Debianhelp.co.uk


Qmail Configuration in Debian

What is Qmail ?

qmail is an Internet Mail Transfer Agent (MTA) for UNIX-like operating systems. It's a drop-in replacement for the Sendmail system provided with UNIX operating systems. qmail uses the Simple Mail Transfer Protocol (SMTP) to exchange messages with MTA's on other systems.

System requirements

qmail will install and run on most UNIX and UNIX-like systems, but there are few requirements:

About 10 megabytes of free space in the build area during the build. After the build, you can free all but 4 megabytes by removing the object files.

A complete, functioning C development system including a compiler, system header files, and libraries. The build directions will show you how to tell if you've got the necessary parts.

A few megabytes for the binaries, documentation, and configuration files.

A safe filesystem for the queue. qmail's reliability guarantee requires that the queue reside on a filesystem with traditional BSD FFS semantics. Most modern local filesystems meet these requirements with one important exception: the link() system call is often asynchronous--meaning that the results of the link() operation might not have been written to disk when the link() call returns. Bruce Guenter's syncdir library can be used to work around this problem. See syncdir in the Related Packages appendix for more information.

Sufficient disk space for the queue. Small single-user systems only need a couple megabytes. Large servers may need a couple gigabytes.

A compatible operating system. Most flavors of UNIX are acceptable.

Access to a domain name server (DNS) is highly recommended. Without one, qmail can only send to remote systems configured in its smtproutes config file.

Adequate network connectivity. qmail was designed for well-connected systems, so you probably don't want to try to use it for a mailing list server on a 28.8k dial-up. The serialmail package was designed to make qmail more compatible with poorly-connected systems.

We are going to install qmail packages available for debian users from http://debian.iuculano.it

The above Debian Package contains the following patches

SMTP-AUTH for Debian Sarge 3.1 (Fixed)

qmail-dnsbl patch (added logging)

qmail-queue-custom-error.patch (for simscan)

qmail-smtp-log-patch

chkuser 2.0

The qmail-dnsbl patch lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.

If the check fails, the server closes the SMTP conversation before receiving the mail. This avoids wasting resources.

The original qmail-smtpd program accepts by all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existant recipient a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.

chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.

qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus avoiding additional traffic, backscatter, workload and messages bounced more times.

These goals are achieved by enquiring the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.

chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of "who's sending to whom". This can facilitate any further enhancements of anti-SPAM features.

Important Note:- Current qmail version works only with vpopmail-mysql package available http://debian.iuculano.it

Before Qmail Installation

You need to remove the exim4 mail server from your machine because by default debian will install exim4 mail server in your machine for this you need to follow these commands

# dpkg --force-depends --purge exim4 exim4-base exim4-config exim4-daemon-light

Installing Qmail in Debian

open your terminal and add debian repository in your sources.list:

# vi /etc/apt/sources.list

Add these lines:

deb     http://debian.iuculano.it/apt  sarge main contrib non-free
deb-src http://debian.iuculano.it/apt  sarge main contrib non-free

deb ftp://ftp.debian.org/debian/ stable main contrib non-free


and then you can update and install the package:

# apt-get update

vpopmail package uses mysql backend, so we need mysql-server

#apt-get install mysql-server

It is strongly recommended that you set a password for the mysql root user (which is NOT the same as the "normal" root user) with the command:

#mysqladmin -u root password 'enter-your-good-new-password-here'

Now we can create a database and a user which is allowed to access it:

# mysqladmin -u root -p create vpopmail
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'localhost'
           IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)

Now we need to install qmail, vpopmail, spamassasin

# apt-get install qmail-src spamassassin vpopmail-mysql spamc razor pyzor ucspi-tcp-src libmailtools-perl \
 libmail-spf-query-perl libsys-hostname-long-perl

This will complete the installation of all the required packages for qmailvpopmail and spamassasin

We need to build ucspi-tcp:

# build-ucspi-tcp

And finally, we need to build qmail:

# build-qmail

now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail.

If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS

If you want chkuser you should replace:

-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \

with:

-u vpopmail -g vckpw -x /etc/tcp.smtp.cdb 0 smtp \

Standard Qmail setup now follows. Setting your mail name:

#vi /etc/qmail/me

And add your mail name, for example mail.domain.org

Since we're using MySQL we need to specify the username and password to connect to the database with for vpopmail:

# vi /etc/vpopmail/vpopmail.mysql

and restart qmail and popmail POP3

# /etc/init.d/qmail restart

Stopping mail-transfer agent: qmail.
Starting mail-transfer agent: qmail.

# /etc/init.d/vpopmail-mysql restart

Restarting vpopmail pop3 server: vpopmail.

Now you can check this installation files using the following command

# dpkg -i /tmp/qmail/qmai*.deb

Checking your qmail Installation

# apt-get install recode
[...]
# vadddomain test.bogus
Please enter password for postmaster:
enter password again:
# ls -la /var/lib/vpopmail/domains/
totale 3
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 .
drwxr-xr-x  6 root     root   1024 2006-07-07 16:09 ..
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus
debian:~# echo -en "postmaster@test.bogus" | recode data..base64
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
# echo -en "test" | recode data..base64
dGVzdA==
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
quit
221 mail.domain.com
Connection closed by foreign host.
# less /var/log/syslog
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO TEST
250 mail.domain.com
EHLO
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
334 UGFzc3dvcmQ6
dGVzdA==
235 ok, postmaster@test.bogus, go ahead (#2.0.0)
mail from: test@nonexact.from
511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
mail from: test@test.com
250 ok
RCPT TO: notexist@test.bogus
511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
RCPT TO: postmaster@test.bogus
250 ok
quit
221 mail.domain.com
Connection closed by foreign host.

Installing qmailadmin,antivirus and antispam support for qmail

# apt-get install qmailadmin autorespond ezmlm-src clamav clamav-daemon clamav-freshclam ripmime

Install simscan (http://www.inter7.com/simscan/simscan-1.2.tar.gz) and edit init.d/qmail. Here is an example of configuring simscan:

./configure --enable-user=clamav --enable-clamav=y \
 --enable-custom-smtp-reject=y --enable-attach=y --enable-spam=y \
 --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y \
 --enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n \
 --enable-quarantinedir=/var/qmail/quarantine --enable-dropmsg=y

If you want Qmail web interface or GUI tools click here