- 论坛徽章:
- 0
|
Linux Qmail Toaster v. 0.9.2
本部分安装内容为linux下最好的qmail安装参考文档。
Table of Contents
Available Languages:
English
mhtml:file://D:\My Documents\Bill's Linux Qmail Toaster v_ 0_9_2.mht!http://www.shupp.org/toaster/images/us.gif
Spanish
mhtml:file://D:\My Documents\Bill's Linux Qmail Toaster v_ 0_9_2.mht!http://www.shupp.org/toaster/images/spain.gif
Romanian
mhtml:file://D:\My Documents\Bill's Linux Qmail Toaster v_ 0_9_2.mht!http://www.shupp.org/toaster/images/romania.gif
NOTE: This document is now paginated. If you prefer to view it all as one page, click
[url=mhtml:file://D:\My Documents\Bill's Linux Qmail Toaster v_ 0_9_2.mht!http://www.shupp.org/toaster/?page=all]here[/url]
Preface
What's a POP toaster?
I use Dan Bernstein's definition described at
http://cr.yp.to/qmail/toaster.html
What this toaster does and does not do
This "howto" will walk you through building a Linux Qmail "Toaster". While these instructions are intended to work with popular Linux distributions, they will probably work on other flavors of Unix without too much modification.
- Qmail SMTP Mail Server with SMTP-AUTH (Plain, Login, CRAM-MD5), TLS (SSL) support, and optional Virus/Spam Scanner.
- POP3 Server with CRAM-MD5, APOP, and SSL support
- IMAP Server with TLS (SSL) support
- WebMail Server
- Quota Support (usage viewable by webmail)
- Autoresponder
- Mailing Lists
- Web-Based Email Administration
What this toaster does NOT do is act as a thorough guide to qmail or any of the other packages it installs. Such information is already available in the documentation,
Life With Qmail
, or other howtos/toasters. I only put this together to document all the commands/urls/procedures that I find myself repeating often. It's intended to have a bit of a "copy and paste" feel to it aimed at the impatient (me). If it's not sufficient for you, take the time to read the documentation of each package that's to be installed. There's no substitute for that.
Assumptions/Support
This document assumes that you are familiar with Unix system administration, mail/web protocols, etc. You don't have to be a guru to make this work, but you will be patching and compiling source code, as well as editing configuration files. If you want a "point and click" install experience, this is not for you.
These instructions come with no warranty or guarantee. If you blow up your server, and lose business in the process, that's your problem.
Support is not provided. There are mailing lists for all these packages, as well as one specific to this toaster. See links in the appendix for more information.
Commercial support is available. See
http://merchbox.com/qmail.php
for more information. There are also other sources of commercial support for the individual packages. See the respective documentation for each package for further information.
Prerequisites
If you have installed a recent version of your Linux distribution, you shouldn't have any problems, especially if you did a "server" type of install rather than "Desktop". However, this install DOES require that you have the apache web server and PHP installed. Most distributions come with these now. PHP is only required for SquirrelMail. The main issues you might see are missing development libraries, or gdbm, stunnel, kerberos dev files, or openssl. If you are using an rpm based distro, an easy way to make sure they are installed is to use yum, which is likely installed already. Make sure the packages get installed if necessary using this command:
yum install gcc g++ gcc-g++ gdbm gdbm-devel openssl openssl-devel stunnel krb5-devel bzip2 bzip2-devel
Aliases Some distributions setup aliases for common commands that might interfere with this install. I recommend unaliasing some of the more common ones if you are unsure:
unalias rm mv cp
This orignial version of this document was written using RedHat Linux 9.0. However, I now use debian exclusively now, and I fully recommend it. Once you get comfortable with apt, you'll never go back!
Debian Notes
The easy way to make sure you have all the proper debian packages installed is to just execute this command:
apt-get install libgdbm-dev gcc g++ patch make libc-dev stunnel libssl-dev libapache2-mod-php4 wget bzip2
In addition, you probably want these things installed as well:
apt-get install man telnet
Lots of Debian packages require an MTA, and Debian defaults to exim4. This obviously can be a problem for qmail. So lets fix that with a dummy equivs package:
# install equivs
apt-get install equivs
# build the dummy mta package
cd /tmp
cp /usr/share/doc/equivs/examples/mail-transport-agent.ctl .
equivs-build mail-transport-agent.ctl
# remove exim4
dpkg --ignore-depends=exim4 -r exim4
dpkg --ignore-depends=exim4-daemon-light -r exim4-daemon-light
dpkg --ignore-depends=exim4-base -r exim4-base
dpkg --ignore-depends=exim4-base -r exim4-base
# and install the dummy mta package
dpkg -i /tmp/mta-local_1.0_all.deb
mkdir /var/lock/subsys
Apache's DocumentRoot is in /var/www instead of /var/www/html. What I do is use that, and put SquirrelMail's data directory in /etc/apache.
Apache's cgi-bin directory by default is /usr/lib/cgi-bin. You should use that path when configuring qmailadmin.
