Full Installation Guide - Basic Qmail Installation

From Qmail-LDAP Wiki

Jump to: navigation, search

Up

Contents

Users creation

Basic users for qmail installation.

FreeBSD

pw groupadd nofiles
pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent 
pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent  
pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent  
pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent 
pw groupadd qmail  
pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent 
pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent  
pw useradd qmails -g qmail -d /var/qmail -s /nonexistent 
#para almacenamiento
pw groupadd vmail -g 2110
pw useradd vmail -u 11184 -g vmail -d /home/vmail -s /bin/true
mkdir /home/vmail
chown -R vmail:vmail /home/vmail
#para anvtirus
pw groupadd simscan
pw useradd simscan -g simscan -s /sbin/nologin -d /nonexistent

Debian

#basicos
groupadd nofiles  
useradd -g nofiles -d /var/qmail/alias alias 
useradd -g nofiles -d /var/qmail qmaild  
useradd -g nofiles -d /var/qmail qmaill  
useradd -g nofiles -d /var/qmail qmailp  
groupadd qmail 
useradd -g qmail -d /var/qmail qmailq 
useradd -g qmail -d /var/qmail qmailr  
useradd -g qmail -d /var/qmail qmails 
#para almacenamiento
groupadd vmail -g 2110
useradd vmail -u 11184 -g vmail -d /home/vmail -s /bin/true
mkdir /home/vmail
chown -R vmail:vmail /home/vmail
#para anvtirus
groupadd simscan
useradd simscan -g simscan -s /sbin/nologin -d /tmp

In Debian you can also do: 

apt-get  install  libssl-dev zlib1g-dev

to be sure that you have the required libraries.

Downloading and patching qmail

Downloading

cd /usr/local/src
wget http://200.4.48.8/pub/mail-tools/qmail/dist/qmail-1.03.tar.gz 
wget http://www.nrg4u.com/qmail/qmail-ldap-1.03-20060201.patch.gz
tar xvfz qmail-1.03.tar.gz 
cd qmail-1.03 
zcat ../qmail-ldap-1.03-20060201.patch.gz | patch -p1

Makefile

The Makefile is where you configure Qmail-LDAP behavor, things like cipher, SMTP-AUTH, autocreation of directories, etc. Here we list some recommended options and its parameters: 

LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
ZLIB=-lz
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/local/include
TLSLIBS=-L/usr/local/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWLIBS=-lcrypt
DEBUG=-DDEBUG

† Only change lines mentioned above, leave the rest intact. †† If you use objectClass posixAccount, mails wont be in /home/vmail/usuario, but in the posix $HOME of the user, defined by homeDirectory in qmail-ldap.h. To avoid it and make that even users with posix attributes store it´s mails in the mailMessageStore attribute, edit qmail-ldap.h and set LDAP_HOMEDIR to the next: 

#define LDAP_HOMEDIR  "homeDirectoryfake"

By default qmail-ldap lookup for users in the LDAP database, if you want it to look also in local passwd file, use the following: 

SHADOWOPTS=-DPW_SHADOW

It will cause that when a users is not found in qmail-ldap, it will search for it in local files.

Compiling

cd /usr/local/src/qmail-1.03
make setup check

Activating LDAP

Schema

Qmail needs that OpenLDAP recognize special fields in user registries. This fields are added through schemas that qmail-ldap have predefined. To install it do the following: 

cd /usr/local/src/qmail-1.03 
cp qmail.schema /etc/ldap/schema/

† Use cp qmail.schema /usr/local/etc/openldap/schema/ for FreeBSD

And in slapd.conf add: 

include /etc/ldap/schema/qmail.schema

† This las schema must be added after the existing ones.

