Qmail with SMTP authentication, Vpopmail and Dovecot Installation HOWTO


Note: This article doesn't cover all options of qmail installation & configuration. Please refer Life with qmailfor a complete guide in qmail.


This howto was designed as a quick start or reference guide to a simple Qmail install.


1. Qmail

qmail is a secure, reliable, efficient, simple message transfer agent. It is meant as a replacement for the entire sendmail-binmail system on typical Internet-connected UNIX hosts.


Secure: Security isn't just a goal, but an absolute requirement. Mail delivery is critical for users; it cannot be turned off, so it must be completely secure.


Reliable: qmail's straight-paper-path philosophy guarantees that a message, once accepted into the system, will never be lost. qmail also supports maildir, a new, super-reliable user mailbox format. Maildirs, unlike mbox files and mh folders, won't be corrupted if the system crashes during delivery. Even better, not only can a user safely read his mail over NFS, but any number of NFS clients can deliver mail to him at the same time.


Efficient: On a Pentium under BSD/OS, qmail can easily sustain 200000 local messages per day---that's separate messages injected and delivered to mailboxes in a real test! Although remote deliveries are inherently limited by the slowness of DNS and SMTP, qmail overlaps 20 simultaneous deliveries by default, so it zooms quickly through mailing lists.


Simple: qmail is vastly smaller than any other Internet MTA. Some reasons why:


(1) Other MTAs have separate forwarding, aliasing, and mailing list mechanisms. qmail has one simple forwarding mechanism that lets users handle their own mailing lists.

(2) Other MTAs offer a spectrum of delivery modes, from fast+unsafe to slow+queued. qmail- send is instantly triggered by new items in the queue, so the qmail system has just one delivery mode: fast+queued.

(3) Other MTAs include, in effect, a specialized version of inetd that watches the load average. qmail's design inherently limits the machine load, so qmail-smtpd can safely run from your system's inetd.


Replacement for sendmail: qmail supports host and user masquerading, full host hiding, virtual domains, null clients, list-owner rewriting, relay control, double-bounce recording, arbitrary RFC 822 address lists, cross-host mailing list loop detection, per-recipient checkpointing, downed host backoffs, independent message retry schedules, etc. In short, it's up to speed on modern MTA features. qmail also includes a drop-in ``sendmail'' wrapper so that it will be used transparently by your current UAs.


2. Required packages


There are five packages needed for this qmail install.

2.1 netqmail-1.06.tar.gz

qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts. As of October 2001, qmail is the second most common SMTP server on the Internet, and has by far the fastest growth of any SMTP server.


2.2 ucspi-tcp-0.88.tar.gz

It is a tool similar to inetd. ucspi-tcp listens in 25 port and spawns qmail-smtpd when required. ucspi-tcp stands for Unix Client Server Program Interface for TCP.


2.3 daemontools-0.76.tar.gz

daemontools is actually a tool to manage & monitor daemons linux. It is used in qmail as well to manage qmail daemons.


2.4 checkpassword-0.90.tar.gz

checkpassword provides a simple, uniform password-checking interface to all root applications. It is suitable for use by applications such as login, ftpd, and pop3d.


2.5 qmail-smtpd-auth-0.31.tar.gz


This patch enables SMTP AUTH protocol with following auth types: LOGIN, PLAIN and CRAM-MD5.


3. Qmail Install


3.1 Get the files


Download files and place them into the /usr/local/src directory. This document refers to that directory for install procedures.


========================================================

cd /usr/local/src

wget http://www.qmail.org/netqmail-1.06.tar.gz

wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz

wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz

wget http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz

wget http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.31.tar.gz

=========================================================


Now create /package directory and move daemontools-0.76.tar.gz to /package.


=========================================================

mkdir /package

mv -iv /usr/local/src/daemontools-0.76.tar.gz /package

=========================================================


3.2 Create users and groups


Run following commands one by one, to create required users & groups


==============================================

groupadd nofiles

useradd -g nofiles -d /var/qmail qmaild

useradd -g nofiles -d /var/qmail qmaill

useradd -g nofiles -d /var/qmail qmailp

useradd -g nofiles -d /var/qmail/alias alias

groupadd qmail

useradd -g qmail -d /var/qmail qmailq

useradd -g qmail -d /var/qmail qmailr

useradd -g qmail -d /var/qmail qmails

==============================================


3.3 Compile & Install


Untar the Qmail source


============================

cd /usr/local/src

tar -xzvf netqmail-1.06.tar.gz

===========================


Apply the SMTP patch


=============================================================

cd /usr/local/src

tar -xzvf qmail-smtpd-auth-0.31.tar.gz

cd qmail-smtpd-auth-0.31/

cp README.auth base64.c base64.h ../netqmail-1.06


patch -d ../netqmail-1.06 < auth.patch

=============================================================


Compile & install qmail.


