Qmail Howto | Go Back
16) Courier-IMAP Installation
First, we’ll install Courier-IMAP to /usr/lib/courier-imap. Then, we will configure it to work with VMailMgr by changing the password checker (authvmailmgr).
# cd /usr/local/src
# bzip2 -d courier-imap-3.0.8.tar.bz2
# tar xf courier-imap-3.0.8.tar
# cd courier-imap-3.0.8
# ./configure –disable-root-check
# make
# make install
If you are using RedHat Linux, don’t forget to add –with-redhat at the end of the configure line, otherwise configure will terminate with a warning.
It will take a while for the configure script to be done. When I installed courier for the first time, I thought that the script was looping and something went wrong, so I terminated it. Don’t do that - it looks like the script does the same thing over and over again, so just be a little patient and wait.
Courier-IMAP has its own authentication scheme which needs to be changed for our installation. This is what we need to do:
# cd /usr/local/src/vmailmgr-0.97
# cp authenticate/authvmailmgr /usr/lib/courier-imap/libexec/authlib
# cd /usr/lib/courier-imap/etc
# cp imapd.dist imapd
# cp imapd-ssl.dist imapd-ssl
# vi imapd
While editing the file imapd, change “MAXPERIP”(Maximum connections per IP) to 20. Then, change “AUTHMODULES” (Authentication modules) and “AUTHMODULES_ORIG” to “authvmailmgr relay-ctrl-allow”. Save and close the file.
Now do “cp authdaemonrc.dist authdaemonrc” and edit the file authdaemonrc, delete the line that says authmodulelist=”authcustom……..” and insert authmodulelist=”authvmailmgr relay-ctrl-allow”. Save and close the file.
Next, do the following:
# cd /usr/lib/courier-imap/libexec/authlib
# mv authdaemond authdaemond.old
# ln -s /usr/local/bin/relay-ctrl-allow relay-ctrl-allow
# echo ‘#! /bin/sh’ > authdaemond
# echo ‘DIR=`dirname $0`’ >> authdaemond
# echo ‘AUTHDAEMOND=authdaemond.plain’ >> authdaemond
# echo ‘. /usr/lib/courier-imap/etc/authdaemonrc’ >> authdaemond
# echo ‘if test “$version” != “”‘ >> authdaemond
# echo ‘then’ >> authdaemond
# echo ‘ AUTHDAEMOND=”$version”‘ >> authdaemond
# echo ‘fi’ >> authdaemond
# chmod 755 authdaemond
Now edit imapd.rc and make some minor changes to work with relay-ctrl:
# vi /usr/lib/courier-imap/libexec/imapd.rc
Search for “/usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS” line and insert “/usr/local/bin/envdir /etc/relay-ctrl /usr/local/bin/relay-ctrl-chdir \” above it. Thus, relay-ctrl will get initialized before “couriertcpd” is called.
Let’s run the IMAP server and see if it works fine:
# /usr/lib/courier-imap/libexec/imapd.rc start
# ps ax | grep courier
1698 ? S 0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrlogger…
1711 ? S 0:00 /usr/lib/courier-imap/libexec/courierlogger imapd
The command ps ax should return two lines. If the two lines are present, then everything is running properly. It is now time to test the IMAP server. Let’s set up another test mail account on a windows box and e-mail client. Only this time, instead of specifying POP3, we specify IMAP server. After the account is all set, check if it works. Your client should be able to download the IMAP directory structure to your PC. If it does not work for some reason, or your password gets denied - you did something wrong. My recommendation to you then is to recheck the guide again and make sure that you do everything right.
Assuming that everything worked just fine, we’ll take another step forward - installing Qmail extras.
17.1) MailDrop, TNEF, SpamAssassin + Perl Utils Installation
Since we’ll be running a mail scanner utility to check for spam and viruses, some tools must be installed. Let’s start with the first one - MailDrop.
# cd /usr/local/src
# bzip2 -d maildrop-2.0.4.tar.bz2
# tar xf maildrop-2.0.4.tar
# cd maildrop-2.0.4
# ./configure
# make
# make install-strip
# make install-man
Now TNEF unpacker. This program is used by Qmail-Scanner, which we will
be installing later.
