# Qmail - no SMTP - weird sender address [solved]

## fidel

For the past couple of months I've been trying to set up a mail server with Qmail, according to the howto:

http://www.gentoo.org/doc/en/qmail-howto.xml

Besides I've got the apache server with php5 support and horde-imp. I can login on http://myserver/horde and have my e-mail account available. When I login from my notebook with mozilla-thunderbird, I can ONLY log in WITHOUT smtp-auth, even though the howto implies the necessity of smtp-auth. Still, I am able to log in! Great! I do receive mail from the server (on ssh login, with qmail-inject). I just AIN'T able to send mail through the server with smtp. When I do so from webmail, it works, but the message sent gets received with the sender 'me'@resalehost.networksolutions.com. When I try to send mail with mozilla-thunderbird through smtp through my server, I get an error message, that the server would be unavailable or would just not accept smtp connections. When I type netstat -a on the server, I get:

```
...

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 *:imaps                 *:*                     LISTEN

tcp        0      0 *:51234                 *:*                     LISTEN

tcp        0      0 *:pop3s                 *:*                     LISTEN

tcp        0      0 *:14534                 *:*                     LISTEN

tcp        0      0 server.homenetwork:mysql      *:*                     LISTEN

tcp        0      0 server.homenetwork:netbios-ssn *:*                     LISTEN

tcp        0      0 192.168.0.1:netbios-ssn *:*                     LISTEN

tcp        0      0 *:pop-3                 *:*                     LISTEN

tcp        0      0 *:www                   *:*                     LISTEN

tcp        0      0 *:ftp                   *:*                     LISTEN

tcp        0      0 *:domain                *:*                     LISTEN

tcp        0      0 *:ssh                   *:*                     LISTEN

tcp        0      0 *:smtp                  *:*                     LISTEN

tcp        0      0 *:https                 *:*                     LISTEN

tcp        0      0 server.home:microsoft-ds *:*                     LISTEN

tcp        0      0 192.168.0.:microsoft-ds *:*                     LISTEN

tcp        0      0 192.168.2.4:imaps       client.homenetwork:50703     ESTABLISHED

tcp        0      0 192.168.2.4:imaps       client.homenetwork:50702     ESTABLISHED

tcp        0      0 192.168.2.4:ssh         client.homenetwork:53793     ESTABLISHED

....

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     9704   /var/run/cgisock

unix  2      [ ACC ]     STREAM     LISTENING     9288   /var/run/mysqld/mysqld.sock

unix  2      [ ACC ]     STREAM     LISTENING     10648  /var/lib/courier/authdaemon/socket.tmp

unix  9      [ ]         DGRAM                    8819   /dev/log

unix  2      [ ]         DGRAM                    1455   @udevd

unix  2      [ ACC ]     STREAM     LISTENING     10974  /var/run/proftpd/proftpd.sock

unix  3      [ ]         STREAM     CONNECTED     11584

unix  3      [ ]         STREAM     CONNECTED     11583

unix  3      [ ]         STREAM     CONNECTED     11573  /var/run/mysqld/mysqld.sock

unix  3      [ ]         STREAM     CONNECTED     11572

unix  3      [ ]         STREAM     CONNECTED     11569

unix  3      [ ]         STREAM     CONNECTED     11568

unix  2      [ ]         DGRAM                    11184

unix  2      [ ]         DGRAM                    11060

unix  2      [ ]         DGRAM                    10860

unix  2      [ ]         DGRAM                    10721

unix  2      [ ]         DGRAM                    10659

unix  2      [ ]         DGRAM                    10615

unix  2      [ ]         DGRAM                    9011

```

Therefore I guess there is a smtp server running and listening....(??)

This is how my /var/qmail/control/conf-smtpd looks:

```
# Configuration file for qmail-smtpd

# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/files/conf-smtpd,v 1.4 2005/01/28 08:15:18 hansmi Exp $

# Stuff to run before tcpserver

#QMAIL_TCPSERVER_PRE=""

# Stuff to run qmail-smtpd

#QMAIL_SMTP_PRE=""

# Stuff to after qmail-smtpd

#QMAIL_SMTP_POST=""

# this turns off the IDENT grab attempt on connecting

TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

# fixcrio inserts missing CRs at the ends of lines. See:

# http://cr.yp.to/ucspi-tcp/fixcrio.html

# http://cr.yp.to/docs/smtplf.html

# DO NOT enable this, when you are using SSL/TLS (USE=ssl)!

#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} fixcrio"

# You might want to use rblsmtpd with this, but you need to fill in a RBL server here first

# see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details

#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER"

# If you are interested in providing POP or IMAP before SMTP type relaying,

# emerge relay-ctrl, then uncomment the next 2 lines

#QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"

#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"

# In /etc/courier-imap/authdaemonrc add the next line to the end:

#authmodulelist="${authmodulelist} relay-ctrl-allow"

# Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl}

# Add this at the end

#PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir"

# This next block is for SMTP-AUTH

# This provides the LOGIN, PLAIN and CRAM-MD5 types

# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5

# and reads it's data from /etc/poppasswd

# see the manpage for cmd5checkpw for details on the passwords

# uncomment the next four lines to enable SMTP-AUTH

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true

# QMAIL_SMTP_CHECKPASSWORD="/bin/cmd5checkpw"

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

