Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: qmail vpopmail courier-imap qmail-scanner (02/2007)
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4, 5, 6  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Sun Feb 11, 2007 3:20 am    Post subject: HOWTO: qmail vpopmail courier-imap qmail-scanner (02/2007) Reply with quote

This guide is an update of the guide from september 2005 located at
https://forums.gentoo.org/viewtopic-t-382072-start-0.html
That was written as an updated version of the guide originaly posted by Sabrex at
https://forums.gentoo.org/viewtopic-t-171499-start-0.html
Contributions posted by readers of both of those threads are included.

This guide uses some masked packages and some unofficial bugfixes. If you don't feel like being experimental you'll probably be better of using Mobiusproject's updated guide at
https://forums.gentoo.org/viewtopic-t-527246.html

There have been some ppl reporting bugs. Bugs are corrected in the guide as soon as someone find a solution. I server have now been running in production for 6 weeks without any significant problems.

Some advantages when using this guide over the old ones:
- Mails sent using smtp-auth are not scanned by spamassassin (faster sending)
- Webmailusers get accesss to a list of what the mailscanner have done with their mails
- Mail to accounts not on this server are rejected BEFORE it's passed trough the mailfilter

I've also got inspiration from another guides located at
http://gentoo-wiki.com/QmailRocksOnGentoo
and
http://gentoo-wiki.com/Qmail_Anti-Spam_Configuration

Please check the bug sumary at the bottom of the guide. (will be created when bugs are discovered)


Changelog
2007.02.17: posted link and edited installation notes for qms-loganalyzer
2007.02.18: posted link and edited installation notes for chkuser_pg smtp plugin
2007.02.21: step 4: fixed line to append to /etc/sudoers (using visudo)
2007.02.21: added this changelog
2007.02.27: new version of chkuser_pg
2007.02.27: removed status "pre-tested"
2007.03.08: added note regarding outbound mail from server when connection is filtered by ISP
2007.03.31: new version of chkuser_pg - fix the dot-issue
2007.04.04: added trick Stripe regarding doublebounce
2007.07.09: swaped two lines for razor-admin to avoid a warning

Packagelisting
Packages and USE flags used in this guide:

Code:

[b]emerge -pv netqmail vpopmail courier-imap pyzor razor dcc spamassassin clamav[/b]
net-mail/queue-repair-0.9.0  13 kB
net-mail/dot-forward-0.71-r2  0 kB
sys-process/daemontools-0.76-r5  USE="-doc (-selinux) -static" 0 kB
net-mail/cmd5checkpw-0.30  0 kB
net-mail/checkpassword-0.90-r2  USE="-static" 0 kB
[b]mail-mta/netqmail-1.05-r4[/b]  USE="highvolume qmail-spp ssl -gencertdaily -mailwrapper -noauthcram -vanilla" 408 kB
virtual/qmail-1.03  0 kB
[b]net-mail/vpopmail-5.4.16[/b]  USE="mysql -clearpasswd -ipalias" 442 kB
net-libs/courier-authlib-0.58  USE="berkdb crypt gdbm ldap mysql pam -debug -postgres" 1,959 kB
dev-libs/glib-2.12.4-r1  USE="hardened -debug -doc" 2,801 kB
app-admin/gamin-0.1.7  USE="-debug -doc" 529 kB
[b]net-mail/courier-imap-4.0.4[/b]  USE="berkdb fam gdbm nls -debug -ipv6 (-selinux)" 3,082 kB
[b]dev-python/pyzor-0.4.0-r2[/b]  40 kB
virtual/perl-net-ping-2.31  0 kB
dev-perl/Digest-Nilsimsa-0.06-r1  77 kB
virtual/perl-Digest-MD5-2.36  0 kB
virtual/perl-MIME-Base64-3.07  0 kB
perl-core/digest-base-1.13  7 kB
virtual/perl-digest-base-1.13  0 kB
dev-perl/Digest-SHA1-2.11  37 kB
dev-perl/Digest-HMAC-1.01-r1  13 kB
dev-perl/Net-IP-1.24  25 kB
dev-perl/Net-DNS-0.53-r1  USE="-ipv6" 116 kB
virtual/perl-Time-HiRes-1.86  0 kB
dev-perl/URI-1.35  93 kB
[b]mail-filter/razor-2.82[/b]  77 kB
[b]mail-filter/dcc-1.3.24[/b]  USE="-ipv6 -rrdtool" 1,360 kB
dev-perl/Compress-Raw-Zlib-2.001  201 kB
virtual/perl-Scalar-List-Utils-1.18  0 kB
dev-perl/IO-Compress-Base-2.001  87 kB
dev-perl/IO-Compress-Zlib-2.001  128 kB
dev-perl/Compress-Zlib-2.001  60 kB
dev-perl/IO-Zlib-1.04  9 kB
dev-libs/libassuan-0.6.10  251 kB
dev-libs/pth-1.4.0  434 kB
dev-libs/libksba-0.9.14  480 kB
app-crypt/gnupg-1.4.6  USE="bzip2 curl ldap nls readline zlib -X -bindist -ecc -idea (-selinux) -smartcard -static -usb" LINGUAS="-ru" 3,075 kB
app-crypt/gnupg-1.9.20-r3  USE="caps ldap nls -X -gpg2-experimental (-selinux) -smartcard" 1,767 kB
virtual/perl-Test-Harness-2.56  0 kB
dev-perl/IO-String-1.08  7 kB
dev-perl/Archive-Tar-1.28  35 kB
virtual/perl-PodParser-1.34  0 kB
dev-perl/HTML-Tagset-3.10  7 kB
dev-perl/HTML-Parser-3.48  USE="unicode" 80 kB
virtual/perl-libnet-1.19  0 kB
dev-perl/HTML-Tree-3.19.01  116 kB
dev-perl/Crypt-SSLeay-0.51-r1  114 kB
dev-perl/libwww-perl-5.803-r1  USE="ssl" 229 kB
dev-perl/Net-SSLeay-1.25  75 kB
dev-perl/IO-Socket-SSL-0.97  31 kB
dev-perl/Convert-ASN1-0.19  60 kB
dev-perl/Authen-SASL-2.09  25 kB
dev-perl/XML-Parser-2.34  224 kB
dev-perl/perl-ldap-0.33  USE="sasl ssl xml" 222 kB
virtual/perl-DB_File-1.814  0 kB
[b]mail-filter/spamassassin-3.1.3[/b]  USE="berkdb ldap mysql qmail ssl -doc -ipv6 -postgres -sqlite -tools" 952 kB
[b]app-antivirus/clamav-0.88.7[/b]  USE="crypt -mailwrapper -milter (-selinux)" 9,287 kB