# cd /usr/local/src
# tar zxf tnef-1.4.4.tar.gz
# cd tnef-1.4.4
# ./configure
# make
# make check
# make install
Installing SpamAssassin is very easy. You must have Perl installed and fully operational in order to be able to build and install SpamAssassin. If you prefer installing Perl modules from sources, get SpamAssassin source file from the location specified above and run the commands “perl Makefile.PL” “make” “make test” and “make install” respectively. Otherwise, my recommendation is to install from CPAN shell. Execute the following command in shell:
# perl -MCPAN -eshell
After the command is executed, you’ll be presented to the cpan prompt*. Just type install Mail::SpamAssassin and press Enter. Cpan will start downloading the sources from other servers and install SpamAssassin for you. If you get a dependency warning, accept the default “yes” and let cpan install whatever is needed.
* If you’ve never used perl CPAN, you will be presented with a perl configuration script, which will ask some questions regarding the installation of CPAN module. Just accept the defaults and specify the closest location for your source downloads. When the process is complete, you should be able to type commands in the cpan prompt. Type install Bundle::CPAN to get and install the latest CPAN modules.
If you get an error saying something like “Makefile:91: *** missing separator. Stop.” in Redhat Linux 9, edit the file /etc/sysconfig/i18n and replace LANG=”en_US.UTF-8″ with LANG=”en_US”. This helped me to cure module installations.
Furthermore, don’t forget to install the following Perl Modules (from sources or CPAN):
Time::HiRes
DB_File
Sys::Syslog
Running Perl SpamAssassin on every mail call is expensive and inefficient which is why a separate “spamd” daemon written in C is included in SpamAssassin package. To get spamd up and running, we will have to first cd to the SpamAssassin source directory. If you have downloaded SpamAssassin and installed it from shell, type the following in shell prompt:
# cd /usr/local/src/Mail-SpamAssassin-3.2.5/spamd
# cp redhat-rc-script.sh /etc/rc.d/init.d/spamd
# chmod 755 /etc/rc.d/init.d/spamd
# chkconfig –add spamd
# chkconfig spamd on
The spam daemon (spamd) must be run as “qmaill” user, otherwise you will get permission errors. Modify spamd init script (/etc/init.d/spamd) and add “-u qmaill” to the end of “SPAMDOPTIONS”. Save the file and type:
# /etc/init.d/spamd start
Starting spamd: [ OK ]
If you have installed from CPAN, then change the first line to “cd /root/.cpan/build/Mail-SpamAssassin-3.2.5/spamd”.
Of course, you should not forget about changing the installation script name (redhat-rc-script.sh in this case) to whatever platform you are installing on.
Now perform the last step to make spamassassin work under qmail-scanner:
# cd /var/qmail
# mkdir .spamassassin
# chmod 700 .spamassassin
# chown qmaill:qmail .spamassassin
# cd .spamassassin
# echo ‘required_hits 5′ > user_prefs
# chown qmaill:qmail user_prefs
Attention: In some cases, only changing ownership to qmailq:qmail will make spamassassin work.
Make sure that /etc/mail/spamassassin/local.cf exists (should be created during the install). If it doesn’t, create it and copy-paste the following into the file:
required_score 5.0
rewrite_header Subject *****SPAM*****
lock_method flock
use_bayes 1
bayes_auto_learn 1
17.2) ClamAV Antivirus
Warning: Please skip this step if you have less than 256 MB RAM on your mail server! Running antivirus on every single mail message will definitely slow down your server and might consume too much memory. It gets especially dangerous if your server is under heavy load or if you have many simultaneous mail users. The best configuration is 1 GB of RAM used solely for mail delivery purposes.
I have tested many different antivirus programs for Qmail, and the best one is clearly ClamAV. I used sophos & sophie combination before, but it’s not free anymore…
First, download ClamAV Antivirus from www.clamav.net. Place it in /usr/local/src and execute the following commands:
# cd /usr/local/src
# tar zxf clamav-0.93.3.tar.gz
# groupadd clamav
# useradd -c “Clam AntiVirus Account” -g clamav -s /bin/false clamav
# ./configure
# make
# make install
ClamAV should be installed. Run “clamd –version” to see if it works. If you got a response with the version number, go ahead and edit /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf to suit your scanning needs. Then it’s time to update the virus definitions:
# mkdir /var/lib/clamav
# chown clamav:clamav /var/lib/clamav
# touch /var/log/freshclam.log
# chmod 600 /var/log/freshclam.log
# chown clamav /var/log/freshclam.log
# clamd
# freshclam -d -c 6 -l /var/log/freshclam.log
Don’t forget to add “clamd” and “freshclam -d -c 6 -l /var/log/freshclam.log” into your startup scripts.
