Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: qmail vpopmail courier-imap qmail-scanner (12/2006)
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Tue Dec 26, 2006 10:46 pm    Post subject: HOWTO: qmail vpopmail courier-imap qmail-scanner (12/2006) Reply with quote

Previous incarnations of this Howto:
HOWTO: qmail vpopmail courier-imap qmail-scanner (09/2005) by petterg
HOWTO: qmail vpopmail courier-imap qmail-scanner etc (NEW) by sabrex
HOWTO: qmail vpopmail qmail-scanner courier squirrelmail by sabrex

Please check the extra notes at the bottom of the guide.

I have tried to make this install as short and concise as possible. There are a few explanations as to the changes from petterg's latest.

Packages used in this guide:
Code:
mail-mta/qmail-1.03-r16
net-mail/vpopmail-5.4.16
net-mail/courier-imap-4.0.4
dev-python/pyzor-0.4.0-r2
mail-filter/razor-2.82
mail-filter/dcc-1.3.24
mail-filter/spamassassin-3.1.3
app-antivirus/clamav-0.88.7
mail-filter/qmail-scanner-1.25-r1
net-mail/ezmlm-idx-mysql-0.40-r2
net-mail/qmailadmin-1.2.10
mail-client/squirrelmail-1.4.9a


Assumes these packages are installed, configured and running:
Code:
apache
mysql
php

Before you start it might be a good idea to run
Code:
> emerge --sync


1) Ensure that the proper USE flags are set
Code:
> nano /etc/make.conf
USE-flags to set: apache2 ipv6 mysql nls qmail spamassassin ssl vhosts

ipv6 is optional. Some people have had problems in the past with this flag set. I personally have it enabled and have no problems with it.
ssl if you want SSL support (which I highly recommend).
vhosts is optional. If you plan on having a virtual-hosting environment in apache, this is required.

2) Install qmail
Note: You can't use Cram-MD5 encryption for authentication with only encrypted vpopmail passwords in the mysql database. If you run with both Cram-MD5 and encrypted passwords, the authentication attempt will fail and then revert to sending plain text username and password and cause about a 5 second delay in sending e-mail. I would rather trust myself to not look at users passwords than have an unknown number of people sniffing plain text usernames and passwords between client and server.
Code:
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use
> emerge -pv mail-mta/qmail

You might see something blocking for the installation of qmail. Unmerge them:
Code:
> emerge -C (append name of blocking package(s) here!)

Install qmail
Code:
> emerge mail-mta/qmail

Configure qmail
Code:
> nano /var/qmail/control/servercert.cnf
Modify to whatever suits your needs and save/exit
> emerge --config mail-mta/qmail
Press [enter] to continue whenever it asks you to modify /var/qmail/control/servercert.cnf.  You've done that.

Setup/start smtp service
Code:
> ln -s /var/qmail/supervise/qmail-send /service/qmail-send
> ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

> rc-update add svscan default
> /etc/init.d/svscan start


3) Install vpopmail
Code:
> emerge vpopmail

Create the vpopmail database.
Code:
Login to the mysql server (as a user with permissions to create databases and add users)
mysql> create database vpopmail;
mysql> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your vpopmail password';
mysql> flush privileges;
mysql> quit

Choose a vpopmail password that is not used anywhere else. The password has to be saved in cleartext! You'll never need to remember it after you're done with the installation.
If your mysql server is not running on localhost, change the vpopmail@hostname accordingly.

Edit vpopmail.conf.
Code:
> nano /etc/vpopmail.conf

# Read-only DB
localhost|0|vpopmail|your vpopmail password|vpopmail
# Write DB
localhost|0|vpopmail|your vpopmail password|vpopmail

Make sure the vpopmail.conf is readable for the vpopmail user. Default is ownership = root:vpopmail with 640 permissions

4) Install imap and pop3 server
Code:
> emerge courier-imap

Modify /etc/courier/authlib/authdaemonrc
Code:
> nano /etc/courier/authlib/authdaemonrc

authmodulelist="authvchkpw"


Thunderbird defaults to having 5 imap connections for caching purposes, but courier-imap only allows 4 connections per ip. This can cause some errors in thunderbird (possible data loss). Its easier to just allow 5 connections per ip rather than have everyone change thunderbird, so:
Modify /etc/courier-imap/imapd
Code:
> nano /etc/courier-imap/imapd

MAXPERIP=5


If you want the imap server to run:
Code:
> rc-update add courier-imapd default
> /etc/init.d/courier-imapd start


If you want ssl support for you imap server:
Code:
> nano /etc/courier-imap/imapd.cnf
     edit to suit your needs
> mkimapdcert
> rc-update add courier-imapd-ssl default
> /etc/init.d/courier-imapd-ssl start


If you want the pop3 server to run:
Code:
> rc-update add courier-pop3d default
> /etc/init.d/courier-pop3d start


If you want ssl support for you pop3 server:
Code:
> nano /etc/courier-imap/pop3d.cnf
     edit to suit your needs
> mkpop3dcert
> rc-update add courier-pop3d-ssl default
> /etc/init.d/courier-pop3d-ssl start


There is no need to edit /etc/courier-imap/[pop3d|pop3d-ssl|imapd|imapd-ssl] and change [POP3D|POP3DSSL|IMAPD|IMAPDSSL]START=NO to YES because these values are only used for scripts that parse this directory's files to start the services. We start these through rc-update and thus have no reason to change the values.
I'm running all 4 servers. Users may decide if they want imap or pop3. A firewall makes sure that the non-ssl servers is unavailable for users located outside the local network.

5) Update the smtpd config to allow smtp-auth using vpopmail
Code:
> nano /var/qmail/control/conf-smtpd

Add a value of QMAIL_SMTP_CHECKPASSWORD before the last four lines (which are already uncommented)
# SMTP-AUTH using vchkpw from vpopmail
QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"


The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail:
Code:
> nano /var/qmail/control/conf-common

SOFTLIMIT_OPTS="-m 32000000"
TCPSERVER_OPTS="-H -l 0" (that's lower-case L followed by zero)

Note: The "-R" option is not needed because it is automatically added in conf-smtpd.

Reload smtp config
Code:
> svc -t /var/qmail/supervise/qmail-smtpd


6) Install spam database clients
Code:
> emerge pyzor razor dcc


7) Install ClamAV and SpamAssassin
Code:
> emerge spamassassin clamav

Configure SpamAssassin
Code:
> nano /etc/conf.d/spamd

SPAMD_OPTS="-v -u vpopmail -x -H /etc/mail/spamassassin/"

An edit for the subject line of spam occurs after the installation of qmailscanner.