[b]emerge qmail-scanner[/b]
net-mail/ripmime-1.4.0.6  159 kB
net-mail/tnef-1.3.4  1,603 kB
[b]mail-filter/qmail-scanner-2.01[/b]  USE="spamassassin" 318 kB

[b]emerge ezmlm-idx-mysql-0.40-r2[/b]
net-mail/ezmlm-idx-mysql-0.40-r2

[b]emerge qmailadmin squirrelmail[/b]
net-mail/autorespond-2.0.4
dev-php/PEAR-PEAR-1.4.11
dev-php/PEAR-DB-1.7.6-r1
app-admin/webapp-config-1.50.15
net-mail/qmailadmin-1.2.10  USE="-maildrop"
mail-client/squirrelmail-1.4.9a  USE="crypt ldap mysql nls spell ssl vhosts -filter -postgres"


Asumes these packages (or similar) are installed, configured and running:
Code:

apache-2.0.55-r1
php-5.1.2
mysql-5.0.19

Before you start it might be a good idea to run
Code:
emerge sync


Firewall configuration
Ports used:
DCC 6277 UDP
Pyzor 24441 TCP/UDP
Razor 2703 TCP
SMTP 25 TCP
POP3 110 TCP
POP3S 995 TCP
IMAP 143 TCP
IMAPS 993 TCP
HTTP 80 TCP
HTTPS 443 TCP


1) Ensure that the proper USE flags are set
Code:

> nano -w /etc/make.conf

Compare your USE flags to those shown in the emerge -pv listings above.

+ipalias is useful if you're setting up the server without having an domain for it. Say you have another server running on the domain you're going to use, but don't want to set this server into production before it's well tested. If you have a (sub)domain for testing purposes you don't need to enable this. I have domain and testdomains, so I don't use this.
-ipv6 disables use of IPv6. It's been making problems for quite a few ppl. If you're not using IPv6, why have it enabled? As of 2005.1 ipv6 has been enabled by default in Gentoo. Disable to save yourself some problems.
+ssl if you want SSL support
+fam According to the Courier-imap documentation Famd will use less resources than the similar function buildt into Courier.
qmail-spp required to make the chkuser qmail patch run

2)Installing qmail
Code:

> emerge -pv netqmail

You might see something blocking for the instalation of netqmail. Unemerge them:
Code:

> emerge -C (append name of blocking package(s) here!)


Patch qmail for only_auth_after_tls
I could have made a diff file for this, but I will assume there will be a new ebuild out, and I don't feel like keeping the diff updated at all times.

Make sure you have PORTDIR_OVERLAY=/usr/local/portage in your /etc/make.conf
Code:

> mkdir -p /usr/local/portage/mail-mta/netqmail
> cp -a /usr/portage/mail-mta/netqmail/* /usr/local/portage/mail-mta/netqmail/
> cd /usr/local/portage/mail-mta/netqmail
> nano -w netqmail-1.05-r4.ebuild
Append " notlsbeforeauth" to the line starting with "IUSE="

Find the line
   if [[ -n "${QMAIL_PATCH_DIR}" && -d "${QMAIL_PATCH_DIR}" ]]

insert these lines [b]before[/b] that line:
   if use ssl; then
      epatch ${FILESDIR}/qmail-smtpd-tlsbeforeauth.patch
   fi

Find the line
   use ssl && append-flags -DTLS

insert these lines [b]after[/b] that line:
   if use ssl; then
      if ! use notlsbeforeauth; then
         einfo "Enabling STARTTLS before SMTP AUTH"
         append-flags -DTLS_BEFORE_AUTH
      else
         einfo "Disabling STARTTLS before SMTP AUTH"
      fi
   fi


> cd files
> wget http://bugs.gentoo.org/attachment.cgi?id=89342
> mv attachment.cgi\?id\=89342 qmail-smtpd-tlsbeforeauth.patch
> ebuild /usr/local/portage/mail-mta/netqmail/netqmail-1.05-r4.ebuild digest
> emerge -pv netqmail


This should return
mail-mta/netqmail-1.05-r4 USE="highvolume qmail-spp ssl -gencertdaily -mailwrapper -noauthcram -notlsbeforeauth% -vanilla" 0 kB [1]

Make sure you get the -notlsbeforeauth% flag and the [1] at the end. If you don't get this emerge is not using the ebuild from the overlay directory.

Code:

> emerge netqmail


3) Install most stuff in one go
Code:

> emerge vpopmail courier-imap pyzor razor dcc spamassassin clamav


4) Install the chkuser patch
emerge app-admin/sudo if you don't have it installed

Setup sudo:
Code:

> visudo
Append this line:
qmaild          ALL=(vpopmail)  NOPASSWD: /var/qmail/plugins/chkuser_pg/vpopchk.sh


Download and unpack the plugin https://sourceforge.net/projects/vpop-chkuser-pg
Unpack to /var/qmail/plugins/

Code:

> nano -w /var/qmail/control/smtpplugins

add this line after the [rcpt]:
plugins/chkuser_pg/rcptchk-pg.sh


5) Configure qmail
Code:

> nano -w /var/qmail/control/servercert.cnf
Modify to whatever suits your needs and save/exit
> emerge --config netqmail
Press [enter] to continue whenever it asks you to modify /var/qmail/control/servercert.cnf. You've done that.


