installing qmail, vpopmail, clamav, spamassassin, dovecot on debian

Disclaimer:
I am not a qmail expert. I am just patient.

First you will need to compile stuff, so get real:

apt-get install build-essential

Add those repos to source.list:

nano /etc/apt/sources.list
deb http://http.us.debian.org/debian/ etch main contrib non-free
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free
deb     http://debian.iuculano.it/apt  etch main contrib non-free
deb-src http://debian.iuculano.it/apt  etch main contrib non-free

Add a gpg key:

wget http://debian.iuculano.it/AE3BE9AA.gpg -O- | apt-key add -

Update and install mysql (for vpopmail-mysql)

apt-get update
apt-get install mysql-server

Setup mysql:

mysql_secure_installation
mysqladmin -u root -p create vpopmail
mysql -u root -p
GRANT ALL PRIVILEGES ON vpopmail . * TO 'vpopmail'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

Install qmail:

apt-get install dpatch qmail-src vpopmail-mysql razor pyzor ucspi-tcp-src libmailtools-perl libmail-spf-query-perl libsys-hostname-long-perl ripmime

Build ucspi-tcp:

build-ucspi-tcp
...
Enter a directory where you would like to do this [/tmp/ucspi-tcp] = PRESS ENTER
...
Do you want to remove all files in /tmp/ucspi-tcp,
except ucspi-tcp_0.88-10_i386.deb now? [Yn] = PRESS Y
...
Do you want to install ucspi-tcp_0.88-10_i386.deb now? [Yn] = PRESS Y
...
Do you want to purge ucspi-tcp-src now? [yN] = PRESS N

Uninstall the default MTA:
I can't remember what were the packages installed, but something like that (anyway you are using a testing server right):

apt-get --purge remove postfix

Add an user:

groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 -d /var/lib/vpopmail vpopmail

Install qmail:

mkdir /var/src
build-qmail
...
Enter a directory where you would like to do this [/tmp/qmail] = /var/src
...
Do you want to remove all files in /tmp/qmail,
except qmail_1.03-45iuculano9_i386.deb now? [Yn] = PRESS N
...
Do you want to install qmail_1.03-45iuculano9_i386.deb now? [Yn] = PRESS Y
...
Do you want to purge qmail-src now? [yN] PRESS N
...
echo mail.yourdomain.something > /etc/qmail/me

Install clamav (antivirus):

apt-get install clamav clamav-base clamav-daemon clamav-freshclam libclamav5
/etc/init.d/clamav-daemon start
/etc/init.d/clamav-freshclam start

check if it's updating the virus database:
tail -f /var/log/clamav/freshclam.log

Install spamassassin:

http://spamassassin.apache.org/downloads.cgi
perl Makefile.PL PREFIX=/usr
make
make install

Start-up script for spamassassin:

nano /etc/init.d/spamassassin
--------------------------
#! /bin/sh

### BEGIN INIT INFO
# Provides:       spamassassin
# Required-Start: $remote_fs
# Required-Stop:  $remote_fs
# Should-Start:   $network
# Default-Start:  2 3 4 5
# Default-Stop:   0 1 6
### END INIT INFO

# Spamd init script
# June 2002
# Duncan Findlay

# Based on skeleton by Miquel van Smoorenburg and Ian Murdock

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/spamd
NAME=spamd
SNAME=spamassassin
DESC="SpamAssassin Mail Filter Daemon"
PIDFILE="/var/run/$NAME.pid"
XNAME=/usr/bin/perl

export TMPDIR=/tmp
# Apparently people have trouble if this isn't explicitly set...

# Defaults - don't touch, edit /etc/default/spamassassin
ENABLED=0
OPTIONS=""
NICE=

test -f /etc/default/spamassassin && . /etc/default/spamassassin

DOPTIONS="-d --pidfile=$PIDFILE"

if [ "$ENABLED" = "0" ]; then
    echo "$DESC: disabled, see /etc/default/spamassassin"
    exit 0
fi

test -f $DAEMON || exit 0

set -e

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --pidfile $PIDFILE --exec $XNAME \
            $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
        echo "$NAME."
        ;;

  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --pidfile $PIDFILE --exec $XNAME --oknodo
        echo "$NAME."
        ;;

  reload|force-reload)
        echo -n "Reloading $DESC: "
        start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --exec $XNAME
        echo "$NAME."
        ;;

  restart)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --pidfile $PIDFILE --exec $XNAME \
            --retry 5 --oknodo
        start-stop-daemon --start --pidfile $PIDFILE --exec $XNAME \
            $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS

        echo "$NAME."
        ;;

  *)
        N=/etc/init.d/$SNAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
--------------------------

chmod 755 spamassassin
update-rc.d spamassassin defaults
/etc/init.d/spamassassin start

Configuring spamassassin:

nano /etc/default/spamassassin
--------------------------
# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# Change to one to enable spamd
ENABLED=1

# Options
# See man spamd for possible options. The -d option is automatically added.

# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.