```

This ist my /var/qmail/control/conf-common:

```

# Common Configuration file for all qmail daemons

# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/files/conf-common,v 1.3 2005/02/14 12:26:31 robbat2 Exp $

# Qmail User IDS to run daemons as

QMAILDUID=`id -u qmaild`

NOFILESGID=`id -g qmaild`

QMAILLUID=`id -u qmaill`

# Qmail Control Dir (this is actually set in /etc/env.d/99qmail)

#QMAIL_CONTROLDIR=/var/qmail/control

# Host and port to listen on

# We listen on the IPv4 local ip by default

TCPSERVER_HOST=0.0.0.0

TCPSERVER_PORT=${SERVICE}

# you do not need to specify -x, -c, -u or -g in this variable as those are

# added later

#TCPSERVER_OPTS="-p -v"

TCPSERVER_OPTS="-H -R -l 0"

#  This tells tcpserver where to file the rules cdb file

[ -d /etc/tcprules.d/ ] && TCPSERVER_RULESCDB=/etc/tcprules.d/tcp.qmail-${SERVICE}.cdb

[ ! -f "${TCPSERVER_RULESCDB}" ] && TCPSERVER_RULESCDB=/etc/tcp.${SERVICE}.cdb

# we limit data and stack segments to 8mbytes, you may need to raise this if

# you are using a filter in QMAILQUEUE

SOFTLIMIT_OPTS="-m 16000000"

# We don't have anything to set QMAILQUEUE to at the moment, so we leave it

# alone Generally it is best to add this in your appropriate (usually SMTP) cdb

# files /etc/tcp.*.cdb OR /etc/tcprules.d/tcp.qmail-*.cdb instead of on a

# global basis, as otherwise outgoing mail will be checked (because qmail-queue

# is used for most parts of qmail) You can also enable this per-server by just

# placing it into the other configuration files by placing the line there

# instead. Please note that the export part is important.

#export QMAILQUEUE=""

# tcpserver maximum concurrency, defaults to 40 in tcpserver

# this controls the maximum number of incoming connections that it will accept

[ -e ${QMAIL_CONTROLDIR}/concurrencyincoming ] && MAXCONN=$(<${QMAIL_CONTROLDIR}/concurrencyincoming) || MAXCONN=40

# logging directives

LOG_OPTS="t" # 't' is for timestamp

LOG_MAXSIZE=2500000 # defalts to '99999' if empty

LOG_MAXCOUNT=10 # defaults to '10' if empty

# build LOG_OPTS from this

[ -n "${LOG_MAXSIZE}" ] && LOG_OPTS="${LOG_OPTS} s${LOG_MAXSIZE}"

[ -n "${LOG_MAXCOUNT}" ] && LOG_OPTS="${LOG_OPTS} n${LOG_MAXCOUNT}"

# directory to log to

LOG_DEST=/var/log/qmail/qmail-${SERVICE}d

# BIG FAT WARNING:

# If you disable this by uncommenting it you will turn _off_ the configuration

# sanity check do so at your own risk!

#QMAIL_DISABLE_SANITY_CHECK=1

```

This is my /etc/tcprules.d/tcp.qmail-smtp:

```

# to update the database after changing this file, run:

# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp

#------------------------------------------------------

# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS

# Connections from localhost are allowed to relay

# (because the WebMail server runs on localhost),

# and obviously there is no point trying to perform an RBL check.

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

#

#-----------------------------------------------------------------

# ALLOW EVERYONE ELSE TO SEND US MAIL

#

# Everyone else can make connections to our server,

# but not allowed to relay

# RBL lookups are performed

:allow

# If you are using qmail-scanner, this line here is the correct one to use

# instead (comment out the above ':allow' line FIRST) and applies that script

# to any mail coming in that is not from a host allowed to relay. You can

# change the value of the variable to any other value you desire to use custom

# scripts for example.

#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

192.168.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

192.168.2.4:allow,RELAYCLIENT="",RBLSMTPD=""       

192.168.2.2:allow,RELAYCLIENT="",RBLSMTPD=""       # -> The IP of the client!!!

```

When I do a 

```
#tcprulescheck /etc/tcprules.d/tcp.qmail-smtp.cdb
```

I get -->

```
rule :

allow connection

```

--> ???? I've been checking on all those configurations over and over and tried dozens of different settings. Whatever I do, change and modify in those files, IT JUST ALL STAYS THE SAME!!! No smtp, except through webmail but then the sender is some me@resalehost.networksolutions.com..... In fact, it seems that all changing has no effect at all. And yes, I do update the tcp.qmail-smtp.cdb with tcprules after changing the file!...

Pleeeaaase Help! How can I get the smtp server to work properly? What do I need to change in that configuration, so that the server (only) accepts smtp-auth? Why do the sent mails arrive with a sender like fidel@resalehost.networksolutions.com???? 