No need to edit /etc/mail/spamassassin/local.cf. The defaults in my opinion are perfect.

Uncomment the following (since we installed it, we could just as well use it):
Code:
> nano /etc/mail/spamassassin/v310.pre

loadplugin Mail::SpamAssassin::Plugin::DCC

Start spamd
Code:
> /etc/init.d/spamd start
> rc-update add spamd default

Configure Clamav
Note: A fix for clamav permissions comes after the installation of qmailscanner.
Code:
> nano /etc/freshclam.conf

#UpdateLogFile /var/log/freshclam.log
UpdateLogFile /var/log/clamav/freshclam.log

update DatabaseMirror to a mirror close to your server

Start clamav
Code:
> /etc/init.d/clamd start
> rc-update add clamd default


8) Install qmail-scanner
Make sure spamassassin and clamav is running while emerging qmail-scanner.
Code:
> emerge qmail-scanner

Scroll back to see if Spamd and Clamav was detected. Look for
Code:
Searching .....................................
==============================================================
The following binaries and scanners were found on your system:
==============================================================

Followed by: clamdscan=... and fast_spamassassin=...

If they're not detected there might be some error messages that will be handy for debugging

Activate qmail-scanner
Code:
> nano /etc/tcprules.d/tcp.qmail-smtp

Mine is as simple as this:
Code:
# to update the database after changing this file, run:
# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
# tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp

# Qmail-Scanner disabled for mail from localhost, relay allowed
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# Qmail-Scanner enabled (virus and spam) for mail from external internet, relay denied
# Relay is actually allowed in this instance if you are using some sort of smtp auth
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

Update the cdb
Code:
> cd /etc/tcprules.d/
> tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp

Fixing the Subject Line of Spam
Qmailscanner edits the subject line of spam for you with "SPAM:". If you don't want it to be rewritten:
Code:
> nano /var/qmail/bin/qmail-scanner-queue.pl

(This is down around line 310)
#my $sa_subject_site="SPAM:";  # st: if fast_spamassassin mode is selected
my $sa_subject_site="";  # st: if fast_spamassassin mode is selected


Fix for ClamAV permissions:
Here we have the choice of how to run clamav. You have the choice of whether to run clamav as root (much to permissive for my taste) or to run it as qscand (which is the user that needs to access clamav to check incoming e-mail). Clamav cannot run as user clamd and still have qscand check e-mails for viruses (it doesn't have the permission it needs to read the incoming e-mail). Below are the changes needed to run as qscand.
Code:
> nano /etc/clamd.conf

#User clamd
User qscand

> nano /etc/freshclam.conf

#DatabaseOwner clamav
DatabaseOwner qscand

> chown -R qscand:qscand /var/lib/clamav/ /var/log/clamav/ /var/run/clamav/
> /etc/init.d/clamav restart


9) Create domain(s)
The first domain to add should be the primary domain of the server.
Code:
> /var/vpopmail/bin/vadddomain domain.tld postmasterpassword

Repeat for all virtual domains.

If you are only hosting one domain and don't wish to have the @domain.tld as part of the username:
Code:
> echo "domain.tld" > ~vpopmail/etc/defaultdomain


If you have a (sub)domain for testing add it as an aliasdomain.
Code:
> /var/vpopmail/bin/vaddaliasdomain domain.tld test.domain.tld


10) Install mailing lists and qmailadmin
Code:
> emerge ezmlm-idx-mysql qmailadmin

You can now access qmailadmin through http://localhost/cgi-bin/qmailadmin

11) Install squirrelmail
Make sure that you have USE="vhost" in /etc/make.conf
Code:
> emerge squirrelmail
> webapp-config -I -h localhost -d mail squirrelmail 1.4.9a
or
> webapp-config -I -h {$host} -d {$directory} squirrelmail {$version}
to install install using a different host/directory/version

Configure squirrelmail
Code:
> cd /var/www/localhost/htdocs/mail/
> ./configure

Press D to load the Courier-imap template.
Walk through the config menu to set up to your needs.
Make sure to load the compatibility and secure_login plugins.

As users inboxes grow, the webmail will become slow. To fix this make sure to enable "Allow server thread sort" and "Allow server-side sort" under General Options.

12) Check Qmail control files
Make sure the files in /var/qmail/control have been updated. If they are not updated something is wrong. Probably it's related to mysql permissions.
Code:
This file should contain your primary domain:
> echo "domain.tld" > me

If you are delivering mail from any domain to actual system users (ex: ~user/.maildir):
> echo "domain.tld" > locals
  else
> echo "localhost" > locals

This should contain all domains and aliasdomains on separate lines:
rcpthosts (automatically done for you)

This should contain all domains and aliasdomains on the form of domain.tld:domain.tld :
virtualdomains (automatically done for you)


13) Client setup
For SMTP client setup: All clients outside your local network need to enable TLS (encryption) and SMTP-Auth. For username use the full email-address. There is a bug with Outlook (and express) XP using TLS. No workaround is known. Use another client program!
Note: M4chine posted (on Oct. 19th, 2005) that this bug was related to Symantec AntiVirus. If you disable "Internet Mail Security" you may get around this problem. I've no clue if this is the way to go when using other virus software. (Btw, if you're using Symantec / Norton AV you should seriously consider another AV program for windows. Avast, Clamwin and F-secure are my favorites.)

POP3/IMAP client setup
If you do like me - block port 110 and 143 from outside your localnet with a firewall then clients on the outside need to enable SSL and use port 993 for IMAP-SSL and port 995 for POP3-SSL. Clients on the local network may use ports 110/143 without SSL enabled. Use the full email-address as username.


