Search:  
Gentoo Wiki

HOWTO_Setup_QMAIL_RELAY-CTRL_VPOPMAIL

This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Image:QmailLogo.jpg

Qmail Gentoo-Wiki How-To's

The Site: Qmail.org

Other Gentoo-wiki Qmail

edit

Contents

Intro

This howto has recently been updated (03/15/05) to reflect the following ebuilds. I'm not purporting to be a qmail expert, but the previous howto had become so out of date as to qualify as being misleading - this was not due to neglect, just to the way of things. Software has evolved a little, and so must this. There is a real argument for stepping off the bleeding edge for a little bit, if only to acrue a solid, accurate body of documentation that remains applicable for longer than the time it takes to write it. That being said, I will shortly be hosting these ebuilds/source-code for download from my servers as soon as I can find the time so you too may follow these instructions and get qmail/vpopmail/courier-imap/relay-ctrl up with a minimum amount of hassle. Until then, best of luck.

(08/14/05) Added some other tips and working to solve my relay-ctrl/SMTP-AUTH problems knowing that others are likely to run across the same thing.

This is a start to finish way to bring all of this on line. I'm certain that there are better ways to do this and that this document has room for improvement. I encourage everyone who can contribute to do so but before editing this, please test your changes and be thorough in your documentation HERE so this howto can remain viable and helpful for everyone.

Before here we go can begin, it should be well understood that amd64 processors may run into problems when trying to emerge the courier-authlib package. Therefore, amd64 users should proceed with caution.

Here we go. These are the supported ebuilds for this howto.

  QMAIL
  sys-apps/ucspi-tcp-0.88-r10
  net-mail/dot-forward-0.71-r1
  net-mail/cmd5checkpw-0.22-r1
  sys-process/daemontools-0.76-r4
  net-mail/queue-fix-1.4-r2
  net-mail/checkpassword-0.90-r1
  mail-mta/qmail-1.03-r16
  RELAY-CTRL
  net-mail/relay-ctrl-3.1.1-r2
  VPOPMAIL
  net-mail/vpopmail-5.4.13-r1
  COURIER-IMAP
  net-libs/courier-authlib-0.54
  net-mail/courier-imap-4.0.1-r1

Now, lets get started.

Ensure Proper USE Flags Are Set

# nano -w /etc/make.conf
  add apache2, maildir, valias, vhosts, authdaemond and mysql as USE flags.

Install QMAIL

First of all, make sure that you unmerge the other mail handlers that may be installed, such as ssmtp, sendmail, or postfix:

# emerge -C ssmtp sendmail postfix
# emerge =mail-mta/qmail-1.03-r16
# emerge --config =mail-mta/qmail-1.03-r16

# ln -s /var/qmail/supervise/qmail-send /service/qmail-send
# ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

# rc-update add svscan default
# /etc/init.d/svscan start

You can change the domain that the error messages are sent from (ie. MAILER-DAEMON@localhost) by editing the /var/qmail/control/me file and putting in your preferred domain.

# nano -w /var/qmail/control/me

Delete localhost and put in domain.com and errors will now come from MAILER-DAEMON@domain.com.

Install RELAY-CTRL

Using relay-ctrl is a simple and straightforward way to allow us to send email with email clients from anywhere.

# emerge =net-mail/relay-ctrl-3.1.1-r2
# cd /etc/tcprules.d/
# nano -w tcp.qmail-smtp

Now replace your tcp.qmail-smtp file with this one - and then change the first line to match the internal IP address of your server. Thats it. After that, we're done here.

  ################## START OF tcp.qmail-smtp #######################
  #
  # CHANGE THIS IP ADDRESS TO THE INTERNAL IP ADDRESS OF YOUR MAIL SERVER
  192.168.31.50:allow,RELAYCLIENT="",RBLSMTPD=""

  #-----------------------------------------------------------------
  #  DONT ALLOW THESE IPS TO SEND MAIL TO US
  # (Insert banned IP's here)
  #
  # These IP's pipe out heaps and heaps of spam
  #
  216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
  64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

  #-----------------------------------------------------------------
  # DON'T TOUCH THIS
  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

  #-----------------------------------------------------------------
  # DON'T TOUCH THIS
  :allow

  # You must run the below command after editing this file and then restart the /etc/init.d/svscan service in
  # order to activate the changes you make here today.
  #
  # tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
  #
  ############# END OF FILE #################

Don't forget to execute that last command once you've edited this file. If you don't, these changes won't take effect. And to finish up, lets restart the whole qmail suite...

# /etc/init.d/svscan restart

Note - When trying to run tcprules to update the cdb file, I had problems with tcprules hanging. The solution seemed to be in modifying the :allow line to this :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" - which of course necessitates the installation of qmail-scanner and optionally spamassassin. Not sure if this is the best way to do it but it fixed tcprules hanging.

