| Prev | Next |
Before we start with the installation we need some software packages and sources to start. The fisrt one is tcprules 0.88, Qmail 1.03, vpopmail 5.3.9 and for web mail servers SQWebMail.
The first step to installing Qmail is by installing ucspi-tcp package or more often called the tcprules program. tcprules is sort of a replacement for inetd, the traditional Unix super server. tcprules is used almost the same way as inetd as in it listens to a port and whenever a conneciton is made, it activates the necessary daemon which in this case is either POP3d or SMTP. Vpopmail requires tcprules so that is why we're going to install that first. tcprules does not use the /etc/hosts.allow or /etc/hosts.deny files but instead it's own format of cdb files. This will be discussed later part when we have to create one for use with the SMTP server.
There's not much controversy or arguements when setting up the tcprules program, there's only one way to do it so no one will argue with you about this one:
# tar zxvf ucspi-tcp-0.88.tar.gz # cd ucspi-tcp-0.88 # make # make setup check
This steps will untar the archive and install the package in /usr/local/bin where you can find tcprules program.
The next step is to install Qmail itself. Qmail comes with a whole suite of applications like a POP3 server and an SMTP server.
The main security features in Qmail is described in the spetps below. Qmail, unlike sendmail, runs as a normal user and not as a super user or anything so it becomes really tough for any hacker (or cracker as it may seem) to hack it because normal users really can't do that much.
# tar zxvf qmail-1.03.tar.gz # cd qmail-1.03 # mkdir /var/qmail
Bear in mind that when you create the below users assign a bogus shell to them because we don't want anyone logging in using those accounts. The commands below are pretty general and are Unix Based. If you want to know how to add them other OS's please use the INSTALL.ids file in the Qmail source directory.
# groupadd nofiles # mkdir /var/qmail/alias # useradd -g nofiles -d /var/qmail/alias alias # useradd -g nofiles -d /var/qmail qmaild # useradd -g nofiles -d /var/qmail qmaill # useradd -g nofiles -d /var/qmail qmailp # groupadd qmail # useradd -g qmail -d /var/qmail qmailq # useradd -g qmail -d /var/qmail qmailr # useradd -g qmail -d /var/qmail qmails
This is the actual installation of Qmail. It will install all the files to /var/qmail, the directory that was created in the first step. There is a directory called /var/qmail/bin, in this directory there are several binaries such as qmail-smtp and qmail-popup. These are what we will be using later to setup our initialisation scripts.
# make setup check
If your DNS is configured correctly you can just use ./config and it will setup your hostname automatically without worry. But if on the other other hand you haven't setup the DNS right and you just want to get on with the installation just type the below command with your full hostname. For example, if I'm hosting the domain test.com and I haven't set up my DNS right I would just type ./config-fast test.com and it will add in the necessary.
# ./config-fast
The below commands are pretty interesting, well I find them interesting anyway. Whenever you create a .qmail-* it will forward all mails that come in for that account to the main Postmaster account on Qmail. It is basically a mail forwarder. Since Qmail (in this instance) does not work with the /etc/passwd and /etc/master.passwd files the usernames in those files do not really matter so all mail that comes in for any usernames in those files will automatically be bounced normally. But in this case if a mail comes in for root@yourdomain.com it will automatically be sent to the Postmaster account because the .qmail-root forward has been created.
This will eliminate all the bounce messages that usually would occur if such an account didn't actually exist.
# touch ~alias/.qmail-postmaster ~alias/.qmail-mailer-daemon ~alias/.qmail-root # chmod 644 ~alias/.qmail*
Since there is a very high percentage of sendmail users on this planet still, Qmail has a binary that works under the same pretext as sendmail. This binary is located in /var/qmail/bin/sendmail.
A lot of CGI scripts would find this binary very useful, scripts such as Matt's FormMail. So it would be best if you copied the sendmail binary into all the necessary directories as stated below.
# cp /var/qmail/bin/sendmail /usr/bin /usr/lib /usr/sbin
This command copies the Qmail initialisation file to /var/qmail for easy access and makes it much easier to start Qmail. Command (s) is something more intricate. By making the change in the /var/qmail/rc file, Qmail will use the Maildir format instead of the traditional Mailbox format.
Sounds confusing ? Well not really. Most mail daemons such as sendmail use Mailbox format. Mailbox is a rather stupid idea when it comes to reliability. What Mailbox format does is that when a messages comes in it is stored in a SINGLE file along with all other messages. For instance if anonymous@test.com> receives a message it is stored in a file called Mailbox and soon enough he receives another message that is also stored in the same file. Assuming the file gets corrupted all is lost and that is a major problem.