Last edited by mobiusproject on Sun Jan 07, 2007 6:40 pm; edited 3 times in total
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Tue Dec 26, 2006 10:47 pm    Post subject: Reply with quote

Extra qmail instructions:
Setting up SSL Certificates
Setting up clear passwords for vpopmail after the fact
Setting up vqadmin
Better Mail Logs

Setting up SSL Certificates
I purchased an SSL certificate through a provider (godaddy in my case) and wanted to set up the new ssl certificate to work with both qmail and courier-imap. # Create a directory just for this domains key and the key
Code:
> cd
> mkdir mail.domain.tld
> cd mail.domain.tld
> openssl genrsa -out mail.domain.tld.key 1024

Create a config for your domain
Code:
> nano mail.domain.tld.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# 2-Letter ISO country code
C=US
# FULL name of state/province/district
# NO abbreviations!
ST=State
# FULL name of city
# NO abbreviations!
L=City
# Full Name of your organization
# NO abbreviations!
O=Orgnaization, L.L.C.
# Organizational Unit
OU=Organizational Unit ex: Mail Services
# This should be a FQDN that resolves to the IP of your server
CN=mail.domain.tld
# This should be the email address for the administrator of the server
emailAddress=postmaster@domain.tld

# Leave this alone!
[ cert_type ]
nsCertType = server

Create the domain certificate signature request.
Code:
> openssl req -new -key mail.domain.tld.key -config mail.domain.tld.cnf -out mail.domain.tld.csr

Send in your mail.domain.tld.csr to the ssl certificate signer, they should return to you a signed certificate, ex: mail.domain.tld.crt
You should also be able to get an intermediate and root certificate from the ssl provider (in my case sf_issuing.crt and ca_bundle.crt respectively)
Create mail.domain.tld.chain (used in qmail)
Code:
> cat mail.domain.tld.key mail.domain.tld.crt intermediate.crt root.crt > mail.domain.tld.chain

Create mail.domain.tld.chain.dh (used in courier-imap)
Code:
> cp mail.domain.tld.chain mail.domain.tld.chain.dh
> openssl gendh >> mail.domain.tld.chain.dh

Make sure you have very restrictive permissions on all of these files
Code:
> chmod 600 mail.domain.tld.*

Move the chain files to the respective places
Code:
## Qmail
> cp mail.domain.tld.chain /var/qmail/control/servercert.pem
> chown qmaild:qmaill /var/qmail/control/servercert.pem
> chmod 640 /var/qmail/control/servercert.pem
## Courier-Imap
> cp mail.domain.tld.chain.dh /etc/courier-imap/cert.pem
> cd /etc/courier-imap/
> ln -sf cert.pem imapd.pem
> ln -sf cert.pem pop3d.pem



Setting up clear passwords for vpopmail after the fact
If you, like me, installed vpopmail without clear passwords and then realized that clear passwords are required for Cram-MD5 encryption for authentication and want to update your database, here is how I did it. Its not automatic, but it works.
Code:
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use
> emerge vpopmail qmailadmin
> mysql -u vpopmail -p
  vpopmail password is in /etc/vpopmail.conf if you have forgotten it

mysql> use vpopmail;
mysql> ALTER TABLE vpopmail ADD pw_clear_passwd char(16) default NULL AFTER pw_shell;

Query OK, xx rows affected (0.01 sec)
xx denotes the number of rows (users) you have.

mysql> quit

If you have qmailadmin or vqadmin you can change the password and these will update the database with the clear password. Or you can do it the old fashioned way, the command line:
Code:
> ~vpopmail/bin/vchangepw
Please enter the email address: user@domain.tld
Enter old password: oldPassword
Please enter password for user@domain.tld: newPassword
enter password again: newPassword
Password successfully changed.

Even if you don't update the database, you can still send and receive mail, but until you update it cram-md5 encryption for authenticating with the smtp server won't work (as it was doing before).


Setting up vqadmin
Taken from
Code:
> zless /usr/share/doc/vqadmin-2.3.6/INSTALL.gz

vqadmin isn't the easiest thing to install and configure, but its one of the better ways to administrate qmail.
Unmask and install vqadmin
Code:
> echo "net-mail/vqadmin ~x86" >> /etc/portage/package.keywords
> emerge vqadmin

vqadmin only installs to localhost; it isn't configurable through webapp-config because of how it compiles. Thus, we need to edit an apache config file to access it. Note: you only need to do this if you use virtual hosts. If you just use localhost, skip this section. Also, this is just an example. It won't work verbatim.
Code:
> nano /etc/apache2/vhosts.d/01_domain.tld.conf

<VirtualHost *:80>
   ServerName mail.domain.tld
   DocumentRoot /var/www/mail.domain.tld/htdocs

   # Because vqadmin installs to localhost
   ScriptAlias /cgi-bin/vqadmin/ /var/www/localhost/cgi-bin/vqadmin/
   Alias /vqadmin/ /var/www/localhost/htdocs/vqadmin/

   <Directory /var/www/mail.domain.tld/htdocs>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
      <IfModule mod_access.c>
         Order allow,deny
         Allow from all
      </IfModule>
   </Directory>

   <Directory /var/www/localhost/htdocs/vqadmin>
      Options -All
      AllowOverride All
      <IfModule mod_access.c>
         Order allow,deny
         Allow from all
      </IfModule>
   </Directory>

   <Directory /var/www/localhost/cgi-bin/vqadmin>
      Options ExecCGI
      AllowOverride AuthConfig
      <IfModule mod_access.c>
         Order deny,allow
         Deny from all
      </IfModule>
   </Directory>

</VirtualHost>

Edit files to get access to vqadmin. Just change the lines that I have listed, keep the others.
Code:
> cd /var/www/localhost/cgi-bin/vqadmin/
> nano .htaccess

AuthUserFile /var/www/localhost/auth/vqadmin.passwd

> nano vqadmin.acl
(last line)
senior * vQadmin

> mkdir /var/www/localhost/auth/
> htpasswd2 -bc /var/www/localhost/auth/vqadmin.passwd vQadmin password

Reload apache2's config files.
Code:
> /etc/init.d/apache2 reload
 * Caching service dependencies ...          [ ok ]
 * Reloading apache2 ...                     [ ok ]

Open a web browser, go to:
Code:
http://mail.domain.tld/cgi-bin/vqadmin/vqadmin.cgi

Use the username and password that you just put into htpasswd2. You have full control over all domains through vqadmin. You can even edit qmail control files through vqadmin. With the vpopmail compiled with clearpw you can even see what account's passwords are in case people lose them. I still think its better to have clear passwords through vpopmail than to have usernames and passwords sent as plain text over the internet.


Better Mail Logs
Logs are the backbone to debugging. Below are the rules that I use to create logs just for mail. This assumes that you are using syslog-ng. Add the following to your syslog-ng config file:
Code:
> nano /etc/syslog-ng/syslog-ng.conf

destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
filter f_mail { facility(mail); };
filter f_info { level(info); };
filter f_warn { level(warn); };
filter f_err { level(err); };log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

Restart syslog-ng
Code:
> /etc/init.d/syslog-ng restart


Last edited by mobiusproject on Sun Jan 07, 2007 7:02 pm; edited 2 times in total
Back to top
View user's profile Send private message
carpenike
Tux's lil' helper
Tux's lil' helper


Joined: 10 Feb 2005
Posts: 127

PostPosted: Wed Dec 27, 2006 5:14 am    Post subject: Reply with quote

Awesome! I've been looking for an updated guide on these the last few weeks; this is perfect!

