# HOWTO: qmail vpopmail courier-imap qmail-scanner (09/2005)

## petterg

THIS GUIDE IS OUTDATED

If you feel experimental I have a new guide at https://forums.gentoo.org/viewtopic-t-539101.html

Mobiusproject has posted an updated version of this guide. 

https://forums.gentoo.org/viewtopic-t-527246.html

This is an updated version of the guide originaly posted by Sabrex at

https://forums.gentoo.org/viewtopic-t-171499-start-0.html

Please check the bug sumary at the bottom of the guide.

Packages used in this guide:

```

qmail-1.03-r15

vpopmail-5.4.6-r1

courier-imap-4.0.1

pyzor-0.4.0-r1

razor-2.77

dcc-1.3.16

spamassassin-3.0.4

clamav-0.87

qmail-scanner-1.25-r1

ezmlm-idx-mysql-0.40-r2

squirrelmail-1.4.5

```

Asumes these packages are installed, configured and running:

```

apache

php

mysql

```

Before you start it might be a good idea to run

```
emerge sync
```

1) Ensure that the proper USE flags are set

```

> nano -w /etc/make.conf

USE-flags to set: +apache2 +spamassassin +maildir +mysql +qmail +ssl -ipv6 +ipalias +fam +nls -milter

```

+ipalias is useful if you're setting up the server without having an domain for it. Say you have another server running on the domain you're going to use, but don't want to set this server into production before it's well tested. If you have a (sub)domain for testing purposes you don't need to enable this.

-ipv6 disables use of IPv6. It's been making problems for quite a few ppl. If you're not using IPv6, why have it enabled? As of 2005.1 ipv6 has been enabled by default in Gentoo. Disable to save yourself some problems.

+ssl if you want SSL support

2)Install qmail

```

> emerge -pv qmail

```

You might see something blocking for the instalation of qmail. Unemerge them:

```

> emerge -C (append name of blocking package(s) here!)

```

Install qmail

```

> emerge qmail

```

Configure qmail

```

> nano -w /var/qmail/control/servercert.cnf

Modify to whatever suits your needs and save/exit

> ebuild /var/db/pgk/mail-mta/qmail-1.03-r15/qmail-1.03-r15.ebuild config

Press [enter] to continue whenever it asks you to modify /var/qmail/control/servercert.cnf. You've done that.

```

Setup/start smtp service

```

> ln -s /var/qmail/supervise/qmail-send /service/qmail-send 

> ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

> rc-update add svscan default 

> /etc/init.d/svscan start

```

3) Install vpopmail

```

emerge vpopmail

```

Create the vpopmail database.

```

Login to the mysql server (as a user with permissions to create databases and add users)

mysql> create database vpopmail; 

mysql> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your vpopmail password'; 

mysql> flush privileges;

mysql> quit

```

Choose a vpopmail password that is not used anywhere else. The password has to be saved in cleartext! You'll never need to remember it after you're done with the instalation.

If your mysql server is not running on localhost, change the vpopmail@hostname accordingly.

Edit vpopmail.conf.

```

> nano -w /etc/vpopmail.conf

Modify these lines - insert you vpopmail password:

# Read-only DB

localhost|0|vpopmail|your vpopmail password|vpopmail

# Write DB

localhost|0|vpopmail|your vpopmail password|vpopmail

```

save/exit

Make sure the vpopmail.conf is readable for the vpopmail user. Default is ownership = root:vpopmail with 640 permissions

4) Install imap and pop3 server

```

> emerge courier-imap

```

Something is buggy... this should fix:

```

> cd /etc/courier

> ln -s authlib/authdaemonrc

```

Modify /etc/courier/authlib/authdaemonrc

```

> nano -w /etc/courier/authlib/authdaemonrc

edit the line authmodulelist=.. to read:

authmodulelist="authvchkpw"

```

save/exit

If you want the imapserver to run, modify /etc/courier-imap/imapd

```

> nano -w /etc/courier-imap/imapd

Edit IMAPDSTART=NO to IMAPDSTART=YES

```

save/exit

If you want ssl support for you imapserver, modify /etc/courier-imap/imapd-ssl and /etc/courier-imap/imapd.cnf

```

> nano -w /etc/courier-imap/imapd-ssl

Edit IMAPDSSLSTART=NO to IMAPDSSLSTART=YES

```

save/exit

```

> nano -w /etc/courier-imap/imapd.cnf

Edit according to your server/location/domain

```

save/exit

If you want the pop3 server to run, modify /etc/courier-imap/pop3d

```

> nano -w /etc/courier-imap/pop3d

Edit POP3DSTART=NO to POP3DSTART=YES

```

save/exit

If you want ssl support for the pop3 server, modify /etc/courier-imap/pop3d-ssl and /etc/courier-imap/pop3d.cnf

```

> nano -w /etc/courier-imap/pop3d-ssl

Edit POP3DSSLSTART=NO to POP3DSSLSTART=YES

```

save/exit

```

> nano -w /etc/courier-imap/pop3d.cnf

Edit according to your server/location/domain

```

save/exit

Generate certificates: 

```

(only if you're going to run imap-ssl server)

> mkimapdcert

(only if you're going to run pop3-ssl server)

> mkpop3dcert

```

Start the servers (all or just some of them)

```

> /etc/init.d/famd start

> rc-update add famd default

> /etc/init.d/courier-imapd start 

> rc-update add courier-imapd default

> /etc/init.d/courier-pop3d start

> rc-update add courier-pop3d default

> /etc/init.d/courier-imapd-ssl start 

> rc-update add courier-imapd-ssl default

> /etc/init.d/courier-pop3d-ssl start

> rc-update add courier-pop3d-ssl default

```

I'm running all 4 servers. Users may decide if they want imap or pop3. A firewall makes sure that the non-ssl servers is unavailable for users located outside the local network.

5) update the smtpd config to allow smtp-auth using vpopmail

```

> nano -w /var/qmail/control/conf-smtpd

Uncomment the last 4 lines, and change the value of QMAIL_SMTP_CHECKPASSWORD:

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

```

save/exit

Set permissions on vchkpw

```

> chmod 4711 /var/vpopmail/bin/vchkpw

```

Prepare for qmailfilter

```

> nano -w /var/qmail/control/conf-common

Modify the SOFTLIMIT to:

SOFTLIMIT_OPTS="-m 32000000"

```

save/exit

The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail: 

```

> nano -w /var/qmail/control/conf-common 

TCPSERVER_OPTS="-H -R -l 0" (that's lower-case L followed by zero)

```

save/exit

Reload smtp config

```

> svc -t /var/qmail/supervise/qmail-smtpd

```

6) install spam database clients

```

> emerge pyzor

> emerge razor

> emerge dcc

```

7) install ClamAV and SpamAssassin

```

> emerge spamassassin clamav

```

Configure SpamAssassin

```

> nano -w /etc/conf.d/spamd

Modify:

SPAMD_OPTS="-m 5 -H -v -x -C /etc/spamassassin/local.cf"

```

save/exit

```

> nano -w /etc/spamassassin/local.cf

# How many hits before a message is considered spam. Lower to 3.0 after 1000 spams, adjust as needed

required_hits           5.0

# Text to prepend to subject if rewrite_subject is used

rewrite_header  subject   ***SPAM***

# Encapsulate spam in an attachment

report_safe             1

# Enable the Bayes system

use_bayes               1

# Enable Bayes auto-learning - disable after 20000 spammails (reduce server load)

bayes_auto_learn              1

bayes_auto_learn_threshold_spam 10.0

# Enable or disable network checks

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

# Languages

ok_languages    all

ok_locales      all

```

save/exit

Start spamd

```

> /etc/init.d/spamd start

> rc-update add spamd default

```

Configure Clamav

```

> nano -w /etc/freshclam.conf

update DatabaseMirror to a mirror close to your server

```

save/exit

```

> nano -w /etc/clamd.conf

Make sure the User clamd IS commented.

```

save/exit

Start clamav

```

> /etc/init.d/clamd start

> rc-update add clamd default

```

8) install qmail-scanner

Make sure spamassassin and clamav is running while emerging qmail-scanner.

```

> emerge qmail-scanner

```

Stop spamd

```

/etc/init.d/spamd stop

```

Reconfigure SpamAssassin

```

> nano -w /etc/conf.d/spamd

Modify:

SPAMD_OPTS="-m 5 -H -u qscand -v -x"

(It would make sence to keep the option "-C /etc/spamassassin/local.cf", but for some weird reason the current version of spamd ignores the config file if it's specified!

PIDFILE="/var/run/spamd/spamd.pid"

```

save/exit

```

> mkdir /var/run/spamd

> chown qscand:qscand /var/run/spamd

```

Start spamd

```

/etc/init.d/spamd start

```

reemerge qmail-scanner.  For debugging purposes it's a good idea run this in some window with scrolling capability. (I.e over ssh from another pc.)

```

> emerge qmail-scanner

```

Scroll back to see if Spamd and Clamav was detected. Look for

```

Searching .....................................

==============================================================

The following binaries and scanners were found on your system:

==============================================================

```

Followed by: clamdscan=... and fast_spamassassin=...

If they're not detected there might be some error messages that will be handy for debugging

Activate qmail-scanner 

```

> nano -w /etc/tcprules.d/tcp.qmail-smtp

Make sure there are lines like this:

#IPs allowed to relay - don't scan with qmail-scanner

## localhost

127.0.0.:allow,RELAYCLIENT="",RBLSMTPD=""

## Lokal network

192.168.2.:allow,RELAYCLIENT="",RBLSMTPD=""

## server public IP

123.123.123.123:allow,RELAYCLIENT="",RBLSMTPD=""

# Don't relay from other IPs. Scan with qmail-scanner

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

# Note: As of qmail-scanner 1.20 we use a wrapper - not qmail-scanner-queue.pl

```

save/exit

update the cdb

```

> cd /etc/tcprules.d/

> tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp

```

9) Create domain(s)

The first domain to add should be the primary domain of the server.

```

> /var/vpopmail/bin/vadddomain domain.net postmasterpassword

```

Repeat for all virtual domains.

If you want your users username@defaultdomain.net to be able to log in using just username as the username (not username@domain.net) do this:

```

echo "defaultdomain.net" > ~vpopmail/etc/defaultdomain

```

If you have a (sub)domain for testing add it as a aliasdomain.

```

> /var/vpopmail/bin/vaddaliasdomain domain.net test.domain.net

```

10) install mailinglists and qmailadmin

```

> emerge ezmlm-idx-mysql qmailadmin

```

11) Install squirrelmail

```

> emerge squirrelmail

> ln -s /usr/share/webapps/squirrelmail/1.4.5/htdocs /var/www/localhost/htdocs/mail

```

The last part of the ln-command is pointing to the documentroot of the webserver.

Get the vhost plugin

```

> cd /usr/share/webapps/squirrelmail/1.4.5/htdocs/plugins

> wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fvlogin-3.6-1.2.7.tar.gz

> tar -xvzf vlogin-3.6-1.2.7.tar.gz

> rm vlogin-3.6-1.2.7.tar.gz

```

Configure squirrelmail

```

> cp vlogin/data/config.php.sample.typical vlogin/data/config.php

> nano -w vlogin/data/config.php

(modify to fit your needs)

> nano -w secure_login/config.php

(modify to fit your needs)

> cd /usr/share/webapps/squirrelmail/1.4.5/htdocs/config

> perl conf.pl

```

Press D to load the Courier-imap template.

Walk through the config menu to set up to your needs.

Make sure to load the compability, secure_login and vlogin plugins.

As users inboxes grow, the webmail will become slow. To fix this make sure to enable "Allow server thread sort" and "Allow server-side sort" under General Options. (Wonder why these are off by default. Any security risk?)

12) Check Qmail controlfiles

Make sure the files in /var/qmail/control got updated. If they are not updated something is wrog. Probably it's related to mysql permissions.

```

These files should contain your primary domain:

defaultdomain, locals, me

This should contain all domains and aliasdomains on separate lines:

rcpthosts

This should contain all domains and aliasdomains on the form of domain.net:domain.net :

virtualdomains

```

13) Client setup

For SMTP client setup: All clients outside your local network need to enable TLS (encryption) and SMTP-auth. For username use the full email-adress. There is a bug with Outlook (and express) XP using TLS. No workaround is known. Use another clientprogram! (I love Opera - now it's even free!)

Note: M4chine posted (on Oct. 19th, 2005) that this bug was related to Symantec AntiVirus. If you disable "Internet Mail Security" you may get around this problem. I've no clue if this is the way to go when using other virus software. (Btw, if you're using Symantec / Norton AV you should seriously consider another AV program for windows. Avast, Clamwin and F-secure are my favorites.)

POP3/IMAP client setup: If you do like me - block port 110 and 143 from outside your localnet with a firewall then clients on the outside need to enable SSL and use port 993 for IMAP-SSL and port 995 for POP3-SSL. Clientes on the local network may use ports 110/143 without SSL enabled. Use the full email-address as username.

Known bugs:

clamav is running as root. This is the default setting, but I don't like it. If anyone figure a way to fix this, please let me know.

Mail infected by netsky D does not get detected.

 FIXED: There was a bug in my testscript that messed up a header and made qmailscanner fail to extract the attachment

Authentication in imap/pop fail randomly loging:

```
authdaemond: vmysql: sql error[3]: No Database Selected
```

This might be related to the old way to setup vpopmail.conf. Try adding these lines to the end of /etc/vpopmail.conf:

```

MYSQL_UPDATE_SERVER     localhost

MYSQL_UPDATE_USER       vpopmail

MYSQL_UPDATE_PASSWD     yourvpopmailpassword

MYSQL_READ_SERVER       localhost

MYSQL_READ_USER         vpopmail

MYSQL_READ_PASSWD       yourvpopmailpassword

```

Another thing that might help for the same bug is to edit /etc/courier/authlib/authdaemonrc

edit the line authmodulelistorig=... to read:

authmodulelistorig="authvchkpw"

then run: /etc/init.d/courier-authlib

Unverified tricks from readers

Here I'll put a collection of good ideas, hints and tricks posted by readers. I have not tried these myself.