Note - tcprules does not like excess tabs and there must be a newline at the end of the file otherwise tcprules will hang.

Install VPOPMAIL

# emerge =net-mail/vpopmail-5.4.6-r1

Now log into mysql as your mysql root user and pass like this...

# mysql -u root -p
  password: (enter root password here)
  ---- you'll be inside mysql at this point ----
> create database vpopmail;
> use vpopmail;
> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your password';
> flush privileges;
> quit

Replace the phrase 'your password' with a password for the vpopmail user.

Configure vpopmail's mysql user password

# nano /etc/vpopmail.conf

Change the password from 'secret' to the password you chose above.

If you have problems with vpopmail not accepting mail properly, please ensure that /etc/vpopmail.conf is chmod 640 and owned by root:vpopmail

# chown root:vpopmail /etc/vpopmail.conf
# chmod 640 /etc/vpopmail.conf
# chown root:vpopmail /var/vpopmail/bin/vchkpw
# chmod 4711 /var/vpopmail/bin/vchkpw

Thats it. Vpopmail is all setup.

Let gentoo know there are new binaries laying around.

# env-update && source /etc/profile

Touch the Locals file to make sure that the adddomain and users comands dont give errors

# touch /var/qmail/control/locals

Add a domain from the commandline in a bash prompt

# vadddomain blah.com

Add a user

# vadduser user@blah.com

Delete a user

# vdeluser user@blah.com

Update: If You have any problems like "Segmentation fault" while doing vadddomain: edit /var/qmail/control/rcpthosts and remove all the lines (so that file is 0 bytes long) and delete all rcpthosts.* files except rcpthost.lock

Install Courier-IMAP as IMAP & POP3 Server

There is a workaround for getting it to compile on amd64.

Edit: Apparently the version of vpopmail that you were instructed to add the ~amd64 keyword here is now marked stable.

'echo "net-mail/courier-imap ~amd64" >> /etc/portage/package.keywords'

After that do

# emerge =net-libs/courier-authlib-0.55
# emerge =net-mail/courier-imap-4.0.1-r1

We'll configure courier-authlib first.

# nano -w /etc/courier/authlib/authdaemonrc

Ensure these headings look exactly like this in the authdaemonrc file

  authmodulelist="authvchkpw"
  authmodulelistorig="authvchkpw"

Do not have/leave/put extras in there. Now onto configuring courier-imap.

# nano -w /etc/courier-imap/imapd

Make sure the following entries are put in like this. They may or may not be right next to each other so look around for them in the conf file.

  IMAPDSTART=YES
  MAXPERIP=20
  MAILDIR=.maildir
  MAILDIRPATH=.maildir
  PRERUN="envdir /etc/relay-ctrl relay-ctrl-chdir"
  LOGINRUN="relay-ctrl-allow"

Repeat process for imapd-ssl, pop3d, pop3d-ssl files as well, except instead of IMAPDSTART you'll want to look for POP3DSTART or whatevers appropriate depending on the file. Lets configure

Note: If you are attempting to use relay-ctrl with courier-imap but without vpopmail you will need to edit /usr/lib/courier-imap/gentoo-*.rc and add $LOGINRUN before ${exec_prefix}/sbin/imaplogin

Now lets add courier to our bootup scripts so it launches when we fire up Gentoo.

# rc-update add courier-authlib default
# rc-update add courier-imapd default
# rc-update add courier-pop3d default
# /etc/init.d/courier-imapd start
# /etc/init.d/courier-pop3d start
  Addendum: If you want to use SSL and TLS, you'll need to make SSL certs for them.

# nano -w /etc/courier-imap/imapd.cnf

  Fill out State, City, Organization name etc etc etc.  For the Common Name (CN) of your server make sure
  its mail.yourservername.com.  Afterwards, run mkimapdcert (or mkpop3dcert), make the cert, then start
  the service and add it to the startup services like before.

# rc-update add courier-imapd-ssl default
# rc-update add courier-pop3d-ssl default
# /etc/init.d/courier-imapd-ssl start
# /etc/init.d/courier-pop3d-ssl start

  Last thing: once started, you can totally stop and start the whole courier suite by recycling
  courier-authlib.  Like this

# /etc/init.d/courier-authlib restart

Alright, enough of this! On to business...

Update the SMTPD Config to Allow SMTP-AUTH Using VPOPMAIL

I've tried alot of iterations on this but the easiest and most straight forward way is to completely delete the contents of your /var/qmail/control/conf-smtpd file and just replace it with this. You need not replace or tweak this file at all after putting this in.

