Installing qmail
. preparing .
root: ~ # yast -i zypper
root: ~ # zypper in gcc gcc-c++ make openssl openssl-devel gdbm-devel wget patch patchutils xinetd telnet nmap
- installing apache,php, mysql,perl, you can check this.
- installing perl modules:
root: ~ # zypper in perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-Time-HiRes perl-HTML-Tagset perl-HTML-Parser perl-YAML
- remove postfix package
root: ~ # /etc/init.d/postfix stop
root: ~ # zypper rm postfix
- download qmail package source
root: ~ # mkdir /downloads
root: ~ # cd /downloads
root: downloads # wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
root: downloads # tar -xzvf qmailrocks.tar.gz
. compile qmail .
root: ~ # cd /downloads/qmailrocks
root: qmailrocks # ./scripts/install/qmr_install_linux-s1.script
root: qmailrocks # ./scripts/util/qmail_big_patches.script
root: qmailrocks # cd /usr/src/qmail/qmail-1.03
root: qmail-1.03 # make man && make setup check
root: qmail-1.03 # ./config-fast mail.yourdomain.com
root: qmail-1.03 # make cert
Country Name (2 letter code) [GB]: VN
State or Province Name (full name) [Berkshire]: Ho Chi Minh City
Locality Name (eg, city) [Newbury]: Ho Chi Minh City
Organization Name (eg, company) [My Company Ltd]: The Company J.A. HENCKELS Company
Organizational Unit Name (eg, section) []: mail
Common Name (eg, your name or your server's hostname) []: Company
Email Address []: postmaster@yourdomain.com
root: qmail-1.03 # chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
. compile ucspi-tcp .
root: ~ # cd /usr/src/qmail/ucspi-tcp-0.88/
root: ucspi-tcp-0.88 # patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch
root: ucspi-tcp-0.88 # make && make setup check
. compile daemontools .
root: ~ # cd /package/admin/daemontools-0.76/src
root: src # patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch
root: src # cd ..
root: daemontools-0.76 # ./package/install
. compile ezmlm .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xzvf ezmlm-0.53-idx-0.41.tar.gz
root: qmailrocks # cd ezmlm-0.53-idx-0.41
root: ezmlm-0.53-idx-0.41 # make && make setup
. compile autoresponder .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xzvf autorespond-2.0.5.tar.gz
root: qmailrocks # cd autorespond-2.0.5
root: autorespond-2.0.5 # make && make install
. compile vpopmail (with mysql integration) .
root: ~ # mkdir -p /home/vpopmail/etc
root: ~ # chown -R vpopmail:vchkpw /home/vpopmail/
root: ~ # cd /downloads/qmailrocks
root: qmailrocks # tar -xzvf vpopmail-5.4.13.tar.gz
root: qmailrocks # cd vpopmail-5.4.13
root: vpopmail-5.4.13 # ./configure --enable-logging=p --enable-auth-module=mysql --disable-passwd --enable-clear-passwd --disable-many-domains --enable-auth-logging --enable-sql-logging --enable-valias --disable-mysql-limit
root: vpopmail-5.4.13 # make && make install-strip
. tez vpopmail .
root: ~ # cd /home/vpopmail/bin
root: bin # ./vadddomain yourdomain.com
###Password postmaster: 123456
--+ if get error like : Failure while attempting to remove_line() the locals file
create file "locals" in /var/qmail/control
root: bin # touch /var/qmail/control/locals
root: bin #./vadduser tvlong@yourdomain.com
###password tvlong: 123456
. compile vqadmin .
root: ~ # cd /downloads/qmailrocks
root: qmailrocks # tar -xzvf vqadmin-2.3.6.tar.gz
root: qmailrocks # cd vqadmin-2.3.6/
root: vqadmin-2.3.6 # ./configure --enable-cgibindir=/srv/www/cgi-bin --enable-htmldir=/srv/www/htdocs
root: vqadmin-2.3.6 # make && make install-strip
. configure vqadmin .