Index database

To improve LDAP performance, you must index some fields in the database. To do it add the following lines to /usr/local/etc/openldap/slapd.conf: 

index   objectClass     eq
index   mail,mailAlternateAddress,uid                   eq,sub
index   accountStatus,mailHost,deliveryMode             eq
index   default    sub

Configuration

Control files

Qmail behavor is based on the configuration of a set of files found in /var/qmail/control. Each file in this directory control a specific function of qmail that can be adjusted to suit your needs. For more info check Control Files Section

Next we define recommended values for each one of them.

me

echo "server.domain.com">/var/qmail/control/me

ldapserver

echo "127.0.0.1" >/var/qmail/control/ldapserver

ldapbasedn

echo "ou=users,dc=isp,dc=net" > /var/qmail/control/ldapbasedn

ldappassword

echo "secret" >/var/qmail/control/ldappassword

ldaplogin

echo "cn=Manager,dc=isp,dc=net" >/var/qmail/control/ldaplogin

ldapobjectclass

echo qmailUser>/var/qmail/control/ldapobjectclass

ldaplocaldelivery

echo "0">/var/qmail/control/ldaplocaldelivery

ldapcluster

echo "0">/var/qmail/control/ldapcluster

defaultquotasize

echo "10000000">/var/qmail/control/defaultquotasize

defaultquotacount

echo "10000">/var/qmail/control/defaultquotacount

quotawarning

echo "Tu buzon se esta saturando, haz espacio si quieres seguir recibiendo correos">/var/qmail/control/quotawarning

ldapdefaultdotmode

echo "ldaponly">/var/qmail/control/ldapdefaultdotmode

ldapmessagestore

echo "/home/vmail">/var/qmail/control/ldapmessagestore

ldapuid

echo "11184">/var/qmail/control/ldapuid

ldapgid

echo "2110">/var/qmail/control/ldapgid

ldaptimeout

echo "30">/var/qmail/control/ldaptimeout

custombouncetext

echo "Para mayor informacion escribir a soporte@domain.com"> /var/qmail/control/custombouncetext

rbllist

touch /var/qmail/control/rbllist

outgoingip

echo "0.0.0.0">/var/qmail/control/outgoingip

defaultdelivery

echo "./Maildir/">/var/qmail/control/defaultdelivery

locals and rcpthosts

echo "domain.com" >/var/qmail/control/locals
echo "domain.com" >/var/qmail/control/rcpthosts

Init scripts with qmail-conf

/var/qmail/rc

In /var/qmail/rc: 

#!/bin/sh
# Taken from LWQ by Dave Sill
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env - PATH="/usr/local/bin:/var/qmail/bin:/bin" \
        qmail-start ./Maildir/

Make executable: 

chmod 755 /var/qmail/rc

qmail-delivery service

To create qmail service do the following: 

/var/qmail/bin/qmail-delivery-conf qmaill /var/qmail/service/qmail

And link it to svscan: 

ln -s /var/qmail/service/qmail /service

This will cause qmail to start inmediatly. You can verify the service status with: 

svstat /service/qmail

If up, youll get something like: 

/service/qmail: up (pid 6275) 11 seconds

qmail-smtpd service

The next command creates smtpd required directories : 

/var/qmail/bin/qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd

And to activate the service do: 

ln -s /var/qmail/service/smtpd /service

This will cause svscan to start smtpd service. You can check status with: 

svstat /service/smtpd

And if succesfull you'll get something like: 

/service/smtpd: up (pid 6308) 4 seconds

memory limit

You define the memory limit with: 

echo "8000000" > /var/qmail/service/smtpd/env/DATALIMIT

Relay

You can make relay either using an explicit list of static IP's or with SMTP-AUTH. The qmail-smtpd program is in charge of this. To configure relay you must edit /service/smtpd/tcp and list which IP's will be allowed to relay. Example: 

127.:allow,RELAYCLIENT=""
192.168.101.:allow,RELAYCLIENT=""
:allow

The logic is:

  • any connection from 127.whatever will be allowed to connect and make relay(RELAYCLIENT="" activates it)
  • any connection from 192.168.101.whatever will be allowd and relayed.
  • :allow means any connnection to port 25 from any other IP will be allowed to connect, but will not be relayed. This is to receive mail from other hosts.

To activate changes you must do the following: 

cd /service/smtpd
make

This will create the binary file tcp.cdb and qmail will automatically detect changes. It's no neccesary to restart the service.

