Digest:Redhat 9 qmail终极安装手册

这是有史以来对qmail安装介绍最具体的一篇文章，需要了解qmail的朋友不可不读。

原文网址：http://www.timekiller.org/howtos/qmail-rh9.html

原文标题：Setting up Qmail on Redhat 9 with pop3, pop3-ssl, imap, imap-ssl, smtp, smtps and webmail

“Redhat 9 qmail终极安装手册”是一篇维库文摘。其内容一般为网友从互联网相关网站摘录，由于种种原因，原始出处及作者可能不正确或无法得知，如果本文侵犯了您的权利，或者您知道本文摘侵犯了某方面的版权，欢迎在讨论页留言，维库管理员会立即加以删除或修改版权信息。

Attention! - while there is good information in here, it is getting kind of old. I plan on doing a re-write from scratch using Fedora...

[编辑] What this configuration provides

The purpose of this document is to provide complete instructions for setting up a Redhat 9 server with Qmail 1.03, and several important add-ons. The final Install will provide qmail, the world’s most secure MTA, with support for pop3, imap, pop3-ssl, imap-ssl,smtp, and smtps* with authentication. The setup will also support virtual domains, SpamAssassin, Clam Anti-virus, and Squirrelmail with the ability to change your password. The setup will focus on security as much as possible. With these instructions you will be able to set up a very stable and secure MTA with 100% encrypted communication, and the versatility to make any users happy.

SMTPS is accomplished through a TLS patch to qmail. In order to use SMTPS you will need a mail client that can handle STARTTLS. For Linux, Evolution works well, and for Windows, Outlook should work fine.

[编辑] Credits

This document is not the work of one man. It is HEAVILY based on the work done at http://www.shupp.org/toaster/ and http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm. Both are excellant documents which helped me create this one.

[编辑] Required RPMs

To the best of my abilities, I have listed below what RPMs you will need to have installed. If you have installed Redhat with the “Server” option, you should be OK. I list these because my provider gave me a “minimal” install, and gave me quite a workout when setting up Qmail :)

One more note: Up2date is a wonderful thing, if you don’t have a Redhat subscription get one!

[编辑] The RPMS:

• gdbm
• gdbm-devel
• openssl
• openssl-devel
• stunnel
• apache (httpd)
• patch
• gcc
• cpp
• glibc-devel
• glibc-kernheaders
• binutils
• gcc-c++
• krb5
• krb5-devel
• vim-common
• vim-minimal
• vim-enhanced (recommended)
• zlib (for clamav)
• zlib-devel (for clamav)
• perl-DB_File
• perl-suidperl
• expect
• tcl

[编辑] Update System

Next, make sure you have the latest packages installed. From the command line do this:

up2date -u

[编辑] Firewall Rules:

I’m not going to get into a deep discussion on how to use iptables here. What I will do is list what ports are needed for what services. If you are not familiar with setting up firewall rules with iptables, go to http://www.fwbuilder.org and download the packages for Redhat 9. This is a great firewall rule builder, complete with a GUI and a wizard for all you novices :) The site also provides a forum if you have problems.

[编辑] Ports:

• 25 – SMTP
• 80 – HTTP
• 106 – COURIERPASSD # For security only allow access to this port from *localhost
• 110 – POP3
• 143 – IMAP
• 443 - HTTPS
• 993 – IMAPS
• 995 – POP3S

[编辑] SETUP TIME SYNCHRONISATION:

Mail servers need to have their clocks set correctly. If you don't have their time sync'ed, you can experience strange problems. Redhat comes with the ntpd package which is easy to setup

vi /etc/ntp.conf

look for the "# --- OUR TIMESERVERS -----" section and then put in the following lines :

 restrict xxx.xxx.xxx.xxx mask 255.255.255.255 nomodify notrap noquery
 server xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address of your (or your upstream's) NTP server if you don’t have an upstream server, you can use a public NTP server such as ntp0.jensenresearch.com

After making the changes, you will need to restart the ntpd service :

/etc/rc.d/init.d/ntpd restart

Use the ntsysv program and make sure the ntpd service is enabled at bootup time

[编辑] Download the Needed Files

Some of these files may be version dependant, unless you have a good reason (and an understanding of the consequences) stick with the versions listed. For convenience, and because I’m such a nice guy I bundled all of the required files at http://www.timekiller.org/howtos/files/qmail-files.tar.gz