  ################## START OF /var/qmail/control/conf-smtp #######################
  #
  TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

  QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
  QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"

  QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
  [ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
  QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"
  QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
  #
  ################## END OF /var/qmail/control/conf-smtp #######################

Note for qmail-1.03-r16 (and later?): If you're using qmail-1.03-r16 you will most likely have to change the last line above to QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" for your server to accept SMTP connections.

Final touches to bring this together...

  svc -t /var/qmail/supervise/qmail-smtpd
  chmod u+s /var/vpopmail/bin/vchkpw

I've not done it but it was in the last howto and its said that "The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail..." I've never seen any harm in it so it stays.

# nano -w /var/qmail/control/conf-common
  TCPSERVER_OPTS="-H -R -l 0" (that's lower-case L followed by zero)
 (question?? should we be removing the TCPSERVER_OPTS "-R" option from conf-smtp file?  If not, wouldn't it be setting that flag twice?)

If you reciving 454 Oops, unable to write pipe and auth errors when trying to send using AUTH, remove ${QMAIL_SMTP_AUTHHOST} from your QMAIL_SMTP_POST line in /var/qmail/control/conf-smtpd

Install Spam Database Clients

- snip -

I have mercilessly edited the following spam/virus scanning instructions out for -again- being out of touch with the times. I am personally going to workshop this in the next 30 days (today is March 12th) and will update this howto to reflect these new versions. Heck you couldn't even get ebuilds for the versions this was previously written for. That being said, if you get everything going this far and want to get on this before I do, please feel free. Functionality we're trying to reestablish from the original version of this how to includes

  Qmail Scanner
  F-prot
  ClamAV
  SpamAssassin
  Pyzor
  Razor
  DCC

Install Squirrel Mail

# emerge squirrelmail
# cd /var/www/localhost/htdocs
# mv squirrelmail mail
# cd mail
# ./configure
  Go forth and setup squirrelmail.  Make sure the mail/data and mail/plugins directories are owned by
  vpopmail:vpopmail

Theres are some great plugins for squirrelmail including one for qmailadmin and another for virtual hosting. I encourage you to take a look and shop around a bit at http://squirrelmail.org for more details.

Install QMAIL Admin

# emerge =net-mail/ezmlm-idx-mysql-0.40-r2
# emerge =net-mail/autorespond-2.0.4
# emerge =net-mail/qmailadmin-1.2.9

You can access qmailadmin from here. If the image files are not showing, you'll have to copy the qmailadmin images to wherever apache is trying to access them from. You can find out where by checking your /var/log/apache2/error_log.

Troubleshooting

Forthcoming. I have found that this configuration, as-is, does not work 100%. SMTP can not be used to send mail outside of the domains on your machine (as listed in /var/qmail/control/rcpthosts). I am hoping for help to resolve this.... --Skeezer65134 05:32, 20 October 2005 (GMT)

It should be noted here that this is a howto -- not a why to (I think a few why toos are needed) -- case in point -> While trying to make auth of any kind work with vpopmail, many will advise you to add all other domains to your rcpthosts and locals file. DO NOT PUT ANYTHING in /var/qmail/locals!! Instead of a proper config string in a conf file, qmail decides to call vpopmail for authentication based on the absence of anything in the locals file. If you put anthing in it, you will not get mail, and only send to the domains listed therein. You should put all of your hosted virtual domains in the rcpthosts file.

Additional Information

More in-depth information about the qmail MTA is available:


To be able to send mail to any domain, edit your /etc/tcprules.d/tcp.qmail-smtp file to contain something like this, where on the line added from above, and in bold, 192.168. is the prefix of the IP addresses you want to be able to send email externally:


  ################## START OF tcp.qmail-smtp #######################
  #
  # CHANGE THIS IP ADDRESS TO THE INTERNAL IP ADDRESS OF YOUR MAIL SERVER
  192.168.31.50:allow,RELAYCLIENT="",RBLSMTPD=""

  #-----------------------------------------------------------------
  #  DONT ALLOW THESE IPS TO SEND MAIL TO US
  # (Insert banned IP's here)
  #
  # These IP's pipe out heaps and heaps of spam
  #
  216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
  64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
  216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

  #-----------------------------------------------------------------
  # DON'T TOUCH THIS
  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
  192.168.:allow,RELAYCLIENT="",RBLSMTPD=""

  #-----------------------------------------------------------------
  # DON'T TOUCH THIS
  :allow

  # You must run the below command after editing this file and then restart the /etc/init.d/svscan service in
  # order to activate the changes you make here today.
  #
  # tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
  #
  ############# END OF FILE #################
Retrieved from "http://www.gentoo-wiki.info/HOWTO_Setup_QMAIL_RELAY-CTRL_VPOPMAIL"

Last modified: Mon, 05 Feb 2007 10:52:00 +0000 Hits: 45,017