Thanks for any help! (..yeah, I'll send a swiss chocolate to the one who becomes my hero!  :Wink:  )Last edited by fidel on Tue May 24, 2005 9:43 am; edited 1 time in total

----------

## fidel

Why does nobody want to give me a hint?...  :Sad: 

Is there no way to use smtp with qmail without becoming a spam relaying service provider?.. Is qmail not a good solution therefore?... Should I drop all of qmail and start over with postfix?..

----------

## fidel

Hello?...

By now I've got an entire new setup, the system fresh built... THE SAME PROBLEM AGAIN!  :Crying or Very sad:  :Crying or Very sad:  :Crying or Very sad: 

I can login to the imap server and receive my mails. I JUST CANNOT SEND with smtp, on thunderbird I get the message, that my server doesn't accept smtp...

--> can anybody help?....

btw: My configuration is now slightly different concerning the tcp-server: 

I can't find a tcp.qmail-smtp in /etc/tcprules.d/ anymore, there is a /etc/tcp.smtp instead though... does this matter? (I guess not, just used this one with tcprules.. just wanna be sure, I really don't know what matters and what not any more!)

Or another try: If there is no answer to my question:

--> What exactly is needed for (and only for..) being able to send mails with smtp through qmail, being logged in with imap (or pop3)??? I got smtp auth activated and would like to leave it that way!..

thanks in advance!

greets

fidel

----------

## fidel

 :Embarassed: 

took me quite a while to come to the conclusion, that:

1. Problems came from my not correctly resolving (a non-existing, just phantasy-made) dns hostname!

2. ucspi-tcp has (whenever there is no ipv6!) to be compiled with USE="-ipv6"!

3. The last "catchall"-rule allow: in /etc/tcprules.d/tcp.qmail-smtp has to be last!:

```

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

192.168.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

192.168.2.4:allow,RELAYCLIENT="",RBLSMTPD=""       

192.168.2.2:allow,RELAYCLIENT="",RBLSMTPD=""       # -> The IP of the client!!! 

allow:

```

--> qmail works! I can send and receive e-mail, smtp-auth works great! 

 :Very Happy: 

Just qmail-scanner doesn't want to function properly:

```
# cat /var/log/qmail/qmail-smtpd/current

....

@400000004290ea5127251c4c tcpserver: end 8505 status 0

@400000004290ea5127269734 tcpserver: status: 0/40

@400000004290ebcb342075a4 tcpserver: status: 1/40

@400000004290ebcb34208d14 tcpserver: pid 8510 from 62.2.95.247

@400000004290ebcc05ff5cbc tcpserver: ok 8510 :192.168.2.5:25 mxout.hispeed.ch:62.2.95.247::44652

@400000004290ebcc1b753a6c X-Qmail-Scanner-1.25st:[hektor11167937947188511] cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied

@400000004290ebcc1ba28044 /bin/rm: cannot remove `/var/spool/qmailscan/tmp/hektor11167937947188511/': Permission denied

@400000004290ebcc1ba4ba94 /bin/rm: cannot remove `/var/spool/qmailscan/working/new/hektor11167937947188511': Permission denied

@400000004290ebcc3690f0d4 X-Qmail-Scanner-1.25st:[hektor11167937947188513] cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied

@400000004290ebcc36ba79a4 /bin/rm: cannot remove `/var/spool/qmailscan/tmp/hektor11167937947188513/': Permission denied

@400000004290ebcc36bcb3f4 /bin/rm: cannot remove `/var/spool/qmailscan/working/new/hektor11167937947188513': Permission denied

@400000004290ecac31f8a7ec tcpserver: end 8510 status 0

@400000004290ecac31f8bf5c tcpserver: status: 0/40

```

I did 

```

#su qscand

#/var/qmail/bin/qmail-scanner-queue.pl -z

```

.. nothing! Still the same errors. I did:

```
# /var/qmail/bin/qmail-scanner-queue.pl -g
```

... nothing! Still the same errors.

.... can anybody help?...

----------

## fidel

Alright!

Concerning the qmail-scanner following issues:

1. clamd HAS to run under the user qscand

2. spamd HAS to run under the user qscand

...IF we want to use those with qmail-scanner!!! Therefore permissions have as well to be set in /var/run/clamav

--> 

```
chown -R qscand:qmail /var/run/clamav
```

Concerning my "weird sender adress", as I think, the DNS lookup can be skipped by adding the option -H to TCP_OPTS in /var/qmail/control/conf-common. Still this did not resolve my other problem, since my ISP blocks mails coming from my dynamic IP adress. Therefore I need to send my mails through the smtp of my ISP...

-->/var/qmail/control/smtproutes

```
:smtp.myisp.whatever:25 lsxWeP!= LKXsxt3
```

Whereas the lsxWeP!= is the Base64 encrypted username and LKXsxt3 the Base64 encrypted password. Now my mails go through my ISPs smtp and don't get blocked any more!...

I think it could be wise to:

```
#chown qmailr:qmail /var/qmail/control/smtproutes

#chmod 0600 /var/qmail/control/smtproutes
```

qmail works and from now on scans all mails with clamd and spamd!!  :Very Happy:  :Very Happy:  :Very Happy: 

--> I am veeeerry happy!!!  :Very Happy: 

----------

