HOWTO: qmail vpopmail courier-imap qmail-scanner etc (NEW)

[Skywacker]

Help,
I can smtp-auth while on my LAN, meaning my pc at work can send mail to everyone in and outside of my virtual domains.

BUT, squirrelmail barfs if I try to email outside of my virtual domains.

Code: Select all

Requested action not taken: mailbox name not allowed
Server replied: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

squirrelmail sends to people on my virtual domains just fine.

For reference:
I have mailserver with 3 virtual domains. All 4 have their own IP address (aliases on 1 NIC).

Squirrelmail is running on the same machine. Squirrelmail is set to use SMTP.

my /etc/tcp.smtp has undergone MANY alterations. Yes I update tcprules everytime I change things. here it is:

Code: Select all

:allow

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
128.252.77.206:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
128.252.77.215:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
128.252.77.164:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# Qmail-Scanner enabled (virus only) for mail from local network, relay allowed
#128.252.77.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

# Qmail-Scanner enabled (virus and spam) for mail from external internet, relay denied
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

Any suggestions?

Thanks for any help. I HAVE to get this solved tomorrow before half my department is traveling and need remote access to their mail.

-skywacker

[Gatak]

You could use SMTP auth with squirrelmail too.

[petterg]

Help,
I can smtp-auth while on my LAN, meaning my pc at work can send mail to everyone in and outside of my virtual domains.

BUT, squirrelmail barfs if I try to email outside of my virtual domains.

Looks like your server doesn't read the tcprules.
Also it looks like you've used some never packages than the guide.
So I believe the server is looking for tcprules in the /etc/tcprules.d folder, and you're talking about /etc/tcp.*. Guess you've been playing with the wrong files!

[petterg]

I'm just using kmail to test the settings on the localhost at the moment eventually i will be using the mail sever externally. Still having problems tho and Kmail is setup up properly with the settings metioned above. i'm still getting authorization failed (#5.7.0).

Try Telnet localhost 25 and do
mail from: alocaluser@alocaldomain.tld
rcpt to: aNONElocaluser@NOTalocaldomain.tld
data
<body of message here>
<carriage return>
.

If you get error on this you may have same problem as Gatak (read my post a few minutes before this one)

I'm stuck I don't know what else to try unless i just redo the whole box but I really don't want to do that cause KDE took 3 days to compile :(

Thats why I never install any DE on my servers. KDE also needs to be recompiled quite often when doing emerge world. For home server I rathe pull a Pentium 2 out of some garbage container than use my home pc.

[Skywacker]

You could use SMTP auth with squirrelmail too.

how?

[Gatak]

You could use SMTP auth with squirrelmail too.

how?

Run the configure script and go to SMTP settings. There you can change the SMTP Authentication options. You have four options: none, login, cram-md5, or digest-md5.

Code: Select all

SMTP Settings
-------------
4.   SMTP Server           : 127.0.0.1
5.   SMTP Port             : 25
6.   POP before SMTP       : false
7.   SMTP Authentication   : login
8.   Secure SMTP (TLS)     : false

A.  Update IMAP Settings   : 127.0.0.1:8143 (courier)
H.  Hide SMTP Settings

R   Return to Main Menu
C.  Turn color off
S   Save data
Q   Quit

Command >> 7

If you have already set the hostname and port number, I can try to
automatically detect the mechanisms your SMTP server supports.
Auto-detection is *optional* - you can safely say "n" here.

Try to detect auth mechanisms? [y/N]: n

What authentication mechanism do you want to use for SMTP connections?
none - Your SMTP server does not require authorization.
login - Plaintext. If you can do better, you probably should.
cram-md5 - Slightly better than plaintext.
digest-md5 - Privacy protection - better than cram-md5.

*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***
If you don't understand or are unsure, you probably want "none"

none, login, cram-md5, or digest-md5 [login]:

[Skywacker]

My god, I could kiss you. I did not even see that you could go into the SMTP settings. This has totally saved my day/job.

[Skywacker]

You ever get this to work? Outlook, OE work fine. Thunderbird pauses 5 seconds because it fails the first try, but then works. Eudora fails outright.

thunderbird auth's look like this:

Code: Select all

Jan 19 14:18:56 mailserver vpopmail[26868]: vchkpw-smtp: password fail user@email.com:xxx.xxx.xxx.xxx
Jan 19 14:19:01 mailserver vpopmail[26870]: vchkpw-smtp: (PLAIN) login success user@email.com:xxx.xxx.xxx.xxx

it fails, but then works.

outlook just works:

Code: Select all

Jan 19 12:47:57 mailserver vpopmail[24561]: vchkpw-smtp: (PLAIN) login success user@email.com:xxx.xxx.xxx.xxx

eudora fails:

Code: Select all

Jan 19 14:25:02 mailserver vpopmail[27214]: vchkpw-smtp: password fail user@email.com:xxx.xxx.xxx.xxx

HOO-RAH! I found the problem with smtp-auth. Sabrex was half-right. SMTP-AUTH *was* working, kinda. As it turns out, with the newest release of vpopmail (5.4.0) which he has us install in this HOWTO, plain, and login authentication is supported. CRAM-MD5 is *NOT*. The only reason I'm having a problem, and noone else seems to be, is because Eudora (my fav winbloz client) uses CRAM-MD5 for authentication. Many of the program for linux use LOGIN. After searching the inter7 website for hours on end, I found this:

IF USING SMTP AUTH PATCH TO QMAIL-SMTPD

* This release of vpopmail includes fixes for vchkpw that may break
certain SMTP AUTH implementations. If SMTP AUTH fails after
installing vpopmail 5.4.x, you may need to use the
qmail-smtpd-auth-0.4.2 patch included in the contrib directory.

* If you do switch to the 0.4.2 SMTP AUTH patch, you may need to update
your qmail-smtpd run file (the first parameter to qmail-smtpd should
now be the path to vchkpw and not the hostname).

Now, the said patch file is where the guy said it should be, but I have *NO* clue how to install it. In fact, I believe there's a newer version. 0.4.3 now- at least according to http://www.fehcom.de/qmail/smtpauth.html

So here's my question, since I've been brought up the craptastic world of windows. How the hell do I install this patch? It's talking about re-making qmail. Since I used the ebuild, is this even possible?

Maybe someone with lots of smarts can educate me on how to install this patch, which would allow CRAM-MD5 auth to work with the current ver of vpopmail.

TIA

Thanks for your help,
Skywacker
[/code]

[sucarino]

You ever get this to work? Outlook, OE work fine. Thunderbird pauses 5 seconds because it fails the first try, but then works. Eudora fails outright.

thunderbird auth's look like this:

Code: Select all

Jan 19 14:18:56 mailserver vpopmail[26868]: vchkpw-smtp: password fail user@email.com:xxx.xxx.xxx.xxx
Jan 19 14:19:01 mailserver vpopmail[26870]: vchkpw-smtp: (PLAIN) login success user@email.com:xxx.xxx.xxx.xxx

it fails, but then works.

eudora fails:

Code: Select all

Jan 19 14:25:02 mailserver vpopmail[27214]: vchkpw-smtp: password fail user@email.com:xxx.xxx.xxx.xxx

Sky, have a look at http://forums.gentoo.org/viewtopic.php?t=262841&. The solution works very well for me.

[Skywacker]

Thanks for the link. However I could not qmail ebuild to unpack nicely, so I found a different fix.

I turned off Cram-MD5 in Eudora by adding this line to the eudora.ini file:

Code: Select all

SMTPAuthBanished="CRAM-MD5" 

I only have one user who uses Eudora, so this works for me. The other thread may be a better fix for a large number of users running Eudora. Thunderbird has a few second delay because of the same problem. I'll see if I can get it fixed.

-Skywacker

[seriousmoose]

skywacker, try filing a bug report in bugs.gentoo.org seeing if they can't add another use variable to turn that define on and off.

Otherwise, it should be straightforward...

ebuild ...qmail.ebuild unpack
[edit the files/install the patch]
ebuild ...qmail.ebuild install

of course, once you do that, you will probably want to ... quickpkg it so you don't have to go through that again, if you ever run in to problems. You can also bzip the source up if you are really paranoid

[kswtch]

Can anyone tell me how to use procmail with this qmail/vpopmail setup?
I want to use fetchmail to get some mails from other accounts and use procmail to deliver them in different folders. It's working fine for the .maildir/ in my users home folder, but not with the vpopmail one in /var/vpopmail/domains/<domain>/<user>/.maildir/

-kswtch

[superscotty19]

Hello everyone!

I am a (very) recent convert to Gentoo, and from what I've seen, I think we're going to have a *beautiful* relationship

I have followed this tutorial, alongside the original, to a tee. I am now at the stage of testing the completed system but, as suggested in this tutorial, I am having problems a few steps back, stemming from right here:

install qmail-scanner. for this to work, you may have to force the install of maildrop.

Code:
> emerge /usr/portage/net-mail/maildrop/maildrop-1.5.3-r1.ebuild
> emerge /usr/portage/net-mail/qmail-scanner/qmail-scanner-1.16-r2.ebuild

Please log into the "qmaild" account and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g. "setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl -g"
or "su qmaild -c "/var/qmail/bin/qmail-scanner-queue.pl -g")

The error I am getting when I run:

Code: Select all

setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl -g

is:

Code: Select all

perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
X-Qmail-Scanner-1.24st:() cannot open for write /var/spool/qmailscan/quarantine-attachments.db.tmp - Permission Denied

And when I run:

Code: Select all

su qmaild -c "/var/qmail/bin/qmail-scanner-queue.pl -g

Abolutely nothing happens.