Setup/start smtp service
Code:

> ln -s /var/qmail/supervise/qmail-send /service/qmail-send
> ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

> rc-update add svscan default
> /etc/init.d/svscan start


Make mails to root, postmaster, mailer-daemon@localhost go somewhere
Code:

echo some_mail@some_domain > /var/qmail/alias/.qmail-root
echo some_mail@some_domain > /var/qmail/alias/.qmail-postmaster
echo some_mail@some_domain > /var/qmail/alias/.qmail-mailer-daemon
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*


6) Setup vpopmail
Create the vpopmail database.
Code:

Login to the mysql server (as a user with permissions to create databases and add users)
mysql> create database vpopmail;
mysql> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your vpopmail password';
mysql> flush privileges;
mysql> quit

Choose a vpopmail password that is not used anywhere else. The password has to be saved in cleartext! You'll never need to remember it after you're done with the instalation.
If your mysql server is not running on localhost, change the vpopmail@hostname accordingly.

Edit vpopmail.conf.
Code:

> nano -w /etc/vpopmail.conf

Modify these lines - insert you vpopmail password:

# Read-only DB
localhost|0|vpopmail|your vpopmail password|vpopmail
# Write DB
localhost|0|vpopmail|your vpopmail password|vpopmail

save/exit

Make sure the vpopmail.conf is readable for the vpopmail user. Default is ownership = root:vpopmail with 640 permissions

7) Configure imap and pop3 server
Make courier use vpop for authentication
Code:

> nano -w /etc/courier/authlib/authdaemonrc

edit the line authmodulelist=.. to read:
authmodulelist="authvchkpw"

save/exit

Thunderbird defaults to having 5 imap connections for caching purposes, but courier-imap only allows 4 connections per ip. This can cause some errors in thunderbird (possible data loss). Its easier to just allow 5 connections per ip rather than have everyone change thunderbird, so:
Modify /etc/courier-imap/imapd Code:
Code:

> nano /etc/courier-imap/imapd

edit:
MAXPERIP=5


Create certificates
Code:

> nano -w /etc/courier-imap/imapd.cnf

Edit according to your server/location/domain

save/exit

Code:

> nano -w /etc/courier-imap/pop3d.cnf

Edit according to your server/location/domain

save/exit


Generate certificates:
Code:

(only if you're going to run imap-ssl server)
> mkimapdcert
(only if you're going to run pop3-ssl server)
> mkpop3dcert


Start the servers (all or just some of them)
Code:

for x in courier-imapd courier-pop3d courier-imapd-ssl courier-pop3d-ssl; do /etc/init.d/$x start && rc-update add $x default ; done


I'm running all 4 servers. Users may decide if they want imap or pop3. A firewall makes sure that the non-ssl servers is unavailable for users located outside the local network.

8) update the smtpd config to allow smtp-auth using vpopmail
Code:

> nano -w /var/qmail/control/conf-smtpd

Make the file look like this:

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"
 
[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {
        [[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true
        QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
}

save/exit

Prepare for qmailfilter
Code:

> nano -w /var/qmail/control/conf-common
Modify the SOFTLIMIT to:
SOFTLIMIT_OPTS="-m 32000000"

save/exit

The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail:
Code:

> nano -w /var/qmail/control/conf-common
TCPSERVER_OPTS="-H -l 0" (that's lower-case L followed by zero)

save/exit

Route all outgoing smtp connections trough your ISP's smtp server. (Some spamfilters requires this to accept the mails passed through the smtp-server.)
Code:

echo ":smtp.ISP.NET" > /var/qmail/control/smtproutes


Reload smtp config
Code:

> svc -t /var/qmail/supervise/qmail-smtpd



9) Configure spam filter and database clients
Configure Razor
(Replace the email and password with whatever suites you)
Code:

> razor-admin --home=/etc/mail/spamassassin/.razor -discover
> razor-admin --home=/etc/mail/spamassassin/.razor -create
> razor-admin --home=/etc/mail/spamassassin/.razor --user=postmaster@domain.com -pass=ThePassword -register
> echo razorhome = /etc/mail/spamassassin/.razor >> /etc/mail/spamassassin/.razor/razor-agent.conf


Configure Pyzor
Code:

> pyzor --homedir /etc/mail/spamassassin/.pyzor discover


SpamAssassin
Code:

> nano -w /etc/conf.d/spamd
Modify:
SPAMD_OPTS="-x -H /etc/mail/spamassassin/"

save/exit

Code:

> mkdir /var/run/spamd/
> chown vpopmail:vpopmail /var/run/spamd/


Enable plugins for spamassassin:
Uncomment the line:
Code:

> nano /etc/mail/spamassassin/v310.pre
loadplugin Mail::SpamAssassin::Plugin::DCC

Verify the Pyzor and Razor2 plugins are not commented out
save and exit

Uncomment the lines:
Code:

> nano /etc/mail/spamassassin/init.pre
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
loadplugin Mail::SpamAssassin::Plugin::SPF

save and exit

Code:

> nano -w /etc/spamassassin/local.cf

required_score 4
rewrite_header Subject *****SPAM*****
#report_safe 1

# The sender IP adresses considered safe
trusted_networks 192.168.

dns_available yes

use_bayes 1
bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode 0770
bayes_auto_learn 1
bayes_learn_during_report 1
bayes_use_hapaxes 1
bayes_auto_learn_threshold_nonspam 0.2
bayes_auto_learn_threshold_spam 10.00
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status

#   Set file-locking method (flock is not safe over NFS, but is faster)
lock_method flock

Remember to modify the "trusted_networks" line to fit the IP's you trust.
Also, if you're sharing spamassassin files over NFS, disable "lock_method flock"
save/exit

Start spamd
Code:

> /etc/init.d/spamd start
> rc-update add spamd default


Build Spamassassin database
Code:

> sa-learn --sync


10) Configure Clamav
Code:

> nano -w /etc/freshclam.conf
add: UpdateLogFile /var/log/clamav/freshclam.log
update DatabaseMirror to a mirror close to your server

save/exit

Code:

> nano -w /etc/clamd.conf
add: LogFile /var/log/clamav/clamd.log

save/exit

Start clamav
Code:

> /etc/init.d/clamd start
> rc-update add clamd default



11) install qmail-scanner
Make sure spamassassin and clamav is running while emerging qmail-scanner.
Code:

> echo "=mail-filter/qmail-scanner-2.01 ~x86" >> /etc/portage/package.keywords
> emerge qmail-scanner



Scroll back about 100-150 lines... look for two things:
1) The lines printed in bold below:
Quote:

Searching .....................................
==============================================================
The following binaries and scanners were found on your system:
==============================================================

mimeunpacker=/usr/bin/ripmime[b]

Content/Virus Scanners installed on your System

max-scan-size=100000000
[b]clamdscan=/usr/bin/clamdscan
(which means clamscan won't be used as clamdscan is better)
fast_spamassassin=/usr/bin/spamc -t 30

If those lines are not there you've missed something in the installation of clamav, spamassassin or ripmime. Look for any handy debug messages and go back to redo whatever needed.

