From Qmail-LDAP Wiki

Up

Contents 1 Introduction 2 System tools 2.1 UCSPI 2.2 daemontools 2.3 djbdns 2.4 qmail-conf 2.5 maildrop 3 OpenLDAP 3.1 Installation 3.2 Schemes 3.2.1 Debian 3.2.2 FreeBSD 3.3 Database 3.4 Init script 3.4.1 Debian 3.4.2 FreeBSD 3.5 Base root 3.5.1 DN Creation 4 Clamav Antivirus 4.1 Debian 4.2 FreeBSD 5 SpamAssassin 5.1 Debian 5.2 FreeBSD 6 Uninstall sendmail 6.1 Debian 6.2 FreeBSD

Introduction

Besides qmail and qmail-ldap patch, you'll need the next programs to a complete installation:

• OpenLDAP: OpenLDAP is an implementation of the Lightweight Directory Access Protocol. A hierarchical database optimized for data retrieving.
• ucspi-tcp: A program focused for managing incoming petitions for a program. Commands: tcpserver, tcprules, tcpclient.
• dnsadmin: A program to accelerate DNS resolving.
• daemontools: A set of tools to manage UNIX services. It starts and automatically restarts services in case they die. Also manage the logs. Commands: svscan, svc, svstat, supervise, multilog.
• courier-imap: IMAP server with SSL and Maildir Support.
• autorespond: Program to handle autoreply messages.
• Clamav: Free antivirus.
• qmail-conf: Provides a set of programs to ease qmail administration.
• maildrop

System tools

UCSPI

You can install UCSPI with the following commands:

mkdir -p /usr/local/src/tools
cd /usr/local/src/tools
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
tar xvfz ucspi-tcp-0.88.tar.gz 
cd ucspi-tcp-0.88 
make
make setup check 

daemontools

mkdir -p /package
chmod 1755 /package
cd /package
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
tar xvfz daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

djbdns

djbdns is a dns server and caching program. It is a requirement for qmail-conf, but it does not have to be installed, qmail-conf only needs to find it somewhere during compile time.

cd /usr/local/src/tools
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
tar xvfz djbdns-1.05.tar.gz

If you also want install djbdns on your system, which is not required by qmail-conf, continue with the following:

cd djbdns-1.05
make setup check

qmail-conf

cd /usr/local/src/tools
wget http://www.din.or.jp/~ushijima/qmail-conf/qmail-conf-0.60.tar.gz
tar xvfz qmail-conf-0.60.tar.gz 
cd qmail-conf-0.60
make -f Makefile.ini  djbdns=../djbdns-1.05/
make setup check

maildrop

cd /usr/local/src/tools
wget http://internap.dl.sourceforge.net/sourceforge/courier/maildrop-1.8.1.tar.bz2
tar xvfj maildrop-1.8.1.tar.bz2
cd maildrop-1.8.1
./configure --enable-maildirquota
make
make install

OpenLDAP

Installation

Debian

It´s recommendable to use the latest version of qmail-ldap, these are the steps to install version 2.2.24:

apt-get install slapd libldap2-dev db4.2-util ldap-utils libgdbm-dev

FreeBSD

pkg_add -r openldap22-server

Schemes

Schemes in LDAP define registries or fields in the database. Something similar to tables in SQL databases. Qmail uses some schemes that come with OpenLDAP, but are not enabled by default.

Debian

To enable it add the following to /etc/ldap/slapd.conf:

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

In Sarge it comes enabled by default.

FreeBSD

To enable it add the following to /usr/local/etc/openldap/slapd.conf:

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema 
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema 

Database

You must define a database for OpenLDAP. To do it add the following to /usr/local/etc/openldap/slapd.conf:

database        bdb
suffix          "dc=isp,dc=net"
rootdn          "cn=Manager,dc=isp,dc=net"
rootpw          secret
directory       /var/lib/ldap

† In this and all suffix references replace isp.net for your domain or use any suffix you prefer. †† For FreeBSD use directory /usr/local/var/openldap-data

Init script

Debian

In Debian you must do the following:

Now you can start slapd:

/etc/init.d/slapd start

and make it start on boot:

update-rc.d slapd defaults

FreeBSD

In /etc/rc.conf add:

slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"

and start it with:

/usr/local/etc/rc.d/slapd.sh restart 

Base root

We create a directory to store ldif files:

mkdir /usr/local/src/ldif

At a later point we'll need to configure OpenLDAP to interact with Qmail, that will be done after compiling qmail-ldap.

DN Creation

In /usr/local/src/ldif create a file called create_dn.ldif with following content:

dn: dc=isp,dc=net
objectclass: dcObject
objectclass: organization
o: isp
dc: isp

dn: cn=Manager,dc=isp,dc=net
objectClass: organizationalRole
cn: Manager

† Avoid trailing spaces and respect spaces.

This register is added to LDAP database with:

ldapadd -x -D "cn=Manager,dc=isp,dc=net" -W -f create_dn.ldif

we must enter the administration password(secret).

If succesfull, we'll get something like this:

ldapadd -x -D "cn=Manager,dc=mpsnet,dc=net,dc=mx" -W -f create_dn.ldif
Enter LDAP Password:
adding new entry "dc=mpsnet,dc=net,dc=mx"
adding new entry "cn=Manager,dc=mpsnet,dc=net,dc=mx"

You can test it with:

ldapsearch -x -b "dc=mpsnet,dc=net,dc=mx" '(objectclass=*)' 
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2

Which means it works fine.

Clamav Antivirus

Clamav is a free antivirus which can be used in conjunction with Simscan to filter mails with virus. We explain how to install it.

Debian

In Debian you can install Clamav antivirus with:

apt-get install clamav clamav-daemon clamav-freshclam clamav-base

NOTE: For last version of clamav put this on your source.list

deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main

Choose daemon method to update freshclam and select your country mirror(e.g. db.mx.clamav.net).

In /etc/clamav/clamd.conf change the User variable to the next:

User root

And check that LogFileMaxSize be zero:

LogFileMaxSize 0

FreeBSD

In FreeBSD type:

pkg_add -r clamav

and define the User variable as mentioned above.

To enable the daemon in FreeBSD youll have to add the following lines ro /etc/rc.conf:

clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

and start it with:

/usr/local/etc/rc.d/clamav-clamd.sh start
/usr/local/etc/rc.d/clamav-freshclam.sh start

SpamAssassin

SpamAssassin is a program that can be used in conjunction with Simscan to filter SPAM.

Debian

You can install it with:

apt-get install spamassassin

To enable the daemon edit /etc/default/spamassassin and change to the following:

ENABLED=1
OPTIONS="-x --ldap-config --max-children 5"

The OPTIONS parameters enable LDAP search for user preferences. More on this in XXXX chapter.

Start it with:

/etc/init.d/spamassassin start

FreeBSD

pkg_add -r p5-Mail-SpamAssassin

To enable it add to /etc/rc.conf this:

spamd_enable="YES"

Uninstall sendmail

Debian

mv /usr/sbin/sendmail /usr/sbin/sendmail.old
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

FreeBSD

In /etc/rc.conf leave only this sendmail option:

sendmail_enable="NONE"

In /etc/mail/mailer.conf change options to:

sendmail        /var/qmail/bin/sendmail
send-mail       /var/qmail/bin/sendmail
mailq           /var/qmail/bin/sendmail
newaliases      /var/qmail/bin/sendmail
hoststat        /var/qmail/bin/sendmail
purgestat       /var/qmail/bin/sendmail