 cd /usr/local/src
 wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
 wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
 wget http://www.qmail.org/ucspi-rss.diff 
 wget http://cr.yp.to/software/qmail-1.03.tar.gz
 wget http://people.kldp.org/~eunjea/qmail/patch/qmail-ej-cocktail-14.tar.gz
 wget http://shupp.org/patches/vpopmail-5.3.6.tar.gz
 wget http://shupp.org/toaster/0.4/qmailadmin-1.0.4.tar.gz
 wget http://cr.yp.to/software/ezmlm-0.53.tar.gz
 wget http://shupp.org/toaster/0.4/idx.shupp.patch.gz
 wget http://telia.dl.sourceforge.net/sourceforge/courier/courier-imap-1.4.6.tar.gz
 wget http://shupp.org/toaster/0.4/toaster-scripts.tar.gz
 wget ftp://moni.csi.hu/pub/glibc-2.3.1/ezmlm-idx-0.53.400.unified_41.patch
 wget ftp://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
 wget ftp://moni.csi.hu/pub/glibc-2.3.1/ucspi-tcp-0.88.errno.patch
 wget http://flow.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.1.tar.bz2
 wget http://www.squirrelmail.org/plugins/quota_usage-1.1.tar.gz 
 wget http://www.squirrelmail.org/plugins/compatibility-1.2.tar.gz 
 wget http://www.inter7.com/devel/autorespond-2.0.3.tar.gz
 wget ftp://ftp.pipeline.com.au/PipeInt/Sources/Linux/WebMail/ezmlm-idx-0.40.tar.gz
 wget http://heanet.dl.sourceforge.net/sourceforge/razor/razor-agents-sdk-2.03.tar.gz
 wget http://heanet.dl.sourceforge.net/sourceforge/razor/razor-agents-2.36.tar.gz
 wget http://au2.spamassassin.org/released/Mail-SpamAssassin-2.60.tar.gz
 wget http://heanet.dl.sourceforge.net/sourceforge/tnef/tnef-1.2.1.tar.gz
 wget http://twtelecom.dl.sourceforge.net/sourceforge/courier/maildrop-1.6.2.tar.bz2
 wget http://heanet.dl.sourceforge.net/sourceforge/clamav/clamav-0.60.tar.gz
 wget http://belnet.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.16.tgz
 wget http://www.arda.homeunix.net/store/courierpassd-0.30.tar.gz
 wget http://www.squirrelmail.org/plugins/change_pass-2.4-1.4.x.tar.gz

OK, Here we go…

[编辑] INSTALL UCSPI-TCP

Ucspi-tcp contains tcpserver and tcpclient, command line tools for building client-server applications.

Info: http://cr.yp.to/ucspi-tcp.html

 cd /usr/local/src
 tar xzf ucspi-tcp-0.88.tar.gz
 cd ucspi-tcp-0.88

 # Patch rblsmtpd so that it can be used with all the newer RBL zones.
 # This patch also lets you specify a custom error message to be returned to the sender.
 patch -p0 rblsmtpd.c < ../ucspi-rss.diff

 # Modify rblsmtpd.c to increase the maximum size of the error text that is allowed
 # to be returned to the sender from 200 to 500 chars.
 # This allows you to create some nice and descriptive text to send to people who 
 # are being blocked by your RBL filters
 vi rblsmtpd.c

go to line 166 and change it from

 if (text.len > 200) text.len = 200;

to

 if (text.len > 500) text.len = 500;

 #Apply glibc 2.3.1 patch
 patch -p1 < ../ucspi-tcp-0.88.errno.patch

 make
 make setup check

[编辑] INSTALL DAEMONTOOLS

Daemontools is a collection of tools for managing UNIX services. It will monitor qmail-send, and qmail-smtpd, and qmail-pop3d services.

Info: http://cr.yp.to/daemontools.html

 mkdir -p /package
 chmod 1755 /package
 cd /package
 tar zxvfp /usr/local/src/daemontools-0.76.tar.gz
 cd admin/daemontools-0.76 
 #Apply glibc 2.3.1 patch
 patch -p1 < /usr/local/src/daemontools-0.76.errno.patch

 package/install

To verify that daemontools is running, make sure that `ps ax` reports '/bin/sh /command/svscanboot' and 'svscan /service' as running.

[编辑] INSTALL QMAIL

Info: http://www.qmail.org

The patch you will apply below is a composite of existing patches. For more info on the individual patches, go to http://people.kldp.org/~eunjea/qmail/patch/.

Create the users and groups required for qmail

 mkdir /var/qmail
 groupadd nofiles
 useradd -g nofiles -d /var/qmail qmaild
 useradd -g nofiles -d /var/qmail qmaill
 useradd -g nofiles -d /var/qmail qmailp
 useradd -g nofiles -d /var/qmail/alias alias
 groupadd qmail
 useradd -g qmail -d /var/qmail qmailq
 useradd -g qmail -d /var/qmail qmailr
 useradd -g qmail -d /var/qmail qmails

[编辑] Make the vpopmail user accounts

 #You may need to run the following command if postfix is installed:
 #userdel postfix

 groupadd -g 89 vchkpw
 useradd -g vchkpw -u 89 vpopmail

Unzip the sources, apply the required patches, compile

 tar zxvf qmail-1.03.tar.gz
 tar zxvf qmail-ej-cocktail-14.tar.gz

 cd qmail-1.03

 #Apply Cocktail Patch
 patch -p1 < ../qmail-ej-cocktail-14/cocktail.patch

 #Edit conf-spawn 
 vi conf-spawn
 change value from 1000 to 120

 # Redhat 9 kerberos fix

Redhat moved where they keep the Kerberos header files. This is a hack, but it works!