SpamAssassin needs many perl libraries. If you plan to use SpamAssassin, then install these libraries now:
apt-get install libdigest-sha1-perl libnet-dns-perl \
libmail-spf-query-perl libgeo-ipfree-perl razor pyzor libnet-ident-perl \
libio-socket-ssl-perl libarchive-tar-perl libio-zlib-perl \
libsys-hostname-long-perl libhtml-parser-perl
ClamAV requires the zlib and zlib-dev packages:
apt-get install zlib1g zlib1g-dev libbz2-dev libgmp3 libgmp3-dev
QmailMRTG7 requires the mrtg package:
apt-get install mrtg
Trustix Notes:
Matthew Valentini provided some
notes
on using this toaster with Trustix 3.0. I have not tested them, I'm just making them available as-is.
Toaster License
This document is covered by the same license as Life With Qmail, and the license is detailed here:
http://www.opencontent.org/opl.shtml
Getting Started
DNS
Before we begin, make sure DNS (mx record) is properly setup. If you were using "merchbox.com" as your virtual domain, here's how your host lookups would look after setting up dns:
[shupp@ns1 toaster]$ host -t mx merchbox.com
merchbox.com. mail is handled by 0 mail.merchbox.com.
[shupp@ns1 toaster]$ host -t a mail.merchbox.com
mail.merchbox.com. has address 216.234.249.114
Remove existing smtp/pop/imap servers
Now we must remove any existing installations of sendmail/postfix and disable pop/imap servers. To remove sendmail and postfix from an rpm based distribution, try this:
rpm -e --nodeps sendmail postfix
Unless you have other services that absolutely have to run on this machine, I recommend shutting down inetd or xinetd altogether and removing it from your startup scripts. The only thing you'll need (outside of what we're about to isntall) is ssh, which is probably installed already. This will likely shut off any pop3 or imap servers, as well as other unneccessary ports. Otherwise, disable them manually.
To be sure that these services are disabled, try telnetting to ports 25, 110, and 143 and make sure your connections are refused.
Download Packages
I keep my software source in /var/src. If you want to put it in another location, set the location below, and all paths will be updated.
umask 0022
mkdir -p /var/src/tar
cd /var/src/tar
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://shupp.org/software/netqmail-1.05.tar.gz
wget http://shupp.org/software/libdomainkeys-0.68.tar.gz
wget http://shupp.org/patches/libdomainkeys.diff
wget http://shupp.org/patches/qmail-toaster-0.9.1.patch.bz2
wget http://shupp.org/patches/doublebounce-trim.patch
wget http://shupp.org/software/vpopmail-5.4.18.tar.gz
wget http://shupp.org/patches/vpopmail-5.4.18-cumulative.patch
wget http://shupp.org/software/autorespond-2.0.4.tar.gz
wget http://shupp.org/patches/autorespond-2.0.4-2.0.5.patch
wget http://shupp.org/software/qmailadmin-1.2.11.tar.gz
wget http://shupp.org/software/qmailadmin-help-1.0.8.tar.gz
wget http://cr.yp.to/software/ezmlm-0.53.tar.gz
wget http://shupp.org/software/ezmlm-idx-0.443.tar.gz
wget http://shupp.org/software/courier-imap-4.1.2.tar.bz2
wget http://shupp.org/software/courier-authlib-0.59.1.tar.bz2
wget http://shupp.org/patches/vpopmail_courier_cram-1.diff
wget http://shupp.org/software/squirrelmail-1.4.9a.tar.bz2
wget http://shupp.org/software/quota_usage-1.3.1-1.2.7.tar.gz
wget http://shupp.org/software/toaster-scripts-0.9.0.tar.gz
cd ../
tar -xzf tar/netqmail-1.05.tar.gz
cd netqmail-1.05
./collate.sh
Install Software
Now that you have downloaded all the software packages to /var/src, please go through each of these installation steps as the appear, and in this order, unless you really know what you're doing. (Because if you did, you wouldn't be reading this, right?)
The below steps assume that your "rc" directories are in /etc/ and your "init.d" path is "/etc/init.d" . If yours are different, please substitue paths accordingly.
daemontools
daemontools is a collection of tools for managing UNIX services. It will monitor qmail-send, and qmail-smtpd, and qmail-pop3d services.
Info:
http://cr.yp.to/daemontools.html
Install:
mkdir -p /package
chmod 1755 /package
cd /package
tar -xpzf /var/src/tar/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
patch -p1 clear/run
To verify that daemontools is running, make sure that `ps ax` reports '/bin/sh /command/svscanboot' and 'svscan /service' as running.
Install Software
ucspi-tcp
ucspi-tcp contains tcpserver and tcpclient, command line tools for building client-server applications.
Info:
http://cr.yp.to/ucspi-tcp.html
Install:
cd /var/src
tar -xzf tar/ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch -p1
Install Software
qmail
qmail is allegedly the second most popular MTA in use, known for speed and security.