18) Final touch - Qmail-Scanner
This is the last step we’ll take to finish the installation - installing and configuring Qmail-Scanner. Execute the following commands in shell:
# cd /usr/local/src
# tar zxf qmail-scanner-2.05.tgz
# cd qmail-scanner-2.05
# groupadd qscand
# useradd -c “Qmail-Scanner Account” -g qscand -s /bin/false qscand
# ./configure –spooldir /var/qmail/qmailscan \
–qmaildir /var/qmail –admin login –domain yourserver.com \
–local-domains “domain.one.com,domain.two.com” –install
Building Qmail-Scanner 1.23…This script will search your system for the virus
scanners it knows about, and will ensure that all
external programs qmail-scanner-queue.pl uses are
explicitly pathed for performance reasons.Continue? ([Y]/N)
Don’t forget to change “login” to your login and “yourserver.com” to your default domain. Also change “domain.one.com,domain.two.com” to whatever other domains you have on your system. If you only have one domain, specify one and get rid of everything after comma. If you have more than two domains, don’t forget to separate them with a “,” (comma). Press enter afterwards and answer “Y” when it asks you to Continue.
Qmail-Scanner should be able to detect “spamd” (SpamAssassin) and “sophie” (Antivirus) if you installed it. It will create directories under
/var/qmail/qmailscan and change necessary file ownerships. Then, do the following:
# /usr/local/bin/setuidgid qmaill \
“/var/qmail/bin/qmail-scanner-queue.pl” -g
perlscanner: generate new DB file
perlscanner: total of 9 entries.
If the above doesn’t work for you and produces an error, try changing “qmaill” to “qmailq”. If changing to “qmailq” works, you’ll most probably have to modify permissions for spamassassin and sophie as well. This is a weird behavior that I’m unable to figure out.
Type /usr/local/bin/setuidgid qmaill “contrib/test_installation.sh -doit” and then check your e-mail. If you received three messages, everything is running properly :-) If you haven’t received anything, view /var/qmail/qmailscan/qmail-queue.log for clues. If something fails and you are receiving a “451 qq temporary problem”, check ownership and permissions for /var/qmail/qmailscan. The directory owner should be qmaill:qmail and permissions should be set to 770.
Attention: In some cases, only changing ownership to qmailq:qmail will make qmail-scanner work. My recommendation is to always check the logs - most of the problems will be spotted from there.
Change “$DEBUG=1″ to “$DEBUG=0″ in /var/qmail/bin/qmail-scanner-queue.pl - this will disable Qmail-Scanner’s dumping of every single message delivery process to qmail-queue.log. Furthermore, if you want messages identified as spam to be “seen” as spam messages (very useful for filtering mail), find the line “my $spamc_subject=”;” and change it to “my $spamc_subject=’POTENTIAL SPAM:’;”. You could then setup your email client to deliver messages with words “POTENTIAL SPAM” to other mailboxes or automatically move them to trash. Sweet huh?
Phew…Qmail is now installed and fully operational :-)
October 16th, 2008 at 11:09 pm
Nice tutorial. This is only the patch that I haven’t encountered a problem.
I hope you can add a patch such as validrcptto. This is nice patch. However, I’m getting a hunk failed when I’m trying to patch it after patching all the patch on your tutorial. Probably, some code doesn’t conform to validrcptto patch. I’m not a C programmer so I’m getting a hard time fixing the problem. Please inform me via my email ntserafica@yahoo.com if you have the patch.
This could be a great gift this coming christmas :)
October 3rd, 2008 at 7:19 am
So what if I want a more minimalistic solution. Basically I have a mail server that only needs to serve one site, and primarily outgoing mail. So no fancy stuff needed like multiple users and auto-responders.
I would like to have a suite of admin tools, for instance, being able to manually send an email that’s been stuck in the queue and watching the remote mail server response, ideally have a php script parse this information.
Hours on Google have really only given me scripts for the end-user, none for really managing the admin part of qmail.
September 5th, 2008 at 4:04 pm
> - Qmail Patches from http://megaz.arbuz.com
Where is the patches, i find but…
June 29th, 2008 at 2:03 pm
Nice tutorial. If anyone needs help, you can contact my via email on my website.
I could do it for free.
June 20th, 2008 at 7:22 pm
This was helpful. Thank you.
May 30th, 2008 at 10:10 am
Hi Nasim:
Have you tried to use CourierIMAP 4.3.1 (with AuthLib)?
I would appreciate your comments about it.
Thanks.
May 25th, 2008 at 2:29 am
Hi Nazim,
Sometimes I have an error when sending email(addresses which I used before or new):
An error occurred while sending mail.The mail server responded: sorry, that domain isn’t in my list of allowed rcpthosts(#5.7.1). Please check the message recipients and try again.
I thought that it something to do with timing out authentication so I have removed 900 from /etc/relay-ctrl/expiry(step 12->Installing Relay-CTRL; pagehttp://megaz.arbuz.com/2002/12/20/qmail-howto/4) but I’m still getting this error.
I’ll appreciate if you could advice on what could be wrong, please.
Thanks a lot in advance,
yuriy
May 24th, 2008 at 11:59 pm
Hi Nazim,
Problem with setting second virtual domain was sorted out. It turned out that one needs to restart qmail server after adding another virtual domain.
Also I have sorted an issue with 550 error page(I have wrote about it in one of my previous posts).
With virtual domain .qmail-default file should exist for each user. So solution was pretty simple: copy original .qmail-default to .qmail-USERNAME in /home/email/yourdomain/ folder. Also my /etc/tcp.smtp looks like this:
127.:allow,RELAYCLIENT=”",RBLSMTPD=”",QMAILQUEUE=”/var/qmail/bin/qmail-queue”
:allow,QMAILQUEUE=”/var/qmail/bin/qmail-scanner-queue.pl”,VERIFY=”"
May 6th, 2008 at 11:11 am
Hi Nazim.
I can telnet to my server and do all steps you have listed alright. It’s just when I’m trying to set additional virtual domain it stops receiving emails(one can still send emails though) even to the first virtual domain. When I remove the second virtual domain it will start to receive emails but only after couple hours.I reckon that it’s Qmail-Scanner coursing this problem. I probably leave this issue to sort later on(I’m planning to install another test server but will keep in mind using more than one domain then).
I have couple more issues which require immediate attention and I was trying to sort them out but no luck so far.
1. I need to set our email server to give a 550 error for an invalid address. I have used Andrew Richards’ qmail-verify patch(http://free.acrconsulting.co.uk/email/qmail-verify.html). I can see qmail-verify daemon is running on our server but it’s not rejecting non-existing users(so it’s accepting anything with our domain). The problem could be that /home/email/[virtual_domain]/.qmail-default telling that anything coming with this domain is valid.
But because I’m using virtual domain .qmail-default pipes to /usr/local/bin/vdeliver.So vdeliver is deciding who is right users on our server. Andrew suggested to remove /home/email/[virtual_domain]/.qmail-default but when I did it email server stopped to receive emials. Do you know what parameters I need to pass to /usr/local/bin/vdeliver in /home/email/[virtual_domain]/.qmail-default so qmail-verify can properly filter email users?
2. Due to the increase in the number of ISP’s blocking port 25 for third party mailservers I need to set on mail server additional port to answer SMTP request. I was looking on google and found the following link http://www.skorpionweb.org/archives/2005/09/running_qmail_s.php.
So I followed the logic in this article and set separate tcpserver which listens to different port:
1) Created /var/qmail/rc2 :
#!/bin/sh
PATH=”/var/qmail/bin:/usr/local/bin”
export PATH
cd /
qmail-start ./Maildir | setuidgid qmaill \
multilog t n50 s1000000 \
/var/qmail/logs/qmail2 &
2) Created /usr/local/bin/runmail2:
exec softlimit -m 10000000 \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -H -R -l $HOSTNAME -x /etc/tcp.smtp.cdb -c200 -u5002 -g5000 0 587 qmail-smtpd 2>&1 &
3) Created /var/qmail/logs/qmail2 and chown it to qmaill:nofiles.
Now I can start separate tcpserver with port 587 and everything looks healthy with but when I change port 25 to 587 and try to send mail I have got an error “…The server may be unavailable or refusing connection…”
I wonder whether I need to set another instance of qmail-smtpd(may be qmail-smtpd2, just guessing here).
Thanks a lot again for your time and effort to keep this site going & helping folks like myself :-)
Kind regards, yuriy