OPTIONS="-u clamav --create-prefs --max-children 5 --helper-home-dir"

# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/var/run/spamd.pid"

# Set nice level of spamd
#NICE="--nicelevel 15"

# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=0
--------------------------
nano /etc/mail/spamassassin/local.cf
required_score 5.0
...

Installing simscan:

wget http://downloads.sourceforge.net/simscan/simscan-1.4.0.tar.gz
tar -zxvf simscan-1.4.0.tar.gz
cd simscan-1.4.0
wget http://qmail.jms1.net/simscan/simscan-1.4.0-clamav.3.patch
cat simscan-1.4.0-clamav.3.patch | patch -p1
./configure --enable-user=clamav --enable-clamav=y --enable-custom-smtp-reject=y --enable-attach=y \
--enable-spam=y --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y \
--enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n \
--enable-quarantinedir=/var/qmail/quarantine --enable-per-domain=y
make
make install-strip
--------------------------
nano /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=20.1,attach=.com:.exe:.pif:.bat
--------------------------
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g

Configuring vpopmail.mysql:

nano /etc/vpopmail/vpopmail.mysql
localhost|3306|vpopmail|yourpwd|vpopmail

nano /var/lib/vpopmail/etc/vpopmail.conf

Configuring qmail:

nano /etc/init.d/qmail
CHKUSER_START="DOMAIN"
export CHKUSER_START
QMAILQUEUE="/var/qmail/bin/simscan"
export QMAILQUEUE

replace:
-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \ 
by
-u vpopmail -g vchkpw -x /etc/tcp.smtp.cdb 0 smtp \
below start)

Add a domain:

vadddomain domain.something
Please enter password for postmaster:
enter password again:

Installing dovecot (instead of using pop3 from qmail):

cd /var/src
wget http://www.dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

groupadd dovecot
useradd -g dovecot -d /virtual/dovecot -s /bin/false dovecot
usermod -a -G mail dovecot
groupadd dovecotauth
useradd -g dovecotauth -d /virtual/dovecot -s /bin/false dovecotauth

tar xzpf dovecot-1.1.4.tar.gz && cd dovecot-1.1.4

./configure --prefix=/virtual/dovecot --without-pgsql --without-pop3d --without-pam --without-passwd --without-shadow --without-bsdauth --without-deliver --without-passwd-file --without-nss --without-checkpassword --without-static-userdb --with-mysql --with-vpopmail
make
make install

cd /virtual/dovecot/etc
mv dovecot-example.conf dovecot.conf
mv dovecot-sql-example.conf dovecot-sql.conf
rm -rf dovecot-db-example.conf
rm -rf dovecot-ldap-example.conf

id vpopmail //(right it down somewhere)//

nano dovecot.conf
--------------------------
protocols = imaps
disable_plaintext_auth = yes
log_path = /var/log/dovecot.log
login_greeting = IMAP ready. Have an account?
user = dovecot
login_user = dovecotauth
mail_uid = 64020 //(from id vpopmail)//
mail_gid = 64020 //(from id vpopmail)//
#passdb pam {
#}
passdb sql {
   args = /virtual/dovecot/etc/dovecot-sql.conf
}
#userdb passwd {
#}
userdb sql {
    args = /virtual/dovecot/etc/dovecot-sql.con
}
user = dovecot
count = 1
ssl_disable = no
--------------------------
nano dovecot-sql.conf 
--------------------------
driver = mysql
connect = host=/var/run/mysqld/mysqld.sock user=vpopmail password=XXXXXXX dbname=vpopmail
default_pass_scheme = PLAIN
password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_clear_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
user_query = SELECT pw_dir as home, 64020 AS uid, 64020 AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
--------------------------
touch /var/log/dovecot.log

nano /etc/init.d/dovecot
--------------------------
#! /bin/sh

### BEGIN INIT INFO
# Provides:          dovecot
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Should-Start:      $local_fs
# Should-Stop:       $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Dovecot init script
# Description:       Init script for dovecot services
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/virtual/dovecot/sbin/dovecot
NAME=dovecot
DESC="mail server"

test -x $DAEMON || exit 0

set -e

# The init script should do nothing if dovecot is being run from inetd
for p in `sed -r "s/^ *(([^:]+|\[[^]]+]|\*):)?(pop3s?|imaps?)[ \t].*/\3/;t;d" \
  /etc/inetd.conf`
do
  for q in `sed -r "s/^ *protocols[ \t]*=[ \t]*(([^\"]*)|\"(.*)\")/\2\3/;t;d" \
    /virtual/dovecot/etc/dovecot.conf`
  do
    if [ $p = $q ]; then
      exit 0
    fi
  done
done

case "$1" in
  start)
    if grep protocols /virtual/dovecot/etc/dovecot.conf | sed 's/#.*$//' | tr -d '"' | \
    egrep -q '[^#]*(\bpop3s?\b|\bimaps?\b)';
    then
      if [ -x /virtual/dovecot/libexec/dovecot/imap-login -a -x /virtual/dovecot/libexec/dovecot/imap ] \
        || [ -x /virtual/dovecot/libexec/dovecot/pop3-login -a -x /virtual/dovecot/libexec/dovecot/pop3 ];
      then
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet --oknodo --exec $DAEMON
        echo "."
      fi
    fi
    ;;
  stop)
    echo -n "Stopping $DESC: $NAME "
    start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
    echo "."
    ;;
  #reload)
    #
    #   If the daemon can reload its config files on the fly
    #   for example by sending it SIGHUP, do it here.
    #
    #   If the daemon responds to changes in its config file
    #   directly anyway, make this a do-nothing entry.
    #
    # echo -n "Reloading $DESC configuration..."
    # start-stop-daemon --stop --signal 1 --quiet --pidfile \
    #   /var/run/$NAME.pid --exec $DAEMON
    # echo "done."
    #;;
  restart|force-reload)
    #
    #   If the "reload" option is implemented, move the "force-reload"
    #   option to the "reload" entry above. If not, "force-reload" is
    #   just the same as "restart".
    #
    echo -n "Restarting $DESC: $NAME"
    start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
    sleep 1
    start-stop-daemon --start --quiet --oknodo --exec $DAEMON
    echo "."
    ;;
  *)
    N=/etc/init.d/$NAME
    # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
    echo "Usage: $N {start|stop|restart|force-reload}" >&2
    exit 1
    ;;
esac

exit 0
--------------------------
chmod +x dovecot
update-rc.d dovecot defaults
update-rc.d -f vpopmail-mysql remove //(instead of using pop3 from qmail)//

./dovecot start
Starting mail server: dovecotWarning: Corrected permissions for login directory /virtual/dovecot/var/run/dovecot/login //(normal)//

cd /var/src/dovecot-1.1.4/doc
nano dovecot-openssl.cnf
chmod +x mkcert.sh
sh mkcert.sh

Start your MTA:

/etc/init.d/qmail restart

Configure your firewall:

tcp - port 25 (smtp)
tcp - port 993 (imaps)
tcp - port 783 (spamassassin)
udp - port 24441 (pyzor)

Testing:

echo to: postmaster@yourdomain.com | /var/qmail/bin/qmail-inject

Monitoring:

tail -f /var/log/mail.log
tail -f /var/log/dovecot.log
tail -f /var/log/clamav/freshclam.log
--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Oct  8 11:19:51 2008
main.cld is up to date (version: 48, sigs: 399264, f-level: 35, builder: sven)
daily.cld is up to date (version: 8394, sigs: 40787, f-level: 35, builder: ccordes)
--------------------------------------

Using:

Add a virtual domain
vadddomain test.com password-for-postmaster

Add a new pop user.
vadduser newuser@test.com password-for-newuser

Delete a pop user
vdeluser newuser@test.com

Delete a virtual domain
vdeldomain test.com

Changing a pop users password
vpasswd user@domain.com password-for-user@domain.com

Information about an user
vuserinfo someone@yourdomain.com

Knowing:

qmail use Maildir format:
/var/lib/vpopmail/domains

show the list of users
mysql -u vpopmail -p
use vpopmail;
select * from vpopmail;

What's next:
You can install Horde for a neat webmail interface:
http://www.horde.org/webmail/

nano mail/config/prefs.php
theme: silver
$_prefs['initial_application'] = array(
    'value' => 'imp',

nano mail/dimp/config/prefs.php
$_prefs['login_view'] = array(
    'value' => 'inbox',

nano mail/config/nls.php:
$nls['defaults']['language'] = 'en_US';

$nls['emails']['ja_JP'] = 'ISO-2022-JP';
$nls['emails']['en_US'] = 'UTF-8';
$nls['emails']['en_CA'] = 'UTF-8';
$nls['emails']['fr_CA'] = 'UTF-8';

nano imp/config/trailer.txt
nano imp/config/prefs.php
$_prefs['initial_page'] = array(         
    'value' => 'INBOX',

nano imp/config/conf.php
nano imp/config/servers.php
$servers['imap'] = array(
    'server' => 'localhost',    
    'protocol' => 'imap/ssl/novalidate-cert',
    'port' => '993',
);
Add a New Comment
or Sign in as Wikidot user
(will not be published)
- +
0
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License