Info:
http://www.qmail.org/
The patch you will apply later is a composite of these existing patches:
- smtp auth (cram-md5)
- starttls support
- support oversize dns packets (not necessary if you use dnscache)
- qregex (regular expression matching in badmailfrom and badmailto)
- reread concurrency via HUP
- big concurrency (set the spawn limit above 255)
- maildir++ patch
- qmail-queue (to allow for virus scanners, part of netqmail)
- chkuser (check for local users, envelope syntax) with user extensions enabled (for TMDA)
- spam throttle
- spf
- surbl support in qmail-smtpd
- domainkeys support
Install:
mkdir /var/qmail
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
cd /var/src
tar -xzf tar/toaster-scripts-0.9.0.tar.gz
cd netqmail-1.05/netqmail-1.05
# NOTE: RedHat/Fedora users may need to link certain include files for the TLS patch.
# Issue the command below only if make fails:
ln -s /usr/kerberos/include/com_err.h /usr/kerberos/include/krb5.h \
/usr/kerberos/include/profile.h /usr/include/
# as well as remove the sendmail link if it still exists:
rm /usr/sbin/sendmail
make
make setup check
# NOTE: qmail will be patched AFTER vpopmail is installed
# turn on SPF checking
echo 3 > /var/qmail/control/spfbehavior
# Setup the primary administrator's email address.
# This address will receive mail for root, postmaster, and mailer-daemon.
# Replace "admin@example.com" with your email address
(cd ~alias; echo "admin@example.com" > .qmail-postmaster ;\
echo "admin@example.com" > .qmail-mailer-daemon ;\
echo "admin@example.com" > .qmail-root )
chmod 644 ~alias/.qmail*
./config-fast `hostname --long`
Configure:
add qmail man pages to MANPATH Edit /etc/man.config
- Add "MANPATH /var/qmail/man"
- NOTE: Debian users should set MANDATORY_MANPATH rather than MANPATH
cd /var/src
cp toaster-scripts-0.9.0/rc /var/qmail/rc
chmod 755 /var/qmail/rc
mkdir /var/log/qmail
echo ./Maildir/ >/var/qmail/control/defaultdelivery
cp toaster-scripts-0.9.0/qmailctl /var/qmail/bin/
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
# Now create the supervise directories/scripts for the qmail services:
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
mkdir -p /var/qmail/supervise/qmail-pop3ds/log
cp /var/src/toaster-scripts-0.9.0/send.run /var/qmail/supervise/qmail-send/run
cp /var/src/toaster-scripts-0.9.0/send.log.run /var/qmail/supervise/qmail-send/log/run
cp /var/src/toaster-scripts-0.9.0/smtpd.run /var/qmail/supervise/qmail-smtpd/run
cp /var/src/toaster-scripts-0.9.0/smtpd.log.run /var/qmail/supervise/qmail-smtpd/log/run
cp /var/src/toaster-scripts-0.9.0/pop3d.run /var/qmail/supervise/qmail-pop3d/run
cp /var/src/toaster-scripts-0.9.0/pop3d.log.run /var/qmail/supervise/qmail-pop3d/log/run
# NOTE: If you are using stunnel version 4, you should use pop3ds.run.v4
# instead of pop3ds.run below.
# Type "stunnel -V" (v. 3) or "stunnel -version" (v. 4) to see what version is installed.
# You will also need to copy over stunnel.conf like so:
#
# cp /var/src/toaster-scripts-0.9.0/stunnel.conf /var/qmail/supervise/qmail-pop3ds/
cp /var/src/toaster-scripts-0.9.0/pop3ds.run /var/qmail/supervise/qmail-pop3ds/run
cp /var/src/toaster-scripts-0.9.0/pop3ds.log.run /var/qmail/supervise/qmail-pop3ds/log/run
echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
chmod 755 /var/qmail/supervise/qmail-pop3ds/run
chmod 755 /var/qmail/supervise/qmail-pop3ds/log/run
mkdir -p /var/log/qmail/smtpd
mkdir -p /var/log/qmail/pop3d
mkdir -p /var/log/qmail/pop3ds
chown -R qmaill /var/log/qmail
# allow daemontools to start qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
# verify that it's running with qmailctl
sleep 5
qmailctl stat
Now let's compile libdomainkeys, we'll need that later:
cd /var/src
tar -xzf tar/libdomainkeys-0.68.tar.gz
cd libdomainkeys-0.68
patch -p0
Install Software
Vpopmail
Vpopmail is a virtual domain package add-on for qmail. It can handle multiple domains on a single IP address, and none of the user accounts are /etc/passwd or "system" accounts.
Info:
http://vpopmail.sf.net/
Install:
groupadd -g 89 vchkpw
useradd -u 89 -g vchkpw vpopmail
cd /var/src
tar -xzf tar/vpopmail-5.4.18.tar.gz
cd vpopmail-5.4.18
patch -p0 ~vpopmail/etc/tcp.smtp
(cd ~vpopmail/etc ; tcprules tcp.smtp.cdb tcp.smtp.tmp /dev/null 2>&1
# start qmail back up
qmailctl start
# allow daemontools to start vpopmail
ln -s /var/qmail/supervise/qmail-pop3d /var/qmail/supervise/qmail-pop3ds /service
# verify that it's running with vpopmailctl
sleep 5
vpopmailctl stat
Install Software
Courier-IMAP
Courier-IMAP will supply IMAP/SIMAP access.
Info:
http://www.courier-mta.org/imap/
NOTE: If you are on a system that does not use GNU make, such as FreeBSD, install GNU make and substitue 'gmake' for 'make' during the install of courier-authlib and courier-imap. Most Linux systems use GNU make.
