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 2 4 H o u r s ~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 24 >> $EMAILMSG
####
#### Last 7 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 7 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 168 >> $EMAILMSG
####
#### Last 30 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 3 0 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 5040 >> $EMAILMSG
####
#### All records in qms-events.log
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ A l l R e c o r d s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 0 >> $EMAILMSG
####

## qmailanalog invocation
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zoverall < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zfailures < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zdeferrals < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG

## pipe the message into qmail-inject
cat $EMAILMSG | qmail-inject

## delete temp files
rm -f $QMAILSTATS
rm -f $EMAILMSG
Now set the script executable...
chmod 750 /var/qmail/bin/qmailstats
Now run the script...
/var/qmail/bin/qmailstats
Check your email and you should get a report with some pretty cool stuff in it! Your report should look something like this.
OK, if the qmailstats script is working, you will now want to create a crontab entry to run this script every night.
So, as the "root" user let's set up a cron entry...
crontab -e
0 3 * * * /var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null
Save and exit from the crontab editor and you should be all set. The above entry will run the qmailstats script every night at 3:00A

Read more

Part 15 - qmail-scanner w/qms-analog

(Redhat)

If you will recall, when we compiled qmail earlier in this installation, we applied a patch to qmail called "qmailqueue.patch". This patch allows qmail to be configured to run with a substitute queuing mechanism. That's exactly what were about to do here. We're going to tell qmail to use Qmail-Scanner as the queuing mechanism. Qmail-scanner is going to allow us to integrate Clam Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-scanner is installed, there will be a master script that is filled with configuration options that help you to tailor the functionality of Clam Antivirus and SpamAssassin to your needs. To expand the number of configuration options, we are also going to apply a patch to qmail-scanner. For this patch, we will be using Mark Teel's qms-analog patch. Qms-analog incorporated the widely used qmail-scanner-st patch but it also adds some cool reporting functionality as well which we will utilize later in this installation guide. So let's get on it!
cd /downloads/qmailrocks
Unpack qmail-scanner...
tar zxvf qmail-scanner-1.25.tgz
Now unpack qms-analog...
tar zxvf qms-analog-0.4.2.tar.gz
Install qms-analog itself. This will come in handy in the next step when we install Qmailanalog.
cd qms-analog-0.4.2
make all
Next, we copy needed qms-analog files to the qmail-scanner source directory...
cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.25/
Now, let's apply the qms-analog patch...
cd /downloads/qmailrocks/qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch
Now we will configure qmail-scanner and install it. Ordinarily, you would run the ./configure script to configure and install qmail-scanner. However, Mark Teel has donated a handy little config script that does most of the work for you.This script is called "qms-config-script" and, if you look above, you should have already copied this config script into the qmail-scanner source directory.
How you go about configuring and installing qmail-scanner from this point on depends on how you server's installation of Perl is configured. For the purposes of this installation, there are 2 Perl setups.
1. Perl is configured to allow for setuid functions.
2. Perl is not configured for setuid functionality and, in fact, does not permit it.
We'll start off with the configuration step for a server that allows setuid. However, if you run into setuid errors, you can jump to a set of instructions for servers that do not allow setuid functionality.
So let's do it...
First, you need to configure the script for your needs...
cd /downloads/qmailrocks/qmail-scanner-1.25
vi qms-config
You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED
#!/bin/sh
if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi
./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify admin \
"$INSTALL"
Now save and exit out of the config file. That was easy, wasn't it.
And now we will run a test config for qmail-scanner...
chmod 755 qms-config
./qms-config
Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server.

If the config test produced any error messages, stop here! If you got a "setuid" related error when you ran the above script it is most likely due to you Perl installation not supporting setuid functionality. You can click here for alternate non-setuid configuration instructions. If you get any other errors, check out these troubleshooting tips.