Dirmaker

In order to make automatic creation of mailbox work, you must define file /var/qmail/bin/dirmaker.sh with the next content: 

#!/bin/sh
/bin/mkdir -m 700 -p $1/Maildir
/bin/mkdir -m 700 -p $1/Maildir/new
/bin/mkdir -m 700 -p $1/Maildir/cur
/bin/mkdir -m 700 -p $1/Maildir/tmp

make it executable: 

chmod +x /var/qmail/bin/dirmaker.sh

and configure the corresponding control file: 

echo /var/qmail/bin/dirmaker.sh > /var/qmail/control/dirmaker

Extended Log

To activate extended logging do: 

echo "3"> /service/smtpd/env/LOGLEVEL

LDAP containers

LDAP containers are at the highest level in LDAP hierarchy. To put order in qmail users within an LDAP database, you must define two containers: one for groups and one for users. This containers belong to the top level root of LDAP.

To add a container via command line, you must first create a file with neccesary attributes and load it with ldapadd command.

user's container

cd /usr/local/src/ldif

Create users.ldif with: 

dn: ou=users,dc=isp,dc=net
ou: users  
objectclass: top  
objectclass: organizationalUnit

Load it with:

ldapadd -x -D "cn=Manager,dc=isp,dc=net" -W -f users.ldif

If succesfull youll get: 

Enter LDAP Password:
adding new entry "ou=users,dc=isp,dc=net"

This will create users container, where qmail users will be stored.

You can test it with: 

ldapsearch -x -s one -b 'dc=isp,dc=net' '(ou=users)'
# users, isp.net
dn: ou=users,dc=isp,dc=net
ou: users
objectClass: top
objectClass: organizationalUnit

group's container

cd /usr/local/src/ldif

In groups.ldif: 

dn: ou=groups,dc=isp,dc=net 
ou: groups  
objectclass: top  
objectclass: organizationalUnit

Load it with: 

ldapadd -x -D "cn=Manager,dc=isp,dc=net" -W -f groups.ldif

This creates groups container, where qmail groups are stored. You can test it with: 

ldapsearch -x -s one -b 'dc=isp,dc=net' '(ou=groups)'
# users, isp.net
dn: ou=groups,dc=isp,dc=net
ou: users
objectClass: top
objectClass: organizationalUnit

Manual creation of qmail users

We can now create qmail users. To make it we must create an ldif file with mailbox data and encrypted password. You can also make it with Webmin Virtualmin. More on this on XXX chapter.

Encrypted passwords

You must store encrypted passwords in either, crypt or md5 format. To get the md5 string of a password you can do the following: 


$ slappasswd -h {md5}
New password:
Re-enter new password: 
{MD5}72KZyef9rm13WBnOHiYguA==

The resulting string {MD5}72KZyef9rm13WBnOHiYguA== is the encrypted password and is the text we must include in ldif file.

postmaster, an example and basic user

To comply with RFC 822, every MTA must have the postmaster@ account. To create it we must do the following. Create a postmaster.ldif file with: 

dn: cn=Postmaster,ou=users,dc=domain,dc=com
cn: Postmaster
ou: users
sn: Postmaster
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: postmaster@domain.com
mailHost: server.domain.com
mailQuotaSize: 0
mailQuotaCount: 0
uid: postmaster
accountStatus: active
mailMessageStore: postmaster
userPassword: {MD5}JQ9g7OhNwTK81ciA0aS3KQ==

And add it it to LDAP database with: 

ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f postmaster.ldif


RFC2142 advices to also create an abuse@ account. To create it we must do the following. Create an abuse.ldif file with: 

dn: cn=Abuse,ou=users,dc=domain,dc=com
cn: Abuse
ou: users
sn: Abuse
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: abuse@domain.com
mailHost: server.domain.com
mailQuotaSize: 0
mailQuotaCount: 0
uid: abuse
accountStatus: active
mailMessageStore: abuse
userPassword: {MD5}JQ9g7OhNwTK81ciA0aS3KQ==

And add it it to LDAP database with: 

ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f abuse.ldif
Retrieved from "http://www.qmail-ldap.org/wiki/index.php/Full_Installation_Guide_-_Basic_Qmail_Installation"
Personal tools