 *Mindstab wrote:*   

> I've also now found that something like
> 
> ```
> echo "#" > /var/qmail/control/doublebounceto
> ```
> ...

 

To solve problems with bayes not learning:

 *krull wrote:*   

> I donno if this helps, I just added a universal path for bayes in spamassassin's local.cf so far it seems to work:
> 
> ```
> nano -w /etc/spamassassin/local.cf
> 
> ...

 

 *Mindstab wrote:*   

> Um, a possible update for the doc.  They worked well, but I found I had to 
> 
> ```
> 
> valias haplo@mindstab.net root@mindstab.net
> ...

 Last edited by petterg on Sun Feb 11, 2007 5:32 pm; edited 11 times in total

----------

## Tatey

This guide worked like a treat! Thank you very much  :Very Happy: 

----------

## pavaveda

If I don't want to use vpopmail, what options do I need in my authmoduleslist?

Thanks.

----------

## krull

Great Guide! Worked like a charm!

A few more pointers though for first time installers such as myself:

- when using vpopmail as stated in the guide, all your users will have 'user@domain.tld' as their username in their mail client like thunderbird, outlook, etc... From what I gathered adding --enable-default-domain=<domain name> while you emerge vpopmail will allow you to set a default domain for vpopmail users so that they only put their 'user' instead of the full email as their username. I donno another way to add this than editing the main vpopmail ebuild and digesting it. Anyone care to share an alternative?

- When emerging vpopmail, a messaging saying Use of vpopmail's tcp.smtp[.cdb] is also deprecated now, consider using net-mail/relay-ctrl instead. Probably adding relay-ctrl here in this guide as well would do us alot of good.

Overall, a great Guide! Thanks!

EDIT: ezmlm's mysql support works, but you will have to prep the database's tables first before qmailadmin's mailing-list web UI will be able to use the database.

From the ezmlm/qmailadmin FAQ/DOC (downloadable here)

```
ezmlm-mktab -d list  | mysql -h host -u user -p -f db
```

 *Quote:*   

>        This  connects to the mysql server on ``host'' as ``user''
> 
>        (prompting for the password) and in database  ``db''  cre-
> 
>        ates  tables list, list_slog, list_mlog, the corresponding
> ...

 

After this ezmlm/qmailadmin will start using the mysql database instead of putting the subscribers in the /etc/vpopmail/domains/<domainname>/<listname>/subscribers/ directory. I haven't tried its viability for big email list yet. Since I am not too familiar with MySQL's user privelages, I made ezmlm use root@localhost which is abit insecure. If someone who is more knowledable would enlighten us on what kind of privelages we ought to put on the user please let us know.

- KrulLLast edited by krull on Wed Sep 21, 2005 1:20 pm; edited 1 time in total

----------

## andy124

Minor typo - in the 4th code box, the one with the USE flags,

you have "sll" instead of "ssl".

----------

## andy124

Did anyone ever figure out the "clamdscan" permission problem?

My installation works either by using "clamscan", or running clamdscan

as root.

I'd love to hear about it!

----------

## petterg

 *pavaveda wrote:*   

> If I don't want to use vpopmail, what options do I need in my authmoduleslist?
> 
> Thanks.

 

I'll guess you'll use the pam module.

----------

## petterg

 *krull wrote:*   

> From what I gathered adding --enable-default-domain=<domain name> while you emerge vpopmail will allow you to set a default domain for vpopmail users
> 
> 

 

I'll guess you could add the default domain to the file /var/qmail/control/defaultdomain

 *krull wrote:*   

> When emerging vpopmail, a messaging saying Use of vpopmail's tcp.smtp[.cdb] is also deprecated now, consider using net-mail/relay-ctrl instead. Probably adding relay-ctrl here in this guide as well would do us alot of good.
> 
> 

 

The tcprules stuff is what is installed when emerging qmail. Last time (in Mars) I looked into relay-ctrl I didn't see any reason to switch. Why would we use relay-ctrl over tcprules?

 *krull wrote:*   

> 
> 
> ezmlm's mysql support works, but you will have to prep the database's tables first before qmailadmin's mailing-list web UI will be able to use the database.
> 
> 

 

I didn't need to do that. Was I just lucky?

----------

## krull

 *petterg wrote:*   

> I'll guess you could add the default domain to the file /var/qmail/control/defaultdomain

 

Nope... doesn't seem to accept that as a valid fix... I did the changes, and still it uses user@domain.tld as a 'username'. Anyways, I can live with , but being on a single domain without any virtualdomain settings, it would've come in handy (not to mention convienient...) to just use a 'username' instead.

 *petterg wrote:*   

> The tcprules stuff is what is installed when emerging qmail. Last time (in Mars) I looked into relay-ctrl I didn't see any reason to switch. Why would we use relay-ctrl over tcprules?

 

uh... I am not too familiar with tcprules nor relay-ctrl. Actually, I am a newb on all this MTA stuff...   :Laughing:  I noticed though that there was no /etc/tcp.smtp in my gentoo setup (2.6.11-hardened-r15), but a /etc/tcprules.d/tcp.qmail-smtp instead. So when I was following your guide, especially the part with editing /etc/tcp.smtp, I did an educated guess in editing /etc/tcprules.d/tcp.qmail-smtp instead.   :Wink: 

What's the difference of the two, if any? and why relay-ctrl is recomended now over tcprules?

 *petterg wrote:*   

> I didn't need to do that. Was I just lucky?

 

Could be. I know that the mailing-list qmailadmin section will still work without mySQL support, writing everything inside  /var/vpopmail/domains/<domain.tld>/<listname>/. When I tried to enable mySQL support though the first time around, with the right credentials, it didn't create the database, tables, etc... and wouldn't write any subscribers emails in there.

FYI: Now my setup is not live as of yet, and I am in the process of adding the company's emails/aliases and mailing-lists. This MTA based on your Guide will replace an arcaine setup of MDaemon with WinXP that's handling over 14,000 emails a day (barely...).

Our router forwards mail to our mailserver's internal IP. If I do the switch by just changing the IP's around, would it work 'on-the-fly' per se? (bar ofcourse the hardcoded IP settings that needed change in the qmail/vpopmail setup...)

EDIT: Doing a spamassassin -D --lint, I get these parsing errors:

```
config: SpamAssassin failed to parse line, skipping: report_header 1

config: SpamAssassin failed to parse line, skipping: rewrite_subject 1

config: SpamAssassin failed to parse line, skipping: subject_tag *****SPAM*****

config: SpamAssassin failed to parse line, skipping: use_terse_report 1

config: SpamAssassin failed to parse line, skipping: auto_learn 1

```

Any Ideas? I am looking in man Mail::SpamAssassin::Conf for possible fixes since I read that certain variable settings in SpamAssassin are not being honored with the latest build. (I got mail-filter/spamassassin-3.0.4 installed here..)

EDIT: Google is the answer   :Wink:  http://www.hoboes.com/Mimsy/?ART=201

Thanks a heap!

- KrulL

----------

## narcis.gratianu

Hello !

After i unmerged ssmtp and emerged qmail, some of the scripts that i have on my computer and used the /usr/sbin/sendmail symlink to send mail stop working. What can i do to enable it again ? Where i can point the same symlink to send e-mails ?

thank you !

----------

## petterg

 *narcis.gratianu wrote:*   

> Hello !
> 
> After i unmerged ssmtp and emerged qmail, some of the scripts that i have on my computer and used the /usr/sbin/sendmail symlink to send mail stop working. What can i do to enable it again ? Where i can point the same symlink to send e-mails ?
> 
> thank you !

 

The qmail-inject command will do that job.

I'm not sure if you should use a symlink or an alias. I'm not sure if they take the same arguments.

----------

## petterg

 *krull wrote:*   

> Nope... doesn't seem to accept that as a valid fix... I did the changes, and still it uses user@domain.tld as a 'username'. Anyways, I can live with , but being on a single domain without any virtualdomain settings, it would've come in handy (not to mention convienient...) to just use a 'username' instead.
> 
> 

 

Agree. That's one of the many things to look into.

 *krull wrote:*   

> 
> 
> I noticed though that there was no /etc/tcp.smtp in my gentoo setup (2.6.11-hardened-r15), but a /etc/tcprules.d/tcp.qmail-smtp instead. So when I was following your guide, especially the part with editing /etc/tcp.smtp, I did an educated guess in editing /etc/tcprules.d/tcp.qmail-smtp instead.  :wink: 
> 
> 

 

That was one more typo - some leftovers from the old guide. Thanx for pointing that out. Guide updated.

 *krull wrote:*   

> 
> 
> What's the difference of the two, if any? and why relay-ctrl is recomended now over tcprules?
> 
> 

 

Another way to ask the same: Why it tcprules installed be default when relay-ctrl is recommended?

I didn't see the message, but I didn't sit around to read the stuff eigther.

 *krull wrote:*   

> 
> 
> FYI: Now my setup is not live as of yet, and I am in the process of adding the company's emails/aliases and mailing-lists. This MTA based on your Guide will replace an arcaine setup of MDaemon with WinXP that's handling over 14,000 emails a day (barely...).
> 
> 

 

For a system handeling that many mails you should concider installing a dns server/cache on localhost to speedup spamassassin.

 *krull wrote:*   

> 
> 
> EDIT: Doing a spamassassin -D --lint, I get these parsing errors:
> 
> ```
> ...

 

Wops!

local.cf syntax has changed - the config-generator on spamassassin website is not updated (= useless)

Guide is about to be fixed.... reading doc....

----------

## laebshade

Thanks for the great guide, Peter.  I had a working setup yesterday, however today e-mail is not being delivered to my inbox; no errors, no bouncebacks.  The e-mail is going somewhere, and I found out where.

Edit:  nevermind.  Not sure what happened, so I followed the first part and re-emerged qmail, vpopmail, and courier-imap.  Problem solved.

----------

## krull

 *petterg wrote:*   

> Agree. That's one of the many things to look into.
> 
> 

 

Doing some more investigation on setting up defaultdomain for vpopmail, I found out that editing the ebuild to include --enable-default-domain gave out this error:

```
configure: error: --enable-default-domain has been superceded. The default domain should be put into the file ~vpopmail/etc/defaultdomain instead
```

So I just did what it said by doing:

```
echo "testdomain.com" > ~vpopmail/etc/defaultdomain
```

AND IT WORKED!   :Very Happy:  users can now log in with only their username and not a full user@domain.tld like before! woot! Maybe adding that subtle, yet important detail to your guide would help others out that has the need for single domain setup like mine, petterg.

 *petterg wrote:*   

> For a system handeling that many mails you should concider installing a dns server/cache on localhost to speedup spamassassin.

 

Thanks for the suggestion, petterg. I'll do just that. Any good HOWTO out there for such a task?   :Wink: 

EDIT: Found a nice simple howto for a DNS Caching with djbdns: http://www.karkomaonline.com/article.php/20031010194701302

EDIT: From Gentoo Wiki: http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_DJBDNS

Chao!

- KrulLLast edited by krull on Mon Oct 24, 2005 7:20 am; edited 1 time in total

----------

## petterg

 *krull wrote:*   

> 
> 
> ```
> echo "testdomain.com" > ~vpopmail/etc/defaultdomain
> ```
> ...

 

Great!

Updating the guide....

----------

## krull

Minor Correction to the guide:

Where it says:

 *Quote:*   

> nano -w /etc/tcprules.d/tcp.smtp

 

It should be:

 *Quote:*   

> nano -w /etc/tcprules.d/tcp.qmail-smtp

 

----------

## petterg

 *krull wrote:*   

> Minor Correction to the guide:

 

Done.

Thanks

----------

## Mindstab

um, why might i ask are we using FAM?

What benifits does it bring.  I've had qmail vpopmail courier setups before with out it, and I've heard bad things about it's security track records.  

So I was surprised to see it here in a non desktop app.  Wondered what it was for

----------

## krull

Hi all,

I am still testing my installation before putting it in production use. I have noticed this on the mail headers I send out through the SMTP:

```
Received: from unknown (HELO ?127.0.0.1?) (10.0.0.180)

  by 0 with SMTP; 3 Oct 2005 17:54:00 +0300
```

Anyone knows why this happens?

Thanks in advance,

KrulL

----------

## petterg

 *krull wrote:*   

> Hi all,
> 
> I am still testing my installation before putting it in production use. I have noticed this on the mail headers I send out through the SMTP:
> 
> ```
> ...

 

Do you get the same messge independet on which pc you're sending from? (Assuming you're using a mail client, not using webmail.) Does the hostname of you server resolve to an IP adress?

----------

## petterg

 *Mindstab wrote:*   

> um, why might i ask are we using FAM?
> 
> What benifits does it bring.  I've had qmail vpopmail courier setups before with out it, and I've heard bad things about it's security track records.  
> 
> So I was surprised to see it here in a non desktop app.  Wondered what it was for

 

From the documentation of courier-imap:

 *Quote:*   

> 
> 
> You may wish to enable IMAP_CHECK_ALL_FOLDERS if you filter new mail into folders other than your regular inbox. You can enable the IMAP_ENHANCEDIDLE option. Enhanced idle mode notifies all clients immediately when any changes to a folder occur.
> 
> 

 

and

 *Quote:*   

> 
> 
> If you choose not to install fam, you can still use IMAP_ENHANCEDIDLE, but instead Courier IMAP will poll for changes every 60 seconds for folders opened by IMAP clients.
> 
> 

 

To me it souded like a good idea to use fam. I might be wrong.