If you didn't get any errors on the test run above, then you should be ok to run the "real" installation script below. So let's do it...
./qms-config install
Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips.
And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database...
First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.
And now one final ownership check...
chown -R qscand:qscand /var/spool/qmailscan
Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself.
vi /var/qmail/supervise/qmail-smtpd/run
To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh):
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
..and we change the "softlimit" in that same script...
change softlimit to 40000000
Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!!
So now the qmail-smtp/run file should look like this:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive!
Click Here to continue

If your Perl installation does NOT allow for setuid functionality cd /downloads/qmailrocks/qmail-scanner-1.25/contrib make install Now we will customize the qmail-scanner configuration script... cd /downloads/qmailrocks/qmail-scanner-1.25 vi qms-config-cwrapper You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED #!/bin/sh if [ "$1" != "install" ]; then INSTALL= else INSTALL="--install" fi ./configure --domain yourdomain.com \ --admin postmaster \ --local-domains "yourdomain.com,yourotherdomain.com" \ --add-dscr-hdrs yes \ --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \ --ignore-eol-check yes \ --sa-quarantine 0 \ --sa-delete 0 \ --sa-reject no \ --sa-subject ":SPAM:" \ --sa-delta 0 \ --sa-alt yes \ --sa-debug no \ --notify admin \ --skip-setuid-test \ "$INSTALL" Now save and exit out of the config file. That was easy, wasn't it. And now we will run a test config for qmail-scanner... chmod 755 qms-config-cwrapper ./qms-config-cwrapper Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. ./qms-config-cwrapper install Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. vi /var/qmail/bin/qmail-scanner-queue.pl Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.) chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database... First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it... /var/qmail/bin/qmail-scanner-queue -z And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t... /var/qmail/bin/qmail-scanner-queue -g A successful database build should produce the following output: perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 9 entries. And now one final ownership check... chown -R qscand:qscand /var/spool/qmailscan Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself. vi /var/qmail/supervise/qmail-smtpd/run To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh): QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE ..and we change the "softlimit" in that same script... change softlimit to 40000000 Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!! So now the qmail-smtp/run file should look like this: #!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 40000000 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /var/qmail/bin/qmail-smtpd your_domain.com \ /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1 Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive! Click Here to continue

To activate all the changes we just made, we're going to have to completely stop and restart qmail.
Stop it...
qmailctl stop
and start it...
qmailctl start
And a quick check of the qmail processes, just to be safe..
qmailctl stat
Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it!
cd /downloads/qmailrocks/qmail-scanner-1.25/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit
A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test.
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!
Finished test. Now go and check Email for postmaster@mydomain.com
If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo!

- Helpful Hints - Post Install configuration tips for Qmail-Scanner

Although Qmail-Scanner should work pretty much "out of the box" so to speak, you can make some customizations to it's configuration by editing the qmail-scanner-queue.pl script located at /var/qmail/bin/qmail-scanner-queue.pl. The qmail-scanner-queue.pl script controls a lot of the functionality of both Clam AV and Spamassassin. Check it out for yourself and you will see that there are quite a few items you have control over. I wouldn't recommend touching most of them. In fact, the only setting that I changed in mine is in the Spamassassin section: Can I have Spamassassin tag suspected spam with a custom subject line? Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl file and find the following line: my $spamc_subject=`:SPAM:`; Now type a custom spam subject. This subject line will be added to any mails that Spamassassin tags as suspected spam. Here's an example: my $spamc_subject=`Hi, I'm Spam`; The "spamc_subject" setting determines what message Spamassassin will append to the "subject" of e-mails which it deems as SPAM. Can I delete e-mails that Spamassassin labels as spam? Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl file and find the following line: my $sa_delete='0'; Now replace the '0' with a number that represents how far above your SpamAssassin "required_hits" variable that Qmail-scanner should start deleting messages at. For example, if you SpamAssassin required_hits variable is set to "5" and you set the "sa_delete" variable to "1.0", then any message that has a spam score of 1.0 over the "5" mark would be deleted. In other words, any mail with a score of 6 or more would be trashed automatically. So for this example, you would change the "sa_delete" variable as follows: my $sa_delete='1.0'; Is is safe to tell qmail-scanner to delete e-mails that SpamAssassin marks as spam? Spamassassin has been tested to have up to a 99% accuracy rating in terms of detecting real spam and leaving legitimate e-mail alone. I've been using it for over a year now and have never gotten a false positive. Therefore, I feel safe in telling it to just delete the stuff. There are a host of other Spam and Virus handling directives that can be customized with the qmail-scanner.pl file. You can check out the qmail-scanner patch website at http://xoomer.virgilio.it/j.toribio/qmail-scanner/ for all the details. Other than that, I left my qmail-scanner-queue.pl script as is.