One thing to note that I had a problem with...

When I was attempted to run vadddomain, I got a Segmentation Fault... I found this on this wiki:http://gentoo-wiki.com/HOWTO_Setup_QMAIL_RELAY-CTRL_VPOPMAIL

Quote:
Update: If You have any problems like "Segmentation fault" while doing vadddomain: edit /var/qmail/control/rcpthosts and remove all the lines (so that file is 0 bytes long) and delete all rcpthosts.* files except rcpthost.lock


Thanks so much!
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Wed Dec 27, 2006 3:05 pm    Post subject: Reply with quote

Nice update. And perfect timing!
I started installation of a new server last night, the same day as this update came out. Going to read a bit now and install the mail applications later this week.
I'll try out the new qmail-scanner-2.01. It's supposed to fix problems with clamd running as clamd and mail relayed using smtp-auth should not need to wait for spamcheck.

I'll try to tweak the spam dbs a bit. Also I'll try to get the vaild-mail-account-check to run before accepting incomming mail, so that spam to notExistingUser@mydomain.tld should be rejected without wasting resourses on recieving and scanning.
Update will come... this year?


Some comments to Mobiusproject's changes:
Quote:

2) Install qmail
....
If you run with both Cram-MD5 and encrypted passwords, the authentication attempt will fail and then revert to sending plain text username and password and cause about a 5 second delay in sending e-mail. I would rather trust myself to not look at users passwords than have an unknown number of people sniffing plain text usernames and passwords between client and server.


I think if tls is used (and enforced by the server) the passwords will be transmitted in cleartext over an encrypted channel. Hence this should not be any problem.
Then there is the problem with users trust. My users use the same password for their mail as thay use for other things. They trust that their passwords cannot be read by me or anyone else (other users / hackers) managing to get into the server.
Hence I prefer to not store passwords in cleartext, and enforcing tls for athentication.
Please let me know if this is less safe than I assume!


Quote:

4) Install imap and pop3 server
....
Thunderbird defaults to having 5 imap connections for caching purposes, but courier-imap only allows 4 connections per ip. This can cause some errors in thunderbird (possible data loss). Its easier to just allow 5 connections per ip rather than have everyone change thunderbird


Good point.
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Tue Jan 02, 2007 2:35 am    Post subject: Reply with quote

petterg wrote:
Nice update. And perfect timing!
I'll try out the new qmail-scanner-2.01. It's supposed to fix problems with clamd running as clamd and mail relayed using smtp-auth should not need to wait for spamcheck.

I'll try to tweak the spam dbs a bit. Also I'll try to get the valid-mail-account-check to run before accepting incoming mail, so that spam to notExistingUser@mydomain.tld should be rejected without wasting resources on receiving and scanning.

I am glad that you like the updated version. If you can get qmail-scanner-2.01 to work, that would be wonderful. Right now I don't have a machine to play around with, but that looks like a nice update. Also getting the valid-mail-account-check would really save resources, as well as double-bounces.
petterg wrote:
Hence I prefer to not store passwords in cleartext, and enforcing tls for athentication.
Please let me know if this is less safe than I assume!

If you are enforcing tls and don't enable cleartext passwords, then you should be fine. If you go this route, you could just as well disable Cram-MD5 encryption because it will fail anyways and will cause a delay whenever authenticating. The password will be sent in plain text on top of tls instead of Cram-MD5 encryption on top of tls, but still encrypted. I can't move all of my clients to e-mail clients that support tls, thus i can't go that route. But we do set up our servers around our clients needs, and I am so happy that its so easy to make these changes.
Back to top
View user's profile Send private message
tgnb
Apprentice
Apprentice


Joined: 16 Apr 2002
Posts: 207
Location: New York, NY

PostPosted: Wed Jan 03, 2007 4:02 pm    Post subject: thanks Reply with quote

thanks for the updated guide as it made it easy for me to add antivirus and spam filtering to my existing mailserver :)
Back to top
View user's profile Send private message
xeon061
n00b
n00b


Joined: 06 Jan 2007
Posts: 14

PostPosted: Sat Jan 06, 2007 5:10 pm    Post subject: spamd is not filtering Reply with quote

Pretty good howto!

Maybe someone of the vpopmail/qmail/spammassassin/courier etc hero`s can help me out of the following problem.
--> Spamd is not filtering. If i try it manually like --> spamc -R </sample-spam.txt <-- it is working
I got 7.3 at 5.0
But if it is working as a daemon, nothing is filtered.

After hours and hours i saw at netstat -tulpen, no Program name behind the PID
590

Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State Benutzer Inode PID/Program name


tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 7663740 590/


tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 12637 7133/perl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 11319 6270/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11009 6098/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 7687685 24366/tcpserver
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 12289 6913/smbd

The prozess of spamd is running
root 30679 1 59 18:01 ? 00:00:05 /usr/sbin/spamd -d -r
/var/run/spamd.pid -v -u vpopmail -x -H /etc/mail/spamassassin/


More information needed?
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Sun Jan 07, 2007 5:29 am    Post subject: Re: spamd is not filtering Reply with quote

xeon061 wrote:
...
Maybe someone of the vpopmail/qmail/spammassassin/courier etc hero`s can help me out of the following problem.
--> Spamd is not filtering. If i try it manually like --> spamc -R </sample-spam.txt <-- it is working
I got 7.3 at 5.0
But if it is working as a daemon, nothing is filtered.