root: ~ # vim /etc/apache2/httpd.conf
-( add this configure )-
<Directory "/srv/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
root: ~ # cd /srv/www/cgi-bin/vqadmin
root: vqadmin # vim .htaccess
-( configure this file like this )-
AuthType Basic
AuthUserFile /srv/www/cgi-bin/vqadmin/.htpasswd
AuthName vQadmin
require valid-user
satisfy any
root: vqadmin # chown wwwrun .htaccess
root: vqadmin # chmod 644 .htaccess
-( create .htpasswd file )-
root: vqadmin # htpasswd2 -bc .htpasswd admin 123456
root: vqadmin # chmod 644 .htpasswd
-( reboot apache service )-
root: vqadmin # /etc/init.d/apache2 restart
-( tez vaqdmin )-
open your web browser and goto url :
http://yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi
enter the user "admin" and password: 123456 to login.
. compile maildrop .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xzvf maildrop-1.6.3.tar.gz
root: qmailrocks # cd maildrop-1.6.3/
root: maildrop-1.6.3 # ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
root: maildrop-1.6.3 # make && make install-strip && make install-man
--) if in compiled get error like : error: expected ‘;’ before ‘<’ token , maybe you must try to use maildrop version 2.0.4. this application can download on this.
. compile qmailadmin .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xzvf qmailadmin-1.2.9.tar.gz
root: qmailrocks # cd qmailadmin-1.2.9/
root: qmailadmin-1.2.9 # ./configure --enable-cgibindir=/srv/www/cgi-bin --enable-htmldir=/srv/www/htdocs
root: qmailadmin-1.2.9 # make && make install-strip
-( tez qmailadmin )-
open your web browser and goto url:
http://yourdomain.com/cgi-bin/qmailadmin
you should see the login screen. login with the postmaster account and password for the domain that you created by vqadmin.
. finalizing qmail .
root: ~ # /downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script
root: ~ # vim /var/qmail/supervise/qmail-pop3d/run < ----- Check
find "mail.example.com" and change it to your domain name (mail.yourdomain.com).
root: ~ # vim /var/qmail/supervise/qmail-smtpd/run <------Check
find "mail.example.com" and change it to your domain name (mail.yourdomain.com).
-( stop qmail service )-
root: ~ # qmailctl stop
--+ if u get error like: svc: warning: unable to control /service/qmail-smtpd: file does not exist, you can solution with make file 'me' in directory /var/qmail/control
root: ~ # touch /var/qmail/control/me
-( setup relay )-
root: ~ # echo '127.0.0.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
root: ~ # qmailctl cdb
-( create common system alias )-
root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-root
root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-postmaster
root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-mailer-daemon
root: ~ # ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
root: ~ # chmod 644 /var/qmail/alias/.qmail*
. starting qmail .
root: ~ # /downloads/qmailrocks/scripts/util/qmr_inst_check
root: ~ # qmailctl stop
root: ~ # qmailctl start
root: ~ # qmailctl stat
. tezting service .
root: ~ # nmap localhost
Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-30 21:53 UTC
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1709 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
443/tcp open https
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds
-( tezting pop3 service )-
root: ~ # telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK <5521.1233352536@mail.yourdomain.com>
user postmaster@yourdomain.com
+OK
pass 123456
+OK
quit
+OK
Connection closed by foreign host.
-( tez smtp service )-
root: ~ # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourdomain.com ESMTP
ehlo localhost
250-mail.yourdomain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.
if you have this service "250-STARTTLS" in your smtp then your server is equipped for TLS functionality.
. compile courier imap and imap ssl .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xjvf courier-authlib-0.55.tar.bz2
root: qmailrocks # cd courier-authlib-0.55/
root: courier-authlib-0.55 # ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib
root: courier-authlib-0.55 # make && make check
root: courier-authlib-0.55 # make install-strip && make install-configure
root: courier-authlib-0.55 # vim /etc/init.d/boot.local
--+ add this line
/usr/local/sbin/authdaemond start
. compile courier-imap .
you must compile courier-imap non-root user (ex: linux).