Info: http://www.raditha.com/linux/krb5.h.php

 ln -s /usr/kerberos/include/krb5.h /usr/include/krb5.h
 ln -s /usr/kerberos/include/profile.h /usr/include/profile.h
 ln -s /usr/kerberos/include/com_err.h /usr/include/com_err.h

 #Edit qmail-smtpd.c and change the code on the straynewline function (around line 71 after patching) from 451 to 553

Without this you will get nasty loops forming when a remote server send you a message with invalid formatting. By default qmail will says something like "I am not going to accept that message at the moment, you can try again later". However in my experience the sending server will try sending the same message again a few seconds later, and this will go around and around in a loop for days on end - consuming valuable bandwidth and resources. By changing the error code to 553, it is making the error be permanent ie "I am not going to accept that message, don't try sending it again"

 make
 make setup check

 # on the next line replace "full.hostname" with the hostname of your mail server
 ./config-fast full.hostname

 #Remove Postfix and Sendmail
 rpm -e --nodeps postfix-ver
 rpm -e --nodeps sendmail-ver

 # Link in qmail's replacement "sendmail-like" tools 
 ln -s /var/qmail/bin/sendmail /usr/lib
 ln -s /var/qmail/bin/sendmail /usr/sbin

 #Generate SSL Cert
 make cert
 (Enter Your Info)

 cd /var/qmail/control
 rm clientcert.pem
 cp servercert.pem clientcert.pem
 chown vpopmail.qmail servercert.pem chown qmaild.qmail clientcert.pem

 # Setup RC scripts
 cd /usr/local/src
 tar zxvf toaster-scripts.tar.gz
 cp toaster-scripts/rc /var/qmail/rc
 chmod 755 /var/qmail/rc
 mkdir /var/log/qmail
 echo ./Maildir/ >/var/qmail/control/defaultdelivery
 cp toaster-scripts/qmailctl /var/qmail/bin/

 #Make qmail start at boot time.
 ln -s ../init.d/qmail /etc/rc.d/rc0.d/K30qmail
 ln -s ../init.d/qmail /etc/rc.d/rc1.d/K30qmail
 ln -s ../init.d/qmail /etc/rc.d/rc2.d/S80qmail
 ln -s ../init.d/qmail /etc/rc.d/rc3.d/S80qmail
 ln -s ../init.d/qmail /etc/rc.d/rc4.d/S80qmail
 ln -s ../init.d/qmail /etc/rc.d/rc5.d/S80qmail
 ln -s ../init.d/qmail /etc/rc.d/rc6.d/K30qmail

 ln -s /var/qmail/bin/qmailctl /etc/rc.d/init.d/qmail

 chmod 755 /var/qmail/bin/qmailctl
 ln -s /var/qmail/bin/qmailctl /usr/bin

 #Now create the supervise directories/scripts for the qmail services:
 mkdir -p /var/qmail/supervise/qmail-send/log
 mkdir -p /var/qmail/supervise/qmail-smtpd/log
 mkdir -p /var/qmail/supervise/qmail-pop3d/log
 mkdir -p /var/qmail/supervise/qmail-pop3ds/log
 chmod +t /var/qmail/supervise/qmail-send
 chmod +t /var/qmail/supervise/qmail-smtpd
 chmod +t /var/qmail/supervise/qmail-pop3d/log
 chmod +t /var/qmail/supervise/qmail-pop3ds/log
 cp /usr/local/src/toaster-scripts/send.run /var/qmail/supervise/qmail-send/run
 cp /usr/local/src/toaster-scripts/send.log.run /var/qmail/supervise/qmail-send/log/run
 cp /usr/local/src/toaster-scripts/smtpd.run /var/qmail/supervise/qmail-smtpd/run
 cp /usr/local/src/toaster-scripts/smtpd.log.run /var/qmail/supervise/qmail-smtpd/log/run
 cp /usr/local/src/toaster-scripts/pop3d.run /var/qmail/supervise/qmail-pop3d/run
 cp /usr/local/src/toaster-scripts/pop3d.log.run /var/qmail/supervise/qmail-pop3d/log/run
 cp /usr/local/src/toaster-scripts/pop3ds.run /var/qmail/supervise/qmail-pop3ds/run
 cp /usr/local/src/toaster-scripts/pop3ds.log.run /var/qmail/supervise/qmail-pop3ds/log/run
 echo 20 > /var/qmail/control/concurrencyincoming
 chmod 644 /var/qmail/control/concurrencyincoming
 chmod 755 /var/qmail/supervise/qmail-send/run
 chmod 755 /var/qmail/supervise/qmail-send/log/run
 chmod 755 /var/qmail/supervise/qmail-smtpd/run
 chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
 chmod 755 /var/qmail/supervise/qmail-pop3d/run
 chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
 chmod 755 /var/qmail/supervise/qmail-pop3ds/run
 chmod 755 /var/qmail/supervise/qmail-pop3ds/log/run
 mkdir -p /var/log/qmail/smtpd
 mkdir -p /var/log/qmail/pop3d
 mkdir -p /var/log/qmail/pop3ds
 chown qmaill /var/log/qmail /var/log/qmail/smtpd
 chown qmaill /var/log/qmail/pop3d /var/log/qmail/pop3ds

 #Adjust various aspects of the qmail configuration to suite our tastes

 # use postmaster@hostname.yourdomain.com as sender in bounce messages
 # rather than the default MAILER-DAEMON@hostname.yourdomain.com
 echo 'postmaster' > /var/qmail/control/bouncefrom

 # Define how to handle "double bounces".
 # The server admin has two choices here, either to receive double bounces
 # or to discard them. If your server doesn't handle a lot of mail then it 
 # wouldn't hurt to receive all double bounces for the admin's inspection.
 # But if your server handles a lot of mail, then it is more likely that you 
 # are going to want to discard double-bounces, because you will end up with
 # potentially thousands of these every day.
 #
 # If you want to keep double-bounces, use these commands to nominate what 
 # email address to send them through to (eg doublebounce@yourdomain.com) :
 echo 'doublebounce' > /var/qmail/control/doublebounceto
 echo 'yourdomain.com' > /var/qmail/control/doublebouncehost
 # (dont forget that you will need to make sure you have created a mailbox
 # to receive these mails. You could use qmailadmin to create a dedicated
 # mailbox, or perhaps setup an alias on an existing mailbox)
 #
 # Or if you would prefer to silently discard any doublebounces,
 # then use these commands instead  
 echo 'doublebounce' > /var/qmail/control/doublebounceto
 echo 'hostname.yourdomain.com' > /var/qmail/control/doublebouncehost
 echo '#' > ~alias/.qmail-doublebounce
 chmod 644 ~alias/.qmail-doublebounce