After hours and hours i saw at netstat -tulpen, no Program name behind the PID 590
...
The prozess of spamd is running
Code:
root     30679     1 59 18:01 ?        00:00:05 /usr/sbin/spamd -d -r /var/run/spamd.pid -v -u vpopmail -x -H /etc/mail/spamassassin/


"netstat -tulpen" doesn't show anything on my end for spamassassin either, so that doesn't mean that it isn't running on your end.
"ps auxf | grep spamd" also brings up the same line as yours above.
What does
Code:
grep spamd /var/log/mail.info | tail -n 20
do for you?
Back to top
View user's profile Send private message
xeon061
n00b
n00b


Joined: 06 Jan 2007
Posts: 14

PostPosted: Sun Jan 07, 2007 6:02 am    Post subject: Re: spamd is not filtering Reply with quote

What does
Code:
grep spamd /var/log/mail.info | tail -n 20
do for you?[/quote]


I don`t have a /var/log/mail.info.
I installed syslog-ng, so in messages is

Jan 7 06:50:29 src@linuxmail authdaemond: modules="authvchkpw", daemons=5
Jan 7 06:50:29 src@linuxmail authdaemond: Installing libauthvchkpw
Jan 7 06:50:29 src@linuxmail authdaemond: Installation complete: authvchkpw
Jan 7 06:50:33 src@linuxmail clamd[14850]: Daemon started.
Jan 7 06:50:33 src@linuxmail clamd[14850]: clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i686)
Jan 7 06:50:33 src@linuxmail clamd[14850]: Log file size limited to 1048576 bytes.
Jan 7 06:50:33 src@linuxmail clamd[14850]: Verbose logging activated.
Jan 7 06:50:33 src@linuxmail clamd[14850]: Running as user qscand (UID 210, GID 210)
Jan 7 06:50:33 src@linuxmail clamd[14850]: Reading databases from /var/lib/clamav
Jan 7 06:50:41 src@linuxmail clamd[14850]: Protecting against 86099 viruses.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Unix socket file /var/run/clamav/clamd.sock
Jan 7 06:50:41 src@linuxmail clamd[14857]: Setting connection queue length to 15
Jan 7 06:50:41 src@linuxmail clamd[14857]: Listening daemon: PID: 14857
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive: Archived file size limit set to 10485760 bytes.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive: Recursion level limit set to 8.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive: Files limit set to 1000.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive: Compression ratio limit set to 250.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive support enabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Archive: RAR support disabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Portable Executable support enabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Mail files support enabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Mail: Recursion level limit set to 64.
Jan 7 06:50:41 src@linuxmail clamd[14857]: OLE2 support enabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: HTML support enabled.
Jan 7 06:50:41 src@linuxmail clamd[14857]: Self checking every 1800 seconds.
Jan 7 06:50:41 src@linuxmail freshclam[14865]: Daemon started.
Jan 7 06:50:41 src@linuxmail freshclam[14866]: freshclam daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i686)
Jan 7 06:50:41 src@linuxmail freshclam[14866]: ClamAV update process started at Sun Jan 7 06:50:41 2007
Jan 7 06:50:41 src@linuxmail freshclam[14866]: main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
Jan 7 06:50:41 src@linuxmail freshclam[14866]: daily.cvd is up to date (version: 2417, sigs: 2149, f-level: 9, builder: ccordes)
Jan 7 06:50:41 src@linuxmail freshclam[14866]: --------------------------------------
Jan 7 06:50:43 src@linuxmail spamd[14924]: logger: removing stderr method
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test DRUGS_ERECTILE has undefined dependency '__DRUGS_ERECTILE7'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_HTML has undefined dependency '__ENV_AND_HDR_FROM_MATCH'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_HDR_FROM has undefined dependency '__ENV_AND_HDR_FROM_MATCH'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test __POPULAR_PRICES2 has undefined dependency '__CREATIVE_PRICE'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_OEM_POP_PRICES3 has undefined dependency '__CREATIVE_PRICE'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_OUTLOOK has undefined dependency '__ENV_AND_HDR_FROM_MATCH'
Jan 7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2'
Jan 7 06:50:54 src@linuxmail spamd[14928]: spamd: server started on port 783/tcp (running version 3.1.7)
Jan 7 06:50:54 src@linuxmail spamd[14928]: spamd: server pid: 14928
Jan 7 06:50:54 src@linuxmail spamd[14928]: spamd: server successfully spawned child process, pid 14945
Jan 7 06:50:54 src@linuxmail spamd[14928]: spamd: server successfully spawned child process, pid 14946
Jan 7 06:50:54 src@linuxmail spamd[14928]: prefork: child states: IS
Jan 7 06:50:54 src@linuxmail spamd[14928]: prefork: child states: II

Any other hints?
Back to top
View user's profile Send private message
xeon061
n00b
n00b


Joined: 06 Jan 2007
Posts: 14

PostPosted: Sun Jan 07, 2007 3:28 pm    Post subject: Re: spamd is not filtering Reply with quote

It looks like it`s ok now :lol:

After reemerging all the stuff again, it`s scanning now.

Btw i changed to Spamassassin 3.1.7 and netqmail-1.05-r4
I think something within the qmail or spamassassin was broken.

But thanks anyway
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Sun Jan 07, 2007 7:07 pm    Post subject: Reply with quote

I had forgotten that I had added the mail logs in my syslog-ng config file, so of course you wouldn't have those logs. I added the extra log info for syslog-ng to my second post of extras if you want more logs. Sorry, I had forgotten about those. But I am glad that you got things to work.
Back to top
View user's profile Send private message
synt4x
n00b
n00b


Joined: 20 Jun 2005
Posts: 46

PostPosted: Mon Jan 08, 2007 8:52 pm    Post subject: Reply with quote

I run a mail server with about 1000 users with this setup and I'd thought I'd throw in a few cents on tuning the configuration:

By default, with qmail's concurrencyincoming control file (see `man qmail-smtpd`) there is a max of 40 incoming SMTP connections. More than that, and the server will just refuse to open the connection, resulting in delayed delivery by other mail servers and users unable to connect to send their messages. With the default settings and my current load of incoming mail, I'd regularly experience this cut off and had to make the following tweaks. I'm not a super pro at this, so I'd love to hear some input on this, and it would also be nice if stuff like this could get folded back in since the diagnosis is a real headache:

* qmail's control/timeoutsmtpd file by default allows up to 20 minutes between data packets received by clients connected. This is utterly insane, and means that if a client bombs in the middle of sending a mail, one of your slots is tied up for 20 minutes. I created this file and set the timeout to 30 seconds. If you're taking more than 30 seconds between packets, you'll just need to reconnect and try again. Hell, Apache by default has it's timeout (for pipelined requests, different context but still similar) set to 15 seconds by default. This could probably be even more aggressively tuned to 5 seconds.