----------

## Mindstab

Um, a possible update for the doc.  They worked well, but I found I had to 

```

valias haplo@mindstab.net root@mindstab.net

valias haplo@mindstab.net postmaster@mindstab.net

vaddaliasdomain mindstab.net mail.mindstab.net

```

To get everything working right

Otherwise all my servers log messages were being bounced

Also, I found that if any domains were in qmail/control/locals

qmail tried to use local delivery for users ther to their /home dirs instead of using vpopmail

Thanks

----------

## DNAspark99

I havn't seen it mentioned anywhere, and having to figure it out myself took a while longer than it probably should have, so I'll just mention what I learned here: qmail-scanner and spamassassin 'learning' was not working correctly, so, several headaches later, I fixed it by unifying the ~/.spamassassin dirs and changing some permissions to allow qscand access, even tho after a few 'learnings' some files were overwritten with 'default' ownerships/permissions, but it works now.... can anyone explain 'why'? what was I missing before? (spamassassin wasn't catching *anything* before I did this, now works like it should)

```

rm -rf /root/.spamassassin

ln -s /var/vpopmail/.spamassassin /root

chgrp qscand -R /var/vpopmail/.spamassassin

chmod g+w -R /var/vpopmail/.spamassassin

```

```

ls -al /var/vpopmail/.spamassassin/

total 5.7M

drwxrwxr-x   2 vpopmail qscand    176 Oct  7 10:44 ./

drwxr-xr-x  10 vpopmail vpopmail  304 Oct  3 12:43 ../

-rw-rw----   1 vpopmail qscand   1.4M Oct  7 10:44 auto-whitelist

-rw-rw----   1 vpopmail qscand   656K Oct  5 14:17 bayes_seen

-rw-------   1 root     root     5.1M Oct  5 14:17 bayes_toks

-rw-rw-r--   1 root     root     1.2K Oct  3 23:12 user_prefs

```

----------

## Mindstab

I've also now found that something like

```
echo "#" > /var/qmail/control/doublebounceto
```

should route all double bounce messages to /dev/null hopefully

I just looked into this as I was getting a lot

----------

## ^and1

The last install i made, was with the help of saberx's docu. After  i installed my server a month ago, i used this "http://gentoo-wiki.com/HOWTO_Setup_QMAIL_VPOPMAIL_and_Other_Mail_Servers" and the qmailrocks howto of the Gentoowiki. But if i look at this howto, ther are no major differences, but i have still two "problems":

With my installation i only can do smtp with ssl(as written here), but not without. Is it possible do get work both at the same time?

And the other problem ist, that all passwords stored in the vlog are cleartext, thoug i only connect with ssl. Is this correct so?

thx

Andi

----------

## krull

 *DNAspark99 wrote:*   

> I havn't seen it mentioned anywhere, and having to figure it out myself took a while longer than it probably should have, so I'll just mention what I learned here: qmail-scanner and spamassassin 'learning' was not working correctly, so, several headaches later, I fixed it by unifying the ~/.spamassassin dirs and changing some permissions to allow qscand access, even tho after a few 'learnings' some files were overwritten with 'default' ownerships/permissions, but it works now.... can anyone explain 'why'? what was I missing before? (spamassassin wasn't catching *anything* before I did this, now works like it should)

 

I donno if this helps, I just added a universal path for bayes in spamassassin's local.cf so far it seems to work:

```
nano -w /etc/spamassassin/local.cf

Add:

bayes_path /etc/mail/spamassassin/bayes
```

I also downloaded the whole spamarchive.org and let bayes learn the archive! it's going to take my install 9 days to do all!  :Very Happy:  omg... anyone see any benifits to this?

Also is there a way for me to 'transfer' a spamassassin bayes from another installation to this new one? (I have an MDaemon server whos bayes learned our 'allowed' mails etc, already...)

This would save me time if this can be done....

- KrulL

----------

## petterg

 *krull wrote:*   

> Also is there a way for me to 'transfer' a spamassassin bayes from another installation to this new one? (I have an MDaemon server whos bayes learned our 'allowed' mails etc, already...)
> 
> This would save me time if this can be done....
> 
> 

 

To copy bayes data from another installation you copy all files in the .spamassassin subfolder of the homedir of the user spamassassin runs as. (if your old install run spamassassin as spamd and your new one run as qscand you do: scp root@oldserver:~spamassassin/.spamassassin/* root@newserver:~qscand/.spamassassin)

You probably need to restart spamd after this

----------

## petterg

 *^and1 wrote:*   

> With my installation i only can do smtp with ssl(as written here), but not without. Is it possible do get work both at the same time?
> 
> And the other problem ist, that all passwords stored in the vlog are cleartext, thoug i only connect with ssl. Is this correct so?
> 
> 

 

Not quite sure what you're asking...

If you set USE="notlsbeforeauth" when installing qmail it will not require tls for smtp-auth.

If you're problem is that you want to alow some clients to relay mail through the smtp server without smtp-auth you just add their ip address in the tcp.qmail-smtp file.

----------

## ^and1

everything works fine now, but is there any possibility to avoid, that vopopmail ist writting the passowrds of smtp-auth in cleartext into the vlog table in the db?

thx petterg for your answer (it solves my problem)  :Smile: 

andi

----------

## petterg

Guide updated

Modified the config of squirrelmail to reduce the delay when displaying huge mailfolders. (more than 200 mails in the folder)

----------

## petterg

 *^and1 wrote:*   

> everything works fine now, but is there any possibility to avoid, that vopopmail ist writting the passowrds of smtp-auth in cleartext into the vlog table in the db?
> 
> andi

 

hmmm

I had no idea that that happened. Anyone figured out any way to stop this from happening?

----------

## m4chine

First off, great howto, thanks for the contribution.

When I first read this howto, I was discouraged when reading there was a bug in outlook/outlook express that prevented TSL communication, but I was willing to struggle with it because I simply cannot tell my clients they cannot use the most popular mail clients out there for windows.

So I got everything up and running and now for the testing. I first got Evolution worked with TSL/SSL, great. Then I moved on to Outlook/Outlook Express, sure enought I got a 454 error, tls not available due to temporary reason. I do some googling and come accross some similar errors suggesting av problems. Sure enough, I'm running Symantec Antivirus Corp with Internet Mail protection enabled. So I disable Internet Mail protection, close and reopen Outlook Express and shibby, I can send/receive mail via TSL/SSL pop3/smtp.

I would revise this howto to include this information and remove the bug warning, I have sucessfully sent encrypted mail in outlook express with this configuration. Thanks again for the howto.

----------

## petterg

 *m4chine wrote:*   

> First off, great howto, thanks for the contribution.
> 
> When I first read this howto, I was discouraged when reading there was a bug in outlook/outlook express that prevented TSL communication, but I was willing to struggle with it because I simply cannot tell my clients they cannot use the most popular mail clients out there for windows.
> 
> So I got everything up and running and now for the testing. I first got Evolution worked with TSL/SSL, great. Then I moved on to Outlook/Outlook Express, sure enought I got a 454 error, tls not available due to temporary reason. I do some googling and come accross some similar errors suggesting av problems. Sure enough, I'm running Symantec Antivirus Corp with Internet Mail protection enabled. So I disable Internet Mail protection, close and reopen Outlook Express and shibby, I can send/receive mail via TSL/SSL pop3/smtp.
> ...

 

I'll include that in the guide.

Thanks

Oh, btw - which version of outlook and symantec AV did you use? Which version of windows and Office? Service Pack?

----------

## AxelTerizaki

Hello.

I posted this in the MySQL update thread, but I guess it won't get much response there, so I'm trying it here, too:

This is not entirely MySQL related, but it happened right after I upgraded from 4.0 to 4.1

vpopmail doesn't seem to work anymore with qmail somehow O_o.

It authentificates quite well with courier-imap though, no problems logging and reading IMAP folders, but with qmail, I just get those in the logs:

```
Oct 20 17:39:10 twilight vpopmail[12142]: vchkpw-smtp: vpopmail user not found xxxx@xxxx-xxxx.net:123.123.123.123

Oct 20 17:39:10 twilight vpopmail[12142]: vchkpw: can't write MySQL logs
```

Anyone have any clues on hwo to fix this? I can login with the vpopmail user fine under MySQL, and of course, I recompiled vpopmail, since for example, vuseradd works fine (I can add users to my virtual domains this way)

----------

## BlackB1rd

I've been configuring my mailserver for almost a week now, and it still doesn't work as it should be  :Sad: 

The receiving part is finally working, but now I get all the mails twice: once without and once with going through the qmail-scanner filter. But okay, I'd might figure that out.

But what is really annoying me is that the sending part doesn't work at all. I don't get an error message, it simply doesn't deliver the queued messages. I get the following from the /var/log/qmail/qmail-send/current log:

```

@400000004358ac1512e16984 delivery 104: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

```

I am able to connect through telnet with other mail smtp hosts. So it's not a firewall issue.

Please help me, it's really driving me nuts!

----------

## petterg

 *AxelTerizaki wrote:*   

> 
> 
> ```
> Oct 20 17:39:10 twilight vpopmail[12142]: vchkpw-smtp: vpopmail user not found xxxx@xxxx-xxxx.net:123.123.123.123
> 
> ...

 

Have you read the upgrade notes in the mysql doc? (I read those a while ago, and figured not to upgrade mysql on any productions server.)

http://dev.mysql.com/doc/refman/4.1/en/upgrading-from-4-0.html

Have you tried to delete the vpopmail user in mysql, then rerun the grant commands and flush privileges?

----------

## petterg

 *BlackB1rd wrote:*   

> I've been configuring my mailserver for almost a week now, and it still doesn't work as it should be :(
> 
> The receiving part is finally working, but now I get all the mails twice: once without and once with going through the qmail-scanner filter. But okay, I'd might figure that out.
> 
> But what is really annoying me is that the sending part doesn't work at all. I don't get an error message, it simply doesn't deliver the queued messages. I get the following from the /var/log/qmail/qmail-send/current log:
> ...

 

What did you have to do to make the recieving part work? What was the errors you got? (I'm thinking the two problems might be related.)

Are you able to send mails using sendmail?

What happens when you run the contrib/test_installation script included in the qmail-scanner tarball?

----------

## BlackB1rd

 *petterg wrote:*   

> 
> 
> What did you have to do to make the recieving part work? What was the errors you got? (I'm thinking the two problems might be related.)
> 
> Are you able to send mails using sendmail?
> ...

 

I don't really know what i did to get the receiving part working (i've done so many things). But I now figured out that sending from another email domain than registered in vpopmail does actually work. 

So if the sender is e.g. blackb1rd@domain2.com, which domain part isn't listed in vpopmail, it works flawlessly. But when sending as blackb1rd@domain1.com, which has a vpopmail domain part, i get the error message as described above. Doesn't make sense to me?

edit: i'll try to see if that script can sort things out.

edit2: I get the following when running test_installation.sh -doit:

```

server qmail-scanner-1.25 # ./contrib/test_installation.sh -doit

QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...

done!

Sending eicar test virus - should be caught by perlscanner module...

done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...

Done!

Finished test. Now go and check Email for root@localhost

```

Seems to be good, but I don't get any email. But where should it deliver root@localhost, since I didn't specify localhost as a domain in vpopmail? Or is it supposed to handle localhost as local?

----------

## Nazzy

ARRG!

qmail r16 has done something stupid with auth, and everything has gone fubar

Anyone else having this problem?

Anyone got a suggestion for a fix?

Please?!

----------

## AxelTerizaki

If this is what I think it is, it got introduced in r15... There is a new USE flag "notlsbeforeauth" or something like this. Enabling it solved my auth problems with SMTP a few months ago when r15 got stable in the portage tree.

----------

## AxelTerizaki

 *petterg wrote:*   

> 
> 
> Have you read the upgrade notes in the mysql doc? (I read those a while ago, and figured not to upgrade mysql on any productions server.)
> 
> http://dev.mysql.com/doc/refman/4.1/en/upgrading-from-4-0.html

 

Yep, I followed the upgrade guide to the letter. Everything went smoothly with the upgrade, really, all my other apps (php, pure-ftpd, etc) work fine after reemerging. I did reemerge courier-imap, qmail, and vpopmail too.

 *Quote:*   

> Have you tried to delete the vpopmail user in mysql, then rerun the grant commands and flush privileges?

 

I didn't delete it, but I've rerun the grant and flush statements yes. I'll try to recreate the vpopmail user but I doubt it'll really be useful: courier-imap works reall yfine with vpopmail and I can check all my mailboxes on the server without any noticeable problems. 

The ONLY problem comes from SMTP right after MySQL's upgrade.

Of course, I'm tempted to downgrade to MySQL 4.0 but that'd be too easy, right?  :Smile: 

----------

## Nazzy

 *AxelTerizaki wrote:*   

> If this is what I think it is, it got introduced in r15... There is a new USE flag "notlsbeforeauth" or something like this. Enabling it solved my auth problems with SMTP a few months ago when r15 got stable in the portage tree.

 

Actually it is enabled :/

I'm getting auth failed errors because, worryingly, it seems that vpopmail/qmail has lost it's concept of what email addresses and accounts there are ... result being that some emails are getting "No such mailbox" bounces :/

yet imap lets me login quite happily   :Sad: 

----------

## petterg

 *BlackB1rd wrote:*   

> Seems to be good, but I don't get any email. But where should it deliver root@localhost, since I didn't specify localhost as a domain in vpopmail? Or is it supposed to handle localhost as local?

 

Gahh, Sorry.

You need to edit the script a litle.... line 112-113 (or somewhere close to those linenumbers) reads:

 *Quote:*   

> 
> 
> echo ""
> 
> echo "Sending standard test message - no viruses..."
> ...

 

Right in front of those you should put a line reading

 *Quote:*   

> 
> 
> RECIP="user@the_domain_you_want_to_test.com"
> 
> 

 

Save and run it again.

----------

## Desti²

 *Nazzy wrote:*   

> ARRG!
> 
> qmail r16 has done something stupid with auth, and everything has gone fubar
> 
> Anyone else having this problem?
> ...

