Part 11 - Starting qmail

Alright, qmail should be ready to go! But before we crank it up, let's run a script that will check the key components of the installation and make sure everything is alright.
To do this test, I have borrowed Dave Sill's "inst_check" script, but I've made a few custom modifications to accomodate for the subtle differences between the Qmailrocks installation and the Life With Qmail installation. Basically, the Qmailrocks installation has a slightly different logging setup and some slight variations in permissions settings. If you've installed according to this site, use my version of the script, as using Dave's version will result in a lot of "error" detections that are false positives due to the differences in the 2 installs. When you run the script, it will check for some key required files and folders and will also check permissions and owership settings on many key items. It a needed file does not exist or if the ownership/permissions settings are wrong on a key file, it will tell you and then make a suggestion as to how to correct the error. This script does NOT check the CONTENT or SYNTAX of your scripts, but only for the scripts' existence and their ownership/permissions settings. If you've screwed up the syntax of on the run scripts, this tool will not detect it. So you ready? Let's do it...
/downloads/qmailrocks/scripts/util/qmr_inst_check
If you get a "congratulations" type of message, you're all set. If you get some errors, just follow the directions to fix the errors and then re-run the script until you get all errors corrected and you get a "congratulations" message.
Assuming, you've passed the installation check script, let's crank Qmail up!
qmailctl stop
qmailctl start
You can find out how things are running by:
qmailctl stat
You should see an output like this:
/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
If you, don't see anything like that or if you see error messages, click here for troubleshooting tips.
Congratulations, Qmail is now officially up and running and you should be able to send and receive mail on the server.
Let's test your new server's POP3 service...
telnet localhost 110
you should see something like this:
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@yourserver.com>
user postmaster@mydomain.com (enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.
This is the sign of a successfull POP connection to the server!
Now try sending mail to that same user from another location. Telnet to 110 again and run the "list" command and you should see the message that your send...
telnet localhost 110
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <16658.1054485137@yourserver.comt>
user postmaster@mydomain.com (again, remember to log in with the full email address of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.
And now let's test your server's SMTP service to make sure the TLS functionaltiy is there...
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 somewhere.anywhere.com ESMTP
ehlo localhost
250-somewhere.anywhere.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
[root@somewhere control]#
In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.

If you happen to get an error that states "454 TLS not available: missing RSA private key (#4.3.0)" after you issue the "starttls" command, you will want to check 2 things: 1) Verify that the cert actually exists at /var/qmail/control/servercert.pem. If it's not there, go back to step 2 and repeat the cert creation step. 2) Verify that the cert is owned by vpopmail:qmail. If it's not, then make it so like this: chown vpopmail:qmail /var/qmail/control/servercert.pem

Alright! If you have reached this point, then Qmail is now successfully up and running. Technically speaking, you could quit right here and have a functioning mail server. However, we still have a few options that we're going to plug into Qmail before we're done. In the next pages we will:
Install Courier IMAP & IMAP SSL.
Install Squirrelmail web based mail interface (requires that IMAP be installed).
Install Qmail-Scanner, an alternative queueing device.
Install Spamassassin, to tag all incoming spam.
Install Clam Anti Virus - To quarantine e-mails containing known viruses
Install qmailanalog, so that you can get nightly server stats.
Install Qtrap, to filter out messages containing undesirable words that may make it past Spamassassin.

Read more

Part 10 - Uninstalling Sendmail

The next step varies slightly depending on whether you're installing on Redhat, Debian or Slackware. Please choose the appropriate selection below

Read more

Part 9 - Finalizing Qmail

Ok, we've installed a bunch of bells of whistles onto our qmail installation. Now it's time to wrap up the configuration for qmail itself. After that, we will stop and remove Sendmail from the server and then it's time to crank qmail up!
The first thing we're going to do is create the qmail supervise scripts, create the the qmail rc and qmailctl scripts and then set the needed permissions on all these scripts. Lucky for you, I've created a script to do all this for you. The script will give you a breakdown of what it is doing while it's running. If any errors occur, you'll see them. However, if you've configured everything right up until now, you shouldn't have any problems. You can check out the contents of this scripts right here.
So let's run the script...
/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script
Hey, that was easy. Now there are just a couple tweaks to make to these new scripts we just created...
vi /var/qmail/supervise/qmail-pop3d/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com.
vi /var/qmail/supervise/qmail-smtpd/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com
Next, we'll kill any running qmail processes so that we can implement some final configurations.
qmailctl stop
We setup selective relaying for localhost...
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb
Now we create the common system aliases. These aliases are going to tell Qmail what to do with common server-generated mails. Stuff like bouncebacks, cron daily output and various other systemic sources. It's a good idea to redirect these aliases to a mailbox that you are going to check on a regular basis. You don't want to have your systemic mails piling up in some deep dark corner of your server doing no good and slowly filling your disk up.
echo some_address > /var/qmail/alias/.qmail-root
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-postmaster
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-mailer-daemon
where "some_address" is the system user or email address you want these addresses aliased to.
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*
Alright. We've got qmail ready to go. One of the last things we need to do is to disable/uninstall Sendmail on the server and replace the Sendmail binary with a symlink to qmail, so that our server won't freak out with Sendmail being gone.

Read more

Part 8 - Qmailadmin

Qmailadmin is going to provide us with a nice web based interface for administering mail accounts once they are setup through Vpopmail (or Vqadmin). From Qmailadmin we can create mailboxes, aliases, fowards, mail robots, mailing lists. You'll also find a few other handy functions as well. Qmailadmin is sort of the icing on the Qmail cake. Let's install it...

click for full size preview

cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.3.tar.gz
cd qmailadmin-1.2.3
./configure --enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/your/html/directory
note: The paths in the above configure script will need to be custom tailored to your systems configuration
make && make install-strip
That's it! Now browse to http://www.yourdomain.com/cgi-bin/qmailadmin and you should see the login screen. Login with the postmaster account and password for the domain that you created a while back using Vqadmin. Pretty cool, isn't it? Go ahead and create some additional mailboxes for your domain(s).
If you didn't get any errors, Qmailadmin should be all set!
note: if it's late and you're looking for a place to stop so you can sleep, this is a good place. Sendmail should still be handling mail on the server. After this page it's Qmail or bust!

Read more

Part 7- Maildrop

Maildrop is a mail filtering agent which can be used to filter messages as they arrive on the server. You will probably notice, once this installation in complete, that you don't really use maildrop. However, it's a cool tool and it's worth having around if you ever decide to get crazy with filtering your imcoming mail. You can find documentation on maildrop right here.
Let's install it...
cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip && make install-man
If you didn't get any errors, maildrop should be all set!

Read more

Part 6 - Vqadmin

Vqadmin is simply a nice web based interface that will let us manage Vpopmail. Through the interface we can create new domains, new users, net quotas, enable services and much more.
So let's install it...
cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure --enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/your/html/directory
(Example: ./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html )
make && make install-strip
If the installation is successfull, Vqadmin should install itself in the cgi-bin directory of your default website. Unless you tell it otherwise, that usually defaults to /var/www/cgi-bin. You can specify another location in the ./configure command above.
Now you will need to add the following to your server's Apache configuration file (usually httpd.conf)

/path/to/your/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow

In addition, within the Apache master config file you will want to set the "AllowOveride" option to "All". Example: AllowOverride All
cd /path/to/your/cgi-bin/vqadmin
Now you will want to create a .htaccess file to password protect the Vqadmin interface. There should already be a .htaccess file in the vqadmin directory, so all you need to do is configure it. We'll use the ever useful vi editor for this.
vi .htaccess
AuthType Basic
AuthUserFile /path/to/where/you/want/to/store/the/password/file/.htpasswd
AuthName vQadmin
require valid-user
satisfy any
chown apache .htaccess (you may need to change the chown to either "nobody", "apache" or "www" etc., depending on what user your installation of Apache is running as)
chmod 644 .htaccess
Now you need to create a corresponding .htpasswd file that's going to contain the username and encrypted password for the Vqadmin administrator...
htpasswd -bc /path/to/where/you/want/to/store/the/password/file/.htpasswd admin admin_password
chmod 644 /path/to/where/you/want/to/store/the/password/file/.htpasswd

Question: But what if I want to user another username other than "admin"? Answer:: You will notice that in the above line, I'm adding an admin user called "admin". The name of the user needs to be "admin" because that is the username which Vqadmin sets up by default to have full admin rights. If you want to use a username other than "admin", you will need to edit the /cgi-bin/vqadmin/vqadmin.acl file and add your custom user to that file along with whatever rights you want it to have. Within that file, you will see where the user called "admin" is already set up to have all rights. That line looks like this: admin VIMUDCA admin1user In this line, the "admin" part specifies the username, the "VIMUDCA" part specifies that user's rights (a chart of all the possible rights is right above this line), and the "admin1user" part specifies the common name for the user which will be displayed when you log into Vqadmin. The common name is purely for aesthetic purposes.

Now restart Apache...
apachectl stop
apachectl start
If all has gone well, you should now be able to browse (in your web browser) to:
http://www.yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi
Note: make sure you include "vqadmin.cgi" in the path or you will get a 403 forbidden error!
Enter the user "admin" and whatever password your assigned it.
You should now see the Vqadmin interface. Go ahead and add a new domain to your server! Pretty cool, huh? The "postmaster" user serves as the admin user for any new domain and we will use it to log into Qmailadmin, when we install that. As soon as we complete the install, that domain will be instantly able to get mail (assuming the MX is correctly pointing to your server). The nice thing about Vpopmail and Vqadmin is that you do not need to restart anything after you add a domain. Once you add it, it simply works! We're almost done!

Read more

Part 5 - Vpopmail

PLease choose one of the following vpopmail installation options:

I would like to install vpopmail without MySQL intregation
(recommened for smaller email servers and for qmail/mysql newbies)

or

I would like to install vpopmail with MySQL integration
(Requires that mysql server be installed on your server. Recommended for larger email servers & ONLY for experienced mysql users)

Which option is best for me?

First of all, don't feel that a vpopmail installation without mysql is somehow inferior or inadequate. It's not. The choice of whether or not to use mysql with vpopmail, in my opinion, is a personal preference and basically comes down to 2 things:

1. How large is you mail server going to be?

If you are only planning on hosting a handful of domains on your mail server, I don't think it's really worth integrating mysql into it. I have a server that hosts about 50 domains on it right now and it does NOT have mysql integrated into vpopmail. It works perfectly fine. The qmailrocks.org mail server also does NOT have mysql built into it. It runs great. However, if you plan to host more than 50 domains or so, I'd say go with mysql. It  makes it easier to manage a lot of domains and also makes porting the mail server to new equipment and locations easier. Of course, the decision is up to you. If you really want to use vpopmail with mysql on a server that hosts only 1 domain, knock yourself out. My opinion though, is that unless you are hosting a ton of domains, integrating mysql into vpopmail is simply making your mail server more complex than it needs to be. And as we all know, the more complex the plumbing, the easier it is to stop up the drain.

2. How comfortable are you with mysql?

If you're a newbie and you don't know jack shit about mysql, don't be a jackass. Just use the default vpopmail installation and save yourself the aggravation. I can't hold you hand though installing and setting up mysql, and you'll be hard pressed to find someone else that will. In short, don't get in over your head.

Read more