Summary of functionality:
If you've gotten to this point, you should have Clam Anti-Virus, Spamassassin and Qmail-Scanner all working together. When a messages comes into the server, Qmail-Scanner takes the message and pipes it out to both Clam Anti-Virus and Spamassassin. If the message contains a virus, Clam AV quarantines it a /var/spool/qmailscan/quarantine and then send a notification e-mail to whoever you specified in the Qmail-Scanner installation. If the message does not contain a virus, it is then scanned by Spamassassin. Depending on the score that Spamassassin assigns to the message and whether or not that score breaks the SPAM threshold set by you in the /var/qmail/.spamassassin/user_prefs file, Spamassassin will either let the message go unaltered to its destination or it will tag the message as SPAM. If the message is tagged as SPAM, it will still arrive at its destination, but with an altered "subject" that will signal to the recipient that this was tagged as SPAM. The text that gets appended to the "subject" of the e-mail is set in the /var/qmail/bin/qmail-scanner-queue.pl file. (For example: If you set qmail-scanner-queue.pl to tag all SPAM with "HI, I'M SPAM!", mail tagged as such will be delivered to the recipient with "HI, I'M SPAM" added to the subject. Once the message is tagged, the recipient can then configure his/her mail client to deal with those tagged message in whatever manner he/she sees fit. Alternatively, you can tell Spamassassin to delete all suspected spam messages (like I do). You can find directions for this in the "Hints" box above.

Read more

Part 14 - Clam Antivirus & SpamAssassin

The next step varies slightly depending on whether you're installing on Redhat or on Debian. Please choose the appropriate selection below

Read more

Part 13 - Installing Squirrelmail

Now that we have Qmail running with IMAP, we can install a webmail client to make mail accessible via a web browser. My choice for this was Squirrelmail. Squirrelmail is both easy to install and it has lots of nice plugins to broaden its abilities. I know that a lot of people out there like to use Horde. I like Horde myself and I've installed it on my Qmail server alongside Squirrelmail. However, Horde is a major pain in the ass to install. Anyone who's ever intalled it will tell you that. I just don't want to take the responsibility for it on this site. Some people also like to use SQwebmail. No offense, but I don't like SQwebmail.
Anyway, let's install Squirrelmail...
The first order of business to make sure PHP is installed and correctly configured. So let's get that out of the way...
In order for Squirrelmail to work correctly, you'll need to check a couple things about your PHP installation:
1. First of all, make sure some rendition of PHP 4 is installed. If it's not, kick yourself in the ass and then go install it. Sorry, I'm not going to give a PHP installation tutorial. To be safe, you will want the following config options to be active in your PHP installation.
--enable-track-vars
--enable-force-cgi-redirect
--with-gettext
--with-mysql
If you're running Redhat, however, PHP can be easily installed as an RPM either manually or with "up2date". A default RPM installation of PHP will usually cover you. The only extra RPMs you'll want to install is "php-mysql".
2. Make sure you have PHP uploads turned ON. This is done by editing a line in your php.ini file. The location of the php.ini file can vary, but it's usually located at /etc/php.ini. If it's not, don't panic. Just run the old "locate php.ini" command. ;) Here's the line you will want to check/edit:
file_uploads = On
That's it for the PHP setup. Now let's download Squirrelmail...
You can download the latest stable version of Squirrelmail from: http://www.squirrelmail.org/download.php
I recommend downloading the .tar.gz version of the latest release.
Now change directories to the web directory of the website you want to serve Squirrelmail off of. In my case, I used /var/www/html
tar zxvf /path/to/squirrelmail-x.x.x.tar.gz (enter whatever version you downloaded)
Now rename the untarred folder to something more friendly...
mv squirrelmail-x.x.x webmail
And now let's configure Squirrelmail...
mkdir /var/sqattachements
chown -R apache:apache /var/sqattachements (or whatever user apache runs as)
cd webmail
chown -R apache:apache data (or whatever user apache runs as)
cd config
./conf.pl
This will run the Squirrelmail setup script which will allow you to customize the installation as well as set your server settings. Most of the important settings are in area #2, which is dubbed "Server Settings". Here are the specs I recommend:
General
-------
1. Domain : 1.2.3.4 (Enter the IP of your server here. Don't be an idiot and actually use 1.2.3.4)
2. Invert Time : false
3. Sendmail or SMTP : SMTP
IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false