 

Ditto :-/

I have downgraded to r15 and will stay there until someone found a fix.   :Embarassed: 

----------

## petterg

 *Nazzy wrote:*   

> I'm getting auth failed errors because, worryingly, it seems that vpopmail/qmail has lost it's concept of what email addresses and accounts there are ... result being that some emails are getting "No such mailbox" bounces :/
> 
> yet imap lets me login quite happily  :(

 

Try to telnet the smtp server. Try this both from the server localhost, from a pc with IP alowed to relay and from a pc NOT alowed to relay. Try it both with receiver adress being in your servers domain and some yahoo/hotmail/whatever adress you have. From localhost and allowed ip's it should work. For not allowed ip's you should only be allowed to send to your servers domain.

```

# telnet smtp.yourdomain.net 25 

```

Here S: means you should type in. R: Expected reply

```

            R: 220 smtp.yourdomain.net ESMTP

            S: HELO your.client.isp.net

            R: 250 smtp.yourdomain.net

            S: MAIL FROM:<senders@address.tld>

            R: 250 OK

            S: RCPT TO:<user@recievingdomain.net>

            R: 250 OK

            S: DATA

            R: 354 go ahead

            S: Date: 25 Oct 2005 22:33:44

            S: From: John Public <senders@address.tld>

            S: Subject:  Testing smtp

            S: To: user@recievingdomain.net

            S:

            S: Some random text

            S: .

            R: 250 OK

            S: QUIT

            R: 221 smtp.yourdomain.net

```

What we are looking for here are error messages.

Oh, and also - you could try to create a new domain (don't need to register at any dns server). Give the new domain a user. Try to send mails to that user from webmail at localhost. Any errors while creating domain/user or sending mail?

----------

## Nazzy

I'll try this tomorrow ... I'll have to bind the server to a spare ip so it doesn't try downloading any of the mail thats queued remotely .... i had to take the server down to avoid loosing incomming emails :/

----------

## m4chine

 *petterg wrote:*   

> Oh, btw - which version of outlook and symantec AV did you use? Which version of windows and Office? Service Pack?

 

I tested this with:

Outlook Express v6.00.3790

Symantec Corp. 9.0.3.1000

Windows Server 2003 Ent. SP1

and I did not have Office installed on that machine. I have tested this on the full blown Outlook 2003 SB on client machines, but I don't have the computers in front of me for version numbers.

As a precaution I did turn off Internet Mail Protection on other AVs and have had no problems yet. I will post any more finding here when they come in.

Hope this helps someone.

Cheers,

----------

## Nazzy

I am currently considering abandoning qmail in preference of postfix in order to run VHCS control pannel :/

----------

## petterg

 *m4chine wrote:*   

> I tested this with:
> 
> Outlook Express v6.00.3790
> 
> Symantec Corp. 9.0.3.1000
> ...

 

Well, I think the bug was related to the outlook (express) shiped with Office XP (windows XP).

It should be fixed in 2003.

----------

## AxelTerizaki

Okay, following my recent problems with the MySQL upgrade, I discovered that all of a sudden I could send mails to the server without SMTP-Auth... :/

So, basically if I disable SMTP Auth in thunderbird, I can send mails just fine, which is quite disturbing. Even relay works!

Though, I didn't touch my tcp.qmail-smtp file ever since I installed it. here is how it looks like now:

```
:allow,QS_SPAMASSASSIN="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

194.242.112.151:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue",RBLSMTPD=""

```

Technically, this allows relay from everyone, BUT, it wasn't working before if people weren't authentified, but now it doesn't ask for auth anymore!

Anyone have any clues?

USE flags for qmail-1.03-r16:

 -gencertdaily -logmail +mailwrapper -noauthcram +notlsbeforeauth (-selinux) +ssl 

Any ideas?

----------

## petterg

 *AxelTerizaki wrote:*   

> Technically, this allows relay from everyone, BUT, it wasn't working before if people weren't authentified, but now it doesn't ask for auth anymore!
> 
> Anyone have any clues?

 

Rerun the tcprules command.

Do you have USE="IPv6" enabled? If so you should consider disableing it, and reemerging whatever package qmail depends on that uses that flag.

Are you able to log in to mysql using the vpopmail user/password? Does the vpopmail-mysql user have the corect permissions?

----------

## m4chine

 *petterg wrote:*   

> Well, I think the bug was related to the outlook (express) shiped with Office XP (windows XP).
> 
> It should be fixed in 2003.

 

I did also successfully get mail working on outlook 2003 SB, I will get the exact results and post my findings.

----------

## AxelTerizaki

 *petterg wrote:*   

> Rerun the tcprules command.

 

I did, but I feel like qmail might be ignoring my configuration... No matter how I change it, to disable or enable relay, qmail still accepts mail. The tcprules should be in /etc/tcprules.d, right?

 *Quote:*   

> Do you have USE="IPv6" enabled? If so you should consider disableing it, and reemerging whatever package qmail depends on that uses that flag.

 

I was aware of that problem and I don't need for ipv6. THus, I had it disabled a while ago anyways.

 *Quote:*   

> Are you able to log in to mysql using the vpopmail user/password?

 

Affirmative.

 *Quote:*   

> Does the vpopmail-mysql user have the corect permissions?

 

I did rerun the grant and flush commands, I don't see what else should I try... I can select the vpopmail database as the vpopmail user... Vpopmali can read it anyways since my imap server works quite fine, and allows me to login and check mailboxes.

----------

## mobiusproject

I like the new HOWTO except for one main item (which I have edited the way I think it should be):

 *Quote:*   

> 11) Install squirrelmail
> 
> Make sure that you have USE="vhost" in /etc/make.conf
> 
> ```
> ...

 

I suggest actually using webapp-config instead of making a link and changing files that are in /usr/share/webapps.  Thats what webapp-config is for (and really easy to use).  Makes upgrading version of squirrelmail (or any other webapp) easy: 

```
> webapp-config -U -h {$hostname} -d {directory}
```

With webapp-config you can even have all of the files be hard linked (if of course they are part of the same filesystem) so you don't waste space.  The config files aren't hard linked so you have can different config files for every instance.  This setup also doesn't require you to use the vlogin plugin, just install squirrelmail into multiple hosts or even multiple directories in the same host.  With your setup, if you upgrade squirrelmail and then emerge -C the old version of squirrelmail you lose all of your data.  webapp-config prevents this.

----------

## AxelTerizaki

Sorry for polluting this topic with my problems but i'm trying things at the same time, when I have some free time to  admin my server. I'm quite fed up with qmail / tcprules breaking every now and then with each update , so I tried starting from scratch. I unmerged qmail, vpopmail, courier... deleted all configuration files, and then followed this guide.

Everything went smoothly with courier-imap, but it looks like qmail is acting up AGAIN... -_-

Well, it looks like tcpserver is the problem now:

When I start svscan, I realize I can't  telnet on port 25 of myserver. When I do a ps on the server, I realize tcpserver is a zombie. However, it disappears when I stop svscan normally.

Is there any config file I should post here to get further help?

----------

## petterg

 *AxelTerizaki wrote:*   

> Sorry for polluting this topic with my problems but i'm trying things at the same time, when I have some free time to  admin my server. I'm quite fed up with qmail / tcprules breaking every now and then with each update , so I tried starting from scratch. I unmerged qmail, vpopmail, courier... deleted all configuration files, and then followed this guide.
> 
> Everything went smoothly with courier-imap, but it looks like qmail is acting up AGAIN... -_-
> 
> Well, it looks like tcpserver is the problem now:
> ...

 

Someone posted earlier that they've seen some warnings regaring the use of tcprules when emerging vpopmail. The warning recommended using relay-control (or whatever it was called). The warning might be there for a reason. I think everyone would benefit if someone posted something on why one is better than the other.

Regarding your smtp-auth / relay problem - watch the vlog table in the vpopmail database while the smtp server works. Does it give any clues of why this happens? (Does it post anything at all?)

----------

## petterg

 *mobiusproject wrote:*   

> I like the new HOWTO except for one main item (which I have edited the way I think it should be):
> 
>  *Quote:*   11) Install squirrelmail
> 
> Make sure that you have USE="vhost" in /etc/make.conf
> ...

 

I wasn't avare of the webapp-config command. I'll test it out and update the guide. Thanks!

----------

## m4chine

So I ran some more tests, although they were tested on Windows Server 2003, I imagine this applies to all WinXP/Win2000/Win2003 machines. I tested the SSL settings in Outlook 2003 with Symantec Corp Client Internet E-mail Auto Protect Enabled/Disabled; when Enabled, I got this error while trying to send a test message via outlook e-mail accounts setup:

Send test e-mail message: Outlook could not login to the outgoing mail server (SMTP). The problem could be the server name, your server may require authentication, or your server may not support SSL. Verify authentication and SSL options under More Settings.

So I disabled Symantec Corp Client Internet E-mail Auto Protect and sure enought I was able to send my test message! I'll try and get some tests done on WinXP outlook/outlook express today and post what I find out.

Cheers,

----------

## AxelTerizaki

Thanks petterg for helping us out, first. Some progress on my installation:

I got qmail/tcpserver running again nicely. Only problem is that qmail doesn't communicate with vpopmail anymore O_o

I've put all my virtual domains in the local and rcpthosts files, and I confirm that courier-imap works fine with vpopmail (as well as Horde/IMP).

But, in the qmail-send logs, I got this

```
@400000004361f49f33dd2efc info msg 848647: bytes 1312 from <> qp 25798 uid 206

@400000004361f49f341fd964 starting delivery 2: msg 848647 to local xxxx@xxxx-xxxx.net

@400000004361f49f34210244 status: local 1/10 remote 0/20

@400000004361f49f3456b844 delivery 2: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/

```

So I guess that vpopmail isn't communicating with qmail for mailboxes places.

I wonder where I did mess up? I usually had no problems the first time I installed this.

----------

## petterg

 *AxelTerizaki wrote:*   

> I got qmail/tcpserver running again nicely. Only problem is that qmail doesn't communicate with vpopmail anymore O_o
> 
> 

 

Maybe you could try to unemerge qmail, vpopmail, and tcprules (whatever package it's in). Then delete all config files related to those (keep the vpopmail db, and it's password), and then emerge them again.

----------

## AxelTerizaki

That's what I actually did to get tcpserver from working again (it was going as a zombie once started before).

I'll try it again now though.

----------

## Nazzy

I think i figured it out .... i'm testing now ... please hold

----------

## AxelTerizaki

Good news! I finally solved what's wrong with "sorry no mailbox by that name here".

Qmail was actually communiating well with vpopmail, but vpopmail somehow lost the list of domains it takes care of. The mailboxes and domains were still there in /var/vpopmail/domains, but somehow vpopmail didn't know them anymore, so I did a:

vadddomain mydomain.com

And after complaining that "user already exists" (the postmaster) emails were going in really fine.

Now the only thing I have to do is tune tcpserver for relaying with smtp-auth and I'm all set  :Smile: 

EDIT: 

The list of domains is actually inside :

/var/qmail/control/virtualdomains

Since I did delete configuration files to restart from scratch I didn't have that file anymore.

----------

## Nazzy

Yeah ... much experimenting has shown that that is certainly the problem ... vpopmail just wasn't reading the old domains

I'll go try your trick now  :Smile: 

----------

## starplayer

Hi

I'm setting mail server with this one nice guide(thanx petterg and guys! it really helps me).

Everything was fine.(actually, i got some problems but i could treat them)

But today my customer calls me about problem stated simillar as link above

http://www.webfxhost.com/support/knowledgebase/email_timeout_error.htm

 *Quote:*   

> Error Retrieving Mail with Outlook (with & nbsp as Subject)
> 
> There is a widespread issue you may be aware of where spam or virus messages arrive with a blank or with "&nbsp" for a subject and there is no sender or receipient listed. These malformed messages have the capability to "clog" Outlook users so they cannot connect to get their mail.
> 
> Many times, the Outlook user gets an error, such as this:
> ...

 

We originally used sendmail. Sendmail had no problems at all.  

what's the differences? 

same pop3 protocol, same outlook express, same norton antivirus. i can't justify that.

anyone have ideas?

----------

## destr0yr

 *starplayer wrote:*   

> 
> 
> anyone have ideas?

 

I don't think I've ever had this issue with my qmail installations.  However, I have seen it on other servers (those using SW-Soft's Plesk).  The badmsg 9 script seems to fix this:

http://www.chamorro.us/rrr/badmsg.html

----------

## starplayer

thanks for your reply, destr0yr  :Very Happy: 

we are not using plesk version of qmail. it's just from gentoo portage tree(qmail-1.03-r15).

anyway, i've just installed badmsg script on mailserver. 

i'll see one or more day to check it works or not.

then, i should report the result here. 

i hope it works. thanks again.

----------

## BlackB1rd

 *petterg wrote:*   

>  *BlackB1rd wrote:*   Seems to be good, but I don't get any email. But where should it deliver root@localhost, since I didn't specify localhost as a domain in vpopmail? Or is it supposed to handle localhost as local? 
> 
> Gahh, Sorry.
> 
> You need to edit the script a litle.... line 112-113 (or somewhere close to those linenumbers) reads:
> ...

 

I changed those lines and the script worked well. But now it's all working, a reboot of the server was the magical solution  :Very Happy:  Thanks for your time  :Smile: 

----------

## petterg

 *starplayer wrote:*   

> 
> 
> We originally used sendmail. Sendmail had no problems at all.  
> 
> what's the differences? 
> ...

 

If that is all it takes to make outlook hang, I guess I should make a script that generates such mails in my users mailboxes. Hopefuly that would make the rest of them switch to mozilla / opera / others.

----------

## Nazzy

 *AxelTerizaki wrote:*   

> Good news! I finally solved what's wrong with "sorry no mailbox by that name here".
> 
> Qmail was actually communiating well with vpopmail, but vpopmail somehow lost the list of domains it takes care of. The mailboxes and domains were still there in /var/vpopmail/domains, but somehow vpopmail didn't know them anymore, so I did a:
> 
> vadddomain mydomain.com
> ...