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xjvf courier-imap-4.0.2.tar.bz2
root: qmailrocks # useradd -m -p 123456 linux
root: qmailrocks # chown -R linux:wheel courier-imap-4.0.2
root: qmailrocks # cd courier-imap-4.0.2/
root: courier-imap-4.0.2 # su linux
linux: courier-imap-4.0.2 > ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib
linux: courier-imap-4.0.2 > make && make check
linux: courier-imap-4.0.2 > exit
root: courier-imap-4.0.2 # make install-strip && make install-configure
--+ make SSL certificate +--
root: courier-imap-4.0.2 # /usr/local/sbin/mkimapdcert
root: courier-imap-4.0.2 # vim /usr/local/etc/imapd.cnf
change postmaster@example.com an administrative email adress (postmaster@yourdomain.com)
root: courier-imap-4.0.2 # vim /usr/local/etc/imapd
configure: IMAPDSTART=YES
root: courier-imap-4.0.2 # vim /usr/local/etc/imapd-ssl
configure: IMAPDSSLSTART=YES
make sure this configuration exists : TLS_CERTFILE=/usr/local/share/imapd.pem
root: courier-imap-4.0.2 # vim /usr/local/etc/authlib/authdaemonrc
configure : authmodulelist="authvchkpw"
root: courier-imap-4.0.2 # cp /usr/local/libexec/imapd.rc /etc/init.d/imap
root: courier-imap-4.0.2 # cp /usr/local/libexec/imapd-ssl.rc /etc/init.d/imaps
--+ starting up service +--
root: courier-imap-4.0.2 # /usr/local/sbin/authdaemond stop
root: courier-imap-4.0.2 # /usr/local/sbin/authdaemond start
root: courier-imap-4.0.2 # /etc/init.d/imap stop
root: courier-imap-4.0.2 # /etc/init.d/imap start
root: courier-imap-4.0.2 # /etc/init.d/imaps stop
root: courier-imap-4.0.2 # /etc/init.d/imaps start
--+ check with nmap +--
root : ~ # nmap localhost
Starting Nmap 4.60 ( http://nmap.org ) at 2009-02-01 14:16 UTC
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1707 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
993/tcp open imaps
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds
--+ tez imap +--
root: ~ # telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@yourdomain.com 123456
a OK LOGIN Ok.
a logout
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
--+ you must input 'a' before executed command (login, logout)
. compile courierpassd .
root: ~ # cd /downloads/qmailrocks/
root: qmailrocks # tar -xzvf courierpassd-1.1.0-RC1.tar.gz
root: qmailrocks # cd courierpassd-1.1.0-RC1/
root: courierpassd-1.1.0-RC1 # ./configure
root: cd courierpassd-1.1.0-RC1 # make && make install
--+ configure courierpassd +--
_configure xinetd.d
root: ~ # cd /etc/xinetd.d/
root: xinetd.d # vim courierpassd
_add this line_
service courierpassd
{
port = 106
socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from = 127.0.0.1
instances = 4
disable = no
}
_configure services
root: ~ # vim /etc/services
__add this line : ___
courierpassd 106/tcp # for /etc/xinetd.d/courierpassd <------- Check
_start service
root: ~ # /etc/init.d/xinetd restart
_tezt service
root: ~ # nmap localhost
Starting Nmap 4.60 ( http://nmap.org ) at 2009-02-02 12:02 UTC
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1706 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
143/tcp open imap
443/tcp open https
993/tcp open imaps
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.203 seconds
. install squirrelmail (web mail client) .
root: ~ # cd /downloads
root: downloads # wget http://internode.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.17.tar.bz2
root: downloads # tar -xjvf squirrelmail-1.4.17.tar.bz2
root: downloads # mv squirrelmail-1.4.17 webmail
root: downloads # mv webmail/ /srv/www/htdocs/
--+ configure squirrelmail +--
root: ~ # mkdir /var/sqattachements
root: ~ # chown -R wwwrun:www /var/sqattachements/
root: ~ # cd /srv/www/htdocs/webmail/
root: webmail # chown -R wwwrun:www data/
root: webmail # cd config/
root: config # ./conf.pl
* push number #2 (Server Settings) and #1 (Domain) to configure your ip for your domain (ex: 192.186.1.1) and then press key S (save) and Q (quit).
