Posted by Derevko on Wed 12 Jul 2006 at 10:47
Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches.
The package contains the following patches:
The qmail-dnsbl patch lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.
If the check fails, the server closes the SMTP conversation before receiving the mail. This avoids wasting resources.
The original qmail-smtpd program accepts by all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existant recipient a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.
chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.
qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus avoiding additional traffic, backscatter, workload and messages bounced more times.
These goals are achieved by enquiring the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.
chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of "who's sending to whom". This can facilitate any further enhancements of anti-SPAM features.
N.B. Current qmail version works only with my vpopmail-mysql package!
You can get more details here: http://debian.iuculano.it
So, let's go, in less than ten minutes we can have a full performant mail server!
Just open your terminal and add my deb repository in your sources.list:
debian:~# vi /etc/apt/sources.list
Add these lines:
deb http://debian.iuculano.it/apt sarge main contrib non-free deb-src http://debian.iuculano.it/apt sarge main contrib non-free
and then you can update and install the package:
debian:~# apt-get update
My vpopmail package uses mysql backend, so we need mysql-server:
apt-get install mysql-server
It is strongly recommended that you set a password for the mysql root user (which is NOT the same as the "normal" root user) with the command:
mysqladmin -u root password 'enter-your-good-new-password-here'
Now we can create a database and a user which is allowed to access it:
debian:~# mysqladmin -u root -p create vpopmail
debian:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'localhost'
IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
debian:~#
Good, now we can install qmail, vpopmail, spamassasin:
debian:~# apt-get install qmail-src spamassassin vpopmail-mysql \ spamc razor pyzor ucspi-tcp-src libmailtools-perl \ libmail-spf-query-perl libsys-hostname-long-perl
We build ucspi-tcp:
debian:~# build-ucspi-tcp
And finally, we build qmail:
debian:~# build-qmail
Don't worry if you get an error message when installing the .deb package; we need to remove exim4!
debian:~# dpkg --force-depends --purge exim4 exim4-base exim4-config \ exim4-daemon-light
Now:
debian:~# dpkg -i /tmp/qmail/qmai*.deb
Very well, now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail.
If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS
If you want chkuser you should replace:
with:-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \
-u vpopmail -g vckpw -x /etc/tcp.smtp.cdb 0 smtp \
Standard Qmail setup now follows. Setting your mail name:
vi /etc/qmail/me
And add your mail name, for example mail.domain.org
Since we're using MySQL we need to specify the username and password to connect to the database with for vpopmail:
debian:~# vi /etc/vpopmail/vpopmail.mysql
and restart qmail and popmail POP3
debian:~# /etc/init.d/qmail restart Stopping mail-transfer agent: qmail. Starting mail-transfer agent: qmail. debian:~# /etc/init.d/vpopmail-mysql restart Restarting vpopmail pop3 server: vpopmail. debian:~#
Very well, we're almost done!
Some check-ups:
debian:~# apt-get install recode [...] debian:~# vadddomain test.bogus Please enter password for postmaster: enter password again: debian:~# ls -la /var/lib/vpopmail/domains/ totale 3 drwx------ 3 vpopmail vchkpw 1024 2006-07-07 16:34 . drwxr-xr-x 6 root root 1024 2006-07-07 16:09 .. drwx------ 3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus debian:~# echo -en "postmaster@test.bogus" | recode data..base64 cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz debian:~# echo -en "test" | recode data..base64 dGVzdA== debian:~# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 mail.domain.com ESMTP quit 221 mail.domain.com Connection closed by foreign host. debian:~# less /var/log/syslog debian:~# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 mail.domain.com ESMTP HELO TEST 250 mail.domain.com EHLO 250-mail.domain.com 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-PIPELINING 250 8BITMIME AUTH LOGIN 334 VXNlcm5hbWU6 cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz 334 UGFzc3dvcmQ6 dGVzdA== 235 ok, postmaster@test.bogus, go ahead (#2.0.0) mail from: test@nonexact.from 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) mail from: test@test.com 250 ok RCPT TO: notexist@test.bogus 511 sorry, no mailbox here by that name (#5.1.1 - chkuser) RCPT TO: postmaster@test.bogus 250 ok quit 221 mail.domain.com Connection closed by foreign host. debian:~#
Good! Everything seems to work. The last thing we want to do is add anti-spam and anti-virus support:
debian:~# apt-get install qmailadmin autorespond ezmlm-src \ clamav clamav-daemon clamav-freshclam ripmime
Install simscan (http://www.inter7.com/simscan/simscan-1.2.tar.gz) and edit init.d/qmail. Here is an example of configuring simscan:
./configure --enable-user=clamav --enable-clamav=y \ --enable-custom-smtp-reject=y --enable-attach=y --enable-spam=y \ --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y \ --enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n \ --enable-quarantinedir=/var/qmail/quarantine --enable-dropmsg=yGiuseppe Iuculano
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2006 Derevko - please ask for permission to republish or translate.