 

This failed to work for me ... however after removing and adding the broken domains, all is working again.

unfortunatly, i'm now scared to upgrade qmail incase it all breaks again lol

----------

## starplayer

 *starplayer wrote:*   

> anyway, i've just installed badmsg script on mailserver. 
> 
> i'll see one or more day to check it works or not.
> 
> then, i should report the result here. 

 

badmsg, it works. checked.

but badmsg script is discrete(based on crond.hour) solution, i found another one. it's procmail. 

filtering bad message which contains malformed Message-ID header through above setting(in /etc/procmailrc)

```
## bad message - has malformed message id ##

:0:

* ^Message-ID:.*\[

/var/vpopmail/domains/mydomain.com/spambox/.maildir/
```

i appreciate advance you guys, thank you.

----------

## mobiusproject

 *petterg wrote:*   

> Configure qmail
> 
> ```
> > nano -w /var/qmail/control/servercert.cnf
> 
> ...

 

A quick replacement for

```
> ebuild /var/db/pgk/mail-mta/qmail-1.03-r15/qmail-1.03-r15.ebuild config
```

 is 

```
> emerge --config qmail
```

----------

## mobiusproject

 *petterg wrote:*   

> 4) Install imap and pop3 server
> 
> ```
> > emerge courier-imap
> ```
> ...

 

Yet another quick note:

There is no need to edit /etc/courier-imap/[pop3d|pop3d-ssl|imapd|imapd-ssl] and change [POP3D|POP3DSSL|IMAPD|IMAPDSSL]START=YES.  These variables are only if you have a script in /etc/init.d/ that parses these files in /etc/courier-imap/.  With gentoo, all you need to do is run the rc-update commands for each daemon you want to run and edit the imapd.cnf and pop3d.cnf if you run the ssl servers. So:

 *mobiusproject wrote:*   

> 4) Install imap and pop3 server
> 
> ```
> > emerge courier-imap
> ```
> ...

 

IMO, the fewer files you actually need to edit the better.  Less chance of screwing something up.  I have also excluded famd because I have never used it and I don't know what it is (heh).  The bug with authdaemonrc (where you made the softlink) I have also never run into, thus I excluded it as well.  I am searching to see where that bug arises though to see if I can find another workaround or a fix so you don't need to do that.

I am rebuilding a mail server on a backup machine and trying to make the install process as short and sweet as possible, can you tell?  I also back up all of the config files that I have changed for dire emergencies, and the fewer files that I have backup the better.

----------

## petterg

 *mobiusproject wrote:*   

> 
> 
> IMO, the fewer files you actually need to edit the better.  Less chance of screwing something up.  I have also excluded famd because I have never used it and I don't know what it is (heh).  The bug with authdaemonrc (where you made the softlink) I have also never run into, thus I excluded it as well.  I am searching to see where that bug arises though to see if I can find another workaround or a fix so you don't need to do that.
> 
> I am rebuilding a mail server on a backup machine and trying to make the install process as short and sweet as possible, can you tell?  I also back up all of the config files that I have changed for dire emergencies, and the fewer files that I have backup the better.

 

Thanks for that feedback. I'm guessing the bug with authdaemonrc depends on version of install, as the file was expected in a diffrent dir before the current versions. Those some packages expected it to be in the old dir.

Famd, as mentioned earlier, seems to save resources. Courier need to be informed when files are changed, created or removed. Famd takes care of this notification. Acording to Courier documentation famd does a better job than the stuff buildt into Courier.

----------

## s4mmy

Please note that if you follow this setup and upgrade to qmail-1.03-r16, you HAVE to change the /var/control/qmail-smtpd line (etc-update will do it correctly for you, however if you are like me and distrustful of etc-update, here is what you do.)

this line:

```
# QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
```

should read instead:

```
QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
```

HTH anyone who's having the same problem I did.[/code]

----------

## mobiusproject

 *petterg wrote:*   

> 7) install ClamAV and SpamAssassin
> 
> ```
> > emerge spamassassin clamav
> ```
> ...

 

Umm, you seem to be causing this bug.  First of all, the line in the default clamd.conf is

```
# Run as a selected user (clamd must be started by root).

# Default: disabled

User clamav
```

and this works beautifully for me.  With this line commented, of course clamav is going to be owned by root (its started by root).  I just left this line uncommented (the way it was when I emerged it) and haven't had any problems.

----------

## rbshen

I got a strange message on the qmail-send log when I use it to send mail:

User_and_password_not_set, continuing_without_authentication. 

I have smtp-auth enabled and my qmail version is r16

Does anyone know what the problem is?

----------

## petterg

 *mobiusproject wrote:*   

> 
> 
> Umm, you seem to be causing this bug.  First of all, the line in the default clamd.conf is
> 
> ```
> ...

 

When I do that there are one of two things happening (depending on other configurations).

1: Mail with attachments is blocked, and never recieved. Qmail-scanner outputs an error in the logfiles.

2: Mail passes through the scanner without being checked for viruses.

If your server identifies virus, and let normal mails with noneinfected attachments pass through I would really like to know what you've done different from the howto!

----------

## petterg

 *rbshen wrote:*   

> I got a strange message on the qmail-send log when I use it to send mail:
> 
> User_and_password_not_set, continuing_without_authentication. 
> 
> I have smtp-auth enabled and my qmail version is r16
> ...

 

That sounds like a logentry at debug level.

Does your server relay mail from world network?

----------

## rbshen

yes even I saw those messages, the mail was correctly relayed to outside.

----------

## mobiusproject

Alright, I will admit that you were right, clam antivirus _cannot_ be run as user clamav, but I now have gotten it to work as user qscand (which is what clam antivirus' faq question 40 suggests).  Here are my steps (including testing afterwords).  Just a note: I always just comment out the original line and add the new line so I have debug information (what I changed from mainly if I need to go back to an old option).

First we need to get clamav to play nicely with qmail-scanner (let it run as qscand, not as priviliged as root):

```
$ nano /etc/clamd.conf

  #User clamav

  User qscand

$ nano /etc/freshclam.conf

  #DatabaseOwner clamav

  DatabaseOwner qscand

$ chown -R qscand:qscand /var/lib/clamav/ /var/log/clamav/ /var/run/clamav/

$ /etc/init.d/clamd restart
```

Supposedly you can just change clamd.conf, leave freshclam.conf alone and then also leave /var/lib/clamav/ alone, but this didn't work for me, and I am happy running both as qscand (qmail-scanner being the only reason I am running clamav anyways).

Testing:

```
$ cd /usr/share/doc/qmail-scanner-1.25-r1/contrib/

$ gunzip -c test_installation.sh.gz >> test_installation.sh

$ chmod +x test_installation.sh

$ ./test_installation.sh -doit

QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...

done!

Sending eicar test virus - should be caught by perlscanner module...

X-Qmail-Scanner-1.25st:[hostname113270474271913704] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

qmail-inject: fatal: qq temporary problem (#4.3.0)

Bad error. qmail-inject died
```

This is actually the right output for now (though it caused a lot of frustration and cursing).  This is because this script calls qmail-scanner-queue.pl directly and we are also running this as root.  Because of these two things, /var/spool/qmailscan/tmp/hostname113270474271913704/ (which is where qmail-scanner actually scans the e-mails) is owned by root:root with the 700 permissions.  clamdscan running as user qscand (or originally clamav) can't read this now and fails.  Since we are using gentoo, we have a qmail-scanner-queue wrapper that actually calls qmail-scanner-queue.pl (for security purposes forcing qmail-scanner-queue.pl to run as user qscand) which this script (test_installation.sh) doesn't take advantage of.  So, to compensate for this script running as root and not calling our wrapper but the perl script directly, we have to make a little change as to how we run test_installation.sh...

```
$ sudo -u qscand ./test_installation.sh -doit

QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...

done!

Sending eicar test virus - should be caught by perlscanner module...

done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...

Done!

Finished test. Now go and check Email for postmaster@hostname.com
```

Checking my e-mail I now have two new e-mails, both the first and the second e-mail got through (not sure why the second e-mail got through yet, still looking into that one, seems to be something to do with perlscanner, but not concerned because it isn't an actual virus, it just has an attachment with the name of a virus).  Here is the output of the qmail-queue.log for these four e-mails:

```
Tue, 22 Nov 2005 18:20:40 CST:13750: +++ starting debugging for process 13750 (ppid=13749) by uid=210

Tue, 22 Nov 2005 18:20:40 CST:13750: w_c: elapsed time from start 0.001324 secs

Tue, 22 Nov 2005 18:20:40 CST:13750: return-path='', recips='postmaster@hostname.com'

Tue, 22 Nov 2005 18:20:40 CST:13750: from='Qmail-Scanner Test <user@hostname.com>', subj='Qmail-Scanner test (1/4): inoffensive message', via local process 13750

Tue, 22 Nov 2005 18:20:40 CST:13750: This is a PLAIN text message, skip virus scanners - but not SA

Tue, 22 Nov 2005 18:20:41 CST:13750: SA: finished scan in 1.290007 secs - hits=0.1/5.0

Tue, 22 Nov 2005 18:20:41 CST:13750: p_s: finished scan in 0.010565 secs

Tue, 22 Nov 2005 18:20:41 CST:13750: ini_sc: finished scan of "/var/spool/qmailscan/tmp/hostname113270524071913750"...

Tue, 22 Nov 2005 18:20:41 CST:13750: ------ Process 13750 finished. Total of 1.32254 secs

Tue, 22 Nov 2005 18:20:41 CST:13763: +++ starting debugging for process 13763 (ppid=13762) by uid=210

Tue, 22 Nov 2005 18:20:41 CST:13763: w_c: elapsed time from start 0.002089 secs

Tue, 22 Nov 2005 18:20:41 CST:13763: return-path='', recips='postmaster@hostname.com'

Tue, 22 Nov 2005 18:20:41 CST:13763: from='Qmail-Scanner Test <user@hostname.com>', subj='Qmail-Scanner viral test (2/4): checking perlscanner...', via local process 13763

Tue, 22 Nov 2005 18:20:41 CST:13763: clamdscan: finished scan in 0.003139 secs

Tue, 22 Nov 2005 18:20:47 CST:13763: SA: finished scan in 5.801969 secs - hits=0.8/5.0

Tue, 22 Nov 2005 18:20:47 CST:13763: p_s: finished scan in 0.011087 secs

Tue, 22 Nov 2005 18:20:47 CST:13763: ini_sc: finished scan of "/var/spool/qmailscan/tmp/hostname113270524171913763"...

Tue, 22 Nov 2005 18:20:47 CST:13763: ------ Process 13763 finished. Total of 5.843493 secs

Tue, 22 Nov 2005 18:20:47 CST:13779: +++ starting debugging for process 13779 (ppid=13778) by uid=210

Tue, 22 Nov 2005 18:20:47 CST:13779: w_c: elapsed time from start 0.002117 secs

Tue, 22 Nov 2005 18:20:47 CST:13779: return-path='', recips='postmaster@hostname.com'

Tue, 22 Nov 2005 18:20:47 CST:13779: from='Qmail-Scanner Test <user@hostname.com>', subj='Qmail-Scanner viral test (3/4): checking non-perlscanner AV...', via local process 13779

Tue, 22 Nov 2005 18:20:47 CST:13779: clamdscan: there be a virus! (Eicar-Test-Signature)

Tue, 22 Nov 2005 18:20:47 CST:13779: clamdscan: finished scan in 0.003606 secs

Tue, 22 Nov 2005 18:20:47 CST:13779: ini_sc: finished scan of "/var/spool/qmailscan/tmp/hostname113270524771913779"...

Tue, 22 Nov 2005 18:20:47 CST:13779: ------ Process 13779 finished. Total of 0.01357 secs

Tue, 22 Nov 2005 18:20:48 CST:13786: +++ starting debugging for process 13786 (ppid=13785) by uid=210

Tue, 22 Nov 2005 18:20:48 CST:13786: w_c: elapsed time from start 0.00183 secs

Tue, 22 Nov 2005 18:20:48 CST:13786: return-path='', recips='postmaster@hostname.com'

Tue, 22 Nov 2005 18:20:48 CST:13786: from='sb55sb55@yahoo.com', subj='Qmail-Scanner anti-spam test (4/4): checking SpamAssassin [if present] (There yours for FREE!)', via local process 13786

Tue, 22 Nov 2005 18:20:48 CST:13786: This is a PLAIN text message, skip virus scanners - but not SA

Tue, 22 Nov 2005 18:20:50 CST:13786: SA: yup, this smells like SPAM - hits=15.7/5.0/9.2 - deleting message...

Tue, 22 Nov 2005 18:20:50 CST:13786: SA: finished scan in 2.490457 secs - hits=15.7/5.0

Tue, 22 Nov 2005 18:20:50 CST:13786: ini_sc: finished scan of "/var/spool/qmailscan/tmp/hostname113270524871913786"...

Tue, 22 Nov 2005 18:20:50 CST:13786: ------ Process 13786 finished. Total of 2.49898 secs
```

The third e-mail is quarantined and the fourth e-mail is just deleted because the spam level is high enough.

This is also just a testing server (building a nice little image to use for my currently working though very outdated qmail server) so I haven't tested this it "the real world", but everything looks like it is suppose to.

EDIT: Things that couldn't hurt to make sure that permissions are correct (mine were screwed up after only running test_installation.sh as root):

```
$ cd /var/spool/qmailscan/

$ chown -R qscand:qscand *

or at least:

$ chown qscand:qscand mailstats.csv qmail-queue.log quarantine.log

If you want to actually create quarantine-attachments.db as the underpriviliged user qscand:

$ rm quarantine-attachments.db

$ sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl -g
```

----------

## petterg

Thanks for that howto. I'll test it out once I get my testsystem back.

 *mobiusproject wrote:*   

> [...]Checking my e-mail I now have two new e-mails, both the first and the second e-mail got through (not sure why the second e-mail got through yet, still looking into that one, seems to be something to do with perlscanner, but not concerned because it isn't an actual virus,[...]

 

I'm told that it is the way clamav works - it's looking for dagerous code. As the testvirus is not doing any damage it's not detected.