SquirrelMail Configuration : Read: config_default.php (1.4.0)
---------------------------------------------------------
Server Settings
General
-------
1. Domain : 192.186.1.1
2. Invert Time : false
3. Sendmail or SMTP : SMTP
A. Update IMAP Settings : localhost:143 (other)
B. Update SMTP Settings : localhost:25
R Return to Main Menu
C Turn color on
S Save data
Q Quit
--+ add plugins change_pass +--
root: ~ # cd /srv/www/htdocs/webmail/plugins/
root: plugins # wget http://www.squirrelmail.org/plugins/change_passwd-4.0-1.2.8.tar.gz
root: plugins # tar -xzvf change_passwd-4.0-1.2.8.tar.gz <======
root: plugins # rm change_passwd-4.0-1.2.8.tar.gz
root: plugins # cd ../config/
root: config # ./conf.pl
* select #8 (plugins) then #4 (change_passwd) then hitting enter for actived/installed this plugin. hitting key S (save) then Q (quit).
--+ configure virtual host +---
root: ~ # vim /etc/apache2/httpd.conf
_add configuration like this :_
<VirtualHost 192.186.1.1:80>
ServerName mail.yourdomain.com
ServerAlias mail.*
ServerAdmin postmaster@yourdomain.com
DocumentRoot /srv/www/htdocs/
</VirtualHost>
root: ~ # /etc/init.d/apache2 restart
* open your web browser and go to url
http://mail.yourdomain.com
but if you are not make virtual host, you can access webmail like this:
http://yourdomain.com/webmail
then login with yours email accout or with account:
username : postmaster@yourdomain.com
password : 123456
Install Clamav by source
tar zxvf clamav-0.97.tar.gz
useradd -c "Qmail-Scanner Account" -s /bin/false qscand
cd clamav-0.97
./configure --with-user=qscand --with-group=qscand
make && make install
ldconfig -v
Now, we configure its configuration files, these are as follows:
vi /usr/local/etc/clamd.conf
#Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogClean yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.cl
MaxConnectionQueueLength 30
User qscand
MaxThreads 20
ScanMail yes
Now, create some directories with the ownership of qscand:
mkdir /var/run/clamav
chown -R qscand.qscand /var/run/clamav
mkdir /var/log/clamav
chown -R qscand.qscand /var/log/clamav
chmod -R 755 /var/log/clamav
By this, clamav is successfully installed.
/usr/local/sbin/clamd &
vi /usr/local/etc/freshclam.conf
#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner qscand
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.in.clamav.net
NotifyClamd /usr/local/etc/clamd.conf
Save and exit.
freshclam -v
Install Spamassasin by zypper command
- zypper in perl-spamassassin spamassassin
- /etc/init.d/spamd start
Install qmail-scanner & qms-analog
Unpack qmail-scanner...
tar zxvf qmail-scanner-1.25.tgz
Now unpack qms-analog...
tar zxvf qms-analog-0.4.2.tar.gz
Install qms-analog itself. This will come in handy in the next step when we install Qmailanalog.
cd qms-analog-0.4.2
make all
Next, we copy needed qms-analog files to the qmail-scanner source directory...
cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.25/
Now, let's apply the qms-analog patch...
cd /downloads/qmailrocks/qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch
Now we will configure qmail-scanner and install it. Ordinarily, you would run the ./configure script to configure and install qmail-scanner. However, Mark Teel has donated a handy little config script that does most of the work for you.This script is called "qms-config-script" and, if you look above, you should have already copied this config script into the qmail-scanner source directory.