2) "access denied", "permission denied" or "no such file"
There might be a reason why qmail-scanner-2.01.ebuild is ~masked.
I ran into access denied errors or missing file errors at a few places. You might do so as well. So: (if you don't get access denied errors or missing file errors, don't do this step!)
Code:

> mkdir -p /var/spool/qscan/quarantine/viruses/tmp /var/spool/qscan/quarantine/viruses/cur /var/spool/qscan/quarantine/viruses/new
> mkdir -p /var/spool/qscan/quarantine/spam/tmp /var/spool/qscan/quarantine/spam/cur /var/spool/qscan/quarantine/spam/new
> mkdir -p /var/spool/qscan/quarantine/policy/tmp /var/spool/qscan/quarantine/policy/cur /var/spool/qscan/quarantine/policy/new
> mkdir -p /var/spool/qscan/working/tmp /var/spool/qscan/working/cur /var/spool/qscan/working/new
> mkdir -p /var/spool/qscan/archive/tmp /var/spool/qscan/archive/cur /var/spool/qscan/archive/new
> chown -R qscand:qscand /var/spool/qscan/

FEATURES="keepwork keeptemp" emerge qmail-scanner
cp /var/tmp/portage/mail-filter/qmail-scanner-2.01/work/qmail-scanner-2.01/quarantine-events.txt /var/spool/qscan/
chown -R qscand:qscand /var/spool/qscan/
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z


Reconfigure SpamAssassin
Code:

> /etc/init.d/spamd stop
> nano -w /etc/conf.d/spamd

Modify:
SPAMD_OPTS="-m 5 -u qscand -x -H /etc/mail/spamassassin/"
PIDFILE="/var/run/spamd/spamd.pid"

save/exit

Code:

> mkdir /var/run/spamd
> chown qscand:qscand /var/run/spamd
> chown -R qscand:qscand /etc/mail/spamassassin


Start spamd
Code:

> /etc/init.d/spamd start


Reconfigure Clamd
Code:

> nano -w /etc/clamd.conf
Modify:

User qscand

save/exit

Code:

> nano -w /etc/freshclam.conf
Modify:

DatabaseOwner qscand

save/exit

Code:

> chown -R qscand:qscand /var/lib/clamav
> chown -R qscand:qscand /var/run/clamav
> chown -R qscand:qscand /var/log/clamav
> /etc/init.d/clamd start


Activate qmail-scanner
Code:

> nano -w /etc/tcprules.d/tcp.qmail-smtp
Make sure there are lines like this:

#IPs allowed to relay - don't scan with qmail-scanner
## localhost
127.0.0.:allow,RELAYCLIENT="",RBLSMTPD=""
## Local network
192.168.2.:allow,RELAYCLIENT="",RBLSMTPD=""
## server public IP
123.123.123.123:allow,RELAYCLIENT="",RBLSMTPD=""

# Don't relay from other IPs. Scan with qmail-scanner
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
# Note: As of qmail-scanner 1.20 we use a wrapper - not qmail-scanner-queue.pl

save/exit

update the cdb
Code:

> cd /etc/tcprules.d/
> tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp
> svc -t /var/qmail/supervise/qmail-smtpd


12) Create domain(s)
The first domain to add should be the primary domain of the server.
Code:

> /var/vpopmail/bin/vadddomain domain.net postmasterpassword

Repeat for all virtual domains.

Give the correct HELO. (See note regarding domain registration.)
Code:

echo host.domain.net > /var/qmail/control/me


Set defaultdomain
Code:

echo defaultdomain.net > /var/qmail/control/defaultdomain


If you want your users username@defaultdomain.net to be able to log in using just username as the username (not username@domain.net) do this:
Code:

echo "defaultdomain.net" > ~vpopmail/etc/defaultdomain


If you have a (sub)domain for testing add it as a aliasdomain.
Code:

> /var/vpopmail/bin/vaddaliasdomain domain.net test.domain.net



13) Install ezmlm-idx-mysql
First try to install it the regular way:
Code:

> emerge ezmlm-idx-mysql


If it fails
... with an error like this: https://bugs.gentoo.org/show_bug.cgi?id=152636
Get the patched ebuild for ezmlm-idx-mysql-0.40-r2
(if you don't have layman installed run "emerge layman" now)
Code:

> layman -f -o http://jaba.mbnet.fi/portage/layman-jmf.xml -a jaba
> echo "source /usr/portage/local/layman/make.conf" >> /etc/make.conf
> env-update && source /etc/profile
> emerge ezmlm-idx-mysql


14) Install qmailadmin and squirrelmail
Code:

> emerge qmailadmin squirrelmail


Set up apache for separate alias configs (same kind as used by default for vhosts)
Code:

> echo "Include /etc/apache2/alias/*.conf" >>  /configs/etc/apache2/httpd.conf
> mkdir /etc/apache2/alias


set up qmailadmin for apache vhosts:
Code:

> echo "Alias /qmailadmin/ /var/www/localhost/htdocs/qmailadmin/" > /etc/apache2/alias/01_alias_qmailadmin.conf


set up squirrelmail for apache vhosts:
Code:

> echo "Alias /mail/ /usr/share/webapps/squirrelmail/1.4.9a/htdocs/" > /etc/apache2/alias/02_alias_squirrelmail.conf

(I think this is better than using webapp-config as it gets installed for all vhosts. Also it works when the /user/share and /var/www are not in the same partition. And finally there is only need for one configuration.)