Depending on what version of Squirrelmail you are installing, the setup menu may differ slightly. But you get the idea. If you like, there a several other features of Squirrelmail you can customize that, while not critical, are sometimes fun. Also, check out Squirrelmail's site for tons of cool plugins. Make sure you save all settings before exiting the configuration menu.
Once you've configured Squirrelmail to your liking, it's time to configure Apache to serve our new webmail interface...
Notice: The following Apache configuration entry below will show you what I MYSELF have for my server's Apache configuration. Apache configurations will vary, so this may or may not work for you. Also, this is not meant to be a lesson in how to configure Apache. If you are confused about configuring Apache, I would reccomend that you STOP here and go find a tutorial on Apache. Please do not email me asking me to explain Apache configuration methods to you. I am currently working on a comprehensive Apache tutorial site (apacherocks.org), but until it's complete, you will need to seek Apache help and advice elsewhere.
There are probably about a million ways to do this, but here's what I do. I edit the httpd.conf Apache configuration file and add the following block:
1.2.3.4:80>
ServerName mail.mydomain.com
ServerAlias mail.*
ServerAdmin postmaster@mydomain.com
DocumentRoot /var/www/webmail

Here's a breakdown of what's above:
- This indicates I'm setting up my mail interface as a virtual host, rather than IP based. Obviously, you're going to want to replace 1.2.3.4 with the IP address of your web server. Additionally, what you have here may vary from server to server and is dependent on how you have your Apache configured. Be cautious!
ServerName mail.mydomain.com - The official name of the webmail server virtual host.
ServerAlias mail.* - This line establishes a wildcard serveralias called mail.*. With this setup, any domain that is pointed to your server and that has an A record called "mail", will be able to get to the webmail interface by simply going to http://mail.whateverdomain.com. This is a pretty cool little feature and makes accessing the webmail interface easy for all of your users.
ServerAdmin postmaster@mydomain.com - The server administrative contact. This is not required, but I like to include it.
DocumentRoot /var/www/webmail - The document root of your webmail interface. This will vary, depending on where you chose to install Squirrelmai. In this example, you can see that I installed it at /var/www/webmail
- The closing tag to the virtualhost.
Make sure you restart Apache after making the above changes.
Ok, now that Apache is all configured, let's test the new webmail interface...
http://www.yourdomain.com/webmail
We'll sign in with the postmaster account under the domain you should have created earlier using Vqadmin...
Username: postmaster@yourdomain.com
Password: your_password
If all has gone well, Squirrelmail should log your right into your account! From here you will be able to both send and receive mail as well as a host of other additional functions. Again, Squirrelmail has tons of really cool plugins, and you can check them out at Squirrelmail's plugins page. Installing the plugins is pretty easy and their site can help you out. Now that was nice and painless, wasn't it? If I had tried to explain installing Horde instead, you would probably be holding a gun to your head right now, wishing for quick end to the misery. OK, I'm only kidding. :)
Now, I'm going to cover the addition of 1 Squirrelmail plugin. Keep in mind, there are tons of other plugins available. We're going to install the "change_pass" plugin which will allow our mail users to change their passwords from the Squirrelmail interface. This is made possible by the installation of Courierpassd that we did when we installed Courier-imap in the previous step.
So here goes...
cd /path/to/squirrelmail_directory/plugins (example: cd /var/www/webmail/plugins)
Download the module...
wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_pass-2.7-1.4.x.tar.gz
Unpack the module...
tar zxvf change_pass-2.7-1.4.x.tar.gz
Remove the tarball of the module...
rm -rf change_pass-2.7-1.4.x.tar.gz
Now let's go and add the module into Squirrelmail...
cd /path/to/squirrelmail_directory/config
Run the Squirrelmail configuration tool...
./conf.pl
Choose the option for "plugins". On my version of Squirrelmail, this was option 8. Once you are in the modules menu you should see the "change_pass" module on the list of available, but inactive, modules. You can add the "change_pass" module by simply typing the number associated with the module and then hitting enter. Once the module appears on the active module list, go ahead and save the configuration changes and then exit out of the configuration tool.
Alright! You should be all set now. All that's left to do log into Squirrelmail and try out the password change tool!
That's it for Squirrelmail. Now let's move on to the next step.

Read more