===================================

cd /usr/local/src/netqmail-1.06

make setup check

===================================


4. Configure Qmail


4.1 Post Installation setup


Post installation configuration can be done by running following script.


=============

./config;

==============


4.2 Configure Qmail aliases.


Create a user named "adminmails" to receive all administrator emails.


================================================

useradd adminmails;

cd ~alias;

echo "adminmails" > .qmail-postmaster;

echo "adminmails" > .qmail-mailer-daemon;

echo "adminmails" > .qmail-root;

echo "adminmails" > .qmail-abuse;

chmod 644 ~alias/.qmail* ;

==============================================


Create Maildir for "adminmails" user


========================================

su - adminmails

/var/qmail/bin/maildirmake ~/Maildir

========================================


4.3 Configure Qmail to use Maildir


Now we need to configure qmail to use the Maildir Format.


Create "/var/qmail/rc" with following contents.


====================================================================================

#!/bin/sh

# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default

exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"

=====================================================================================


Make "/var/qmail/rc" executable


============================

chmod 755 /var/qmail/rc

============================


Create "/var/qmail/control/defaultdelivery" file.


=====================================================

echo ./Maildir/ >/var/qmail/control/defaultdelivery

=====================================================


4.4 Replace Sendmail binaries


======================================================

chmod 0 /usr/lib/sendmail ;

chmod 0 /usr/sbin/sendmail ;

mv /usr/lib/sendmail /usr/lib/sendmail.bak ;

mv /usr/sbin/sendmail /usr/sbin/sendmail.bak ;

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail ;

ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

=======================================================


5. Install ucspi-tcp


Untar the ucspi-tcp source.


=============================================================

cd /usr/local/src/

tar -xzvf ucspi-tcp-0.88.tar.gz

==============================================================


Patch ucspi-tcp with "ucspi-tcp-0.88.errno.patch" provided with net qmail.


==============================================================================

cd ucspi-tcp-0.88

patch < /usr/local/src/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch

===============================================================================


Install ucspi-tcp.


========================

make

make setup check

=========================


6. Install checkpassword


Untar checkpassword source.


=========================================

cd /usr/local/src

tar -xzvf checkpassword-0.90.tar.gz

=========================================


Patch checkpassword with "checkpassword-0.90.errno.patch" provided with net qmail.


================================================================

cd checkpassword-0.90

patch < /usr/local/src/netqmail-1.06/other-patches/checkpassword-0.90.errno.patch

================================================================


Install checkpassword.


==================================

make ;

make setup check

==================================


7. Install daemontools


Untar the daemontools source


=========================================

cd /package

tar -xzvf daemontools-0.76.tar.gz

=========================================


Patch daemontools with "daemontools-0.76.errno.patch" provided with net qmail.


=========================================================================

cd /package/admin/daemontools-0.76/src

patch < /usr/local/src/netqmail-1.06/other-patches/daemontools-0.76.errno.patch

=========================================================================


Install daemontools


====================

cd ..

package/install

====================


8. Qmail Startup script


The "qmailctl" script is used as startup script for qmail.


8.1 Download qmailctl


===========================================================

cd /var/qmail/bin/

wget http://lifewithqmail.org/qmailctl-script-dt70

===========================================================


8.2 Setup qmailctl


========================================

mv -iv qmailctl-script-dt70 qmailctl

chmod 755 /var/qmail/bin/qmailctl

ln -s /var/qmail/bin/qmailctl /usr/bin

========================================



9. Setup qmail-send & qmail-smtpd


9.1 Create supervise script directories for qmail daemons


Create supervise directories for qmail-send, qmail-smtpd & qmail-pop3d.


======================================================

mkdir -p /var/qmail/supervise/qmail-send/log

mkdir -p /var/qmail/supervise/qmail-smtpd/log

mkdir -p /var/qmail/supervise/qmail-pop3d/log

======================================================


9.2 Create supervise script for qmail-send


Create supervise script for qmail-send with name "/var/qmail/supervise/qmail-send/run".


The file should have following contents.


====================

#!/bin/sh

exec /var/qmail/rc

====================


9.3 qmail-send log daemon supervise script


Create qmail-send log daemon supervise script with name "/var/qmail/supervise/qmail-send/log/run".


The script should have following contents


======================================================================================

#!/bin/sh

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail

======================================================================================


9.4 qmail-smtpd daemon supervise script


Create qmail-smtpd daemon supervise script with name "/var/qmail/supervise/qmail-smtpd/run".


The script should have following contents


=========================================================================================

#!/bin/sh


QMAILDUID=`id -u qmaild`

NOFILESGID=`id -g qmaild`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

LOCAL=`head -1 /var/qmail/control/me`


if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then

echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in

echo /var/qmail/supervise/qmail-smtpd/run

exit 1

fi


if [ ! -f /var/qmail/control/rcpthosts ]; then

echo "No /var/qmail/control/rcpthosts!"

echo "Refusing to start SMTP listener because it'll create an open relay"

exit 1

fi


exec /usr/local/bin/softlimit -m 9000000 \

/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \

-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

==========================================================================================


Create the concurrencyincoming control file.


======================================================

echo 20 > /var/qmail/control/concurrencyincoming

chmod 644 /var/qmail/control/concurrencyincoming

======================================================


9.5 qmail-smtpd log daemon supervise script


Create qmail-smtpd log daemon supervise script with name "/var/qmail/supervise/qmail-smtpd/log/run".


The script should have following contents


========================================================================================

#!/bin/sh

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd

========================================================================================


9.6 Create the log directories and add execute permissions on the run scripts.


=====================================================

mkdir -p /var/log/qmail/smtpd


chown qmaill /var/log/qmail

chown qmaill /var/log/qmail/smtpd


chmod 755 /var/qmail/supervise/qmail-send/run

chmod 755 /var/qmail/supervise/qmail-send/log/run


chmod 755 /var/qmail/supervise/qmail-smtpd/run

chmod 755 /var/qmail/supervise/qmail-smtpd/log/run


======================================================


10. Create soft link for the daemons in /service folder


10.1 Add qmail-send to /service folder


=================================================================

ln -s /var/qmail/supervise/qmail-send /service/qmail-send

=================================================================


10.2 Add qmail-smtpd to /service folder


===================================================================

ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

===================================================================



Note 1: The /service directory is created when daemontools is installed.


Note 2: The qmail system will start automatically shortly after these links are created.


If you don't want it running now, do: qmailctl stop


11. Install Vpopmail


11.1 Download Vpopmail


===========================================

cd /usr/local/src/build

wget http://downloads.sourceforge.net/project/vpopmail/vpopmail-stable/5.4.28/vpopmail-5.4.28.tar.gz?use_mirror=biznetnetworks

===========================================


11.2 Extract Vpopmail


==============================================================

tar -xzvf vpopmail-5.4.28.tar.gz

==============================================================


11.3 Compile & build Vpopmail


========================================================

cd vpopmail-5.4.28

========================================================

useradd vpopmail

========================================================

groupadd vchkpw

========================================================

./configure

========================================================

make

========================================================

make install-strip

========================================================


12. Install Dovecot


12.1 Download dovecot


====================================================================

cd /usr/local/src/build

wget http://www.dovecot.org/releases/1.2/dovecot-1.2.6.tar.gz

====================================================================


12.2 Extract dovecot


====================================================================

tar -xzvf dovecot-1.2.6.tar.gz

====================================================================


12.3 Compile & build dovecot


========================================================================

cd dovecot-1.2.5

========================================================================

./configure --with-ioloop=IOLOOP --with-notify=NOTIFY --with-ssl=openssl --with-passwd --with-passwd-file --with-shadow --with-pam --with-checkpassword --with-vpopmail --with-static-userdb

========================================================================

make

========================================================================

make install

========================================================================


12.4 Create certificate


================================================================

mkdir -p /etc/ssl/certs/

mkdir -p /etc/ssl/private/


cd /usr/local/src/build/dovecot-1.2.5/doc/

chmod 755 mkcert.sh

./mkcert.sh

================================================================


This will create /etc/ssl/certs/dovecot.pem & /etc/ssl/private/dovecot.pem


12.5 Create /etc/pam.d/dovecot


Contents of /etc/pam.d/dovecot is given below.


==================================================

auth required pam_unix.so nullok

account required pam_unix.so

==================================================


12.6 Create dovecot.conf file


=================================================================================

cp -pv /usr/local/etc/dovecot-example.conf /usr/local/etc/dovecot.conf

=================================================================================


12.7 Edit dovecot.conf


Modify /usr/local/etc/dovecot.conf as given below.


Change -1


==============================

#protocols = imap imaps

==============================

to

==============================================

protocols = imap imaps pop3 pop3s

==============================================


Change -2


==============================

# disable_plaintext_auth = yes

==============================

to

==============================

disable_plaintext_auth = no

==============================


Change -3


=============================================================

#ssl_cert_file = /etc/ssl/certs/dovecot.pem

#ssl_key_file = /etc/ssl/private/dovecot.pem

=============================================================

to

===============================================================

ssl_cert_file = /etc/ssl/certs/dovecot.pem

ssl_key_file = /etc/ssl/private/dovecot.pem

===============================================================


Change -4


=================================

#first_valid_uid = 500

=================================

to

=================================

first_valid_uid = 89

=================================


Change -5


==================================

#first_valid_gid = 1

==================================

to

==================================

first_valid_gid = 1

==================================


Change -6


====================================

#passdb vpopmail {


#}

====================================

to

====================================

passdb vpopmail {


}

====================================


Change -7


====================================

#userdb vpopmail {

#}

====================================

to

====================================

userdb vpopmail {

}

====================================


12.8 Create Dovecot startup script


Create /etc/init.d/dovecot with following contents.


=================================================================

#!/bin/bash

#

# /etc/rc.d/init.d/dovecot

#

# Starts the dovecot daemon

#

# chkconfig: - 65 35

# description: Dovecot Imap Server

# processname: dovecot

# Source function library.

. /etc/init.d/functions


test -x /usr/local/sbin/dovecot || exit 0


RETVAL=0

prog="Dovecot Imap"


start() {

echo -n $"Starting $prog: "

daemon /usr/local/sbin/dovecot

RETVAL=$?

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dovecot

echo

}


stop() {

echo -n $"Stopping $prog: "

killproc /usr/local/sbin/dovecot

RETVAL=$?

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dovecot

echo

}


#

# See how we were called.

#

case "$1" in

start)

start

;;

stop)

stop

;;

reload|restart)

stop

start

RETVAL=$?

;;

condrestart)

if [ -f /var/lock/subsys/dovecot ]; then

stop

start

fi

;;

status)

status /usr/local/sbin/dovecot

RETVAL=$?

;;

*)

echo $"Usage: $0 {condrestart|start|stop|restart|reload|status}"

exit 1

esac


exit $RETVAL

==================================================================


Now, make /etc/init.d/dovecot executable


==============================================

chmod 755 /etc/init.d/dovecot

==============================================


12.9 Create dovecot user


=====================

useradd dovecot

=====================


12.10 Start dovecot


==============================

/etc/init.d/dovecot start

==============================


13. Vpopmail commands


Vpopmail tools are located in /home/vpopmail/bin/


======================

authvchkpw

clearopensmtp

dotqmail2valias

vaddaliasdomain

vadddomain

vadduser

valias

vchangepw

vchkpw

vconvert

vdeldomain

vdelivermail

vdeloldusers

vdeluser

vdominfo

vipmap

vkill

vlist

vmkpasswd

vmoddomlimits

vmoduser

vpasswd

vpopbull

vpopmaild

vsetuserquota

vusagec

vuserinfo

======================


13.1 Adding a domain


Domain can be added using following command


==========================================================================

/home/vpopmail/bin/vadddomain testdomain.net

==========================================================================


13.2 Adding an email account.


Email address is added using following command


=======================================================

/home/vpopmail/bin/vadduser test@testdomain.net

=======================================================


14. Tweak Qmail installation for SMTP authentication


14.1 Configure qmail-smtpd run file


cd /service/qmail-smtpd


cp -pv run run.bak


Modify run file as given below.


========================

#!/bin/sh


QMAILDUID=`id -u qmaild`

NOFILESGID=`id -g qmaild`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

LOCAL=`head -1 /var/qmail/control/me`


if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then

echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in

echo /var/qmail/supervise/qmail-smtpd/run

exit 1

fi


if [ ! -f /var/qmail/control/rcpthosts ]; then

echo "No /var/qmail/control/rcpthosts!"

echo "Refusing to start SMTP listener because it'll create an open relay"

exit 1

fi


exec /usr/local/bin/softlimit -m 100000000 \

/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \

-u 508 -g 508 0 smtp /var/qmail/bin/qmail-smtpd server.domain.com /home/vpopmail/bin/vchkpw /bin/true 2>&1

==========================


==============================

Note 1: 508 is the UID & GID of vpopmail


-bash-3.2# grep 508 /etc/passwd

vpopmail:x:508:508::/home/vpopmail:/bin/bash


Note 2: Don't forget to replace server.domain.com with your hostname in FQDN format.

==============================


14.2 Configure vchkpw


cp -pv /home/vpopmail/bin/vchkpw /home/vpopmail/bin/vchkpw.bak


chmod 755 /home/vpopmail/


chmod 4755 /home/vpopmail/bin/vchkpw


chown root.root /home/vpopmail/bin/vchkpw


qmailctl stop

qmailctl start

qmailctl stat



15 Restart services


Now, we have to restart Qmail & Dovecot.


15.1 Restart Qmail


========================================

qmailctl stop

qmailctl start

========================================


15.2 Restart Dovecot


========================================

/etc/init.d/dovecot restart

========================================


16. Additional Package Installation


yum install make

yum install patch

yum install gcc

yum install pam-devel

yum install openssl*


Reference

1. http://tac-au.com/howto/qmail-mini-HOWTO.txt

2. http://www.lifewithqmail.org/lwq.html


Important Notice

1. Rights to portions in red colour belongs to Life with qmail and those portions are licensed under OpenContent License, version 1.0.

2. This article as a whole is also licensed under OpenContent License, version 1.0.

3. See http://www.opencontent.org/opl.shtml for the full license.