* Have the RAM? Flat out increase the concurrencyincoming to what you can handle. Note that if you set this too high and don't have the memory to support it a DDoS can completely lock up your mail server (I've seen this first hand). Also note on this problem that if you *restart* your svscan service, all the in-progress smtp connections will still exist. That is, if you were maxed out to 100 smtp's, decided to up it to 200, and restarted, you could face up to 300 smtp processes if you're getting really hammered

* SpamAssassin's `spamc` program has a command line argument for timeout. By default it will wait up to 20 minutes for a message to process before giving up. Under normal conditions it really should only take 1-2 seconds, and usually when my server is dragging ass (to the point where I'd want it to surrender) it's running about 30 seconds. For this I edit my /var/qmail/bin/qmail-scanner-queue.pl file to add a '-t 30' to the arguments. Check your `ps` to make sure that it's getting run with the argument.

* By default qmail does not limit the size of an incoming message. Someone could easily DoS you by just opening up enough large connections. To try to minimize this, setup whatever the largest total message size you think is reasonable by editing the /var/qmail/control/databytes file. I have mine set to 32 megs -- anything larger than this (for me) would be something I'd call the sender about to verbally scold them. Set for whatever is reasonable for you.
Back to top
View user's profile Send private message
synt4x
n00b
n00b


Joined: 20 Jun 2005
Posts: 46

PostPosted: Mon Jan 08, 2007 8:55 pm    Post subject: Reply with quote

Also, in relation to issues with vpopmail, I've noticed seg faults related to ~vpopmail/domains/domainname.com/.vpasswd.lock not being chmod'd to 600.
Back to top
View user's profile Send private message
vult
n00b
n00b


Joined: 13 May 2006
Posts: 24
Location: Poland -> Łódź

PostPosted: Thu Jan 11, 2007 11:34 pm    Post subject: thanks ! Reply with quote

Thank you very much for this guide!
I was stuck with SMTP auth before (seemed to work but it hadn't) but now everythisk is ok :]

Now I have to allow ssl connections only and enable 'change password' option for squirrelmail. I hopeI can handle with the first problem but don't know what to do with that webmail - tried to install the plugin but when I try lo login i get the error:
Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.

Anybody could give me any tips ?

Regards and thanks once again for this great stuff :]
_________________
-v-
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Fri Jan 12, 2007 3:07 pm    Post subject: Re: thanks ! Reply with quote

synt4x wrote:
I'm not a super pro at this, so I'd love to hear some input on this, and it would also be nice if stuff like this could get folded back in since the diagnosis is a real headache:

If I can find the time, I will also look into these. I agree, the diagnosis can be a real headache. I haven't worked with groups of 1000's of people, but I am sure your insight will be helpful for those who do. Thank you.
vult wrote:
...
Now I have to allow ssl connections only and enable 'change password' option for squirrelmail. I hope I can handle with the first problem but don't know what to do with that webmail - tried to install the plugin but when I try lo login i get the error:
Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.
...

How are you trying to install the plugins?
For the ability for users to change passwords I use qmailadmin which should be installed if you followed all of the instructions. Users can log into that with their full usernames (just like to get their e-mail) and have access to change their passwords, vacation messages, forwarding, etc.
To allow ssl connections only, you should just be able to turn on secure_login in the squirrelmail configure script and have apache listen on port 80 with the ssl stuff on. This is something else I will see about looking into to add to my list of extras.
Back to top
View user's profile Send private message
vult
n00b
n00b


Joined: 13 May 2006
Posts: 24
Location: Poland -> Łódź

PostPosted: Sat Jan 13, 2007 1:33 pm    Post subject: Re: thanks ! Reply with quote

mobiusproject wrote:

How are you trying to install the plugins?
For the ability for users to change passwords I use qmailadmin which should be installed if you followed all of the instructions. Users can log into that with their full usernames (just like to get their e-mail) and have access to change their passwords, vacation messages, forwarding, etc.

Haven't thought about qmailadmin in this way :] I was writing about squirrelmail and change_pass plugin. When I add them in configuration script to active plugins I get this error:
Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.

Changing passwords through qmailadmin works fine, thanks ;)

mobiusproject wrote:

To allow ssl connections only, you should just be able to turn on secure_login in the squirrelmail configure script and have apache listen on port 80 with the ssl stuff on. This is something else I will see about looking into to add to my list of extras.


I changed apache vhost config to rewrite https instead of http and it works flawlessly :]
_________________
-v-
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Sun Jan 14, 2007 5:47 am    Post subject: Re: thanks ! Reply with quote

vult wrote:
...
Changing passwords through qmailadmin works fine, thanks ;)
...
I changed apache vhost config to rewrite https instead of http and it works flawlessly :]

Wonderful, this is what I like to hear.
Back to top
View user's profile Send private message
vult
n00b
n00b


Joined: 13 May 2006
Posts: 24
Location: Poland -> Łódź

PostPosted: Mon Jan 15, 2007 10:12 am    Post subject: Re: thanks ! Reply with quote

mobiusproject wrote:

Wonderful, this is what I like to hear.

I need one more thing and cannot find it so maybe you can point me somewhere:

The qmailadmin I emerged is in polish - I need english version. Is it something in the configuration I can change to have qmailadmin in english ?

Thanks for your help and time :]
_________________
-v-
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Sun Jan 21, 2007 10:15 pm    Post subject: Reply with quote

I'm still trying to get the new installation to work.... for the promised guide using netqmail and qmail-scanner-2.01.

Well it kindof works, just a few bugs to get around. Does anyone know any way to make netqmail require TLS before AUTH? Is there a setting for this, or is the only way to figure out how to apply the auth-after-tls-only.patch from qmail-1.03-r16? If so - how should that patch be applied?

Edit: Problem solved!
Just a few more things to figure out, and the guide will be ready.
Back to top
View user's profile Send private message
mobiusproject
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jun 2003
Posts: 109

PostPosted: Mon Jan 22, 2007 2:44 pm    Post subject: Re: thanks ! Reply with quote

vult wrote:
The qmailadmin I emerged is in polish - I need english version. Is it something in the configuration I can change to have qmailadmin in english?