To go around this problem Qmail has introduced something called the Maildir format. Using the Maildir format, every new message is stored in it's own file so if there is a corruption in that file the only thing lost is that one message and not all the messages, in view of this I would suggest that everyone use the Maildir format as it is much more reliable. Qmail does support the Mailbox format but I don't think you'd like it very much.
# cp /var/qmail/boot/home /var/qmail/rcEdit the /var/qmail/rc and change the word Mailbox to Maildir. You can add a & to put it in background when starting.
With the below commands we will setup an initialization script using Qmail's native SMTP server. As you can see from the file below it has a mention of tcp.smtp.cdb, this is the file that is used for all relaying information. It basically stores a list of IP addresses that are allowed to relay mail from your server.
# touch /var/qmail/smtpd
Edit /var/qmail/smtpd and add in the following script:
#!/bin/sh /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u -g 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &
Make sure all the above is in one line. After we created the scripts we have to make them executable with:
# chmod +x /var/qmail/rc # chmod +x /var/qmail/smtpd
Vpopmail is another one Inter7's create creations. Vpopmail allows Qmail to handle several virtual domains and this is excellent for web hosting companies or anything else along those lines. I'd recommend vpopmail for several reasons including it's Maidlir support as well as support for web-based mail readers like SQWebmail and QmailAdmin for Mail administration.
# tar zxvf vpopmail-5.3.9.tar.gz # cd vpopmail-5.3.9
All virtual domains as well as mails will be stored in the vpopmail user's home directory so I suggest you find a nice place for this with enough disk space. /var will be fine but I usually put it in /home.
# groupadd vchkpw # useradd -g vchkpw -d vpopmail
The below step is very important as it will allow relaying via your SMTP server. Just create a file called /etc/tcp.smtp and all in all the IPs that are required in the format shown below. This is a plain text file but the tcprules program in step (f) will allow it to be changed to cdb format and therework work!. Edit the file /etc/tcp.smtp and add:
127.0.0.:allow,RELAYCLIENT=""
Add in any other IP ranges you see fit as this will allow you to put in IPs that are allowed to relay.
# /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp --host=i386-unknown-openbsd # make # make install-strip
The below is another startup script for the POP3 server. If you don't need a POP3 then there's really no problem with this. If you do just follow the instructions and everything will be fine.
# touch /var/qmail/pop3d
Edit /var/qmail/pop3d to reflect the following :
#!/bin/sh /usr/local/bin/tcpserver -H -R 0 pop3 /var/qmail/bin/qmail-popup /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir &
Make sure this is all in one line. Make /var/qmail/pop3d executable:
# chmod +x /var/qmail/pop3d
Next Step is SQWebMail which is only for web based servers.
Make sure you have Apache or whichever web server setup for Sqwebmail. There's not much to be done really, just make sure you know where you want the files to be and fill in the blanks.
# tar zxvf sqwebmail-3.4.0.tar.gz # cd sqwebmail-3.4.0
As for the --with-module option, it is essential that you put down authvchkpw so that SQWebMail is aware that Vpopmail is being used as the virtual domain manager.There are some other interesting options. If you have fastcgi installed in Apache you can maximise it by adding the --with-fcgi option. If you are really security conscious and don't want passwords being transmitted without encryption you can use SSL with SQWebMail. To do this simple add the --with-https option. If you want only the passwords and logins sent using encryption and the rest of the session to be without encryption just put in --with-https=login. If you want a spell check in SQWebmail simply install ispell or if it's already installed just add in the --with-ispell=.
# ./configure --with-htmllibdir= --enable-cgibindir= --enable-mimetypes= --with-module=authvchkpw --enable-imagedir= --enable-webpass=vpopmail --host=i386-unknown-openbsd # make configure-check # make # make check # make install-strip
Please note that to log onto SQWebMail or to setup any POP3 accounts your username will be your FULL e-mail address. To start the SQWebMail simple look at INSTALL options there is a line which you have to add and run from a startup-script.
| Prev | Home | Next |
| Sendmail Configuration | THE END |
This, and other documents, can be downloaded from MicroBSD.
For questions about MicroBSD, read the documentation before contacting
<MicroBSD Support>.
Copyright © 1995-2003 by The FreeBSD Documentation Project, OpenBSD FAQ Copyright © 1998-2003 OpenBSD, Modified for MicroBSD