How you go about configuring and installing qmail-scanner from this point on depends on how you server's installation of Perl is configured. For the purposes of this installation, there are 2 Perl setups.
1. Perl is configured to allow for setuid functions.
2. Perl is not configured for setuid functionality and, in fact, does not permit it.
We'll start off with the configuration step for a server that allows setuid. However, if you run into setuid errors, you can jump to a set of instructions for servers that do not allow setuid functionality.
So let's do it...
First, you need to configure the script for your needs...
cd /downloads/qmailrocks/qmail-scanner-1.25
vi qms-config
You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED
#!/bin/sh
if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi
./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify admin \
"$INSTALL"
Now save and exit out of the config file. That was easy, wasn't it.
And now we will run a test config for qmail-scanner...
chmod 755 qms-config
./qms-config
Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server.
If don't have any error ... continue...
If the config test produced any error messages, stop here!
If you got a "setuid" related error when you ran the above script it is most likely due to you Perl installation not supporting setuid functionality
Stop and continue with this URL: http://www20119.blogspot.com/2011/03/perl-does-not-allow-for-setuid.html
If you didn't get any errors on the test run above, then you should be ok to run the "real" installation script below. So let's do it...
./qms-config install
Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips.
And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database...
First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.
And now one final ownership check...
chown -R qscand:qscand /var/spool/qmailscan
Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself.
vi /var/qmail/supervise/qmail-smtpd/run
To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh):
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
..and we change the "softlimit" in that same script...
change softlimit to 40000000
Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!!
So now the qmail-smtp/run file should look like this:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive!
Click Here to continue
| If your Perl installation does NOT allow for setuid functionality cd /downloads/qmailrocks/qmail-scanner-1.25/contrib make install Now we will customize the qmail-scanner configuration script... cd /downloads/qmailrocks/qmail-scanner-1.25 vi qms-config-cwrapper You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED #!/bin/sh if [ "$1" != "install" ]; then INSTALL= else INSTALL="--install" fi ./configure --domain yourdomain.com \ --admin postmaster \ --local-domains "yourdomain.com,yourotherdomain.com" \ --add-dscr-hdrs yes \ --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \ --ignore-eol-check yes \ --sa-quarantine 0 \ --sa-delete 0 \ --sa-reject no \ --sa-subject ":SPAM:" \ --sa-delta 0 \ --sa-alt yes \ --sa-debug no \ --notify admin \ --skip-setuid-test \ "$INSTALL" Now save and exit out of the config file. That was easy, wasn't it. And now we will run a test config for qmail-scanner... chmod 755 qms-config-cwrapper ./qms-config-cwrapper Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. ./qms-config-cwrapper install Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. vi /var/qmail/bin/qmail-scanner-queue.pl Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.) chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database... First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it... /var/qmail/bin/qmail-scanner-queue -z And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t... /var/qmail/bin/qmail-scanner-queue -g A successful database build should produce the following output: perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 9 entries. And now one final ownership check... chown -R qscand:qscand /var/spool/qmailscan Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself. vi /var/qmail/supervise/qmail-smtpd/run To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh): QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE ..and we change the "softlimit" in that same script... change softlimit to 40000000 Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!! So now the qmail-smtp/run file should look like this: #!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 40000000 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /var/qmail/bin/qmail-smtpd your_domain.com \ /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1 Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive! Click Here to continue |
To activate all the changes we just made, we're going to have to completely stop and restart qmail.
Stop it...
qmailctl stop
and start it...
qmailctl start
And a quick check of the qmail processes, just to be safe..
qmailctl stat
Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it!
cd /downloads/qmailrocks/qmail-scanner-1.25/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit
A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test.
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!
Finished test. Now go and check Email for postmaster@mydomain.com
If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo!
No comments:
Post a Comment