Get useful squirrelmail plugins:
Code:

> cd /usr/share/webapps/squirrelmail/1.4.9a/htdocs/plugins
> wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Faddress_add-2.1-1.4.0.tar.gz
> wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fabook_import_export-1.0-1.4.4.tar.gz
> wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fbookmarks-2.0.3-1.4.1.tar.gz
> tar -xvzf abook_import_export-1.0-1.4.4.tar.gz
> tar -xvzf address_add-2.1-1.4.0.tar.gz
> tar -xvzf bookmarks-2.0.3-1.4.1.tar.gz
> rm *.gz



Additional qmailscanner log analyser plugin for squirrelmail.
This plugin provides a link in squirrelmail where the users may see what have happened to their mails. They'll see a table of mails passing through the qmailscanner and a status {delivered | error | spam [spamlevel | deleted | quarantined] | virus detected | ...}.
At my previous server the users claimed that some mails sent to them never got to their mailbox because of too strict spamfilter. With this plugin they can check if the mail ever reached the smtp server. The log the user will see is filtered to include only mails to/from his account (including alias adresses).
Concider this plugin experimental. It's been running with qmail-scanner-1.16 and 1.25 on a production server without causing any trouble for about 2 years. Still there have been bugs that I've corrected while writing this guide. Turns out that QMS 2.01 is logging slightly different from what QMS 1.25 did, so I'm not sure if this still works with QMS 1.25 after all the changes.

log in as root to your mysql server
Code:

mysql> create database qmslog;
mysql> grant select, insert, update, delete, create on qmslog.* to qms_loganal@localhost identified by "your_read/write_password";
mysql> grant select on qmslog.* to qms_logview@localhost identified by "your_read_only_password";
mysql> flush privileges;


If you don't have lsof installed:
Code:

> emerge lsof



Download the plugin... https://sourceforge.net/projects/qms-loganalyzer/

Read the README (included in the .tar.bz2) file for installation. Should be quite straight forward for gentoo user.


Configure squirrelmail
Code:

> cd /usr/share/webapps/squirrelmail/1.4.9a/htdocs/plugins
> nano -w secure_login/config.php
set $remain_in_https_if_logged_in_using_https = 1

> cd /usr/share/webapps/squirrelmail/1.4.5/htdocs/config
> perl conf.pl


Press D to load the Courier-imap template.
Walk through the config menu to set up to your needs.
Make sure to load the compability and secure_login plugins.
I'm enabeling the following plugins:
Quote:

1. secure_login
2. bookmarks
3. delete_move_next
4. compatibility
5. qmslog
6. address_add
7. abook_take
8. calendar
9. abook_import_export


As users inboxes grow, the webmail will become slow. To fix this make sure to enable "Allow server thread sort" and "Allow server-side sort" under General Options. (Wonder why these are off by default. Any security risk?)

Might be convenient to set General Options -> Data Dir = some dir that you include with your daily backup

Add a domain append button to the loginpage. This button appends the hostname of the apache virtual host that is used in the request for the page.
Code:

> nano -w /usr/share/webapps/squirrelmail/1.4.9a/htdocs/src/login.php

Replace the "," with a "." at the end of this line (ca line 163):
addInput($username_form_name, $loginname_value).

Insert the following line after the line mentioned above:
addInputField("button", "pgbt", "@$pg_virtualdomain", " onclick=\"$username_form_name.value+='@".$pg_virtualdomain."';\""),

Find the line
$custom_css = 'none';

Insert the following two lines after that line:
$pg_virtualdomain = substr($_SERVER['SERVER_NAME'], strrpos(substr($_SERVER['SERVER_NAME'],0,strrpos($_SERVER['SERVER_NAME'], ".")), "."));
if($pg_virtualdomain{0} == ".") { $pg_virtualdomain = substr($pg_virtualdomain,1); }


15) Check Qmail controlfiles
Make sure the files in /var/qmail/control got updated. If they are not updated something is wrog. Probably it's related to mysql permissions.
Code:

These files should contain your primary domain:
defaultdomain, locals, me

This should contain all domains and aliasdomains on separate lines:
rcpthosts

This should contain all domains and aliasdomains on the form of domain.net:domain.net :
virtualdomains


16) Installing wapmail interface
will come

17) Client setup
For SMTP client setup: All clients outside your local network need to enable TLS (encryption) and SMTP-auth. For username use the full email-adress. There is a bug with Outlook (and express) XP using TLS. No workaround is known. Use another clientprogram! (I love Opera - now it's even free!)

Notes
Note: Some anti-virus / firewall software block outbund connections to port 25 if they are unable to analyze the datastream. Hence encryptet SMTP may require you to disable this functionality in those programs or put the server on another port.

Note: Some ISP's block connections to port 25 on any server but their own smtp. To get around this put your smtp server on another port.
One way to put the server on another port may be this:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25000 -j DNAT --to-destination 123.123.123.123:25

where 25000 is the port you want the server on. 123.123.123.123 is the servers IP.

Note: If you can't send mail from you server to anywhere else than local network you might have a problem with your ISP. Some ISP's block outbound smtp connections to anywhere but their own smtp server. This means you'll need to relay mail trough their server
Code:
echo ":smtp.ISP.NET" > /var/qmail/control/smtproutes


POP3/IMAP client setup: If you do like me - block port 110 and 143 from outside your localnet with a firewall then clients on the outside need to enable SSL and use port 993 for IMAP-SSL and port 995 for POP3-SSL. Clientes on the local network may use ports 110/143 without SSL enabled. Use the full email-address as username.


Unverified tricks from readers
Here I'll put a collection of good ideas, hints and tricks posted by readers. I have not tried these myself.

stripe wrote:

Mindstab wrote:
I've also now found that something like
Code:
echo "#" > /var/qmail/control/doublebounceto

should route all double bounce messages to /dev/null hopefully
I just looked into this as I was getting a lot

Should be clean first line instead. This will prevent to queue the doublebounces at all.
If you enter "#" sign, Qmail will queue the bounces to #@defaultdomain.tld.


