A professional mail server with qmail and vpopmail

8 luglio 2006 — Giuseppe

    Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches:

    SMTP-AUTH for Debian Sarge 3.1 (Fixed)
    qmail-dnsbl patch (added logging)
    qmail-queue-custom-error.patch (for simscan)
    qmail-smtp-log-patch
    chkuser 2.0


    qmail-dnsbl patch lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.
    If the check fails, the server closes the SMTP conversation before receiving the mail, avoiding any resource wasting.

    chkuser 2.0 The original qmail-smtpd accepts by default all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existing recipient, a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.

    chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.
    qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus avoiding additional traffic, workload and messages bounced more times.

    These goals are achieved by enquiring the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.

    chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of “who’s sending to whom”. This can facilitate any further enhancements of anti-SPAM features.

    N.B. Current qmail version works only with my vpopmail-mysql package!

    You can get more details here: http://debian.iuculano.it


    So, let’s go, in less than ten minutes we can have a full performant mail server!

    Just open your terminal and add my deb repository in your sources.list:

    debian:~# vi /etc/apt/sources.list

    Add these lines:

    deb     http://debian.iuculano.it/apt  sarge main contrib non-free
deb-src http://debian.iuculano.it/apt  sarge main contrib non-free

    and:

    debian:~# apt-get update

    My vpopmail package uses mysql backend, so we need mysql-server:

    apt-get install mysql-server

    It is strongly recommended to set a password for the mysql root user
    (which is NOT the same as the “normal” root user) with the command:

    mysqladmin -u root password 'enter-your-good-new-password-here'

    debian:~# mysqladmin -u root -p create vpopmail
debian:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'localhost' \
IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)

mysql> quit
Bye
debian:~#

    Good, now we can install qmail, vpopmail, spamassasin

    debian:~# apt-get install qmail-src spamassassin vpopmail-mysql spamc razor
pyzor ucspi-tcp-src libmailtools-perl libmail-spf-query-perl libsys-hostname-long-perl

    Now we build ucspi-tcp

    debian:~# build-ucspi-tcp

    And finally, we build qmail!

    debian:~# build-qmail

    Don’t worry if you get an error message when installing the .deb package; we need to remove exim4!

    debian:~# dpkg --force-depends --purge exim4 exim4-base exim4-config exim4-daemon-light

    Now:

    debian:~# dpkg -i /tmp/qmail/qmai*.deb

    Very well, now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail

    If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS

    If you want chkuser you should replace:

    -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \

    with:

    -u vpopmail -g vckpw -x /etc/tcp.smtp.cdb 0 smtp \

    Setting your mail name:

    vi /etc/qmail/me

    And add your mail name, for example mail.domain.org

    Setting mysql username and password for vpopmail

    debian:~# vi /etc/vpopmail/vpopmail.mysql

    and restart qmail and popmail POP3

    debian:~# /etc/init.d/qmail restart && /etc/init.d/vpopmail-mysql restart
Stopping mail-transfer agent: qmail.
Starting mail-transfer agent: qmail.
Restarting vpopmail pop3 server: vpopmail.
debian:~#

    Very well, we ‘re almost done!!

    Some check-ups:

    debian:~# apt-get install recode
[...]
debian:~# vadddomain test.bogus
Please enter password for postmaster:
enter password again:
debian:~# ls -la /var/lib/vpopmail/domains/
totale 3
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 .
drwxr-xr-x  6 root     root   1024 2006-07-07 16:09 ..
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus
debian:~# echo -en "postmaster@test.bogus" | recode data..base64
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
debian:~# echo -en "test" | recode data..base64
dGVzdA==
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~# less /var/log/syslog
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO TEST
250 mail.domain.com
EHLO
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
334 UGFzc3dvcmQ6
dGVzdA==
235 ok, postmaster@test.bogus, go ahead (#2.0.0)
mail from: test@nonexact.from
511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
mail from: test@test.com
250 ok
RCPT TO: notexist@test.bogus
511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
RCPT TO: postmaster@test.bogus
250 ok
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~#

    Good! Everything seems to work finely!

    Now, the last thing you have to do is:

    debian:~# apt-get install qmailadmin autorespond ezmlm-src clamav clamav-daemon clamav-freshclam

    Install simscan (http://www.inter7.com/simscan/simscan-1.2.tar.gz) and edit init.d/qmail !

    Simscan ./configure example:

    ./configure --enable-user=clamav --enable-clamav=y --enable-custom-smtp-reject=y --enable-attach=y
 --enable-spam=y --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y
--enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n
--enable-quarantinedir=/var/qmail/quarantine --enable-dropmsg=y
    VN:F [1.8.4_1055]
    Rating: 7.0/10 (1 vote cast)
    VN:F [1.8.4_1055]
    Rating: 0 (from 0 votes)

    Popularity: 3% [?]

    Posted in Debian, Linux. Tags: , , , , , , , , , . 3 commenti »