Install Courier's Auth Library:
cd /var/src
tar -xjf tar/courier-authlib-0.59.1.tar.bz2
cd courier-authlib-0.59.1
patch -p0
Configure:
Edit /usr/local/etc/authlib/authdaemonrc
- Change authmodulelist= "..." to authmodulelist= "authvchkpw"
- Start Authlib's Authdaemon Server
- /etc/init.d/courier-authlib start
Install Courier-IMAP:
cd /var/src
tar -xjf tar/courier-imap-4.1.2.tar.bz2
cd courier-imap-4.1.2
# build as vpopmail
chown -R vpopmail:vchkpw ../courier-imap-4.1.2
su vpopmail
umask 0022
# configure may take some time...
./configure
# NOTE: RedHat/Fedora users need to add '--with-redhat'
make
exit
make install-strip
make install-configure
cp courier-imap.sysvinit /etc/init.d/courier-imap
chmod 755 /etc/init.d/courier-imap
ln -s ../init.d/courier-imap /etc/rc0.d/K30courier-imap
ln -s ../init.d/courier-imap /etc/rc1.d/K30courier-imap
ln -s ../init.d/courier-imap /etc/rc2.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc3.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc4.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc5.d/S80courier-imap
ln -s ../init.d/courier-imap /etc/rc6.d/K30courier-imap
Configure:
Edit /usr/lib/courier-imap/etc/imapd
- Change 'IMAPDSTART=NO' to 'IMAPDSTART=YES'
- add " AUTH=CRAM-MD5" to IMAP_CAPABILITY to enable secure authentication (CRAM-MD5)
Edit /usr/lib/courier-imap/etc/imapd-ssl
- Change 'IMAPDSSLSTART=NO' to 'IMAPDSSLSTART=YES'
- optional: The first time courier-imap is started, the SSL certificate is first created using 'localhost' as the 'common name'. If you want to change this to match your hostname, you can customize the CN line in /usr/lib/courier-imap/etc/imapd.cnf (and pop3d.cnf of you choose to use courier's pop3d) so that the common name matches your server name BEFORE you start the server for the first time.
Start IMAP server
/etc/init.d/courier-imap start
Install Software
SquirrelMail
SquirrelMail is a web based IMAP client
Info:
http://www.squirrelmail.org/
NOTE: This section assumes that your apache ServerRoot is /var/www and that your DocumentRoot is /var/www/html, and also that your web server runs as apache:apache
Install:
cd /var/src
tar -xjf tar/squirrelmail-1.4.9a.tar.bz2
cd squirrelmail-1.4.9a
cd plugins
tar -xzf ../../tar/quota_usage-1.3.1-1.2.7.tar.gz
cp quota_usage/config.php.sample quota_usage/config.php
cd ../
./configure
here you will have to set a few options:
- go to Server Settings (2), Server Software (8) and change the Server Software from "other" to "courier" (a)
- From the main menu, go to General Options (4) and change Data Direcotry (2) to "/var/www/data/" , change "Allow server thread sort" (10) to y, and change "Allow server-side sorting" (11) to y.
- From the main menu, go to Plugins and enable the quota_usage plugin, along with any others you prefer
- Save settings
- quit
# move the data directory into place and change permissions to the user:group that the web server runs as:
mv data /var/www/
chown -R apache:apache /var/www/data
# install squirrelmail
cd ../
mv squirrelmail-1.4.9a /var/www/html/
Install Software
autorespond
Autorespond is compatible autoresponder/vacation type tool that works well with vdelivermail and qmailadmin.
Info:
http://qmailadmin.sf.net/
Install:
cd /var/src
tar -xzf tar/autorespond-2.0.4.tar.gz
cd autorespond-2.0.4
patch -p1
Install Software
ezmlm-idx
Fast, full featured Mailing List Manager configureable from qmailadmin.
Info:
http://www.ezmlm.org/
Install:
cd /var/src
tar -xzf tar/ezmlm-0.53.tar.gz
tar -xzf tar/ezmlm-idx-0.443.tar.gz
mv ezmlm-idx-0.443/* ezmlm-0.53/
cd ezmlm-0.53
patch -p0
Install Software
QmailAdmin
QmailAdmin can handle nearly all virtual email administration tasks for you from a web browser, except for adding and removing virtual domains.
Info:
http://sourceforge.net/projects/qmailadmin
Install:
cd /var/src
tar -xzf tar/qmailadmin-1.2.11.tar.gz
cd qmailadmin-1.2.11
./configure --enable-help --enable-htmldir=/var/www/html --enable-cgibindir=/var/www/cgi-bin
make
make install-strip
cd ../
tar -xzf tar/qmailadmin-help-1.0.8.tar.gz
cd qmailadmin-help-1.0.8
mkdir /var/www/html/images/qmailadmin/help
cp -rp * /var/www/html/images/qmailadmin/help
Your toaster installation is done! Now we're ready to take it for a test drive.
Test Drive
Here we'll add a virtual domain, 'test.com', and test sending/receiving mail. Substitue 'test.com' for whatever domain you setup DNS for.
# Add the domain to vpopmail
/home/vpopmail/bin/vadddomain test.com [password]
This creates the default "postmaster" account for test.com. You will use this account with qmailadmin. Try adding/removing users with qmailadmin here:
http://mail.test.com/cgi-bin/qmailadmin
To test out quota usage support, create a user with a 6MB quota like so:
/home/vpopmail/bin/vadduser -q 6MB user@test.com [password]
# verify the user settings, and create the "maildirsize" file
/home/vpopmail/bin/vuserinfo user@test.com
Now, to log into SquirrelMail as user@test.com, point your browser here:
http://mail.test.com/squirrelmail-1.4.9a/
Send yourself a message. If you get it, it's likely you're up and running.