To solve problems with bayes not learning:
krull wrote:
I donno if this helps, I just added a universal path for bayes in spamassassin's local.cf so far it seems to work:
Code:
nano -w /etc/spamassassin/local.cf
Add:
bayes_path /etc/mail/spamassassin/bayes





Mindstab wrote:
Um, a possible update for the doc. They worked well, but I found I had to
Code:

valias haplo@mindstab.net root@mindstab.net
valias haplo@mindstab.net postmaster@mindstab.net
vaddaliasdomain mindstab.net mail.mindstab.net


To get everything working right
Otherwise all my servers log messages were being bounced

Also, I found that if any domains were in qmail/control/locals
qmail tried to use local delivery for users ther to their /home dirs instead of using vpopmail
[/quote]

========================================

I'm aware tcprules.d are deprecated. However I don't see any reason why relay-ctrl would be any better. I have no bad experience with any of them, but relay-ctrl requires more installation and more configuration I'm think there is more stuff that can go wrong with it. The only extra functionality I find in relay-ctrl is IMAP before SMTP authentication. As all mailclients my users use supports SMTP-auth I don't see any reason for relay-ctrl, and stick to the well know tcprules. (More config = more settings to keep track on with every future update)

========================================

I'm not exactly sure about the TCPSERVER_OPTS in conf-common. What I know is that the -R is set by default in conf-smtpd, and I've left it alone there. The -x, -c, -u and -g will be set by the rest of the conf-common file.
The original guide by Sabrex used -H, -R (again) and -l 0. The -p and -v are default.
From what I understand from http://www.rootr.net/man/man/tcpserver/1 the -H and -R will shorten initial delays when sending mail. How much they shorten depends on your DNS connection. If you run a local DNS server you'll probably not notice much difference.

========================================

A common mistake when setting up domains is to point the MX-record to the IP adress of the server. This works, but some spamfilters will think all mail from such domain is spam. The way to setup DNS is the following:
Register an A-record pointing to the IP-adress of the server. This should be the same host.domainname.tld as you used when installing the OS. (A:server1.mydomain.net -> IP:123.123.123.123)
Then you need a C-name pointing to the A-record that your users may use when refering to the server. (Say C:mail.mydomain.net -> A:server1.mydomain.net).
Then you create a MX record that my point to eighter the A-record (MX:mydomain.net -> A:server1.mydomain.net) or the C-name (MX:mydomain.net -> C:mail.mydomain.net).

When you set up another domain you somehow need to point the MX to the A-record of the first domain. Eighter direct or indirect:
MX:otherdomain.net -> A:server1.mydomain.net
MX:otherdomain.net -> C:mail.mydomain.net -> A:server1.mydomain.net
MX:otherdomain.net -> C:mail.otherdomain.net -> C:mail.mydomain.net -> A:server1.mydomain.net

Point is: The A-record the MX finally resolves to should equal the HELO respons from your SMTP server (/var/qmail/control/me), which again should equal the hostname.domainname of the server (/etc/hostname or /etc/conf.d/hostname and /etc/dnsdomainname or /etc/conf.d/domainname)


Last edited by petterg on Mon Jul 09, 2007 3:19 pm; edited 15 times in total
Back to top
View user's profile Send private message
Gentoo-Ed
Guru
Guru


Joined: 21 Apr 2005
Posts: 442
Location: the Netherlands

PostPosted: Sun Feb 11, 2007 7:18 am    Post subject: Reply with quote

I hope I won't mess the doc this way, but i do have a few questions regarding this. I want to setup my own mail server for two reasons namely to filter the mail my self among users and for spam in stead of having numerous pop accounts with my ISP (so use a catch-all), and second I want users to be able to SEND and RECIEVE from two domains (logging in seperatly with webclient, or adding them to the client and saying from which account sent. (like possible with outlook))

My questions:
1. Where do you make your users? I saw a alias table which says where root mail goes, I assume you can add all email address you like in that file to point to a user (so if a user has five aliasses I'll add five rules?
2. Where is the mail stored (what location) and can you move it, import for the backup possibilities.

I think what I want is possible with this so I'll propably give it a go when I read more of the links.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Sun Feb 11, 2007 1:48 pm    Post subject: Reply with quote

Gentoo-Ed wrote:
I hope I won't mess the doc this way, but i do have a few questions regarding this. I want to setup my own mail server for two reasons namely to filter the mail my self among users and for spam in stead of having numerous pop accounts with my ISP (so use a catch-all), and second I want users to be able to SEND and RECIEVE from two domains (logging in seperatly with webclient, or adding them to the client and saying from which account sent. (like possible with outlook))

My questions:
1. Where do you make your users? I saw a alias table which says where root mail goes, I assume you can add all email address you like in that file to point to a user (so if a user has five aliasses I'll add five rules?
2. Where is the mail stored (what location) and can you move it, import for the backup possibilities.

I think what I want is possible with this so I'll propably give it a go when I read more of the links.



If I got you right, you want to have a mailserver that will collecting mails from a bunch of pop accounts. There are two ways to do this.
A) Make the servers with your pop accounts automatically forward mails to an address on your server (not all ISPs allow this)
B) Have your server log on to your pop accounts and catch all messages every X minutes (cron script) or when you log in to your own server. This guide makes use of maildir for storage. I know there are scripts around that are able to log on to pop servers and store the mails locally in maildirs. Disadvantage of this is that the mails will not pass through the smtp server and get filtered. The filters will not work on mails passed to the smtp server from localhost. You'll have to pass them through the filters in some other way.
You may want to look into the contrib/test_installation script that comes with qmail-scanner to see how to do that.
Incomming mails are stored in /var/vpopmail/domains/somedomain.tld/.maildir/new


Squirrelmail may use multiple identities (mail addresses) when sending out mail. You may set this up by logging into squirrelmail -> [Settings] -> [Personal info] -> [Add Identity]
When done so you'll have a dropdown to select FROM when composing mail.
Back to top
View user's profile Send private message
jrenraw
n00b
n00b


Joined: 23 Aug 2005
Posts: 16

PostPosted: Sun Feb 18, 2007 1:52 am    Post subject: Reply with quote

Great guide! Do you have the link or updates for section 4? I don't have a vpopchk.sh script or a chkuser_pg package.
Back to top
View user's profile Send private message
Gentoo-Ed
Guru
Guru


Joined: 21 Apr 2005
Posts: 442
Location: the Netherlands

PostPosted: Sun Feb 18, 2007 8:16 am    Post subject: Reply with quote

hi I found the chkuser in the forums here, only sorry to say you'll have to search for I don't recall the thread anymore.
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Sun Feb 18, 2007 11:58 am    Post subject: minor correction Reply with quote

i am performing the install right now. here's one correction.
in step 11, point 2 it should read:
Code:

cp /var/tmp/portage/mail-filter/qmail-scanner-2.01/work/qmail-scanner-2.01/quarantine-events.txt /var/spool/qscan/

at least for my installation.

if i find more stuff to correct i'll post it here.
it would be nice if the chkuser stuff would be also finalised!!!
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Mon Feb 19, 2007 7:51 pm    Post subject: Reply with quote

Latest news:
Added link to chkuser plugin
Added link to qms-loganalyzer
Corrected cp-command pointed out by Radulucian
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Mon Feb 19, 2007 7:53 pm    Post subject: Reply with quote

Gentoo-Ed wrote:
hi I found the chkuser in the forums here, only sorry to say you'll have to search for I don't recall the thread anymore.


That's a different one. Although a source of inspiration. The one used in this I've written myself and it was first published last night.
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Mon Feb 19, 2007 10:30 pm    Post subject: help Reply with quote

one BIG issue.

after doing it all right (ten times over) i still get:

Code:

server ~ # vadddomain test.ro testpass
vmysql: couldn't create database 'vpopmail ': Can't create database 'vpopmail'; database exists
Error - Success. Initial open.


i downgraded mysql to 4.1 i tried everything possible. settings in vpopmail.conf are ok, mysql is running ok, tables are created, still ... no go.

EDIT: SOLVED: the problem was related to an aditional invisible caracter present in /etc/vpopmail.conf
if you encounter this issue simply delete all lines in the vpopmail mysql config file and write them carefully again.


Last edited by radulucian on Sat Feb 24, 2007 10:13 am; edited 1 time in total
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Tue Feb 20, 2007 1:16 am    Post subject: Re: help Reply with quote

radulucian wrote:
one BIG issue.

after doing it all right (ten times over) i still get:

Code:

server ~ # vadddomain test.ro testpass
vmysql: couldn't create database 'vpopmail ': Can't create database 'vpopmail'; database exists
Error - Success. Initial open.



I remember I had something similar a long time ago. Probably in 2004 or so.
The cause of this is that the domain you're trying to create eighter exists in the database or in the filesystem (/var/vpopmail/domains/test.ro)

What I think I did was to delete the domain (using vdeldomain) even if it doesn't exist. Then delete it from the filesystem and finally create it again.

If you have not yet created any useful domains and accounts you might even get around with
Code:

> rm -rf /var/vpopmail/domains/*
mysql> drop database vpopmail

Then recreate the db using the mysql commands from the guide.

Your problem may even be as simple as the dbname/user/password/host in /etc/vpopmail.conf is not correct. Try login to mysql using the information in vpopmail.conf to check this.
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Tue Feb 20, 2007 2:18 pm    Post subject: Reply with quote

Very nice HOWTO :)

I've just completed it, but now I have two issues:

1) SMTP is working fine, I can log in and send an email msg.
The problem is that when I try to log in to receive new msgs from my account - it's impossible. I tried on squirrelmail and thunderbird.
Squirrelmail responds with "Unknown user or password incorrect." I also tried logging in with login@domain and giving only login, also I tried logging in as postmaster. QMailAdmin is working correctly I can manage my accounts.

2) After doing step 11 and running /etc/init.d/spamd start I have an error:
Code:
[7965] error: no connection to syslog available
[7965] error:  - /dev/log is not a socket at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger/Syslog.pm line 80

But anyway it's starting and I hope it's not an important error.

I'm a newbe on linux :oops:

Greetings and thanks to the author for the HOWTO
Back to top
View user's profile Send private message
jrenraw
n00b
n00b


Joined: 23 Aug 2005
Posts: 16

PostPosted: Wed Feb 21, 2007 7:31 am    Post subject: Reply with quote

I've completed the install and am happy to report it is working. I did run into a issue with vpopmail thinking the domains did not exist but this was because I imported a previous vpopmail DB and I guess the domains are stored on disk as well. The fix was simply to try adding the same domain via vadddomain. It would fail with duplicate domain, but after that everything worked.
Back to top
View user's profile Send private message
jrenraw
n00b
n00b


Joined: 23 Aug 2005
Posts: 16

PostPosted: Wed Feb 21, 2007 8:07 am    Post subject: Reply with quote

I noticed that the rcptchk.log has a lot of "This should never run". From the log:

Quote:

qmaild
/usr/bin/sudo -u vpopmail /var/qmail/plugins/chkuser_pg/vpopchk.sh acaxrmtmatefeugdrtd domain.com
sudo return: 1
This should never run


Also, in step 4, seems like there needs to be a step to copy the vpopchk.sh script from /var/qmail/plugins/chkuser_pg/ to /var/vpopmail/bin/ (unless I missed it somewhere else).
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Wed Feb 21, 2007 1:49 pm    Post subject: Reply with quote

jrenraw wrote:
I noticed that the rcptchk.log has a lot of "This should never run". From the log:

Quote:

qmaild
/usr/bin/sudo -u vpopmail /var/qmail/plugins/chkuser_pg/vpopchk.sh acaxrmtmatefeugdrtd domain.com
sudo return: 1
This should never run


Also, in step 4, seems like there needs to be a step to copy the vpopchk.sh script from /var/qmail/plugins/chkuser_pg/ to /var/vpopmail/bin/ (unless I missed it somewhere else).


Thanks for revealing this leftover from my first installation. I think there is one tiny mistake making problems for you.
The guide is now updated, one line changed:
step 4, after visudo. The line to append is now corrected from /var/vpopmail/... to /var/qmail/...

Please let me know if this helps.

Btw, vpopchk.sh is supposed to be located in /var/qmail/plugins/chkuser_pg only.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Wed Feb 21, 2007 1:58 pm    Post subject: Reply with quote

CzesLaW wrote:
Very nice HOWTO :)

I've just completed it, but now I have two issues:

1) SMTP is working fine, I can log in and send an email msg.
The problem is that when I try to log in to receive new msgs from my account - it's impossible. I tried on squirrelmail and thunderbird.
Squirrelmail responds with "Unknown user or password incorrect." I also tried logging in with login@domain and giving only login, also I tried logging in as postmaster. QMailAdmin is working correctly I can manage my accounts.