(But then, way does it detect the same infected testfile if it's in a zip file?)

----------

## Rammoth

Can anyone confirm deny the reported random failure when checking mail?

I'm eager to setup this system, however, as it will be for 500~ users, I don't want it 'randomly' failing.

Thanks.  :Very Happy: 

----------

## petterg

 *Rammoth wrote:*   

> Can anyone confirm deny the reported random failure when checking mail?
> 
> I'm eager to setup this system, however, as it will be for 500~ users, I don't want it 'randomly' failing.
> 
> Thanks. :D

 

I have no failure on my system, using the versions mentioned in the guide. The failures reported seems to be related to qmail-1.03-r16, not the r15 as the guide uses.

----------

## mobiusproject

I have no problems with r16 either.  The main change between r15 and r16 that I can see is in /var/qmail/control/conf-smtpd:

```
> nano -w /var/qmail/control/conf-smtpd

Uncomment the last 4 lines, and change the value of QMAIL_SMTP_CHECKPASSWORD:

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

changes to:

> nano -w /var/qmail/control/conf-smtpd

Add a value of QMAIL_SMTP_CHECKPASSWORD before the last four lines (which are already uncommented)

# SMTP-AUTH using vchkpw from vpopmail

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"
```

----------

## stripe

I would like to post just few comments from my testing the mailserver. It is my review of this install documentation with expierence what is mailserver supposed to do and what really does. Anyway the manual is very good done:

software used:

qmail 1.03-r16

spamassassin 3.1.0

7) install ClamAV and SpamAssassin

Configure SpamAssassin

```

> nano -w /etc/spamassassin/local.cf

# How many hits before a message is considered spam. Lower to 3.0 after 1000 spams, adjust as needed

required_hits           5.0

# Text to prepend to subject if rewrite_subject is used

rewrite_header  subject   ***SPAM***

# Encapsulate spam in an attachment

report_safe             1

# Enable the Bayes system

use_bayes               1

# Enable Bayes auto-learning - disable after 20000 spammails (reduce server load)

bayes_auto_learn              1

bayes_auto_learn_threshold_spam 10.0

# Enable or disable network checks

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

# Languages

ok_languages    all

ok_locales      all

```

save/exit

```
use_razor2              1

use_dcc                 1

use_pyzor               1

ok_languages    all

ok_locales      all

```

these are now distributed as spamassasin modules, in local.cf will be ignored (!), configure these in /etc/spamassassin/v310.pre. See /usr/bin/spamassassin --lint -D for "failed" strings, if you have correctly configured local.cf. There are some changes across 2.x and 3.x versions of spamassassin.

```

> nano -w /etc/conf.d/spamd

Modify:

SPAMD_OPTS="-m 5 -H -v -x -C /etc/spamassassin/local.cf"

```

save/exit

Reconfigure SpamAssassin

```

> nano -w /etc/conf.d/spamd

Modify:

SPAMD_OPTS="-m 5 -H -u qscand -v -x"

(It would make sence to keep the option "-C /etc/spamassassin/local.cf", but for some weird reason the current version of spamd ignores the config file if it's specified!

PIDFILE="/var/run/spamd/spamd.pid"

```

save/exit

```

> mkdir /var/run/spamd

> chown qscand:qscand /var/run/spamd

```

Well here I was a bit confused, why are you configuring spamd twice(?) This two sets of options are not lucky with use of spamassassin 3.1 and qmail-scaner 1.25. Simply the installation of qmail-scanner does not detect the spamassassin at all.

Just outputs this warning:

```
   

Something like the SpamAssassin spamc is present, but not working

(didn`t include a "X-Spam-Status" line in output) - ignoring... 
```

Which anyway means, that  qmail-scanner will not use SA, and will not tag the mails, so it is not what we want.

The options for spamd I successfuly use are:

```

SPAMD_OPTS="-d -m 5 -H -u qscand -v -x -c --siteconfigpath=/etc/spamassassin/local.cf"

```

The -d and --siteconfig were crucial for qmail-scanner to find and use the spamassassin correctly. For more options, what the other tags do, I suggest read the spamd manual...

----------

## mobiusproject

Note: I wrote this a while ago but never posted it due to me being too busy.  Some of these points are the same as yours, stripe, but I thought I would just post it in its entirity.  Above is the fix that I found for the clamav.

After installing SpamAssassin and setting it up, I noticed that razor and dcc weren't running.  So, after reading a bunch of man pages and perldocs, here is what I have concluded.  I have also quoted your original to show my findings.  Below once again are my suggestions as well as notes as to why.  I find that too often I can't just give people an answer, I need to give people the why of the answer...

References:

perldoc spamd

perldoc Mail::SpamAssassin::Plugin::DCC

perldoc Mail::SpamAssassin::Plugin::Razor2

less /var/qmail/bin/qmail-scanner-queue.pl

 *petterg wrote:*   

> 7) install ClamAV and SpamAssassin
> 
> ```
> > emerge spamassassin clamav
> ```
> ...

 

 *mobiusproject wrote:*   

> 7) install ClamAV and SpamAssassin
> 
> ```
> > emerge spamassassin clamav
> ```
> ...

 

----------

## Loibisch

 *s4mmy wrote:*   

> Please note that if you follow this setup and upgrade to qmail-1.03-r16, you HAVE to change the /var/control/qmail-smtpd line (etc-update will do it correctly for you, however if you are like me and distrustful of etc-update, here is what you do.)
> 
> this line:
> 
> ```
> ...

 

Thanks, perfect solution to the problem I had  :Smile: 

----------

## YsndHalf

Hi all, (and many thanks for this excellent guide!)

I've followed step by step this guide, and I've had some problems with the authentication...

In the beginning, I was absolutely unable to get authenticated neither in IMAPS (from a Thunderbird remote client) or via "webmail", with squirrelmail.

Now the system runs very fine with IMAPS (outside the linux box), but I'm still unable to log in with Squirrelmail!

Do you have any idea about what could be happening?

Many thanks in advance!

         Jordi   :Smile: 

----------

## epsilon_da

hi, people, i want to contribute a bit to complete the tutorial.

I was having problems at the first when i can not send mails to outside. This was becouse my provider closes the port to only get outside with his smtp which is authenticated. so the solution is:

the solution for PLAIN authentication is:

on /var/qmail/control/smtproutes which by default doesn't exists

edit and place a line like this

:smtp.ispdomain.com username password

of course, if you dont want to authenticate, use:

:smtp.ispdomain.com 

only

and that fix the problem.

----------

## Sarpy Sam

I have a working qmail vpopmail server installed not by this tutorial but one that was very similar and was using this one to try to get spamassassain and clamv working.  I was getting a lot of errors in my log due to permission problems and finally sorted all them out but I am still getting one error that I can't figure out.  When an e-mail comes in I get the following output in /var/log/mail.log.

 *Quote:*   

> Jan 23 12:30:24 host spamd[23362]: spamd: connection from localhost [127.0.0.1] at port 2237 
> 
> Jan 23 12:30:25 host spamd[23362]: spamd: checking message <43D512A4.3080103@direcway.com> for qscand:210 
> 
> Jan 23 12:30:25 host spamd[23362]: internal error 
> ...

 

Can anybody tell me what the pyzor internal error is and how to clear it?  Thanks for any help.

----------

## epsilon_da

spamassassin -D --lint

/usr/share/doc/qmail-scanner<TAB>/contrib/test_installation.sh -doit (unzip it first)

this will give us a clue, i think

at the first i was having problems with spamassassin and clamav to not check for viruses and spam, and it fix it looking at this errors and emerging 2 things 

emerge mail-filter/maildrop

and updating perl and all the required modules (showed with the first command)

but i dont know exactly what of both fix my problem.

first try to check the errors on test_installation then with spamassassin -D --lint

----------

## stripe

too less information for help....

 *YsndHalf wrote:*   

> Hi all, (and many thanks for this excellent guide!)
> 
> I've followed step by step this guide, and I've had some problems with the authentication...
> 
> In the beginning, I was absolutely unable to get authenticated neither in IMAPS (from a Thunderbird remote client) or via "webmail", with squirrelmail.
> ...

 

----------

## Sarpy Sam

I am not sure which part of the output of spamassassin -D --lint you want but here is the lines pertaining to pyzor.

 *Quote:*   

> [24878] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x906a950))
> 
> [24878] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
> 
> [24878] dbg: util: executable for pyzor was found at /usr/bin/pyzor
> ...

 

I trolled through my logs a little more and the pyzor internal error doesn't happen every time there is an e-mail come in.  Just sometimes.  I have not been able to figure out if there is a pattern to when it comes up or not but I will keep an eye on it and see if there is a pattern I can discern.

----------

## epsilon_da

try 

spamassassin -D --lint | grep warn

spamassassin -D --lint | grep error

warning or errors messages are what we need.

pyzor seams to be load correctly, maybe is a database misconfiguration, i didnt have any problem when emerging pyzor. try to remerge it.

----------

## Sarpy Sam

I still haven't seen a pattern to the pyzor problem but it works over 90% of the time, just occasionally I get the internal error.  I seem to be having another problem and I don't think it's related to the pyzor problem. Twice now I get an entry in the log like this.

 *Quote:*   

> Jan 27 14:00:15 host spamd[3732]: tcp timeout at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/SpamdForkScaling.pm line 195.
> 
> Jan 27 14:00:24 host spamd[3732]: tcp timeout at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/SpamdForkScaling.pm line 195.

 

Which then leads to entries like these after words.

 *Quote:*   

> Jan 27 14:47:53 host spamc[6920]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
> 
> Jan 27 14:47:54 host spamc[6920]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused
> 
> Jan 27 14:47:55 host spamc[6920]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
> ...

 

I am assuming spamassassin is not working after these log entries pop up.  All I have to do to fix the problem is restart spamd.  It is inconvenient to always be checking my logs and restarting spamd for this problem, is there any way to fix this issue?

----------

## pht3k

hi,

thanks a lot for this nice howto.  it worked great, except for one thing : the notice about the diffencies of the r16 rlz should be added to the main post in my opinion.

now, some1 managed to get rid of those nasty messages about certificate when retreiving mail from outlook?  i know i should use an other mail client ... that's what i do but some persons using my server are just continuing to stick with outlook ... argh

pht3k

----------

## Jaspur

DCC and Razor2 are now disabled by default in Spamassassin 3.1.0. You will need to do the following to enable DCC and Razor2 if you are running Spamassassin 3.1.0 or later.

vi /etc/mail/spamassassin/v310.pre and remove the # from the 2 lines shown below:

```

# DCC - perform DCC message checks.

#

# DCC is disabled here because it is not open source.  See the DCC

# license for more details.

#

loadplugin Mail::SpamAssassin::Plugin::DCC

# Razor2 - perform Razor2 message checks.

#

# Razor2 is disabled here because it is not available for unlimited free

# use.  It is currently free for personal use, subject to capacity

# constraints.  See the Cloudmark SpamNet Service Policy for more details.

#

loadplugin Mail::SpamAssassin::Plugin::Razor2

```

----------

## maiku

SMTP is functioning incorrectly.  When I try to log into SMTP to send mail using a username and a password (created by vadduser) it won't work.  If I turn off using a user/password option the mail gets sent no problem.  However, the mail goes nowhere... *Quote:*   

> @4000000043f2a47a0dcdce4c info msg 646111: bytes 687 from <mike@divineaspirations.net> qp 26423 uid 201
> 
> @4000000043f2a47a2520b12c starting delivery 1: msg 646111 to remote infested@optonline.net
> 
> @4000000043f2a47a2520c89c status: local 0/10 remote 1/20
> ...

 The mail gets delivered to the gmail account but not the optonline.net one.

/var/qmail/control/conf-smtpd *Quote:*   

> # this turns off the IDENT grab attempt on connecting
> 
> TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
> 
> QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
> ...

 /etc/tcprules.d/tcp.qmail-smtp *Quote:*   

> 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
> 
> :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
> 
> 69.123.141.251:allow,RELAYCLIENT="",RBLSMTPD=""
> ...

 Has anybody else had a similar problem/solution thereof?

----------

## petterg

 *maiku wrote:*   

> The mail gets delivered to the gmail account but not the optonline.net one.
> 
> 

 

I'm back!

Have been living a life outside the mailserver for a while

I guess your problem is related til a problem with the MX record pointing to your server. Some smtp servers looks up the senders mx record and refuses connections if it isn't happy with the result. (This is to stop spam.)

----------

## petterg

 *pht3k wrote:*   

> 
> 
> thanks a lot for this nice howto.  it worked great, except for one thing : the notice about the diffencies of the r16 rlz should be added to the main post in my opinion.
> 
> 

 

I'll look into that. Is r16 working fine for those who've tried it?

 *pht3k wrote:*   

> 
> 
> now, some1 managed to get rid of those nasty messages about certificate when retreiving mail from outlook?  i know i should use an other mail client ... that's what i do but some persons using my server are just continuing to stick with outlook ... argh
> 
> 

 

certificate warings will disapare when you make your certificate official and have them signed.

----------

## petterg

 *YsndHalf wrote:*   

> 
> 
> Now the system runs very fine with IMAPS (outside the linux box), but I'm still unable to log in with Squirrelmail!
> 
> Do you have any idea about what could be happening?
> ...

 

You should use IMAP (no S) with squirrelmail. At least if they are running on the same host.

----------

## maiku

 *petterg wrote:*   

>  *maiku wrote:*   The mail gets delivered to the gmail account but not the optonline.net one.
> 
>  
> 
> I'm back!
> ...

 What would be a good method to prevent this?  Change the priority number?

----------

## petterg

Without knowing how you've got the DNS setup...

The MX should point to your servers full hostname.domain as returned on smtp-helo request by the server  - not an IP adress. Priority should (tm) not matter.

If telnet to the smtp server and running instruction "helo" returns mail.domain.net

There should be an DNS-A record that points to the server.

Then the MX should point to that A record

----------

## maiku

helo returns "domainname.net" and not "mail.domainname.net."  Is that correctable?