To test your POP server, try telnetting to port 110 and logging in.
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK
user user@test.com
+OK
pass [password]
+OK logged in.
quit
+OK
Connection closed by foreign host.
Test your IMAP server in the same way:
# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc. See COPYING for distribution information.
a001 login user@test.com [password]
a001 OK LOGIN Ok.
a001 logout
* BYE Courier-IMAP server shutting down
a001 OK LOGOUT completed
Connection closed by foreign host.
To test our SSL/TLS connections, all you need to do is duplicate the same tests above, but use openssl's s_client tool to handle encryption.
# for pop:
openssl s_client -connect localhost:995
# for imap:
openssl s_client -connect localhost:993
# for smtp/tls:
openssl s_client -crlf -starttls smtp -connect localhost:25
NOTE: If you get an error like this:
20656:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:473:
your qmail install might need the cipher lists. Debian does this, I don't know why. The following commands will fix it:
openssl ciphers > /var/qmail/control/tlsclientciphers
openssl ciphers > /var/qmail/control/tlsserverciphers
Options
Here, you can add 4 tools that together will prevent viruses from reaching your system via email, and tag spam for client filtering
SpamAssassin
SpamAssassin is the leading open source spam scanner. We'll be installing SpamAssassin via CPAN below.
NOTE: Debian users should have installed the SpamAssassin prerequisites during 'Debian Notes' eariler. RPM distributions may want to use 'yum install spamassassin' instead of CPAN below, so that you get all the dependencies. If the RPM of SpamAssassin is out of date, you could then simply do 'yum uninstall spamassassin', and follow the CPAN installation below, as you'll have the dependencies.
Info:
http://www.spamassassin.org/
Install:
cd /root
perl -MCPAN -e shell
o conf prerequisites_policy ask
install Mail::SpamAssassin
quit
# run spamd under daemontools
mkdir -p /var/qmail/supervise/spamd/log
mkdir -p /var/log/spamd
chown qmaill /var/log/spamd
cp /var/src/toaster-scripts-0.9.0/spamd.run /var/qmail/supervise/spamd/run
cp /var/src/toaster-scripts-0.9.0/spamd.log.run /var/qmail/supervise/spamd/log/run
chmod 755 /var/qmail/supervise/spamd/run
chmod 755 /var/qmail/supervise/spamd/log/run
cp /var/src/toaster-scripts-0.9.0/local.cf /etc/mail/spamassassin/local.cf
mkdir /etc/mail/spamassassin/.spamassassin/
chown vpopmail /etc/mail/spamassassin/.spamassassin/
ln -s /var/qmail/supervise/spamd /service
Options
ClamAV
This open source virus scanner will be called by simscan.
Info:
http://clamav.sf.net/
NOTE: You need gmp-devel installed to verify the digital signatures of the virus database.
Install:
groupadd clamav
useradd -g clamav clamav
cd /var/src/tar
wget http://shupp.org/software/clamav-0.90.2.tar.gz
wget http://shupp.org/patches/clamav-0.90.2.patch
cd ../
tar -xzf tar/clamav-0.90.2.tar.gz
cd clamav-0.90.2
patch -p0
Options
ripmime
ripmime is a tool for extracting MIME attachments from email, and is used by simscan.
Info:
http://www.pldaniels.com/ripmime/
Install:
cd /var/src/tar
wget http://shupp.org/software/ripmime-1.4.0.6.tar.gz
cd ..
tar -xzf tar/ripmime-1.4.0.6.tar.gz
cd ripmime-1.4.0.6
make
make install
Options
Simscan
Your qmail installation is already patched (qmail-queue patch) to support simscan, a new tool for using virus/spam scanners with qmail. The nice thing is that it prevents viruses (and optionally spam) from even getting into your queue. This is different from qmail-scanner, which will quarantine infected messages instead of stopping them at the SMTP level.
Info:
http://inter7.com/?page=simscan
Install:
cd /var/src/tar
wget http://shupp.org/software/simscan-1.3.1.shupp2.tar.gz
cd ../
tar -xzf tar/simscan-1.3.1.shupp2.tar.gz
cd simscan-1.3.1.shupp2
./configure --enable-user=clamav \
--enable-clamav=y \
--enable-spam=y \
--enable-spam-passthru=y \
--enable-per-domain=y \
--enable-ripmime \
--enable-attach=y \
--enable-received=y
make
make install-strip
# add default rules for simscan
echo ":clam=yes,spam=yes,spam_passthru=yes,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif" > /var/qmail/control/simcontrol
# update /var/qmail/control/simcontrol.cdb
/var/qmail/bin/simscanmk
# put versions for received header in /var/qmail/control/simversions.cdb
/var/qmail/bin/simscanmk -g
# turn on scanning
echo ':allow,QMAILQUEUE="/var/qmail/bin/simscan"' >> ~vpopmail/etc/tcp.smtp
qmailctl cdb
Options
TMDA
If you want the option to be very aggressive about spam control, TMDA (Tagged Message Delivery Agent) is a challenge based tool that requires a sender to confirm their sending address before the incoming message is delivered. I don't use it myself, but many people do.