2) After doing step 11 and running /etc/init.d/spamd start I have an error:
Code:
[7965] error: no connection to syslog available
[7965] error:  - /dev/log is not a socket at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger/Syslog.pm line 80

But anyway it's starting and I hope it's not an important error.

I'm a newbe on linux :oops:

Greetings and thanks to the author for the HOWTO



1) Is the courier-imap service running?
did you miss the line authmodulelist="authvchkpw" in step 7 of the guide?


2) Have you installed syslog?
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Wed Feb 21, 2007 2:13 pm    Post subject: Reply with quote

courier-imapd is running
I have also changed this line from step 7 ...

I have no idea what's going on. I tried to solve it by doing some steps again but it doesn't work. I can't login to squirrelmail and I can't receive messages with thunderbird. It's connecting but then I have error "login failed".

I don't remember installing syslog :/

I have Linux Kernel v2.6.18-hardened but I don't know if it matters ...

EDIT: I've installed syslog-ng... now there is no error ;)
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Thu Feb 22, 2007 12:09 am    Post subject: Reply with quote

CzesLaW wrote:
courier-imapd is running
I have also changed this line from step 7 ...

I have no idea what's going on. I tried to solve it by doing some steps again but it doesn't work. I can't login to squirrelmail and I can't receive messages with thunderbird. It's connecting but then I have error "login failed".

I don't remember installing syslog :/

I have Linux Kernel v2.6.18-hardened but I don't know if it matters ...

EDIT: I've installed syslog-ng... now there is no error ;)


Do you have the same problem using pop instead of imap?
Are you able to connect using telnet on the imap/pop ports?
What kind of authentication did you set with squirrel and tb?
Any firewall blocking?
you have the no-ssl imap server running for squirrel?

I think telnet will be your friend for debugging. Google the imap/pop protocols to see how to get around after initial connection.
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Thu Feb 22, 2007 12:31 am    Post subject: Reply with quote

Quote:
Do you have the same problem using pop instead of imap?

Yes, it's the same on pop3 and imap. I am running pop3, imap, pop3-ssl and imap-ssl
Quote:
What kind of authentication did you set with squirrel and tb?

Type of authentication ? You mean secure or not ? If I set on secure authentication in thunderbird I have msg "server doesn't support secure auth.".
Quote:
Any firewall blocking?

I'm behind a router but I forwarded all ports You mentioned at the beginning of this HOWTO. I have iptables as well but I haven't set anything there yet.

I'll now try this trick with telnet and I hope I'll fix it. Thank You for your help and I'll write back soon ..
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Thu Feb 22, 2007 1:27 am    Post subject: Reply with quote

I've tried it but it doesn't mean anything to me

pop:
Code:
czeslaw@localhost ~ $ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
USER czesio@czeslaw.kicks-ass.org
+OK Password required.
PASS *******
-ERR Login failed.


imap:
Code:
czeslaw@localhost ~ $ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.
A01 login czesio@czeslaw.kicks-ass.org *******
A01 NO Login failed.


for imap and pop3 with ssl I have the same - no response:
Code:
czeslaw@localhost ~ $ telnet localhost 995
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


;(
Back to top
View user's profile Send private message
Gentoo-Ed
Guru
Guru


Joined: 21 Apr 2005
Posts: 442
Location: the Netherlands

PostPosted: Thu Feb 22, 2007 6:54 am    Post subject: Reply with quote

For the IMAP part, check my recent post, where I solved my IMAP issue. It looks simular.
https://forums.gentoo.org/viewtopic-t-541008-highlight-.html
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Thu Feb 22, 2007 9:34 am    Post subject: Reply with quote

CzesLaW wrote:

Quote:
What kind of authentication did you set with squirrel and tb?

Type of authentication ? You mean secure or not ? If I set on secure authentication in thunderbird I have msg "server doesn't support secure auth.".

In Opera I have the following authentication methodes: AUTH-CRAM, AUTH-LOGIN, AUTH-PLAIN, plaintext, none. You'll probably find a few in your app. Try all of them.

CzesLaW wrote:

Quote:
Any firewall blocking?

I'm behind a router but I forwarded all ports You mentioned at the beginning of this HOWTO. I have iptables as well but I haven't set anything there yet.

Telnet will reveal fw-issues


EDIT: Oh, you've tried telnet. Looks like there is no fw-issues. When login failed using pop there should be an error in some logfile. Often /var/log/messages or /var/log/mail*
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Thu Feb 22, 2007 9:49 am    Post subject: Reply with quote

CzesLaW wrote:
courier-imapd is running
I have also changed this line from step 7 ...


You did restart courier-{imap|pop3|authlib} after changing that line?

The solution Gentoo-Ed posted seems to me to be a pam-issue. Vpopmail does not use pam.

Are you able to authenticate using smtp-auth? (to filter out if this is a courier or a vpopmail problem)
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Thu Feb 22, 2007 6:21 pm    Post subject: Reply with quote

I can authenticate using smtp and send message.
I think that my server is listening and receiving messages the only problem is that I can't log in :/

I can't find auth methods in thunderbird.

I checked my logs and I found something interesting:
Quote:
Feb 22 17:53:38 localhost authdaemond: Installing libauthvchkpw
Feb 22 17:53:38 localhost authdaemond: libauthvchkpw.so: cannot open shared object file: No such file or directory


Quote:
You did restart courier-{imap|pop3|authlib} after changing that line?

Yes ..
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 465
Location: Oslo, Norway

PostPosted: Thu Feb 22, 2007 9:19 pm    Post subject: Reply with quote

CzesLaW wrote:
Quote:
Feb 22 17:53:38 localhost authdaemond: Installing libauthvchkpw
Feb 22 17:53:38 localhost authdaemond: libauthvchkpw.so: cannot open shared object file: No such file or directory



That should have showed up when installing vpopmail or courier-imap. Try reemerging them. Maybe delete all config files for those packages before to make sure you get a fresh start.
You got the latest versions? (remembered to emerge --sync before starting)
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Fri Feb 23, 2007 12:40 pm    Post subject: Reply with quote

Ok I've fix it by doing:
Code:
$ emerge courier-authlib
$ etc-update (option -5 to replace old configs)


then I had to repeat step 7 :)

I'll test it later if it works for 100%
Greetz
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2, 3, 4, 5, 6  Next
Page 1 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum