Debian Administration

A professional mail server with qmail and vpopmail

Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches.

The package contains the following patches:

• SMTP-AUTH for Debian Sarge 3.1 (Fixed)
• qmail-dnsbl patch (added logging)
• qmail-queue-custom-error.patch (for simscan)
• qmail-smtp-log-patch
• chkuser 2.0

The qmail-dnsbl patch lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.

If the check fails, the server closes the SMTP conversation before receiving the mail. This avoids wasting resources.

The original qmail-smtpd program accepts by all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existant recipient a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.

chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.

qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus avoiding additional traffic, backscatter, workload and messages bounced more times.

These goals are achieved by enquiring the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.

chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of "who's sending to whom". This can facilitate any further enhancements of anti-SPAM features.

N.B. Current qmail version works only with my vpopmail-mysql package!

You can get more details here: http://debian.iuculano.it

So, let's go, in less than ten minutes we can have a full performant mail server!

Just open your terminal and add my deb repository in your sources.list:

debian:~# vi /etc/apt/sources.list

Add these lines:

deb     http://debian.iuculano.it/apt  sarge main contrib non-free
deb-src http://debian.iuculano.it/apt  sarge main contrib non-free

and then you can update and install the package:

debian:~# apt-get update

My vpopmail package uses mysql backend, so we need mysql-server:

apt-get install mysql-server

It is strongly recommended that you set a password for the mysql root user (which is NOT the same as the "normal" root user) with the command:

mysqladmin -u root password 'enter-your-good-new-password-here'

Now we can create a database and a user which is allowed to access it:

debian:~# mysqladmin -u root -p create vpopmail
debian:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'localhost' 
            IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)

mysql> quit
Bye
debian:~#

Good, now we can install qmail, vpopmail, spamassasin:

debian:~# apt-get install qmail-src spamassassin vpopmail-mysql \
  spamc razor pyzor ucspi-tcp-src libmailtools-perl \
  libmail-spf-query-perl libsys-hostname-long-perl

We build ucspi-tcp:

debian:~# build-ucspi-tcp

And finally, we build qmail:

debian:~# build-qmail

Don't worry if you get an error message when installing the .deb package; we need to remove exim4!

debian:~# dpkg --force-depends --purge exim4 exim4-base exim4-config \
   exim4-daemon-light

Now:

debian:~# dpkg -i /tmp/qmail/qmai*.deb

Very well, now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail.

If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS

If you want chkuser you should replace:

-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \

-u vpopmail -g vckpw -x /etc/tcp.smtp.cdb 0 smtp \

Standard Qmail setup now follows. Setting your mail name:

vi /etc/qmail/me

And add your mail name, for example mail.domain.org

Since we're using MySQL we need to specify the username and password to connect to the database with for vpopmail:

debian:~# vi /etc/vpopmail/vpopmail.mysql

and restart qmail and popmail POP3

debian:~# /etc/init.d/qmail restart
Stopping mail-transfer agent: qmail.
Starting mail-transfer agent: qmail.
debian:~# /etc/init.d/vpopmail-mysql restart
Restarting vpopmail pop3 server: vpopmail.
debian:~#

Very well, we're almost done!

Some check-ups:

debian:~# apt-get install recode
[...]
debian:~# vadddomain test.bogus
Please enter password for postmaster:
enter password again:
debian:~# ls -la /var/lib/vpopmail/domains/
totale 3
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 .
drwxr-xr-x  6 root     root   1024 2006-07-07 16:09 ..
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus
debian:~# echo -en "postmaster@test.bogus" | recode data..base64
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
debian:~# echo -en "test" | recode data..base64
dGVzdA==
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~# less /var/log/syslog
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO TEST
250 mail.domain.com
EHLO
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
334 UGFzc3dvcmQ6
dGVzdA==
235 ok, postmaster@test.bogus, go ahead (#2.0.0)
mail from: test@nonexact.from
511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
mail from: test@test.com
250 ok
RCPT TO: notexist@test.bogus
511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
RCPT TO: postmaster@test.bogus
250 ok
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~#

Good! Everything seems to work. The last thing we want to do is add anti-spam and anti-virus support:

debian:~# apt-get install qmailadmin autorespond ezmlm-src \
  clamav clamav-daemon clamav-freshclam ripmime

Install simscan (http://www.inter7.com/simscan/simscan-1.2.tar.gz) and edit init.d/qmail. Here is an example of configuring simscan:

./configure --enable-user=clamav --enable-clamav=y \
  --enable-custom-smtp-reject=y --enable-attach=y --enable-spam=y \
  --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y \
  --enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n \
  --enable-quarantinedir=/var/qmail/quarantine --enable-dropmsg=y

Add Comment Printable version

 

<<< Debconf 2007 venue decided Debian server compromise >>>