Also, what about the problem with the log saying *Quote:*   

> @4000000043fb903a28247b4c delivery 102: success: User_and_password_not_set,_continuing_without_authentication./<xxx@gmail.com>_64.233.185.114_accepted_message./Remote_host_said:_250_2.0.0_OK_1140559920_13si8000791wrl/

 I send a user and password when I connect to the smtp server on the computer, but what could be wrong?

Thanks.

----------

## pht3k

 *petterg wrote:*   

> 
> 
>  *pht3k wrote:*   
> 
> thanks a lot for this nice howto.  it worked great, except for one thing : the notice about the diffencies of the r16 rlz should be added to the main post in my opinion. 
> ...

 

yes. no probs at all  :Smile: 

----------

## rshadow

After following both this guide and the qmail guide hosted at gentoo.org I just can't get qmail up and running.  In both instances something is not going right.  I suspect something with vpopmail because I remember when I did this before vpopmail using /home/vpopmail .. but that directory is never created.. Anyways in both instances the following happens.  When a user tries to connect to the pop3d-ssl server, they fail to auth.  Additionaly Thunderbird reports that secure auth is not supported.  The following is what I get in my log files.  If anybody has any ideas as to whats going on it would be appreciated.  Thanks.

Mar  4 13:45:26 zues pop3d-ssl: Connection, ip=[XXX.XXX.XXX.XXX]

Mar  4 13:45:33 zues pop3d-ssl: authdaemon: s_connect() failed: No such file or directory

Mar  4 13:45:33 zues pop3d-ssl: LOGIN FAILED, user=sbunn@myfqdn.com, ip=[XXX.XXX.XXX.XXX]

Mar  4 13:45:33 zues pop3d-ssl: authentication error: No such file or directory

----------

## kiesa

Anyone having problems logging in?

I have one server that handles web and one for vpopmail/imapd etc.

Logging in with thunderbird for example works ok and

when logging in from squirrelmail imapd logs look good also.

Somehow i'm still redirected to page where it says 

"you must be logged in.." 

I think it has something to do with cookies but it's strange

as other apps like phpbb2 work just fine with cookies.

Any ideas what it could be?

phpver 4.4.2

apache 2.2

phpinfo http://webmail2.rikos.org/info.php

----------

## TheSlab

Hey petterg!

Been a while  :Smile:  I'm back with good news though.

I had to rebuilt my mail setup, had a drive failure, and went and got the latest versions of everything as of yesterday installed and working. Along with the chkuser patch!

This patch was named chkusr before. Rejects mail if an account/alias doesn't exist. It would be nice to get it into portage because it sure as hell keeps the load down on the server!

I wrote up how to use it here and you can get the patch here

Let me know how it goes.

----------

## TheSlab

 *maiku wrote:*   

> helo returns "domainname.net" and not "mail.domainname.net."  Is that correctable?

 

Modify:

~qmaild/controls/me

 *maiku wrote:*   

> Also, what about the problem with the log saying *Quote:*   @4000000043fb903a28247b4c delivery 102: success: User_and_password_not_set,_continuing_without_authentication./<xxx@gmail.com>_64.233.185.114_accepted_message./Remote_host_said:_250_2.0.0_OK_1140559920_13si8000791wrl/ I send a user and password when I connect to the smtp server on the computer, but what could be wrong?

 

Nothing is wrong there, it's just information. That's saying your server talked to gmail servers and didn't use a username and password. I think.

----------

## TheSlab

 *rshadow wrote:*   

> Mar  4 13:45:26 zues pop3d-ssl: Connection, ip=[XXX.XXX.XXX.XXX]
> 
> Mar  4 13:45:33 zues pop3d-ssl: authdaemon: s_connect() failed: No such file or directory
> 
> Mar  4 13:45:33 zues pop3d-ssl: LOGIN FAILED, user=sbunn@myfqdn.com, ip=[XXX.XXX.XXX.XXX]
> ...

 

Is authdaemond running?

If it is running then I'd try removing it and re-emerge it. But remove it first and clean up the config files.

----------

## petterg

 *maiku wrote:*   

> helo returns "domainname.net" and not "mail.domainname.net."  Is that correctable?
> 
> Also, what about the problem with the log saying *Quote:*   @4000000043fb903a28247b4c delivery 102: success: User_and_password_not_set,_continuing_without_authentication./<xxx@gmail.com>_64.233.185.114_accepted_message./Remote_host_said:_250_2.0.0_OK_1140559920_13si8000791wrl/ I send a user and password when I connect to the smtp server on the computer, but what could be wrong?
> 
> Thanks.

 

You're probably missing "mail."-perfix in some files in /var/qmail/control . I'm not sure which one affects the answere to helo.

Point is: the answere to helo must be the same as what the mx record points to.

Regarding passwords... What if you don't send a password?

----------

## petterg

 *rshadow wrote:*   

> After following both this guide and the qmail guide hosted at gentoo.org I just can't get qmail up and running.  In both instances something is not going right.  I suspect something with vpopmail because I remember when I did this before vpopmail using /home/vpopmail .. but that directory is never created.. Anyways in both instances the following happens.  When a user tries to connect to the pop3d-ssl server, they fail to auth.  Additionaly Thunderbird reports that secure auth is not supported.  The following is what I get in my log files.  If anybody has any ideas as to whats going on it would be appreciated.  Thanks.
> 
> Mar  4 13:45:26 zues pop3d-ssl: Connection, ip=[XXX.XXX.XXX.XXX]
> 
> Mar  4 13:45:33 zues pop3d-ssl: authdaemon: s_connect() failed: No such file or directory
> ...

 

Last time I tried mozilla mail clients (2 years ago) it had some serious problems with encrypted connections. Maybe it's still buggy?

----------

## petterg

 *TheSlab wrote:*   

> 
> 
> I wrote up how to use it here and you can get the patch here
> 
> Let me know how it goes.

 

Great!

I tried that patch a while ago and found it causing some problems. Can't remember what it was though. Have to read the old thread to find out.

Edit:

The problem with the chkusr patch was that smtp-auth using tsl failed. Is that working for you?

----------

## maiku

 *petterg wrote:*   

> Regarding passwords... What if you don't send a password?

 It works when I don't send a password.  Is that a good thing?  I'm not sure if anybody being allowed to send e-mail using my server without a password is okay.

----------

## petterg

 *maiku wrote:*   

>  *petterg wrote:*   Regarding passwords... What if you don't send a password? It works when I don't send a password.  Is that a good thing?  I'm not sure if anybody being allowed to send e-mail using my server without a password is okay.

 

Do you still get the message in your log?

```

@4000000043fb903a28247b4c delivery 102: success: User_and_password_not_set,_continuing_without_authentication./<xxx@gmail.com>_64.233.185.114_accepted_message./Remote_host_said:_250_2.0.0_OK_1140559920_13si8000791wrl/

```

----------

## maiku

The domain is www.divineaspirations.net and mail comes from there

When sending messages to my optonline.net account *Quote:*   

> @4000000044173bf93a41140c starting delivery 67: msg 215 to remote infested@optonline.net
> 
> @4000000044173bf93a412b7c status: local 0/10 remote 1/20
> 
> @4000000044173c7719be4754 delivery 67: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
> ...

 When sending mail with using a user and password to my gmail account *Quote:*   

> @4000000044174a0f018bab04 new msg 208800
> 
> @4000000044174a0f018bbe8c info msg 208800: bytes 698 from <xxx@divineaspirations.net> qp 31376 uid 201
> 
> @4000000044174a0f0274eddc starting delivery 68: msg 208800 to remote xxx@gmail.com
> ...

 When sending mail without using a username and password to my gmail account *Quote:*   

> @4000000044174ace3b391c24 new msg 208800
> 
> @4000000044174ace3b392bc4 info msg 208800: bytes 660 from <xxx@divineaspirations.net> qp 31407 uid 201
> 
> @4000000044174acf008074c4 starting delivery 70: msg 208800 to remote xxx@gmail.com
> ...

 They look um... exactly the same.  The TLS option is checked in Thunderbird.

----------

## rshadow

ok.. I think I'm making progress now.. I was able to send mail to users prior to installing qmail-scanner.  Now mail delivery never happens.. here are the errors I'm getting.. something is wrong with clamav

```

@4000000044192448078f247c X-Qmail-Scanner-1.25st:[zues.rougesoftware.net114249836571819238] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

```

I have tried to re-emerge both clamav and qmail-scanner with no luck.

smtp-auth I still can't get to work for anything.  Here is what I'm getting with that

```

Mar 16 03:58:11 zues vpopmail[19322]: vchkpw-smtp: (PLAIN) login success sbunn@rougesoftware.net:211.168.233.97

Mar 16 03:58:11 zues vpopmail[19322]: vchkpw-smtp: null user name given :211.168.233.97

```

I don't know whats up with the null user name given.  It appears to be trying to auth twice, the first being successful and then it dies.. 

any ideas anybody?

thanks.

----------

## TheSlab

 *petterg wrote:*   

> 
> 
> Great!
> 
> I tried that patch a while ago and found it causing some problems. Can't remember what it was though. Have to read the old thread to find out.
> ...

 

I'm using TSL or TLS? TLS and smtp-auth are working for me with the patch.

I appologize if anyone was trying to get the patch in the last few days. Had memory go bad and then a drive failure Sunday. ugh! At least I lost next to nothing.

----------

## petterg

 *rshadow wrote:*   

> ok.. I think I'm making progress now.. I was able to send mail to users prior to installing qmail-scanner.  Now mail delivery never happens.. here are the errors I'm getting.. something is wrong with clamav
> 
> 

 

My guess is that you've missed out on some config with the tcprules.

Also you've missed something on the clamav config (like username to run as / permissions on files) or put the SOFTLIMIT (whereever it is) too low.

----------

## cazze

 *rshadow wrote:*   

> ok.. I think I'm making progress now.. I was able to send mail to users prior to installing qmail-scanner.  Now mail delivery never happens.. here are the errors I'm getting.. something is wrong with clamav
> 
> ```
> 
> @4000000044192448078f247c X-Qmail-Scanner-1.25st:[zues.rougesoftware.net114249836571819238] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
> ...

 

Edit your /etc/clamd.conf and comment the user clamav =>

# user clamav

that should do it.

The output of the mail goes to root@localhost. I am unable to get this mail in a virtual mailbox like blabla@blabla.com. Any id's?

kammicazze

----------

## bopols

hi

i have this problem in my /var/spool/qmail/qmail-queue.log

```

Thu, 06 Apr 2006 09:16:45 Local time zone must be set--see zic manual page:905: +++ starting debugging for process 905 (ppid=885) by uid=0

Thu, 06 Apr 2006 09:16:45 Local time zone must be set--see zic manual page:905: s_q: re-create the quarantine version file

Thu, 06 Apr 2006 09:16:45 Local time zone must be set--see zic manual page:905: s_q: cleaning up files older than 2 days via /usr/bin/find /var/spool/qmailscan/tmp -mtime +2 -exec /bin/rm -rf {} ;

Thu, 06 Apr 2006 09:22:35 Local time zone must be set--see zic manual page:2550: +++ starting debugging for process 2550 (ppid=2531) by uid=0

Thu, 06 Apr 2006 09:22:35 Local time zone must be set--see zic manual page:2550: s_q: re-create the quarantine version file

Thu, 06 Apr 2006 09:22:36 Local time zone must be set--see zic manual page:2550: s_q: cleaning up files older than 2 days via /usr/bin/find /var/spool/qmailscan/tmp -mtime +2 -exec /bin/rm -rf {} ;

Fri, 07 Apr 2006 03:10:01 Local time zone must be set--see zic manual page:9012: +++ starting debugging for process 9012 (ppid=9011) by uid=0

Fri, 07 Apr 2006 03:10:01 Local time zone must be set--see zic manual page:9012: s_q: re-create the quarantine version file

Fri, 07 Apr 2006 03:10:01 Local time zone must be set--see zic manual page:9012: s_q: cleaning up files older than 2 days via /usr/bin/find /var/spool/qmailscan/tmp -mtime +2 -exec /bin/rm -rf {} ;
```

what's causing this error and how come i already created an account in my vpopmail but when i log on to squirrelmail this dialogbox pops up

ERROR

Error connecting to IMAP server: localhost.

111 : Connection refused

Go to the login page

is the 1st errors corresponds to a un-updated qmail-scanner? or a configuration that im missing (also for error2)

----------

## petterg

 *bopols wrote:*   

> hi
> 
> i have this problem in my /var/spool/qmail/qmail-queue.log
> 
> ```
> ...

 

Did you set the timezone when you installed gentoo?

----------

## bopols

im new in gentoo and just configuring a installed gentoo box, woul configuring the time will remove this error? thanks in advance

 *petterg wrote:*   

>  *bopols wrote:*   hi
> 
> i have this problem in my /var/spool/qmail/qmail-queue.log
> 
> ```
> ...

 

----------

## petterg

 *bopols wrote:*   

> im new in gentoo and just configuring a installed gentoo box, woul configuring the time will remove this error? thanks in advance
> 
> 

 

You'll find out if you try

http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=7

----------

## YsndHalf

Hi petterg,

many thanks for this guide, I've now reviewed all of the steps and my system is running OK and smoothly. A couple of times some frame of Squirrelmail has "dissappeared" (i.e. seeing just a blank frame), but after reloading the page that's OK.

Now I'm able to log in through squirrelmail (http/https), use IMAPS (yes, IMAPS not IMAP!   :Smile:  ), and manage "virtual" accounts with cgi-bin/qmailadmin. Sending+receiving is OK. Now I'll test the spam filtering.

I had many problems when receiving mail, but finally after deleting + creating again the domain (with vadddomain) everything is fine!

Thanks!

              Jordi    :Cool: 

----------

## ^and1

My installation is working fine. but there are some strange things with the smtp-auth and logging.