So I guess this is a good(?) thing because I was warned this might happened. Now, the tutorial refers to a FAQ for the solution, but I don't know what FAQ it's referring to, and even after scouring Google, I'm still getting nothing. I'm sure this is a simple problem, but don't know what to do (and I'm so close to being done!) Could someone please help me?

Thanks!
-Scott.

[superscotty19]

Looks like I've found the solution (and another great tutorial to boot!)

http://www.olausson.de/content/view/13/40/

-Scott.

[seriousmoose]

awesome...

You can get around the section in his article about the qmail-scanner by running:

setuidgid qscand qmail-scanner-queue -g
setuidgid qscand qmail-scanner-queue -z

This (combined with a few other things) will make it so you don't have to chown your dirs. Well, you probably should follow his example perfect

[Gatak]

I was using the qmail setup that this thread is a guide to. I always thought it a little odd that so many programs are needed to make email work.

So, I removed qmail, qmail-scanner, vpopmail and courier-imap and installed mail-mta/courier instead. It contains a full SMTP and IMAP/POP server and has MySQL support built in. It handles virtual domains and aliases easy. Not to mention courier uses less resources than qmail =) Another benefit is that you can use SMTP AUTH with various crypto schemes like CRAM-MD5. Qmail+vpopmail was limited in this respect.

You can get help from #courier on irc.freenode.net. There is a Gentoo guide at http://www.brianandsara.net/gentoo/docs ... -howto.php and another at http://perlstalker.amigo.net/courier/ (very good resource!).

Spamassassin integration is very easy too. There is a script called vuser that makes it easier to add users and aliases to your MySQL database. It is not difficult to do manually though.

Good Luck!

ps.
You need to remove/uninstall vpopmail from your system before installing courier.
ds.

[seriousmoose]

now that my system works, I think I'll leave it until it breaks (prob never because I won't be doing any sync/update for a while)... when it breaks, I'll try courier. good to know though

[cybris]

Ok well I re-installed gentoo from the start fresh install nothing else on it. Followed the how to straight thru. I can send email locally just find but when I try to send it externally to yahoo. i get that stupid error that server isn't in my allowed list of rcpthosts.

now i setup my tcp.smtp rules just as the guide has it. it looks exactly the same. and no I don't even have a /etc/tcprules.d directory so I know I'm using the correct tcprules file.

How do I setup my tcp.smtp file so i can send mail to places like yahoo, msn, and other domains without making a long list in my rcpthosts file.

[Gatak]

cybris, try SMTP AUTH (plain/login) with your clients.

[cybris]

nm duh I fell stupid didn't have the checkbox selected for my sever requires authentication in outlook.

[shadowteller]

I was using the qmail setup that this thread is a guide to. I always thought it a little odd that so many programs are needed to make email work.

I did as well....so I started playing with this install type.

I was following the "brianandsara" howto and I got locked up on this
5. Setup maildir's

Code: Select all

for every user's directory you need to change to the directory and run: 
$ maildirmake .maildir 
$ you need to set ownership to the uid and gid of the courier user (normally "mail")

This fails to make sense...if I change the uid to say webmaster...thenwebmaster is no longer owner of his onw directory. I mean I can make hime a member of the group users and mail. But changing his uid?

Someone ought to wrtie a good current howto for this....maybe I will once I debug my own problems....

[boaworm]

Excellent guide, it's a setup which is quite similar to what I'm running in a production environment. Although, I have a "serious" problem.

Evertime I do an emerge sync or an etc-update, gentoo runs "find" to locate files that are updated and so on. This process takes extremely long time on a loaded email system with millions of files (emails) in /var/vpopmail/domains, because the "find" process obviously wants to look through that directory.

Have you, or anyone else, come up with a solution to remove certain paths from the etc-update and emerge sync "procedures" ?

[cybris]

thanks to everyone so much espcially petterg for his advice. I finally have a working webserver/mailserver with mysql and php. This is my first time really using Gentoo although i've used linux for awhile now. Everything is runinning smooth now

[newtonian]

Hi-

I bought a cheap certificate for my domain from public CA. I installed the certificate on apache and everything works fine.

Can I use the same cert with my qmail (SMTPS) vpopmail(pop3s) setup from this tutorial?
I'm currently using these files for apache:

/etc/apache2/conf/ssl/mydomain.tld.key
/etc/apache2/conf/ssl/mydomain.tld.crt
/etc/apache2/conf/ssl/sf_issuing.crt


Cheers,

[petterg]

newtonian: I would guess you could just copy the certificate files to where the other applications are looking for it.