 # set maximum message size to be 8Mb
 echo '8000000' > /var/qmail/control/databytes

 # queue mail for up to 4 days
 echo '345600' > /var/qmail/control/queuelifetime

 # Note, this following command is optional! 
 #
 # If you want qmail to send all outbound mail via a particular mail server
 # rather than to send it direct to the recipient's mail server, then this
 # can be achieved with the smtproutes command. 
 #
 # SEND ALL OUTBOUND MAIL VIA SMARTHOST
 echo ':yoursmarthost.yourdomain.com' > /var/qmail/control/smtproutes

 # redirect any mail sent to root@hostname.yourdomain.com to 'postmaster@yourdomain.com
 # redirect any mail sent to postmaster@hostname.yourdomain.com to 'postmaster@yourdomain.com
 # redirect any mail sent to mailer-daemon@hostname.yourdomain.com to 'postmaster@yourdomain.com
 echo 'postmaster@yourdomain.com' > ~alias/.qmail-root
 echo 'postmaster@yourdomain.com' > ~alias/.qmail-postmaster
 echo 'postmaster@yourdomain.com' > ~alias/.qmail-mailer-daemon
 chmod 644 ~alias/.qmail-*

 #Start qmail-send and qmail-smtpd
 ln -s /var/qmail/supervise/qmail-send /service
 ln -s /var/qmail/supervise/qmail-smtpd /service

 #verify that it's running with qmailctl
 qmailctl stat

 ps axf

 #Note the 2 qmail daemons : qmail-send, qmail-smtpd, as well as their associated logging processes. If there is anything wrong with your install, an error message will generally be visible on the "readproctitle" line.

[编辑] INSTALL Vpopmail

Vpopmail is a virtual domain package add-on for qmail. It can handle multiple domains on a single IP address, and none of the user accounts are /etc/passwd or "system" accounts.

Info: http://www.inter7.com/vpopmail

Because we will only be using vchkpw (the pop authentication tool) with qmail-smtpd for SMTP-AUTH, we don't want it to open relays. The patch applied below fixes this.

Build the program:

 cd /usr/local/src
 tar zxvf vpopmail-5.3.6.tar.gz
 cd vpopmail-5.3.6
 ./configure --enable-roaming-users=y --enable-logging=v --enable-defaultquota=20971520S --enable-ip-alias-domains=n --enable-passwd=n --enable-clear-passwd=y --enable-domain-quotas=n --enable-auth-logging=y

 make
 make install-strip
 echo '127.:allow,RELAYCLIENT=""' >/home/vpopmail/etc/tcp.smtp
 qmailctl cdb

 # add the followowing line to your crontab via `crontab -e`
 9-59,10 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null

 # install the vpopmail start script
 cp ../toaster-scripts/vpopmailctl /var/qmail/bin/vpopmailctl

 #Make vpopmail start at boot time.
 ln -s ../init.d/vpopmail /etc/rc.d/rc0.d/K30vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc1.d/K30vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc2.d/S80vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc3.d/S80vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc4.d/S80vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc5.d/S80vpopmail
 ln -s ../init.d/vpopmail /etc/rc.d/rc6.d/K30vpopmail

 ln -s /var/qmail/bin/vpopmailctl /etc/rc.d/init.d/vpopmail

 chmod 755 /var/qmail/bin/vpopmailctl
 ln -s /var/qmail/bin/vpopmailctl /usr/bin

Optionally, nominate a "default domain". Users in this domain can login to POP3 etc using just their username. Users from all other domains need to use their full email address as their login name.

 echo "yourdomain.com" > /home/vpopmail/etc/defaultdomain

Setup the quota warning message that is sent to users when they are at 90% quota

 vi quotawarn.msg

 From: SomeCompany Postmaster <postmaster@yourdomain.com>
 Reply-To: postmaster@yourdomain.com
 To: SomeCompany User:;
 Subject: Mail quota warning
 Mime-Version: 1.0
 Content-Type: text/plain; charset=iso-8859-1
 Content-Transfer-Encoding: 7bit

Your mailbox on the server is now more than 90% full.

So that you can continue to receive mail, you need to remove some messages from your mailbox.

If you require assistance with this,please contact our support department :

 email : support@yourdomain.com
 Tel : xx xxxx xxxx

 cp quotawarn.msg /home/vpopmail/domains/.quotawarn.msg

If you want, you can alter the standard message that gets sent to the sender in an overquota situation

 echo "Message rejected. Not enough storage space in user's mailbox to accept message." > /home/vpopmail/domains/.over-quota.msg

 #allow daemontools to start vpopmail
 ln -s /var/qmail/supervise/qmail-pop3d /var/qmail/supervise/qmail-pop3ds /service

 #verify that it's running with vpopmailctl
 vpopmailctl stat 

Some example vpopmail commands :

To add a domain :

 /home/vpopmail/bin/vadddomain yourdomain.com yourpassword
 # this creates the domain and makes a mailbox postmaster@yourdomain.com

To add a mailbox:

 /home/vpopmail/bin/vadduser someone@yourdomain.com apassword

 (Or you can do it via qmailadmin)

To remove a mailbox

 /home/vpopmail/bin/vdeluser someone@yourdomain.com

 (Or you can do it via qmailadmin)

To remove a domain :

 /home/vpopmail/bin/vdeldomain yourdomain.com

To change a user's password

 /home/vpopmail/bin/vpasswd someone@yourdomain.com newpassword

 (Or you can do it via qmailadmin)

To lookup info about a user

 /home/vpopmail/bin/vuserinfo someone@yourdomain.com

This gives you info such as name, crypted password, cleartext password, dir, quota, usage%, last auth.

It has a number of flags to let you see the individual fields, or you can see them all if you dont use any flags.

It also creates the maildirsize file in the users dir

[编辑] Logging in via POP3

When your users are setting up their POP3 email clients (eg Outlook Express), they should use settings like this :

My incoming mail server is a POP3 server

 Incoming mail server (POP3): pop3.yourdomain.com
 Outgoing mail server (SMTP): smtp.yourdomain.com
 POP3 account name : theirusername@yourdomain.com
 Password: theirpassword

When you configured vpopmail, you had the opportunity to nominate a "default" domain. When users from the default domain authenticate, it is optional for them to add the @yourdomain.com onto the end of their username. If vpopmail sees that no domain has been specified, then it will automatically perform the auth against the nominated default domain. If you are hosting multiple domains, then everyone who is NOT in the default domain MUST add their domain name onto the end of their username. (A small percentage of email programs eg Netscape Mail v4.7 do not permit the use of the @ symbol in account name. In this case you can use the % symbol instead of the @ symbol)

[编辑] INSTALL Courier-IMAP

Courier-IMAP will supply IMAP/SIMAP (IMAP-SSL) access.

Info: http://www.inter7.com/courierimap

Install:

 cd /usr/local/src
 tar -xzf courier-imap-1.4.6.tar.gz
 cd courier-imap-1.4.6

 # configure may take some time...
 ./configure --disable-root-check --without-authdaemon --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --with-authvchkpw --enable-workarounds-for-imap-client-bugs --with-ssl --with-redhat

 make
 make install-strip
 make install-configure

 cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
 chmod 755 /etc/rc.d/init.d/courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc0.d/K30courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc1.d/K30courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc2.d/S80courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc3.d/S80courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc4.d/S80courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc5.d/S80courier-imap
 ln -s ../init.d/courier-imap /etc/rc.d/rc6.d/K30courier-imap

Configure:

 Edit /usr/lib/courier-imap/etc/imapd

• Change 'AUTHMODULES="..."' to 'AUTHMODULES="authvchkpw"'
• Change 'IMAPDSTART=NO' to 'IMAPDSTART=YES'

Edit /usr/lib/courier-imap/etc/imapd-ssl

• Change 'IMAPDSSLSTART=NO' to 'IMAPDSSLSTART=YES'

 # Run courier-imap as vpopmail.vchkpw

Edit /usr/lib/courier-imap/libexec/imapd.rc AND /usr/lib/courier-imap/libexec/imapd-ssl.rc as follows:

Change:

 /usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \

To:

 /usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \
 -user=vpopmail -group=vchkpw \ 

 #Start the IMAP Server
 service courier-imap start

 # make the new imapd.pem certificate readable by vpopmail since
 # that's the user that the imap server runs as

 chown vpopmail.vchkpw /usr/lib/courier-imap/share/imapd.pem

 # Remove Kerberos symlinks
 rm /usr/include/krb5.h /usr/include/profile.h /usr/include/com_err.h

[编辑] INSTALL Autorespond

Autorespond is compatible autoresponder/vacation type tool that works well with qmailadmin.

Info: http://www.inter7.com/devel

Install:

 cd /var/src
 tar -xzf tar/autorespond-2.0.3.tar.gz
 cd autorespond-2.0.3
 make
 make install

[编辑] INSTALL EZMLM / EZMLM-IDX

This package is a prerequisite for qmailadmin

ezmlm is mailing list software written by the author of qmail

ezmlm-idx is patch that adds extra features to the standard ezmlm program.

EZMLM : http://cr.yp.to/ezmlm.html

EZMLM-IDX PATCH : http://www.ezmlm.org

(although I often find this site unresponsive, and so I use one of the mirrors instead like http://www.glasswings.com.au/ezmlm/)

 cd /usr/local/src
 tar xzf ezmlm-0.53.tar.gz
 tar xzf ezmlm-idx-0.40.tar.gz

Merge the sources together

 cp -R ezmlm-idx-0.40/* ezmlm-0.53/
 # (you need to press y quite a few times to allow the patch files to overwrite the original files)

 cd ezmlm-0.53
 patch < idx.patch
 #Apply patch
 patch -p1 < ../ezmlm-idx-0.53.400.unified_41.patch

Build the program

 make
 make man
 make setup

[编辑] INSTALL QMAILADMIN

Info: http://www.inter7.com/qmailadmin

Current Development location : https://sourceforge.net/projects/qmailadmin/

Description :

The domain postmaster can use this tool to view all the accounts on the domain as well as add/remove accounts, forwards, auto-responders etc.

Domains users can use this tool to modify their own user settings only. ie mailbox password, real name, forwards, vacations.

This tool does not let you create new domains.

[编辑] Download and unpack the source

 cd /usr/local/src
 tar xzf qmailadmin-1.0.4.tar.gz
 cd qmailadmin-1.0.4

(Optional) Make a small mod that affects the look of the qmailadmin login page

edit the html/en file, and change record 112 "Username" rather than "User Account"

(We found our users knew what to type as their "Username", but didn't know what to type as a "User Account")

[编辑] Build the program

 ./configure --enable-htmldir=/var/www/html/ --enable-cgibindir=/var/www/cgi-bin --enable-maxusersperpage=12 --enable-maxaliasesperpage=12 --enable-modify-quota=n --disable-ezmlm-mysql --enable-help=y

 # note, I chose to have 12 accounts per page in the config above,
 # because this makes these particular screens fit nicely on my 1024*768 monitor

 make
 make install-strip

Test to see if it works

[编辑] SPAM AND VIRUS CHECKING

Right here is where I’d like to tell you to install RAZOR V2. However, I have not been able to get it to work properly. I keep getting:

razor2 check skipped: Illegal seek Insecure dependency in connect while running with -T switch at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 114.

If you know the fix for this, I would gladly include it in this howto, and give appropriate credit!

[编辑] INSTALL SPAMASSASSIN

Info: http://www.spamassassin.org

Description: SpamAssassin is program that scans email messages using a set of rules, and then assigns a score. If the score is higher than your nominated limit, then the message will be tagged as spam.

 # IMPORTANT – Redhat 9 made a change that (in some cases) breaks perl. The following seemed to work to fix it.

 export LANG=en_US

Download and compile

 tar xzf Mail-SpamAssassin-2.60.tar.gz
 cd Mail-SpamAssassin-2.60

 perl Makefile.PL
 make
 make install

"make install" creates the following main files :

 /usr/bin/spamassassin <- This is the command-line version of the SpamAssassin program

 /usr/bin/spamc <- Daemonised Spamassassin client
 /usr/bin/spamd <- Daemonised Spamassassin server

 /usr/share/spamassassin/ <- The spamassasin logic/filter files live here
 /etc/mail/spamassassin/local.cf <- sitewide configuration settings

Test to see if the installation was successful

 spamassassin -t < sample-nonspam.txt 
 spamassassin -t < sample-spam.txt

To improve security, modify the configuration of the spamd daemon so it runs under its own uid

Create a spamd user for the spamd process to run as

 groupadd spamd
 useradd -g spamd spamd

Modify / create the spamd configuration file

 vi /etc/sysconfig/spamassassin

 # Hint : if you want to enable SpamAssassin debugging 
 # (the debug output goes to /var/log/maillog) then use : 
 # SPAMDOPTIONS="-x -u spamd -H /home/spamd -d -D"
 # Don't leave debugging turned on unnecessarily though, 
 # because it will slow down a busy server.
 #
 # Otherwise, for normal operation (debugging disabled) use :
 SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"

Configure the spamd daemon so it is running all the time from bootup onwards

 cp spamd/redhat-rc-script.sh /etc/rc.d/init.d/spamd
 chmod 700 /etc/rc.d/init.d/spamd

 chkconfig --add spamd

Setup the SpamAssassin configuration

 vi /etc/mail/spamassassin/local.cf 

 # Define the sensitivity level. Standard level is 5.
 # After a lot of testing, I found that 8 was the best option for me. 
 # We found that anything lower produced too many false positives

required_hits 8

 # Allow SpamAssassin to rewrite the subject line of any messages it classifies as spam
 rewrite_subject 1
 # This is the value that will prepended to the subject line of messages classified as spam
 subject_tag [SPAM]

 # Put spam analysis reports into to the headers of the message (rather than the body)
 report_safe 0

 # Spamassassin by default will try and run these following spam-detection utilities
 # for every mail message. (You can read about them at http://www.spamassassin.org/dist/INSTALL)
 # We don't want to waste any CPU cycles trying to run utilities that we don't have installed,
 # so disable these tests for the moment .
 use_dcc 0
 use_pyzor 0
 # enable razor2 checking
 use_razor2 0

 # Enable SpamAssassin's RBL checking features :
 # Although we have already done some RBL filtering earier in qmail's rblsmtpd program,
 # it is still recommended to turn on RBL checking in SpamAssassin, as it will run
 # checks against a variety of different RBL sources, and the results will help
 # tag spam more accurately
 skip_rbl_checks 0
 # If we haven't received a response from the RBL server in X seconds, then skip that test
 rbl_timeout 3
 # Now we want to alter some of the default scores for RBL hits
 #
 # By default the bl.spamcop.net RBL score is 0 (disabled).
 # We will override this and give any hits a score of 3 
 # Info about this RBL is available from http://spamcop.net/fom-serve/cache/290.html 
 score RCVD_IN_BL_SPAMCOP_NET 3

 use_bayes 1
 bayes_auto_learn 1
 bayes_path /home/spamd/.spamassassin/bayes

If you wish to view all the possible configuration options, use this command :

 perldoc Mail::SpamAssassin::Conf

OK, the SpamAssassin software is now fully installed!

Any mail that SpamAssassin classifies as spam will have [SPAM] added to the subject line. You should now probably setup some docs for your users showing them how they can use message filtering rules in their email client. You can see our message filtering guides here

If you aren't ready to reboot the server now, you can fire up spamd in the mean time with this command :

 /etc/rc.d/init.d/spamd start 

[编辑] QMAIL-SCANNER

Info: http://qmail-scanner.sourceforge.net

Description: Qmail-Scanner is an add-on that enables a qmail server to scan messages for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial (or open source) virus scanners. It also capable of blocking email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments).

Install the required supporting modules for Qmail-Scanner

[编辑] INSTALL TNEF unpacker

Info: http://sourceforge.net/projects/tnef/

 tar xzf tnef-1.2.1.tar.gz
 cd tnef-1.2.1
 ./configure
 make
 make install

[编辑] INSTALL ReformatMIME (from the Maildrop package)

Info: http://download.sourceforge.net/courier/

 bunzip2 maildrop-1.6.2.tar.bz2
 tar xvf maildrop-1.6.2.tar
 cd maildrop-1.6.2
 ./configure
 make
 make install-strip
 make install-man

[编辑] Install ClamAV

Info: http://clamav.elektrapro.com/ Description: Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE.

Add required users:

 groupadd clamav
 useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
 tar zxvf clamav-0.60.tar.gz
 cd clamav-0.60
 ./configure –sysconfdir=/etc
 make
 make install

Edit /etc/clamav.conf

Remove ‘Example’ from line 8

Go to line 109 and uncomment

 #ScanMail

[编辑] Testing

OK. Let's do some tests. Try to scan the source directory recursively:

 $ clamscan -r -l scan.txt clamav-x.yz

It should find the viruses in the clamav-x.yz/test directory. You may check it in the created log - scan.txt. You will find more about clamscan options in the clamscan(1) manual. 3 To test clamd first start it and then use clamdscan (you can also connect directly to clamd and run the SCAN command):

 $ clamdscan -l scan.txt clamav-x.yz

Set up auto updating

 touch /var/log/clam-update.log
 chmod 644 /var/log/clam-update.log
 chown clamav /var/log/clam-update.log
 freshclam -d -c 2 -l /var/log/clam-update.log

Lastly, schedule the updates by adding them to cron:

 crontab -e 

and add this line:

 0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log

[编辑] INSTALL Qmail-Scanner

Info: http://qmail-scanner.sourceforge.net/

 tar zxvf qmail-scanner-1.16.tgz
 cd qmail-scanner-1.16

Now spend some time reading the documentation

Configure Qmail-Scanner :

 ./configure --admin virusadmin --domain yourdomain.com --scanners clamscan,verbose_spamassassin --debug no --install

 su - qmaild
 /var/qmail/bin/qmail-scanner-queue.pl –g
 exit

Alter your qmail-smtpd script so that it allocates sufficient resources to support Qmail-Scanner & SpamAssassin

 vi /var/qmail/supervise/qmail-smtpd/run

Change the softlimit from 2000000 to something a fair bit larger. We use 15000000.

Define what mail is to be sent through the Qmail-Scanner

At our site, we have configured Qmail-Scanner to virusscan all messages (ie inbound and outbound mail). We did this by setting up our our /var/qmail/supervise/qmail-smtpd/run file like this :

 #!/bin/sh
 # when QMAILQUEUE is set, all mail will be sent to the nominated script
 QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE

 QMAILDUID=`id -u qmaild`
 NOFILESGID=`id -g qmaild`

 # softlimit needs to be set at something large such as 15000000 
 # to allow virusscanning software to run successfully
 exec /usr/local/bin/softlimit -m 15000000 \
 /usr/local/bin/tcpserver -v -x /etc/tcp.smtp.cdb -c 30 -R \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \

... and the rest of the file snipped ...

However, if you don't want to virusscan all mail, you can selectively nominate which IP ranges should or shouldn't be checked by setting the QMAILQUEUE variable via your /etc/tcp.smtp file rather than inside the supervise/qmail-smtpd/run file. Refer to the Qmail-Scanner home page for setup examples.

Any SMTP sessions that are dropped (due to network outages/etc) may lead to files lying around in /var/spool/qmailscan . Running /var/qmail/bin/qmail-scanner-queue.pl -z at least once daily will ensure such files are deleted when they're over 30 hours old. We will make a cronjob to do that :

 crontab -e

 0 0 * * * /var/qmail/bin/qmail-scanner-queue.pl -z

[编辑] INSTALL SQUIRRELMAIL

Info: http://www.squirrelmail.org

 cd /var/www/html
 bunzip2 /usr/local/src/squirrelmail-1.4.1.tar.bz2
 tar xvf /usr/local/src/squirrelmail-1.4.1.tar
 ln -s squirrelmail-1.4.1 squirrelmail

 mkdir /var/squirrelmail
 # create the data dir. This is where users personal preferences are stored if not using MySQL backend
 mkdir /var/squirrelmail/data
 # create the attach dir. This is where temp files for emails in progress are store
 mkdir /var/squirrelmail/attach

 cd squirrelmail
 cp data/default_pref /var/squirrelmail/data
 chown -R root.apache /var/squirrelmail
 chmod -R 0770 /var/squirrelmail/data
 chmod -R 0730 /var/squirrelmail/attach

SquirrelMail allows you to add your company logo to the login page. So whack a copy of your logo into the Apache images directory so it is available for SquirrelMail to use

 cp /usr/local/src/yourcompanylogo-100.gif /usr/local/apache/htdocs/images

Configure SquirrelMail

 cd config
 perl conf.pl

 1. ORGANIZATION PREFERENCES
   1. Organization name : YourCompany
   2. Organization Logo : /images/yourcompanylogo-100.gif
   3. Org. Logo Height/Width : 100/100
   4. Organization title : YourCompany WebMail (v$version)

 2. SERVER SETTINGS
   1. Domain : yourdomain.com

Press A to update IMAP settings

 4. IMAP Server : localhost
 5. IMAP Port : 143
 6. Authentication type : login
 7. Secure IMAP (TLS) : false
 8. Server software : courier
 9. Delimiter : .

Press B to update SMTP settings

 4. SMTP Server : localhost
 5. SMTP Port : 25
 6. POP before SMTP : false
 7. SMTP Authentication : none
 8. Secure SMTP (TLS) : false

 3. FOLDER DEFAULTS
 9. List Special Folders First : false
 15. Default Unseen Type : 2

 4. GENERAL OPTIONS
 2. Data directory : /var/squirrelmail/data
 3. Attachment directory : /var/squirrelmail/attach
 6. Usernames in lower case : true
 8. Hide squirrelmail attributions : true
 12. Allow server-side sorting : false

( Note, server-sorting is faster, but I personally find the sort results to be not as "intuitive" as when you let SquirrelMail do the sorting. If you toggle this option on/off and compare the resultant displays in SquirrelMail you will see what I mean. For example if you server-sort the FROM column then the sort will be done senders email address, whereas if you let SquirrelMail do the sort then column will be sorted on senders name. I would suggest you try toggling this option on and off to make your own decision on which sorting method provides the better results.)

 6. ADDRESS BOOKS
 2. Use Javascript Address Book Search : True

 D. SET PRE-DEFINED SETTINGS FOR SPECIFIC IMAP SERVERS
 Choose Courier

Now Save and quit the config program

You can define what default SquirrelMail settings that users will receive when they log in.

 vi /var/squirrelmail/data/default_pref :

 show_html_default=1
 language=en_US
 use_javascript_addr_book=1
 left_size=140
 left_refresh=3600
 show_username=1
 show_username_pos=top
 order1=1
 order2=2
 order3=3
 order4=5
 order5=4
 order6=6

Setup periodic purging of the "attach" directory

When SquirrelMail users are composing a message that has attachment(s), the attachment is temporarily stored in the /var/squirrelmail/attach directory. When the user sends the message, the associated temp files will get deleted.

However sometimes the temp files do not get deleted (eg if the user closes their browser mid-compose?). Since the permissions on this directory are setup (as a security measure) to prevent the webserver from listing the files in this directory, there is no way for Apache/SquirrelMail to do a periodic scan/purge of old files.

So we are going to setup a daily crontab to clean up any attachments that get left hanging around

 crontab -e

 # delete any files that are more than 2 days old from the SquirrelMail attachment dir
 0 0 * * * find /var/squirrelmail/attach/* -atime +2 -exec /bin/rm {} \; 

Install the quota_usage plugin so users can see their mailbox quota usage

 cd /var/www/html/squirrelmail/plugins
 tar xzf /usr/local/src/quota_usage-1.1.tar.gz 
 tar xzf /usr/local/src/compatibility-1.2.tar.gz 
 chown -R root.apache quota_usage
 chmod -R o-rx quota_usage
 chown -R root.apache compatibility
 chmod -R o-rx compatibility

 # qmailadmin and the other tools all classify a 1Mb as 1048576 bytes (1024 * 1024 )
 # Fix up the quota_plugin so it works with the same units.
 # Otherwise your quota would show as 20M in qmailadmin, and 21M in SquirrelMail :-/
 vi quota_usage/functions.php 

Go to line 58 and change the value 1000000 to 1048576

 cd ../config
 perl conf.pl
 
 8. Plugins
 choose quota_usage
 choose compatibility

Give users the ability to change there passwords in SquirrelMail

[编辑] INSTALL COURIERPASSD

Info: http://www.arda.homeunix.net/store/

Description: a utility for changing a user's password from across a network. It uses the same protocol as poppassd to obtain user IDs and passwords.

 cd /usr/local/src/
 tar zxvf courierpassd-0.30.tar.gz
 cd courierpassd-0.30
 ./configure --with-couriersrc=/usr/local/src/courier-imap-1.4.6
 make
 make install

Create xinetd script so that only localhost can connect:

 vi /etc/xinetd.d/courierpassd
 service courierpassd
 {
 port = 106
 socket_type = stream
 protocol = tcp
 user = root
 server = /usr/local/sbin/courierpassd
 server_args = -s imap
 wait = no
 only_from = 127.0.0.1
 instances = 4
 disable = no 
 }

Add service to /etc/services

 vi /etc/services, scroll to port 106, comment out the 3com lines and add courierpassd:

 #3com-tsmux 106/tcp poppassd
 #3com-tsmux 106/udp poppassd
 courierpassd 106/tcp courierpassd
 courierpassd 106/udp courierpassd

Restart xinetd

service xinetd restart

[编辑] Install SquirrelMail Change Password Plugins

Info http://www.squirrelmail.org/plugin_view.php?id=21

 cd /var/www/html/squirrelmail-1.4.1/plugins
 tar zxvf /usr/local/src/change_pass-2.4-1.4.x.tar.gz
 cd ../config
 perl conf.pl

Select option 8. Plugins

Select the number for change_pass

Save and exit config

That’s it! Enjoy your Qmail install. If you have question or comments about this document you can email me at feedback@timekiller.org