Info:
http://www.tmda.net/
Install:
cd /var/src/tar
wget http://shupp.org/software/tmda-1.1.11.tgz
wget http://shupp.org/software/tmda-cgi-0.16.3.tar.bz2
wget http://shupp.org/patches/tmda-cgi-parent_re.patch
cd ../
tar -xzf tar/tmda-1.1.11.tgz
cd tmda-1.1.11
./compileall
cd ../
mv tmda-1.1.11 /usr/local/
ln -s /usr/local/tmda-1.1.11 /usr/local/tmda
# Now we'll install the vpopmail related scripts
cp /var/src/toaster-scripts-0.9.0/vadduser-tmda /home/vpopmail/bin/
cp /var/src/toaster-scripts-0.9.0/vpopmail-vdir.sh /home/vpopmail/bin/
cp /var/src/toaster-scripts-0.9.0/vtmdarc /home/vpopmail/etc/
# Setup tmda-ofmipd
mkdir -p /var/qmail/supervise/tmda-ofmipd/log
mkdir -p /var/qmail/supervise/tmda-ssl/log
mkdir /var/log/tmda-ofmipd/
mkdir /var/log/tmda-ssl/
chown vpopmail /var/log/tmda-*
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.run /var/qmail/supervise/tmda-ofmipd/run
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.log.run /var/qmail/supervise/tmda-ofmipd/log/run
# NOTE: If you are using stunnel version 4, you should use tmda.ssl.run.v4 instead of tmda-ofmipd.ssl.run below. Type 'stunnel -V' (v. 3) or 'stunnel -version' (v. 4) to see what version is installed. You will also need to copy over stunnel.conf like so: cp /var/src/toaster-scripts-0.9.0/tmda-stunnel.conf /var/qmail/supervise/tmda-ssl/stunnel.conf
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.ssl.run /var/qmail/supervise/tmda-ssl/run
cp /var/src/toaster-scripts-0.9.0/tmda-ofmipd.ssl.log.run /var/qmail/supervise/tmda-ssl/log/run
chmod 755 /var/qmail/supervise/tmda-ofmipd/run
chmod 755 /var/qmail/supervise/tmda-ofmipd/log/run
chmod 755 /var/qmail/supervise/tmda-ssl/run
chmod 755 /var/qmail/supervise/tmda-ssl/log/run
ln -s /var/qmail/supervise/tmda-ofmipd /var/qmail/supervise/tmda-ssl /service/
# Setup tmda-cgi
cd /var/src
tar -xjf tar/tmda-cgi-0.16.3.tar.bz2
cd tmda-cgi-0.16.3
patch -p0
- Now, you'll need to add an alias directive to your web server. Add the following to /etc/httpd/httpd.conf (or where ever your conf file is), and restart Apache:
Alias /display /usr/local/tmda-cgi-0.16.3/display/
Now, you should be able to point your browser to /cgi-bin/tmda.cgi, log in with your email address and password, and add/edit/remove tmda for your account. Note that the .qmail files created by tmda WILL show up in QmailAdmin.
Options
QmailMRTG7
This is a great tool for graphing your mail server's activity.
Info:
http://inter7.com/?page=qmailmrtg7
Install:
cd /var/src/tar
mkdir /var/www/html/qmailmrtg
wget http://shupp.org/software/qmailmrtg7-4.2.tar.gz
wget http://shupp.org/patches/qmailmrtg7-4.2-cfg.patch
cd ../
tar -xzf tar/qmailmrtg7-4.2.tar.gz
cd qmailmrtg7-4.2
patch -p0 /var/www/html/qmailmrtg/index.html
# now run mrtg 3 times to get rid of initial cron errors
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg
- Add the following line to your crontab
0-55/5 * * * * env LANG=C /usr/bin/mrtg /etc/qmail.mrtg.cfg > /dev/null
Options
QmailAdmin Limits
QmailAdmin can set per domain limits/defaults, which is really useful for hosting companies with different mail packages. This is covered in detail in the INSTALL file of qmailadmin (/var/src/qmailadmin-1.2.11/INSTALL).
Appendix
Donate!
If you find this toaster useful to you, and want to support its development, please feeel free to donate via Paypal:
NOTE: If you want to support a particular translation, please indicate which translation you wish to support in the 'Message to Seller' option at the end of checkout
Troubleshooting
Credits
- This document is certainly inspired by Matt Simerson's
FreeBSD Mail Toaster
. If you use FreeBSD, use it instead, it's great.
- Most of the commands listed in the steps above are derived either directly from the documentation or
Life With Qmail
.
- There have been countless ideas, corrections, testing, and even bits of code contribted from the toaster users list.
- This toaster was put together by Bill Shupp (hostmaster@shupp.org) in December of 2001.
Translations
- Spanish translation by Abel Lucano with some input from Ingo Carlo
- Romanian translation by Daniel Toma
Resources
Success Reports
"Bill, thanks loads for the toaster. It works wonderfully, and didn't take too long to set up. I only wish I had it two weeks ago. :)" -- Matt G.
"Hi I just installed the complete qmail toaster suite tonight. . [nearly] flawless installation. . and [nearly] all done from your site. . i think you are doing great things with that toaster site." -- Ezra P.
"Thanks for making it easy. Now to understand what I (you) have done. ; )" -- Charles C.
"Hi Bill, I just wanted to thank you for the great instructions on setting up qmail, etc. on Linux. I'm a bit of a rookie and for the last month I've been looking for a fairly easy to configure setup for mail. After going from RedHat w/ Sendmail to Win 2K / Exchange to FreeBSD, Debian, Gentoo, Slack with some combo of qmail, courier, postfix and back again I finally stumbled upon your site - gave RedHat a fresh install and within half an hour I was up and running with Qmail. (I'm sending this to you using my server). I couldn't have done it without you! I really do appreciate the work you put into the instructions and patches." -- Thomas A.
"Bill, Just wanted to drop a note to you to thank you for all the obvious work you put into the toaster website. I just installed it, and it worked perfectly. In fact, I am sending you the first email from my new setup. Again, thanks for all the hard work that went into the instructions." -- Jim S.
ChangeLog0.9.2 - 4/17/2007
- Upgrade tmda-cgi to 0.16.3
- Added Romanian translation - tnx Daniel Toma
- Upgrade toaster patch to 0.9.1 (updated tls patch)
- Make language selection static (from table of contents page)
- Update simscan tar ball with updated configure script (should fix problem locating the clamavdb directory)
0.9.1 - 4/13/2007
- Upgrade clamav to 0.90.2
- Added Spanish translation - tnx Abel Lucano and also Ingo Carlo
- Fix courier-authlib patch (implicit declaration)
- Remove verbose option from tar commands
0.9.0 - 3/28/2007
- Moved documentation to
Simplified DocBook
format with embedded gettext support. It's displayed via a few new PHP classes written for this purpose. See
ToasterDoc
for more info.
- Upgrade toaster patch to 0.9.0
- Upgrade clamav to 0.90.1
- Updgrade courier-imap to 4.1.2, courier-authlib to 0.59.1. Wrote cram patch for authvchkpw so secure auth is available for imap connections
- Updgrade vpopmail to 5.4.18 + vpopmaild and configure patches
- Updgrade TMDA and TMDA-cgi to 1.1.11 and 0.16.2 respectively
- Update lots of text and notes.
- Make install-strip for clamav now
- Update toaster-scripts to 0.9.0 (new kill options in ctl scripts, remove -L argument to spamd)
- Update simscan to 1.3.1.shupp1 (tarball with clamavdb configure patch applied)
- Add server thread sorting and server-side sorting to squirrelmail configuration - tnx Maciej Soltysiak
0.8.11 - 11/6/2006
- Added step to install double-bounce-trim patch to qmail
- Upgrade clamav to 0.88.6
- Updgrade courier-imap to 4.1.1
- Updgrade vpopmail to 5.4.17 + vpopmaild patches
- Updgrade TMDA and TMDA-cgi to 1.1.9 and 0.15+patch respectively
0.8.10 - 8/7/2006
0.8.9 - 6/11/2006
- Upgrade qmail-toaster-0.8.3.patch, which removes the mfcheck patch and instead enables CHKUSER_SENDER_MX in chkuser_settings.h
- Fix some typos
- Change to 'config-fast `hostname --long`' during qmail install for easier automation
0.8.8 - 5/11/2006
- Update clamav to 0.88.2
- Added link to Trustix 3.0 notes - tnx Matthew Valentini
0.8.7 - 4/9/2006
- Update toaster patch (put mfcheck back, turn on user extensions in chkuser), ezmlm-idx, courier imap, squirrelmail, quota usage, toaster scripts, clamav (and corresponding patches), and simscan
- Added TMDA in Options
- Added notes for x86_64 issues - tnx Rick Root
- Added chkconfig directives to the freshclam init script - tnx Ken Schweigert
- Finally added notes about using pop3ds.run.v4 in case you have stunnel version 4
- Added umask directives - tnx George Toft
- Added clear option in qmailctl to clear readproctitle errors - tnx Sim
- Added simscan patch to call ripmime correctly
- Added SSL/TLS testing info. Also noted how to deal with cipher list problems
- Added freshclam.log to logrotate - tnx Tom Collins
- 4/10/2006 - Added SSL instance of tmda-ofmipd
- 4/10/2006 - Note different version syntax for stunnel 3 and 4 - tnx Ingo Claro
- 4/10/2006 - Downgrade ezmlm-idx to 0.443 until chkuser is updated to support the new version
- 4/10/2006 - upgrade QmailAdmin to 1.2.10 to include security fixes
- 4/19/2006 - Add removal of exim4-base and exim4-config to Debian notes
0.8.6 - 1/28/2006
- Update clamav to 0.88
- use vpopmail-5.4.13-cumulative-1.patch which has one bug fix and back ports vpopmaild
0.8.5 - 1/5/2006
- Update toaster patch to version 0.8.1 (tls update)
- Update ripmime to 1.4.0.6
0.8.4 - 12/26/2005
- Update courier-imap/courier-authlib versions
- Fix spelling error
- Use yum instead of rpm -q in 'Prerequisites'
- Fix some apt-get typos - tnx Tom Nats
- Mention MANDATORY_MANPATH for Debian - tnx Andrea Riela
0.8.3 - 12/3/2005
- Add SpamAssassin and ClamAV dependencies installation, and gmake alias to Debian Notes section
0.8.2 - 11/7/2005
0.8.1 - 9/16/2005
- Update qmailadmin, courier-authlib, courier-imap, clamav, and ezmlm-idx versions
0.8 - 7/24/2005
- Update qmailadmin configure line since debian requires arguments
- Added Debian notes
- Added qmailmrtg7 under 'Options'
- Update all software packages to latest versions, including courier-imap which now requires authlib
- Update toaster patch to include latest patch versions
- Update notes in Test Drive
- Update archive links in Troubleshooting
0.7.13 - 6/23/2005
0.7.12 - 5/23/2005
0.7.11 - 5/13/2005
0.7.10 - 5/1/2005
- Update vpopmail to 5.4.10
- Update ripmime to 1.4.0.5
- Update clamav to 0.84
0.7.9 - 3/13/2005
0.7.7 - 2/16/2005
- add spam_passthru=yes to simcontrol - tnx Jason S
- add note about needing gmp-devel - tnx Jesus San Miguel
- add note about chowning /var/qmail/spam to vpopmail:vchkpw after re-installs of qmail (for spam throttle)
- remove chmod +t commands, as they are only for daemontools
0.7.7 - 2/16/2005
- Upgraded clamav to 0.83
- Upgraded simscan to 1.1
0.7.6 - 2/7/2005
0.7.5 - 2/4/2005
- Fixed missing semi-colons in creation of aliases - tnx Tom Collins
- Consolidate rpm command suggestions - tnx Tom Collins
- Add qmail man pages to MANCONFIG path - tnx Tom Collins
0.7.4 - 2/1/2005
- Updated clamav to 0.81 - tnx Bob Hutchinson for updated stderr patch
- Minor change to tcprules command in vpopmail install - tnx Jake Applebaum
0.7.3 - 1/25/2005
- Updated qmail-toaster patch to 0.7.2 to fix a CR in overmaildirquota.c
0.7.2 - 1/20/2005
- Updated maildir++ patch to fix duplicate free() - tnx Tom Collins
0.7.1 - 1/8/2005
- Added mention of SELinux incompatibility with QmailAdmin - tnx Dave Roberts
0.7 - 12/27/2004
- 1/8/2005 - Added mention of SELinux incompatibility with QmailAdmin - tnx Dave Roberts
- Changed qmail-toaster patch from 0.7b5 to 0.7 (no changes)
- Changed toaster version from 0.7b2 to 0.7
- Added note to courier-imap install about changing from self-signed certificate
0.7b2 - 12/20/2004
- Updated paths to init scripts. This document now uses /etc/init.d and /etc/rc?.d instead of /etc/rc.d/init.d and /etc/rc.d/rc?.d
- Enabled per-domain scanning in simscan - tnx Jose Luis Canciani
- Typo in version info of toaster patch - tnx Eduardo Cortes
0.7b1 - 12/15/2004
- New Toaster patch with updated versions, SPF, dropped mfcheck, swapped spam throttle for tarpit
- Updated vpopmail to 5.4.8, qmailadmin to 1.2.3
- Updated courier-imap to 3.0.8
- Added SpamAssassin, ClamAV, simscan, ripmime to Options
- Lots of updates to run/config files
- qmailctl now detects whether roaming users is being used
0.6 - 2/16/2004
- Switched to netqmail 1.05 for base patch install
- Updated large patch and chkuser patch
- Updated vpopmail to 5.4.1, qmailadmin to 1.2.1
- Updated courier-imap to 2.2.2.20040207 to comply with vlimits code
0.5.2 - 1/27/2004
- Fixed problem with missing config.php in quota_usage plugin install
0.5.1 - 1/20/2004
- Fixed some typos
- Noted in 'prerequisites' that krb5 dev files, Apache and PHP are required
0.5 - 1/6/2004
- Updated core software versions, qmail patch
- Switched from SqWebmail to SquirrelMail
- Removed Apache install (just use the distro's)
- Removed roaming users support (use smtp-auth instead)
- Added license link
0.4.7 - 6/17/2002
- typos in courier-imap link, filename. thanks to Yalcin Cekic.
0.4.6 - 6/05/2002
- the qmail-smtpd run script didn't have a hostname, which is now required for the smtp-auth patch 0.30 and above.
- forgot to chown the imapd.pem for courier-imap now that we're running as vpopmail
- incorrect configure option for qmailadmin
0.4.5 - 6/03/2002
- Use courier-imap 1.4.6 (security advisory)
0.4.4 - 5/31/2002
- Update courier-imap install to run as vpopmail.vchkpw instead of root (for romaing imap users)
- Update support information
0.4.3 - 5/29/2002
- Use port numbers in pop3d start scripts instead of 'pop-3' and 'pop3s'
0.4.2 - 5/26/2002
- Upgrade to new 0.31 smtp auth patch
0.4.1 - 5/21/2002
- Use vpopmail-5.3.6 instead of alternate vchkpwcmd5
- Use courier-imap 1.4.5
- Use sqwebmail 3.3.4
0.4 - 4/20/2002 (not published)
- Supply new vchkpwcmd5 module (alternate to vchkpw)
- Use vpopmail-5.3.5-cmd5 and qmailadmin 1.0.4
- Use courier-imap 1.4.4 and sqwebmail 3.3.3
- Switch to qmail-pop3d from courier pop3d
- Upgrade to v. 0.30 of the SMTP-AUTH patch
0.3 - 1/3/2002
- Use vpopmail-5.1.4 and qmailadmin 1.0.1
- remove unnecessary patches
0.2 - 12/26/2001
- fixed broken link in download section
- added patch for quota problems in vpopmail-5.1.3
0.1 - 12/24/2001
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/14077/showart_486710.html |
|
免费注册
发表于 2008-02-29 11:08