When i connect to the server with enabled tls, i saw 2 login tries, before i changed "--enable-logging=y" to "--enable-logging=p"

May 11 12:21:38 www vpopmail[12034]: vchkpw-smtp: password fail (pass: '2ceb63a29675b5b1bcd33b20a1db63ff') andi@xxx.yy:xx.xx.xx.xx

and the second one with AUTH PLAIN

I don't know from where fail comes, but the "AUTH PLAIN" login seems to work and i can send messages... can this mean, that tls isn't working, because the auth with the "not cleartext" password doesn't work?

Logging Problem:

Before I changed the logging configure, i had all successfull logins with plaintext password in de vlog table. Is this correct?

----------

## YsndHalf

Hi all,

after installing my mail system (qmail+vpopmail+squirrelmail, as described in the howto) I got my system broken, so that I couldn't receive any mail. I had bounces with "Sorry, no such mailbox".

Fortunately I found the following topic, please check it for info. Summarising, /var/qmail/control/locals must be EMPTY (but it must exist).

Also take a look at this in the Gentoo Wiki, it's really interesting.

Regards, Jordi   :Cool: 

----------

## petterg

 *^and1 wrote:*   

> My installation is working fine. but there are some strange things with the smtp-auth and logging.
> 
> When i connect to the server with enabled tls, i saw 2 login tries, before i changed "--enable-logging=y" to "--enable-logging=p"
> 
> May 11 12:21:38 www vpopmail[12034]: vchkpw-smtp: password fail (pass: '2ceb63a29675b5b1bcd33b20a1db63ff') andi@xxx.yy:xx.xx.xx.xx
> ...

 

My guess is that your mail client treis a unsupported kind of loggin first, then it has a failover to use AUTH PLAIN.

----------

## mleck

This guide has worked awesome! I have followed it, and it SEEMS to be working... however, I was wondering if there is any real way to test it. Can I see what spam exactly is being blocked. Can I see what viruses are being detected by CLAMAV? Is there a way for it to push that email to a specific SPAM folder under the inbox? How do I make further adjustments to make it more or less strict?

Thanks.

----------

## mobiusproject

 *mleck wrote:*   

> Can I see what spam exactly is being blocked. Can I see what viruses are being detected by CLAMAV?

 

```
less /var/spool/qmailscan/quarantine.log
```

 *mleck wrote:*   

> Is there a way for it to push that email to a specific SPAM folder under the inbox?

 

Everything that qmail-scanner quarantines is moved to /var/spool/qmailscan/quarantine/new/.  If you want virii and spam to be put into different directories, you can edit /var/qmail/bin/qmail-scanner-queue.pl.  If the spam is pervasive enough it will just delete it outright, but it errs on the side of caution.

 *mleck wrote:*   

> How do I make further adjustments to make it more or less strict?

 

Edit /etc/mail/spamassassin/local.cf, lower the required_score to make it more strict, and raise it to be less.  5.0 (which is the default) is a very good place to start though.

----------

## biatch0

Has anyone else run into smtp-auth problems while following the guide? I'm still stuck sending mail via webmail only since I am unable to auth with anything other than localhost.

----------

## petterg

 *biatch0 wrote:*   

> Has anyone else run into smtp-auth problems while following the guide? I'm still stuck sending mail via webmail only since I am unable to auth with anything other than localhost.

 

There are so many things that makes smtp-auth not work. Without any more details it's imposible to help.

----------

## stripe

 *biatch0 wrote:*   

> Has anyone else run into smtp-auth problems while following the guide? I'm still stuck sending mail via webmail only since I am unable to auth with anything other than localhost.

 

if you want to help, post your log describing a problem... anyone here does not have crystal ball

----------

## biatch0

```
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
```

I get this message no matter where I mail from (with the exception of webmail/localhost)   :Confused: 

No idea where to look, tried checking the gentoo-wiki; which ended up with me deleting my rcpthosts for awhile... made it look like it was working, but also made me an open relay. So now I'm back to only sending mail via webmail   :Crying or Very sad: 

----------

## mobiusproject

 *biatch0 wrote:*   

> 
> 
> ```
> 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> ```
> ...

 

Could you tell us what version of qmail you have installed (r15 or r16) and give the output of

```
> grep -v "#" /etc/tcprules.d/tcp.qmail-smtp

> grep -v "#" /var/qmail/control/conf-smtpd
```

Check to make sure that your rcpthosts file is a list of all the domains you are hosting.

----------

## biatch0

I'm using r16...

tcp.qmail-smtp (modified for privacy):

```
EXT.IP.ADD.RESS:allow,RELAYCLIENT="",RBLSMTPD=""

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

:allow
```

conf-smtpd:

```
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"

QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

```

My rcpthosts currently has 2 domains in it (I'm only receiving on mydomain.net), mx.mydomain.net and mydomain.net.

----------

## mobiusproject

 *biatch0 wrote:*   

> conf-smtpd:
> 
> ```
> TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
> 
> ...

 

I don't use relay-ctrl, thus I have those lines commented, but you should change the last lines of conf-smtpd to what r16 originally had.  Right before that I also have the checkpassword variable which is your second to last line.  Keep the TCPSERVER_OPTS line.  You may also check to see if running qmail without relay-ctrl works for you (just comment those lines).

```
QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {

        [[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true

        QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

}
```

 *biatch0 wrote:*   

> tcp.qmail-smtp (modified for privacy):
> 
> ```
> EXT.IP.ADD.RESS:allow,RELAYCLIENT="",RBLSMTPD=""
> 
> ...

 

According to this you don't have qmail-scanner set up to work with these tcp.qmail-* files.  But then again, since you are using relay-ctrl, I don't know if you need to (as long as relay-ctrl calls qmail-scanner).  I haven't bothered setting that up because my setup works just fine without it even though the install says that tcp.qmail-* are being deprecated in favor of relay-ctrl.

```
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

You shouldn't need the external ip address listed at all.  With my setup, you don't need to use authentication if you send from localhost but all other relaying requires it.

Let me know how it goes.

----------

## TvL

Hi,

I'm looking for some way to send my email through my ISP's smarthost. I have the problem that the email that I sent doesn't always reach it's destination. For example, when I sent to a @hotmail.com email adress, it will never arrive, but is sent succesfully...   :Shocked: 

I used to have sendmail with which it's very easy to implement a smarthost, but for qmail......

I've read things about patching the source and recompiling, but I cannot believe it should be that much of a hassle....

Does anybody here know how to do it correctly under gentoo?

----------

## mobiusproject

 *TvL wrote:*   

> I'm looking for some way to send my email through my ISP's smarthost. I have the problem that the email that I sent doesn't always reach it's destination. For example, when I sent to a @hotmail.com email adress, it will never arrive, but is sent succesfully...  
> 
> I used to have sendmail with which it's very easy to implement a smarthost, but for qmail......
> 
> I've read things about patching the source and recompiling, but I cannot believe it should be that much of a hassle....
> ...

 

From what I just read it seems that all you have to do is:

 *http://tomclegg.net/qmail/ wrote:*   

> To relay outgoing mail for "example.com" to an SMTP server at 10.9.8.7 port 2500 with username "foo" and password "bar":
> 
> ```
> echo example.com:10.9.8.7:2500 foo bar >> /var/qmail/control/smtproutes
> ```
> ...

 

I just tested ":10.9.8.7 foo bar" with my server at home at it worked just fine.  In my case my university just implamented a filter to stop all outgoing smtp traffic from the university except by specific mail servers (which I can't get my personal machine on that list) and I was able to relay the main from my mail server to the main smtp campus server using my username and password to send the mail.

Let me know how it goes.

----------

## TvL

Hi,

Thank you very much for your reply! It worked!

The smtp server that I use as relay doesn't require authentication, so I did the following:

```
echo :mailrelay.isp.whatever:25 > /var/qmail/control/smtproutes

/etc/init.d/svscan restart (don't know if necessary)
```

And it worked. When I check the headers of the received email I see it went through my isp's mailserver and I can sent to hotmail again.

Thanks again  :Smile: 

----------

## biatch0

Didn't work unfortunately   :Crying or Very sad: 

I'll likely just unmerge everything and start from scratch using the exact versions I used on my last machine, which is r13 or something like that.

----------

## TvL

 *biatch0 wrote:*   

> Didn't work unfortunately  
> 
> I'll likely just unmerge everything and start from scratch using the exact versions I used on my last machine, which is r13 or something like that.

 

Hey biatch0,

I installed my qmail a few days ago using this gentoo-howto: http://www.gentoo.org/doc/en/qmail-howto.xml#doc_chap1

I had no trouble whatsoever, except for the smarthost posted above. Maybe it's something for you?

I used the pyzor, dcc, razor extensions from this thread.

Good luck!

EDIT: Read my post below... something did go wrong obviouslyLast edited by TvL on Thu Jun 29, 2006 11:27 am; edited 1 time in total

----------

## TvL

Hi guys, 

I'm still not convinced that my mailserver setup is functioning correctly.

On my previous sendmail/spamassassin/clamav setup all my received email would have the following in their headers:

 *Quote:*   

> X-Virus-Scanned: ClamAV 0.88.2/1534/Mon Jun 12 14:30:53 2006 on mail.mydomain.example
> 
> X-Virus-Status: Clean
> 
> X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-2 on mail.mydomain.example
> ...

 

Emails I receive through my new setup do not have those tags.

Also I have tested to send the eicar test message to my mailserver and it comes through without a warning...

So, I suppose my anti-virus and spam do not work....

Maybe something to do with qmail-scanner....

EDIT: I did remerge qmail-scanner with USE="spamassassin"

Also I made sure clamd and spamd where running when I merged qmail-scanner

----------

## mobiusproject

 *TvL wrote:*   

> On my previous sendmail/spamassassin/clamav setup all my received email would have the following in their headers...

 

Is the only difference between your old setup and your new setup the addition of the smtproutes file?

 *TvL wrote:*   

> Also I have tested to send the eicar test message to my mailserver and it comes through without a warning...

 

How are you trying to run the eicar test?

Could you also please post the output of

```
> grep -v "#" /etc/tcprules.d/tcp.qmail-smtp

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

This is the output of mine btw.

----------

## TvL

 *mobiusproject wrote:*   

>  *TvL wrote:*   On my previous sendmail/spamassassin/clamav setup all my received email would have the following in their headers... 
> 
> Is the only difference between your old setup and your new setup the addition of the smtproutes file?

 

No no... sorry for not being clear about this. I've built a new OS for the mailserver. Before I was running Fedora Core 4 with sendmail/spamassassin and clamav.

 *mobiusproject wrote:*   

>  *TvL wrote:*   Also I have tested to send the eicar test message to my mailserver and it comes through without a warning... 
> 
> How are you trying to run the eicar test?

 

I'm trying it out by sending an email from another machine outside of my network. I'm sending a message to my email account with the Eicar test string as mail body.

 *mobiusproject wrote:*   

> Could you also please post the output of
> 
> ```
> > grep -v "#" /etc/tcprules.d/tcp.qmail-smtp
> 
> ...

 

Sure:

```
mail ~ # grep -v "#" /etc/tcprules.d/tcp.qmail-smtp

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

:allow

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

10.10.0.33:allow,RELAYCLIENT="",RBLSMTPD=""

```

Oooooooohhh..... That 

```
:allow
```

 line should have been commented....   :Shocked: 

So obviously the script never reached the qmail-scanner since it was satisfied at :allow

Sorry for the stupid/obvious mistake

----------

## petterg

 *biatch0 wrote:*   

> Didn't work unfortunately  :cry: 
> 
> I'll likely just unmerge everything and start from scratch using the exact versions I used on my last machine, which is r13 or something like that.

 

How is your mail clients setup for smtp-auth? Which program? Did you enable TSL? Auth-methode? correct password? Any virus scanner scanning blocking encrypted smtp on you client? (At least Avast and norten block smtp-tsl by default)

----------

## biatch0

I've tried Outlook Express, ThunderBird, and another IMAP client for my symbian phone. All return the same error. IINM, I left TLS as disabled (but I've tried enabling TLS in OE/TB with the same results). I have Norton on my PC, results are the same whether enabled or disabled (it does return a warning when I use TLS).

Will try re-emerging with directions from the post by TvL later on.

----------

## stripe

Norton is very good AV program but for the mailing clients it is a pain. You have to disable scanning in/out emails to be able to use TLS. Anyway AV scanning does a clamav and very successfuly...

----------

## m3_del

This guide worked perfect. However, now I have a question about integrating procmail into this setup. I do not want it to get in the way of vpopmail or anything. The way I understand it to work is once the mail hits qmail it goes through the rules. Will this break qmails relationship with vpopmail?

----------

## eltech

how accurate can we say this is with todays packages and changes peter?

----------

## mobiusproject

This setup is still fairly accurate, but could use some updating.  I have actually written a newer setup that also includes things like setting ssl certificates from ssl providers, but haven't put it anywhere yet.  If you are interested in setting up qmail I could find the newer how-to.  This is just the third (or maybe fourth) incarnation of the qmail install and i didn't really feel like starting a whole other thread, at least until this one was over a year old and really didn't have many updates.  If people feel the need for it I would post it though.  Its a bit shorter than this one and in my opinion a little easier as well.  Just let me know if petterg doesn't get back to you.

----------

## tuxman

I'd definetly be up to see a more recent howto, with more current versions etc. it's hard to read these long ones and catch all the little changes as other people add to it.  just my opinion though

----------

## petterg

Sorry for not watching this thread for a while. I've been stuck with setting up windows servers for a customer. Let me tell you MS can't make serversoftware! They may be a bit easier figure out on your own, than a linux box is, but when problems show up it's guarantied to be something noone ever heard of and MS support can't recomend anything but full reinstall. And they require almost daily attension.

Comparet to the linux server set up by this guide... well it's been untouched since the installation. Except for one day the city power supply went out and I had to press the power button to start it up. (Had forgoten to set bios to auto power on after power resume.)

Mobiusproject has posted an updated version of this guide.

https://forums.gentoo.org/viewtopic-t-527246.html

----------