I believe that there is only one version of qmailadmin to install and that qmailadmin is looking at your apache install for the default language and thus showing its polish translation. You may want to check to see if you have a DefaultLanguage set up in your apache's httpd.conf. You may also try setting it to en to force english as the default language and see if that changes qmailadmin.
Back to top
View user's profile Send private message
nookie_pl
n00b
n00b


Joined: 24 Apr 2006
Posts: 34

PostPosted: Fri Jan 26, 2007 9:58 pm    Post subject: Reply with quote

One thing that I hate most is installing qmail and co. :P

I've followed this guide and my mail.err is full of errors like this:

Jan 26 22:27:18 localhost qmail-scanner-queue.pl: X-Qmail-Scanner-2.01st:[localhost116984683876731996] cannot open /var/spool/qscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied
Jan 26 22:33:25 localhost spamd[5216]: mkdir /var/vpopmail/.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530
Jan 26 22:33:32 localhost spamd[5216]: mkdir /var/vpopmail/.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530
Jan 26 22:33:32 localhost spamd[5216]: locker: safe_lock: cannot create tmp lockfile /var/vpopmail/.spamassassin/auto-whitelist.lock.localhost.5216 for /var/vpopmail/.spamassassin/auto-whitelist.lock: No such file or directory
Jan 26 22:33:32 localhost qmail-scanner-queue.pl: X-Qmail-Scanner-2.01st:[localhost11698472047675182] cannot open /var/spool/qscan/quarantine-events.db - No such file or directory

What I've did wrong? :(
Back to top
View user's profile Send private message
vult
n00b
n00b


Joined: 13 May 2006
Posts: 24
Location: Poland -> Łódź

PostPosted: Fri Feb 02, 2007 4:20 pm    Post subject: Re: thanks ! Reply with quote

mobiusproject wrote:

I believe that there is only one version of qmailadmin to install and that qmailadmin is looking at your apache install for the default language and thus showing its polish translation. You may want to check to see if you have a DefaultLanguage set up in your apache's httpd.conf. You may also try setting it to en to force english as the default language and see if that changes qmailadmin.


Unfortunately It hadn't changed qmailadmin to english :[
Have some more ideas ? I've no clue where else I can change it :(

And another problem with ezmlm:

Code:
11:27:30 (239.31 KB/s) - `/usr/portage/distfiles/ezmlm-0.53.tar.gz' saved [62693/62693]

 * checking ebuild checksums ;-) ...                                                                                                                    [ ok ]
 * checking auxfile checksums ;-) ...                                                                                                                   [ ok ]
 * checking miscfile checksums ;-) ...                                                                                                                  [ ok ]
 * checking ezmlm-idx-0.40.tar.gz ;-) ...                                                                                                               [ ok ]
 * checking ezmlm-0.53.tar.gz ;-) ...                                                                                                                   [ ok ]
>>> Unpacking source...
>>> Unpacking ezmlm-idx-0.40.tar.gz to /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work
>>> Unpacking ezmlm-0.53.tar.gz to /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work
patching file ezmlm-warn.1
patching file ezmlm-return.1
patching file ezmlm-send.1
patching file ezmlm-sub.1
patching file ezmlm-unsub.1
patching file ezmlm-list.1
patching file ezmlm.5
patching file log.c
patching file MAN
patching file BIN
patching file VERSION
patching file Makefile
patching file constmap.c
patching file constmap.h
patching file error.h
patching file error.c
patching file ezmlm-weed.c
patching file ezmlm-weed.1
patching file Makefile
patching file ezmlm-gate.c
patching file ezmlm-issubn.c
>>> Successfully applied Ed Korthof's From: header patch.
 * Applying ezmlm-0.53-errno.patch ...                                                                                                                  [ ok ]
 * Replacing obsolete head/tail with POSIX compliant ones
 *  - fixed default.do
 *  - fixed ezmlm-test.sh
 *  - fixed setup.do
 *  - fixed auto_qmail.c.do
 *  - fixed auto_bin.c.do
 *  - fixed Makefile
>>> Source unpacked.
>>> Compiling source in /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work/ezmlm-0.53 ...
ln -sf sub_mysql/ezmlm-mktab ezmlm-mktab
ln -sf sub_mysql/checktag.c checktag.c; rm -f checktag.o
ln -sf sub_mysql/issub.c issub.c; rm -f issub.o
ln -sf sub_mysql/logmsg.c logmsg.c; rm -f logmsg.o
ln -sf sub_mysql/subscribe.c subscribe.c; rm -f subscribe.o
ln -sf sub_mysql/opensql.c opensql.c; rm -f opensql.o
ln -sf sub_mysql/putsubs.c putsubs.c; rm -f putsubs.o
ln -sf sub_mysql/tagmsg.c tagmsg.c; rm -f tagmsg.o
ln -sf sub_mysql/searchlog.c searchlog.c; rm -f searchlog.o
ln -sf sub_mysql/conf-sqlld conf-sqlld; touch conf-sqlld
ln -sf sub_mysql/conf-sqlcc conf-sqlcc; touch conf-sqlcc
( cat warn-auto.sh; \
        echo CC=\'`head -n 1 conf-cc`\'; \
        echo LD=\'`head -n 1 conf-ld`\' \
        ) > auto-ccld.sh
(cat warn-auto.sh; \
        echo EZPATH=\'`head -n 1 conf-bin`\'; \
        cat ezmlm-accept.sh ) > ezmlm-accept
(cat warn-auto.sh; \
        echo EZPATH=\'`head -n 1 conf-bin`\'; \
        echo QMPATH=\'`head -n 1 conf-qmail`\'; \
        cat ezmlm-check.sh ) > ezmlm-check
(cat warn-auto.sh; \
        echo EZPATH=\'`head -n 1 conf-bin`\'; \
        cat ezmlm-glconf.sh ) > ezmlm-glconf
(cat warn-auto.sh; \
        echo QMPATH=\'`head -n 1 conf-qmail`\'; \
        cat ezmlm-test.sh ) > ezmlm-test; \
        chmod 755 ezmlm-test
cp -f ezmlmrc.en_US ezmlmrc
cat auto-ccld.sh make-load.sh > make-load
chmod 755 make-load
cat auto-ccld.sh find-systype.sh > find-systype
chmod 755 find-systype
cat auto-ccld.sh make-compile.sh > make-compile
chmod 755 make-compile
cat auto-ccld.sh make-makelib.sh > make-makelib
chmod 755 make-makelib
./find-systype > systype
( cat warn-auto.sh; ./make-load "`cat systype`" ) > load
( cat warn-auto.sh; ./make-compile "`cat systype`" ) > \
        compile
chmod 755 load
( cat warn-auto.sh; ./make-makelib "`cat systype`" ) > \
        makelib
chmod 755 compile
( ( ./compile tryulong32.c && ./load tryulong32 && \
        ./tryulong32 ) >/dev/null 2>&1 \
        && cat uint32.h2 || cat uint32.h1 ) > uint32.h
chmod 755 makelib
./compile slurp.c
./compile slurpclose.c
./compile concatHDR.c
rm -f tryulong32.o tryulong32
./compile unfoldHDR.c
./compile decodeQ.c
./compile encodeQ.c
./compile decodeB.c
./compile encodeB.c
./compile author.c
./compile wait_pid.c
./compile subgetopt.c
./compile sgetopt.c
./compile getln.c
./compile getln2.c
./compile strerr.c
./compile strerr_sys.c
./compile strerr_die.c
( ( ./compile trysgact.c && ./load trysgact ) >/dev/null \
        2>&1 \
        && echo \#define HASSIGACTION 1 || exit 0 ) > hassgact.h
./compile sig_pipe.c
./compile open_append.c
./compile open_read.c
rm -f trysgact.o trysgact
./compile open_trunc.c
( ( ./compile tryflock.c && ./load tryflock ) >/dev/null \
        2>&1 \
        && echo \#define HASFLOCK 1 || exit 0 ) > hasflock.h
./compile substdio.c
./compile substdi.c
./compile substdo.c
rm -f tryflock.o tryflock
./compile subfderr.c
./compile substdio_copy.c
./compile stralloc_eady.c
./compile stralloc_pend.c
./compile stralloc_copy.c
./compile stralloc_opys.c
./compile stralloc_opyb.c
./compile stralloc_cat.c
./compile stralloc_cats.c
./compile stralloc_catb.c
./compile stralloc_arts.c
./compile alloc.c
./compile alloc_re.c
alloc.c:3: warning: conflicting types for built-in function 'malloc'
./compile error.c
./compile error_str.c
./compile str_len.c
./compile str_diff.c
./compile str_diffn.c
./compile str_cpy.c
./compile str_chr.c
./compile str_rchr.c
./compile str_start.c
./compile byte_chr.c
./compile byte_rchr.c
./compile byte_diff.c
./compile byte_copy.c
./compile byte_cr.c
./compile byte_zero.c
./compile fd_copy.c
./compile fd_move.c
./compile case_diffb.c
./compile case_diffs.c
./compile case_starts.c
./compile case_lowerb.c
./compile case_startb.c
./compile fmt_str.c
./compile fmt_uint.c
./compile fmt_uint0.c
./compile fmt_ulong.c
./compile scan_ulong.c
./compile scan_8long.c
./compile getconf.c
./compile makehash.c
./compile surf.c
./compile ezmlm-archive.c
ezmlm-archive.c: In function 'main':
ezmlm-archive.c:446: warning: incompatible implicit declaration of built-in function '_exit'
./compile idxthread.c
./compile date2yyyymm.c
./compile dateline.c
( ( ./compile tryvfork.c && ./load tryvfork ) >/dev/null \
        2>&1 \
        && cat fork.h2 || cat fork.h1 ) > fork.h
./compile checktag.c `head -n 1 conf-sqlcc`
rm -f tryvfork.o tryvfork
./compile issub.c `head -n 1 conf-sqlcc`
checktag.c: In function 'checktag':
checktag.c:68: warning: return discards qualifiers from pointer target type
checktag.c:70: warning: return discards qualifiers from pointer target type
checktag.c:75: warning: return discards qualifiers from pointer target type
checktag.c:90: warning: return discards qualifiers from pointer target type
checktag.c:92: warning: return discards qualifiers from pointer target type
checktag.c:95: warning: return discards qualifiers from pointer target type
./compile logmsg.c `head -n 1 conf-sqlcc`
logmsg.c: In function 'logmsg':
logmsg.c:52: warning: return discards qualifiers from pointer target type
./compile subscribe.c `head -n 1 conf-sqlcc`
./compile opensql.c `head -n 1 conf-sqlcc`
In file included from subscribe.c:17:
log.h:4: warning: conflicting types for built-in function 'log'
opensql.c: In function 'opensql':
opensql.c:95: error: invalid lvalue in assignment
opensql.c:99: warning: return discards qualifiers from pointer target type
make: *** [opensql.o] Error 1
make: *** Waiting for unfinished jobs....

!!! ERROR: net-mail/ezmlm-idx-mysql-0.40-r2 failed.
Call stack:
  ebuild.sh, line 1546:   Called dyn_compile
  ebuild.sh, line 937:   Called src_compile
  ezmlm-idx-mysql-0.40-r2.ebuild, line 77:   Called die

!!! (no error message)
!!! If you need support, post the topmost build error, and the call stack if relevant.

_________________
-v-
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Sat Feb 10, 2007 4:03 am    Post subject: Reply with quote

I've got around to install everything I want for the promissed guide. Qmail-scanner 2.x and ezmlm are tricky, but there are ways to make them work.

If anyone feel like hosting something for the new guide, please let me know. (my servers are on adsl connection, hence not suitable for public hosting) The new guide will need hosting for:
a new chkuser plugin that actually accepts all kinds of ezmlm commands, valias, vpopmail accounts, .qmail-alias, aliasdomains and valias on aliasdomain
a cronjob+squirrelmail plugin that will provide users with a history of what have happened to his/her mails. It lists the to/from/subject headers with spamlevel/virus status of all mails processed by qmail-scanner. And the action taken (deleted/quarantined/tagged/delivered/viurs)
wapmail interface that does not use the imap server. WAP is not encrypted. Hence sending imap password for wap access should be an issue. This wapmail allow the user to use different passwords for imap and wap. Also it makes use of singel use pin codes that is valid for one hour only. For security mails cannot be deleted with this interface.

The guide is close to finished. But I'm not sure if I managed to update the guide with all the changes I had to make after the initial installation. I think I'll need to make a new test install before posting. Chances are that I'll be abel to free up a server this weekend, and start a new install before next weekend.


Edit: I figured I might as well create three projects on sourceforge for this hosting.
Back to top
View user's profile Send private message
vult
n00b
n00b


Joined: 13 May 2006
Posts: 24
Location: Poland -> Łódź

PostPosted: Sun Feb 11, 2007 12:52 am    Post subject: force auth for local accounts too Reply with quote

And I have another issue:

Is it possible to force auth even for emails on local server?
If I delete content of rctphosts users need to auth when sending email, but when you try to send email from any other server to your local server you get error:
Code:
Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

_________________
-v-
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Sun Feb 11, 2007 3:25 am    Post subject: Reply with quote

Thanks to a date who canceled on me tonight the new guide is out. It's in pre-tested state, so don't use it unless you feel like experimenting. I might have forgotten something in there.
https://forums.gentoo.org/viewtopic-p-3899255.html

Links for plugins and wapmail will come when those projects are accepted at sf.net


Last edited by petterg on Sun Feb 11, 2007 3:30 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum