# HOWTO: qmail vpopmail courier-imap qmail-scanner (12/2006)

## mobiusproject

Previous incarnations of this Howto:

HOWTO: qmail vpopmail courier-imap qmail-scanner (09/2005) by petterg

HOWTO: qmail vpopmail courier-imap qmail-scanner etc (NEW) by sabrex

HOWTO: qmail vpopmail qmail-scanner courier squirrelmail by sabrex

Please check the extra notes at the bottom of the guide.

I have tried to make this install as short and concise as possible.  There are a few explanations as to the changes from petterg's latest.

Packages used in this guide:

```
mail-mta/qmail-1.03-r16

net-mail/vpopmail-5.4.16

net-mail/courier-imap-4.0.4

dev-python/pyzor-0.4.0-r2

mail-filter/razor-2.82

mail-filter/dcc-1.3.24

mail-filter/spamassassin-3.1.3

app-antivirus/clamav-0.88.7

mail-filter/qmail-scanner-1.25-r1

net-mail/ezmlm-idx-mysql-0.40-r2

net-mail/qmailadmin-1.2.10

mail-client/squirrelmail-1.4.9a
```

Assumes these packages are installed, configured and running:

```
apache

mysql

php
```

Before you start it might be a good idea to run

```
> emerge --sync
```

1) Ensure that the proper USE flags are set

```
> nano /etc/make.conf

USE-flags to set: apache2 ipv6 mysql nls qmail spamassassin ssl vhosts
```

ipv6 is optional.  Some people have had problems in the past with this flag set.  I personally have it enabled and have no problems with it.

ssl if you want SSL support (which I highly recommend).

vhosts is optional.  If you plan on having a virtual-hosting environment in apache, this is required.

2) Install qmail

Note: You can't use Cram-MD5 encryption for authentication with only encrypted vpopmail passwords in the mysql database.  If you run with both Cram-MD5 and encrypted passwords, the authentication attempt will fail and then revert to sending plain text username and password and cause about a 5 second delay in sending e-mail.  I would rather trust myself to not look at users passwords than have an unknown number of people sniffing plain text usernames and passwords between client and server.

```
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use

> emerge -pv mail-mta/qmail
```

You might see something blocking for the installation of qmail. Unmerge them:

```
> emerge -C (append name of blocking package(s) here!)
```

Install qmail

```
> emerge mail-mta/qmail
```

Configure qmail

```
> nano /var/qmail/control/servercert.cnf

Modify to whatever suits your needs and save/exit

> emerge --config mail-mta/qmail

Press [enter] to continue whenever it asks you to modify /var/qmail/control/servercert.cnf.  You've done that.
```

Setup/start smtp service

```
> ln -s /var/qmail/supervise/qmail-send /service/qmail-send 

> ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd

> rc-update add svscan default

> /etc/init.d/svscan start
```

3) Install vpopmail

```
> emerge vpopmail
```

Create the vpopmail database.

```
Login to the mysql server (as a user with permissions to create databases and add users)

mysql> create database vpopmail;

mysql> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your vpopmail password';

mysql> flush privileges;

mysql> quit
```

Choose a vpopmail password that is not used anywhere else. The password has to be saved in cleartext! You'll never need to remember it after you're done with the installation.

If your mysql server is not running on localhost, change the vpopmail@hostname accordingly.

Edit vpopmail.conf.

```
> nano /etc/vpopmail.conf

# Read-only DB

localhost|0|vpopmail|your vpopmail password|vpopmail

# Write DB

localhost|0|vpopmail|your vpopmail password|vpopmail
```

Make sure the vpopmail.conf is readable for the vpopmail user. Default is ownership = root:vpopmail with 640 permissions

4) Install imap and pop3 server

```
> emerge courier-imap
```

Modify /etc/courier/authlib/authdaemonrc

```
> nano /etc/courier/authlib/authdaemonrc

authmodulelist="authvchkpw"
```

Thunderbird defaults to having 5 imap connections for caching purposes, but courier-imap only allows 4 connections per ip.  This can cause some errors in thunderbird (possible data loss).  Its easier to just allow 5 connections per ip rather than have everyone change thunderbird, so:

Modify /etc/courier-imap/imapd

```
> nano /etc/courier-imap/imapd

MAXPERIP=5
```

If you want the imap server to run:

```
> rc-update add courier-imapd default

> /etc/init.d/courier-imapd start
```

If you want ssl support for you imap server:

```
> nano /etc/courier-imap/imapd.cnf

     edit to suit your needs

> mkimapdcert

> rc-update add courier-imapd-ssl default

> /etc/init.d/courier-imapd-ssl start
```

If you want the pop3 server to run:

```
> rc-update add courier-pop3d default

> /etc/init.d/courier-pop3d start
```

If you want ssl support for you pop3 server:

```
> nano /etc/courier-imap/pop3d.cnf

     edit to suit your needs

> mkpop3dcert

> rc-update add courier-pop3d-ssl default

> /etc/init.d/courier-pop3d-ssl start
```

There is no need to edit /etc/courier-imap/[pop3d|pop3d-ssl|imapd|imapd-ssl] and change [POP3D|POP3DSSL|IMAPD|IMAPDSSL]START=NO to YES because these values are only used for scripts that parse this directory's files to start the services.  We start these through rc-update and thus have no reason to change the values.

I'm running all 4 servers. Users may decide if they want imap or pop3.  A firewall makes sure that the non-ssl servers is unavailable for users located outside the local network.

5) Update the smtpd config to allow smtp-auth using vpopmail

```
> nano /var/qmail/control/conf-smtpd

Add a value of QMAIL_SMTP_CHECKPASSWORD before the last four lines (which are already uncommented)

# SMTP-AUTH using vchkpw from vpopmail

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"
```

The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail: 

```
> nano /var/qmail/control/conf-common

SOFTLIMIT_OPTS="-m 32000000"

TCPSERVER_OPTS="-H -l 0" (that's lower-case L followed by zero)
```

Note: The "-R" option is not needed because it is automatically added in conf-smtpd.

Reload smtp config

```
> svc -t /var/qmail/supervise/qmail-smtpd
```

6) Install spam database clients

```
> emerge pyzor razor dcc
```

7) Install ClamAV and SpamAssassin

```
> emerge spamassassin clamav
```

Configure SpamAssassin

```
> nano /etc/conf.d/spamd

SPAMD_OPTS="-v -u vpopmail -x -H /etc/mail/spamassassin/"
```

An edit for the subject line of spam occurs after the installation of qmailscanner.

No need to edit /etc/mail/spamassassin/local.cf.  The defaults in my opinion are perfect.

Uncomment the following (since we installed it, we could just as well use it):

```
> nano /etc/mail/spamassassin/v310.pre

loadplugin Mail::SpamAssassin::Plugin::DCC
```

Start spamd

```
> /etc/init.d/spamd start

> rc-update add spamd default
```

Configure Clamav

Note: A fix for clamav permissions comes after the installation of qmailscanner.

```
> nano /etc/freshclam.conf

#UpdateLogFile /var/log/freshclam.log

UpdateLogFile /var/log/clamav/freshclam.log

update DatabaseMirror to a mirror close to your server
```

Start clamav

```
> /etc/init.d/clamd start

> rc-update add clamd default
```

8) Install qmail-scanner

Make sure spamassassin and clamav is running while emerging qmail-scanner.

```
> emerge qmail-scanner
```

Scroll back to see if Spamd and Clamav was detected. Look for

```
Searching .....................................

==============================================================

The following binaries and scanners were found on your system:

==============================================================
```

Followed by: clamdscan=... and fast_spamassassin=...

If they're not detected there might be some error messages that will be handy for debugging

Activate qmail-scanner 

```
> nano /etc/tcprules.d/tcp.qmail-smtp
```

Mine is as simple as this:

```
# to update the database after changing this file, run:

# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp

# tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp

# Qmail-Scanner disabled for mail from localhost, relay allowed

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# Qmail-Scanner enabled (virus and spam) for mail from external internet, relay denied

# Relay is actually allowed in this instance if you are using some sort of smtp auth

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

Update the cdb

```
> cd /etc/tcprules.d/

> tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp
```

Fixing the Subject Line of Spam

Qmailscanner edits the subject line of spam for you with "SPAM:".  If you don't want it to be rewritten:

```
> nano /var/qmail/bin/qmail-scanner-queue.pl

(This is down around line 310)

#my $sa_subject_site="SPAM:";  # st: if fast_spamassassin mode is selected

my $sa_subject_site="";  # st: if fast_spamassassin mode is selected
```

Fix for ClamAV permissions:

Here we have the choice of how to run clamav.  You have the choice of whether to run clamav as root (much to permissive for my taste) or to run it as qscand (which is the user that needs to access clamav to check incoming e-mail).  Clamav cannot run as user clamd and still have qscand check e-mails for viruses (it doesn't have the permission it needs to read the incoming e-mail).  Below are the changes needed to run as qscand.

```
> nano /etc/clamd.conf

#User clamd

User qscand

> nano /etc/freshclam.conf

#DatabaseOwner clamav

DatabaseOwner qscand

> chown -R qscand:qscand /var/lib/clamav/ /var/log/clamav/ /var/run/clamav/

> /etc/init.d/clamav restart
```

9) Create domain(s)

The first domain to add should be the primary domain of the server.

```
> /var/vpopmail/bin/vadddomain domain.tld postmasterpassword
```

Repeat for all virtual domains.

If you are only hosting one domain and don't wish to have the @domain.tld as part of the username:

```
> echo "domain.tld" > ~vpopmail/etc/defaultdomain
```

If you have a (sub)domain for testing add it as an aliasdomain.

```
> /var/vpopmail/bin/vaddaliasdomain domain.tld test.domain.tld
```

10) Install mailing lists and qmailadmin

```
> emerge ezmlm-idx-mysql qmailadmin
```

You can now access qmailadmin through http://localhost/cgi-bin/qmailadmin

11) Install squirrelmail

Make sure that you have USE="vhost" in /etc/make.conf

```
> emerge squirrelmail

> webapp-config -I -h localhost -d mail squirrelmail 1.4.9a

or

> webapp-config -I -h {$host} -d {$directory} squirrelmail {$version}

to install install using a different host/directory/version
```

Configure squirrelmail

```
> cd /var/www/localhost/htdocs/mail/

> ./configure
```

Press D to load the Courier-imap template.

Walk through the config menu to set up to your needs.

Make sure to load the compatibility and secure_login plugins.

As users inboxes grow, the webmail will become slow. To fix this make sure to enable "Allow server thread sort" and "Allow server-side sort" under General Options.

12) Check Qmail control files

Make sure the files in /var/qmail/control have been updated. If they are not updated something is wrong. Probably it's related to mysql permissions.

```
This file should contain your primary domain:

> echo "domain.tld" > me

If you are delivering mail from any domain to actual system users (ex: ~user/.maildir):

> echo "domain.tld" > locals

  else

> echo "localhost" > locals

This should contain all domains and aliasdomains on separate lines:

rcpthosts (automatically done for you)

This should contain all domains and aliasdomains on the form of domain.tld:domain.tld :

virtualdomains (automatically done for you)
```

13) Client setup

For SMTP client setup: All clients outside your local network need to enable TLS (encryption) and SMTP-Auth. For username use the full email-address. There is a bug with Outlook (and express) XP using TLS. No workaround is known. Use another client program!

Note: M4chine posted (on Oct. 19th, 2005) that this bug was related to Symantec AntiVirus. If you disable "Internet Mail Security" you may get around this problem. I've no clue if this is the way to go when using other virus software. (Btw, if you're using Symantec / Norton AV you should seriously consider another AV program for windows. Avast, Clamwin and F-secure are my favorites.)

POP3/IMAP client setup

If you do like me - block port 110 and 143 from outside your localnet with a firewall then clients on the outside need to enable SSL and use port 993 for IMAP-SSL and port 995 for POP3-SSL. Clients on the local network may use ports 110/143 without SSL enabled. Use the full email-address as username.Last edited by mobiusproject on Sun Jan 07, 2007 6:40 pm; edited 3 times in total

----------

## mobiusproject

Extra qmail instructions:

Setting up SSL Certificates

Setting up clear passwords for vpopmail after the fact

Setting up vqadmin

Better Mail Logs

Setting up SSL Certificates

I purchased an SSL certificate through a provider (godaddy in my case) and wanted to set up the new ssl certificate to work with both qmail and courier-imap.  # Create a directory just for this domains key and the key

```
> cd

> mkdir mail.domain.tld

> cd mail.domain.tld

> openssl genrsa -out mail.domain.tld.key 1024
```

Create a config for your domain

```
> nano mail.domain.tld.cnf

[ req ]

default_bits = 1024

encrypt_key = yes

distinguished_name = req_dn

x509_extensions = cert_type

prompt = no

[ req_dn ]

# 2-Letter ISO country code

C=US

# FULL name of state/province/district

# NO abbreviations!

ST=State

# FULL name of city

# NO abbreviations!

L=City

# Full Name of your organization

# NO abbreviations!

O=Orgnaization, L.L.C.

# Organizational Unit

OU=Organizational Unit ex: Mail Services

# This should be a FQDN that resolves to the IP of your server

CN=mail.domain.tld

# This should be the email address for the administrator of the server

emailAddress=postmaster@domain.tld

# Leave this alone!

[ cert_type ]

nsCertType = server
```

Create the domain certificate signature request.

```
> openssl req -new -key mail.domain.tld.key -config mail.domain.tld.cnf -out mail.domain.tld.csr
```

Send in your mail.domain.tld.csr to the ssl certificate signer, they should return to you a signed certificate, ex: mail.domain.tld.crt

You should also be able to get an intermediate and root certificate from the ssl provider (in my case sf_issuing.crt and ca_bundle.crt respectively)

Create mail.domain.tld.chain (used in qmail)

```
> cat mail.domain.tld.key mail.domain.tld.crt intermediate.crt root.crt > mail.domain.tld.chain
```

Create mail.domain.tld.chain.dh (used in courier-imap)

```
> cp mail.domain.tld.chain mail.domain.tld.chain.dh

> openssl gendh >> mail.domain.tld.chain.dh
```

Make sure you have very restrictive permissions on all of these files

```
> chmod 600 mail.domain.tld.*
```

Move the chain files to the respective places

```
## Qmail

> cp mail.domain.tld.chain /var/qmail/control/servercert.pem

> chown qmaild:qmaill /var/qmail/control/servercert.pem

> chmod 640 /var/qmail/control/servercert.pem

## Courier-Imap

> cp mail.domain.tld.chain.dh /etc/courier-imap/cert.pem

> cd /etc/courier-imap/

> ln -sf cert.pem imapd.pem

> ln -sf cert.pem pop3d.pem
```

Setting up clear passwords for vpopmail after the fact

If you, like me, installed vpopmail without clear passwords and then realized that clear passwords are required for Cram-MD5 encryption for authentication and want to update your database, here is how I did it.  Its not automatic, but it works.

```
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use

> emerge vpopmail qmailadmin

> mysql -u vpopmail -p

  vpopmail password is in /etc/vpopmail.conf if you have forgotten it

mysql> use vpopmail;

mysql> ALTER TABLE vpopmail ADD pw_clear_passwd char(16) default NULL AFTER pw_shell;

Query OK, xx rows affected (0.01 sec)

xx denotes the number of rows (users) you have.

mysql> quit
```

If you have qmailadmin or vqadmin you can change the password and these will update the database with the clear password.  Or you can do it the old fashioned way, the command line:

```
> ~vpopmail/bin/vchangepw

Please enter the email address: user@domain.tld

Enter old password: oldPassword

Please enter password for user@domain.tld: newPassword

enter password again: newPassword

Password successfully changed.
```

Even if you don't update the database, you can still send and receive mail, but until you update it cram-md5 encryption for authenticating with the smtp server won't work (as it was doing before).

Setting up vqadmin

Taken from

```
> zless /usr/share/doc/vqadmin-2.3.6/INSTALL.gz
```

vqadmin isn't the easiest thing to install and configure, but its one of the better ways to administrate qmail.

Unmask and install vqadmin

```
> echo "net-mail/vqadmin ~x86" >> /etc/portage/package.keywords

> emerge vqadmin
```

vqadmin only installs to localhost; it isn't configurable through webapp-config because of how it compiles.  Thus, we need to edit an apache config file to access it.  Note: you only need to do this if you use virtual hosts.  If you just use localhost, skip this section.  Also, this is just an example.  It won't work verbatim.

```
> nano /etc/apache2/vhosts.d/01_domain.tld.conf

<VirtualHost *:80>

   ServerName mail.domain.tld

   DocumentRoot /var/www/mail.domain.tld/htdocs

   # Because vqadmin installs to localhost

   ScriptAlias /cgi-bin/vqadmin/ /var/www/localhost/cgi-bin/vqadmin/

   Alias /vqadmin/ /var/www/localhost/htdocs/vqadmin/

   <Directory /var/www/mail.domain.tld/htdocs>

      Options Indexes FollowSymLinks MultiViews

      AllowOverride All

      <IfModule mod_access.c>

         Order allow,deny

         Allow from all

      </IfModule>

   </Directory>

   <Directory /var/www/localhost/htdocs/vqadmin>

      Options -All

      AllowOverride All

      <IfModule mod_access.c>

         Order allow,deny

         Allow from all

      </IfModule>

   </Directory>

   <Directory /var/www/localhost/cgi-bin/vqadmin>

      Options ExecCGI

      AllowOverride AuthConfig

      <IfModule mod_access.c>

         Order deny,allow

         Deny from all

      </IfModule>

   </Directory>

</VirtualHost>
```

Edit files to get access to vqadmin.  Just change the lines that I have listed, keep the others.

```
> cd /var/www/localhost/cgi-bin/vqadmin/

> nano .htaccess

AuthUserFile /var/www/localhost/auth/vqadmin.passwd

> nano vqadmin.acl

(last line)

senior * vQadmin

> mkdir /var/www/localhost/auth/

> htpasswd2 -bc /var/www/localhost/auth/vqadmin.passwd vQadmin password
```

Reload apache2's config files.

```
> /etc/init.d/apache2 reload

 * Caching service dependencies ...          [ ok ]

 * Reloading apache2 ...                     [ ok ]
```

Open a web browser, go to:

```
http://mail.domain.tld/cgi-bin/vqadmin/vqadmin.cgi
```

Use the username and password that you just put into htpasswd2.  You have full control over all domains through vqadmin.  You can even edit qmail control files through vqadmin.  With the vpopmail compiled with clearpw you can even see what account's passwords are in case people lose them.  I still think its better to have clear passwords through vpopmail than to have usernames and passwords sent as plain text over the internet.

Better Mail Logs

Logs are the backbone to debugging.  Below are the rules that I use to create logs just for mail.  This assumes that you are using syslog-ng.  Add the following to your syslog-ng config file:

```
> nano /etc/syslog-ng/syslog-ng.conf

destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

filter f_mail { facility(mail); };

filter f_info { level(info); };

filter f_warn { level(warn); };

filter f_err { level(err); };log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
```

Restart syslog-ng

```
> /etc/init.d/syslog-ng restart
```

Last edited by mobiusproject on Sun Jan 07, 2007 7:02 pm; edited 2 times in total

----------

## carpenike

Awesome! I've been looking for an updated guide on these the last few weeks; this is perfect!

One thing to note that I had a problem with...

When I was attempted to run vadddomain, I got a Segmentation Fault... I found this on this wiki:http://gentoo-wiki.com/HOWTO_Setup_QMAIL_RELAY-CTRL_VPOPMAIL

 *Quote:*   

> Update: If You have any problems like "Segmentation fault" while doing vadddomain: edit /var/qmail/control/rcpthosts and remove all the lines (so that file is 0 bytes long) and delete all rcpthosts.* files except rcpthost.lock

 

Thanks so much!

----------

## petterg

Nice update. And perfect timing!

I started installation of a new server last night, the same day as this update came out. Going to read a bit now and install the mail applications later this week.

I'll try out the new qmail-scanner-2.01. It's supposed to fix problems with clamd running as clamd and mail relayed using smtp-auth should not need to wait for spamcheck.

I'll try to tweak the spam dbs a bit. Also I'll try to get the vaild-mail-account-check to run before accepting incomming mail, so that spam to notExistingUser@mydomain.tld should be rejected without wasting resourses on recieving and scanning.

Update will come... this year?

Some comments to Mobiusproject's changes:

 *Quote:*   

> 
> 
> 2) Install qmail
> 
> ....
> ...

 

I think if tls is used (and enforced by the server) the passwords will be transmitted in cleartext over an encrypted channel. Hence this should not be any problem.

Then there is the problem with users trust. My users use the same password for their mail as thay use for other things. They trust that their passwords cannot be read by me or anyone else (other users / hackers) managing to get into the server.

Hence I prefer to not store passwords in cleartext, and enforcing tls for athentication.

Please let me know if this is less safe than I assume!

 *Quote:*   

> 
> 
> 4) Install imap and pop3 server
> 
> ....
> ...

 

Good point.

----------

## mobiusproject

 *petterg wrote:*   

> Nice update. And perfect timing!
> 
> I'll try out the new qmail-scanner-2.01. It's supposed to fix problems with clamd running as clamd and mail relayed using smtp-auth should not need to wait for spamcheck.
> 
> I'll try to tweak the spam dbs a bit. Also I'll try to get the valid-mail-account-check to run before accepting incoming mail, so that spam to notExistingUser@mydomain.tld should be rejected without wasting resources on receiving and scanning.

 

I am glad that you like the updated version.  If you can get qmail-scanner-2.01 to work, that would be wonderful.  Right now I don't have a machine to play around with, but that looks like a nice update.  Also getting the valid-mail-account-check would really save resources, as well as double-bounces.

 *petterg wrote:*   

> Hence I prefer to not store passwords in cleartext, and enforcing tls for athentication.
> 
> Please let me know if this is less safe than I assume!

 

If you are enforcing tls and don't enable cleartext passwords, then you should be fine.  If you go this route, you could just as well disable Cram-MD5 encryption because it will fail anyways and will cause a delay whenever authenticating.  The password will be sent in plain text on top of tls instead of Cram-MD5 encryption on top of tls, but still encrypted.  I can't move all of my clients to e-mail clients that support tls, thus i can't go that route.  But we do set up our servers around our clients needs, and I am so happy that its so easy to make these changes.

----------

## tgnb

thanks for the updated guide as it made it easy for me to add antivirus and spam filtering to my existing mailserver  :Smile: 

----------

## xeon061

Pretty good howto!

Maybe someone of the vpopmail/qmail/spammassassin/courier etc hero`s can help me out of the following problem.

--> Spamd is not filtering. If i try it manually like --> spamc -R </sample-spam.txt <-- it is working

I got 7.3 at 5.0

But if it is working as a daemon, nothing is filtered.

After hours and hours i saw at netstat -tulpen, no Program name behind the PID

590

Aktive Internetverbindungen (Nur Server)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       Benutzer   Inode      PID/Program name

tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      0          7663740    590/

tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      0          12637      7133/perl

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          11319      6270/apache2

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          11009      6098/sshd

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          7687685    24366/tcpserver

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          12289      6913/smbd

The prozess of spamd is running

root     30679     1 59 18:01 ?        00:00:05 /usr/sbin/spamd -d -r

/var/run/spamd.pid -v -u vpopmail -x -H /etc/mail/spamassassin/

More information needed?

----------

## mobiusproject

 *xeon061 wrote:*   

> ...
> 
> Maybe someone of the vpopmail/qmail/spammassassin/courier etc hero`s can help me out of the following problem.
> 
> --> Spamd is not filtering. If i try it manually like --> spamc -R </sample-spam.txt <-- it is working
> ...

 

"netstat -tulpen" doesn't show anything on my end for spamassassin either, so that doesn't mean that it isn't running on your end.

"ps auxf | grep spamd" also brings up the same line as yours above.

What does 

```
grep spamd /var/log/mail.info | tail -n 20
```

 do for you?

----------

## xeon061

What does 

```
grep spamd /var/log/mail.info | tail -n 20
```

 do for you?[/quote]

I don`t have a /var/log/mail.info.

I installed syslog-ng, so in messages is

Jan  7 06:50:29 src@linuxmail authdaemond: modules="authvchkpw", daemons=5

Jan  7 06:50:29 src@linuxmail authdaemond: Installing libauthvchkpw

Jan  7 06:50:29 src@linuxmail authdaemond: Installation complete: authvchkpw

Jan  7 06:50:33 src@linuxmail clamd[14850]: Daemon started.

Jan  7 06:50:33 src@linuxmail clamd[14850]: clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i686)

Jan  7 06:50:33 src@linuxmail clamd[14850]: Log file size limited to 1048576 bytes.

Jan  7 06:50:33 src@linuxmail clamd[14850]: Verbose logging activated.

Jan  7 06:50:33 src@linuxmail clamd[14850]: Running as user qscand (UID 210, GID 210)

Jan  7 06:50:33 src@linuxmail clamd[14850]: Reading databases from /var/lib/clamav

Jan  7 06:50:41 src@linuxmail clamd[14850]: Protecting against 86099 viruses.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Unix socket file /var/run/clamav/clamd.sock

Jan  7 06:50:41 src@linuxmail clamd[14857]: Setting connection queue length to 15

Jan  7 06:50:41 src@linuxmail clamd[14857]: Listening daemon: PID: 14857

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive: Archived file size limit set to 10485760 bytes.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive: Recursion level limit set to 8.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive: Files limit set to 1000.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive: Compression ratio limit set to 250.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive support enabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Archive: RAR support disabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Portable Executable support enabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Mail files support enabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Mail: Recursion level limit set to 64.

Jan  7 06:50:41 src@linuxmail clamd[14857]: OLE2 support enabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: HTML support enabled.

Jan  7 06:50:41 src@linuxmail clamd[14857]: Self checking every 1800 seconds.

Jan  7 06:50:41 src@linuxmail freshclam[14865]: Daemon started.

Jan  7 06:50:41 src@linuxmail freshclam[14866]: freshclam daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i686)

Jan  7 06:50:41 src@linuxmail freshclam[14866]: ClamAV update process started at Sun Jan  7 06:50:41 2007

Jan  7 06:50:41 src@linuxmail freshclam[14866]: main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)

Jan  7 06:50:41 src@linuxmail freshclam[14866]: daily.cvd is up to date (version: 2417, sigs: 2149, f-level: 9, builder: ccordes)

Jan  7 06:50:41 src@linuxmail freshclam[14866]: --------------------------------------

Jan  7 06:50:43 src@linuxmail spamd[14924]: logger: removing stderr method

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test DRUGS_ERECTILE has undefined dependency '__DRUGS_ERECTILE7'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_HTML has undefined dependency '__ENV_AND_HDR_FROM_MATCH'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_HDR_FROM has undefined dependency '__ENV_AND_HDR_FROM_MATCH'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test __POPULAR_PRICES2 has undefined dependency '__CREATIVE_PRICE'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_OEM_POP_PRICES3 has undefined dependency '__CREATIVE_PRICE'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test STOCK_IMG_OUTLOOK has undefined dependency '__ENV_AND_HDR_FROM_MATCH'

Jan  7 06:50:53 src@linuxmail spamd[14928]: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2'

Jan  7 06:50:54 src@linuxmail spamd[14928]: spamd: server started on port 783/tcp (running version 3.1.7)

Jan  7 06:50:54 src@linuxmail spamd[14928]: spamd: server pid: 14928

Jan  7 06:50:54 src@linuxmail spamd[14928]: spamd: server successfully spawned child process, pid 14945

Jan  7 06:50:54 src@linuxmail spamd[14928]: spamd: server successfully spawned child process, pid 14946

Jan  7 06:50:54 src@linuxmail spamd[14928]: prefork: child states: IS

Jan  7 06:50:54 src@linuxmail spamd[14928]: prefork: child states: II

Any other hints?

----------

## xeon061

It looks like it`s ok now  :Laughing: 

After reemerging all the stuff again, it`s scanning now.

Btw i changed to Spamassassin 3.1.7 and netqmail-1.05-r4

I think something within the qmail or spamassassin was broken.

But thanks anyway

----------

## mobiusproject

I had forgotten that I had added the mail logs in my syslog-ng config file, so of course you wouldn't have those logs.  I added the extra log info for syslog-ng to my second post of extras if you want more logs.  Sorry, I had forgotten about those.  But I am glad that you got things to work.

----------

## synt4x

I run a mail server with about 1000 users with this setup and I'd thought I'd throw in a few cents on tuning the configuration:

By default, with qmail's concurrencyincoming control file (see `man qmail-smtpd`) there is a max of 40 incoming SMTP connections.  More than that, and the server will just refuse to open the connection, resulting in delayed delivery by other mail servers and users unable to connect to send their messages.  With the default settings and my current load of incoming mail, I'd regularly experience this cut off and had to make the following tweaks.  I'm not a super pro at this, so I'd love to hear some input on this, and it would also be nice if stuff like this could get folded back in since the diagnosis is a real headache:

* qmail's control/timeoutsmtpd file by default allows up to 20 minutes between data packets received by clients connected.  This is utterly insane, and means that if a client bombs in the middle of sending a mail, one of your slots is tied up for 20 minutes.  I created this file and set the timeout to 30 seconds.  If you're taking more than 30 seconds between packets, you'll just need to reconnect and try again.  Hell, Apache by default has it's timeout (for pipelined requests, different context but still similar) set to 15 seconds by default.  This could probably be even more aggressively tuned to 5 seconds.

* Have the RAM? Flat out increase the concurrencyincoming to what you can handle.  Note that if you set this too high and don't have the memory to support it a DDoS can completely lock up your mail server (I've seen this first hand).  Also note on this problem that if you *restart* your svscan service, all the in-progress smtp connections will still exist.  That is, if you were maxed out to 100 smtp's, decided to up it to 200, and restarted, you could face up to 300 smtp processes if you're getting really hammered

* SpamAssassin's `spamc` program has a command line argument for timeout.  By default it will wait up to 20 minutes for a message to process before giving up.  Under normal conditions it really should only take 1-2 seconds, and usually when my server is dragging ass (to the point where I'd want it to surrender) it's running about 30 seconds.  For this I edit my /var/qmail/bin/qmail-scanner-queue.pl file to add a '-t 30' to the arguments.  Check your `ps` to make sure that it's getting run with the argument.

* By default qmail does not limit the size of an incoming message.  Someone could easily DoS you by just opening up enough large connections.  To try to minimize this, setup whatever the largest total message size you think is reasonable by editing the /var/qmail/control/databytes file.  I have mine set to 32 megs -- anything larger than this (for me) would be something I'd call the sender about to verbally scold them.  Set for whatever is reasonable for you.

----------

## synt4x

Also, in relation to issues with vpopmail, I've noticed seg faults related to ~vpopmail/domains/domainname.com/.vpasswd.lock not being chmod'd to 600.

----------

## vult

Thank you very much for this guide! 

I was stuck with SMTP auth before (seemed to work but it hadn't) but now everythisk is ok :]

Now I have to allow ssl connections only and enable 'change password' option for squirrelmail. I hopeI can handle with the first problem but don't know what to do with that webmail - tried to install the plugin but when I try lo login i get the error:

Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.

Anybody could give me any tips ?

Regards and thanks once again for this great stuff :]

----------

## mobiusproject

 *synt4x wrote:*   

> I'm not a super pro at this, so I'd love to hear some input on this, and it would also be nice if stuff like this could get folded back in since the diagnosis is a real headache:

 

If I can find the time, I will also look into these.  I agree, the diagnosis can be a real headache.  I haven't worked with groups of 1000's of people, but I am sure your insight will be helpful for those who do.  Thank you.

 *vult wrote:*   

> ...
> 
> Now I have to allow ssl connections only and enable 'change password' option for squirrelmail. I hope I can handle with the first problem but don't know what to do with that webmail - tried to install the plugin but when I try lo login i get the error:
> 
> Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.
> ...

 

How are you trying to install the plugins?

For the ability for users to change passwords I use qmailadmin which should be installed if you followed all of the instructions.  Users can log into that with their full usernames (just like to get their e-mail) and have access to change their passwords, vacation messages, forwarding, etc.

To allow ssl connections only, you should just be able to turn on secure_login in the squirrelmail configure script and have apache listen on port 80 with the ssl stuff on.  This is something else I will see about looking into to add to my list of extras.

----------

## vult

 *mobiusproject wrote:*   

> 
> 
> How are you trying to install the plugins?
> 
> For the ability for users to change passwords I use qmailadmin which should be installed if you followed all of the instructions.  Users can log into that with their full usernames (just like to get their e-mail) and have access to change their passwords, vacation messages, forwarding, etc.
> ...

 

Haven't thought about qmailadmin in this way :] I was writing about squirrelmail and change_pass plugin. When I add them in configuration script to active plugins I get this error:

Fatal error: Call to undefined function load_config() in /var/www/localhost/htdocs/mail/plugins/change_sqlpass/functions.php on line 326.

Changing passwords through qmailadmin works fine, thanks  :Wink: 

 *mobiusproject wrote:*   

> 
> 
> To allow ssl connections only, you should just be able to turn on secure_login in the squirrelmail configure script and have apache listen on port 80 with the ssl stuff on.  This is something else I will see about looking into to add to my list of extras.

 

I changed apache vhost config to rewrite https instead of http and it works flawlessly :]

----------

## mobiusproject

 *vult wrote:*   

> ...
> 
> Changing passwords through qmailadmin works fine, thanks 
> 
> ...
> ...

 

Wonderful, this is what I like to hear.

----------

## vult

 *mobiusproject wrote:*   

> 
> 
> Wonderful, this is what I like to hear.

 

I need one more thing and cannot find it so maybe you can point me somewhere:

The qmailadmin I emerged is in polish - I need english version. Is it something in the configuration I can change to have qmailadmin in english ?

Thanks for your help and time :]

----------

## petterg

I'm still trying to get the new installation to work.... for the promised guide using netqmail and qmail-scanner-2.01.

Well it kindof works, just a few bugs to get around. Does anyone know any way to make netqmail require TLS before AUTH? Is there a setting for this, or is the only way to figure out how to apply the auth-after-tls-only.patch from qmail-1.03-r16? If so - how should that patch be applied?

Edit: Problem solved!

Just a few more things to figure out, and the guide will be ready.

----------

## mobiusproject

 *vult wrote:*   

> The qmailadmin I emerged is in polish - I need english version. Is it something in the configuration I can change to have qmailadmin in english?

 

I believe that there is only one version of qmailadmin to install and that qmailadmin is looking at your apache install for the default language and thus showing its polish translation.  You may want to check to see if you have a DefaultLanguage set up in your apache's httpd.conf.  You may also try setting it to en to force english as the default language and see if that changes qmailadmin.

----------

## nookie_pl

One thing that I hate most is installing qmail and co.  :Razz: 

I've followed this guide and my mail.err is full of errors like this:

Jan 26 22:27:18 localhost qmail-scanner-queue.pl: X-Qmail-Scanner-2.01st:[localhost116984683876731996] cannot open /var/spool/qscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied

Jan 26 22:33:25 localhost spamd[5216]: mkdir /var/vpopmail/.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530

Jan 26 22:33:32 localhost spamd[5216]: mkdir /var/vpopmail/.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530

Jan 26 22:33:32 localhost spamd[5216]: locker: safe_lock: cannot create tmp lockfile /var/vpopmail/.spamassassin/auto-whitelist.lock.localhost.5216 for /var/vpopmail/.spamassassin/auto-whitelist.lock: No such file or directory

Jan 26 22:33:32 localhost qmail-scanner-queue.pl: X-Qmail-Scanner-2.01st:[localhost11698472047675182] cannot open /var/spool/qscan/quarantine-events.db - No such file or directory

What I've did wrong?  :Sad: 

----------

## vult

 *mobiusproject wrote:*   

> 
> 
> I believe that there is only one version of qmailadmin to install and that qmailadmin is looking at your apache install for the default language and thus showing its polish translation.  You may want to check to see if you have a DefaultLanguage set up in your apache's httpd.conf.  You may also try setting it to en to force english as the default language and see if that changes qmailadmin.

 

Unfortunately It hadn't changed qmailadmin to english :[

Have some more ideas ? I've no clue where else I can change it  :Sad: 

And another problem with ezmlm:

```
11:27:30 (239.31 KB/s) - `/usr/portage/distfiles/ezmlm-0.53.tar.gz' saved [62693/62693]

 * checking ebuild checksums ;-) ...                                                                                                                    [ ok ]

 * checking auxfile checksums ;-) ...                                                                                                                   [ ok ]

 * checking miscfile checksums ;-) ...                                                                                                                  [ ok ]

 * checking ezmlm-idx-0.40.tar.gz ;-) ...                                                                                                               [ ok ]

 * checking ezmlm-0.53.tar.gz ;-) ...                                                                                                                   [ ok ]

>>> Unpacking source...

>>> Unpacking ezmlm-idx-0.40.tar.gz to /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work

>>> Unpacking ezmlm-0.53.tar.gz to /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work

patching file ezmlm-warn.1

patching file ezmlm-return.1

patching file ezmlm-send.1

patching file ezmlm-sub.1

patching file ezmlm-unsub.1

patching file ezmlm-list.1

patching file ezmlm.5

patching file log.c

patching file MAN

patching file BIN

patching file VERSION

patching file Makefile

patching file constmap.c

patching file constmap.h

patching file error.h

patching file error.c

patching file ezmlm-weed.c

patching file ezmlm-weed.1

patching file Makefile

patching file ezmlm-gate.c

patching file ezmlm-issubn.c

>>> Successfully applied Ed Korthof's From: header patch.

 * Applying ezmlm-0.53-errno.patch ...                                                                                                                  [ ok ]

 * Replacing obsolete head/tail with POSIX compliant ones

 *  - fixed default.do

 *  - fixed ezmlm-test.sh

 *  - fixed setup.do

 *  - fixed auto_qmail.c.do

 *  - fixed auto_bin.c.do

 *  - fixed Makefile

>>> Source unpacked.

>>> Compiling source in /var/tmp/portage/ezmlm-idx-mysql-0.40-r2/work/ezmlm-0.53 ...

ln -sf sub_mysql/ezmlm-mktab ezmlm-mktab

ln -sf sub_mysql/checktag.c checktag.c; rm -f checktag.o

ln -sf sub_mysql/issub.c issub.c; rm -f issub.o

ln -sf sub_mysql/logmsg.c logmsg.c; rm -f logmsg.o

ln -sf sub_mysql/subscribe.c subscribe.c; rm -f subscribe.o

ln -sf sub_mysql/opensql.c opensql.c; rm -f opensql.o

ln -sf sub_mysql/putsubs.c putsubs.c; rm -f putsubs.o

ln -sf sub_mysql/tagmsg.c tagmsg.c; rm -f tagmsg.o

ln -sf sub_mysql/searchlog.c searchlog.c; rm -f searchlog.o

ln -sf sub_mysql/conf-sqlld conf-sqlld; touch conf-sqlld

ln -sf sub_mysql/conf-sqlcc conf-sqlcc; touch conf-sqlcc

( cat warn-auto.sh; \

        echo CC=\'`head -n 1 conf-cc`\'; \

        echo LD=\'`head -n 1 conf-ld`\' \

        ) > auto-ccld.sh

(cat warn-auto.sh; \

        echo EZPATH=\'`head -n 1 conf-bin`\'; \

        cat ezmlm-accept.sh ) > ezmlm-accept

(cat warn-auto.sh; \

        echo EZPATH=\'`head -n 1 conf-bin`\'; \

        echo QMPATH=\'`head -n 1 conf-qmail`\'; \

        cat ezmlm-check.sh ) > ezmlm-check

(cat warn-auto.sh; \

        echo EZPATH=\'`head -n 1 conf-bin`\'; \

        cat ezmlm-glconf.sh ) > ezmlm-glconf

(cat warn-auto.sh; \

        echo QMPATH=\'`head -n 1 conf-qmail`\'; \

        cat ezmlm-test.sh ) > ezmlm-test; \

        chmod 755 ezmlm-test

cp -f ezmlmrc.en_US ezmlmrc

cat auto-ccld.sh make-load.sh > make-load

chmod 755 make-load

cat auto-ccld.sh find-systype.sh > find-systype

chmod 755 find-systype

cat auto-ccld.sh make-compile.sh > make-compile

chmod 755 make-compile

cat auto-ccld.sh make-makelib.sh > make-makelib

chmod 755 make-makelib

./find-systype > systype

( cat warn-auto.sh; ./make-load "`cat systype`" ) > load

( cat warn-auto.sh; ./make-compile "`cat systype`" ) > \

        compile

chmod 755 load

( cat warn-auto.sh; ./make-makelib "`cat systype`" ) > \

        makelib

chmod 755 compile

( ( ./compile tryulong32.c && ./load tryulong32 && \

        ./tryulong32 ) >/dev/null 2>&1 \

        && cat uint32.h2 || cat uint32.h1 ) > uint32.h

chmod 755 makelib

./compile slurp.c

./compile slurpclose.c

./compile concatHDR.c

rm -f tryulong32.o tryulong32

./compile unfoldHDR.c

./compile decodeQ.c

./compile encodeQ.c

./compile decodeB.c

./compile encodeB.c

./compile author.c

./compile wait_pid.c

./compile subgetopt.c

./compile sgetopt.c

./compile getln.c

./compile getln2.c

./compile strerr.c

./compile strerr_sys.c

./compile strerr_die.c

( ( ./compile trysgact.c && ./load trysgact ) >/dev/null \

        2>&1 \

        && echo \#define HASSIGACTION 1 || exit 0 ) > hassgact.h

./compile sig_pipe.c

./compile open_append.c

./compile open_read.c

rm -f trysgact.o trysgact

./compile open_trunc.c

( ( ./compile tryflock.c && ./load tryflock ) >/dev/null \

        2>&1 \

        && echo \#define HASFLOCK 1 || exit 0 ) > hasflock.h

./compile substdio.c

./compile substdi.c

./compile substdo.c

rm -f tryflock.o tryflock

./compile subfderr.c

./compile substdio_copy.c

./compile stralloc_eady.c

./compile stralloc_pend.c

./compile stralloc_copy.c

./compile stralloc_opys.c

./compile stralloc_opyb.c

./compile stralloc_cat.c

./compile stralloc_cats.c

./compile stralloc_catb.c

./compile stralloc_arts.c

./compile alloc.c

./compile alloc_re.c

alloc.c:3: warning: conflicting types for built-in function 'malloc'

./compile error.c

./compile error_str.c

./compile str_len.c

./compile str_diff.c

./compile str_diffn.c

./compile str_cpy.c

./compile str_chr.c

./compile str_rchr.c

./compile str_start.c

./compile byte_chr.c

./compile byte_rchr.c

./compile byte_diff.c

./compile byte_copy.c

./compile byte_cr.c

./compile byte_zero.c

./compile fd_copy.c

./compile fd_move.c

./compile case_diffb.c

./compile case_diffs.c

./compile case_starts.c

./compile case_lowerb.c

./compile case_startb.c

./compile fmt_str.c

./compile fmt_uint.c

./compile fmt_uint0.c

./compile fmt_ulong.c

./compile scan_ulong.c

./compile scan_8long.c

./compile getconf.c

./compile makehash.c

./compile surf.c

./compile ezmlm-archive.c

ezmlm-archive.c: In function 'main':

ezmlm-archive.c:446: warning: incompatible implicit declaration of built-in function '_exit'

./compile idxthread.c

./compile date2yyyymm.c

./compile dateline.c

( ( ./compile tryvfork.c && ./load tryvfork ) >/dev/null \

        2>&1 \

        && cat fork.h2 || cat fork.h1 ) > fork.h

./compile checktag.c `head -n 1 conf-sqlcc`

rm -f tryvfork.o tryvfork

./compile issub.c `head -n 1 conf-sqlcc`

checktag.c: In function 'checktag':

checktag.c:68: warning: return discards qualifiers from pointer target type

checktag.c:70: warning: return discards qualifiers from pointer target type

checktag.c:75: warning: return discards qualifiers from pointer target type

checktag.c:90: warning: return discards qualifiers from pointer target type

checktag.c:92: warning: return discards qualifiers from pointer target type

checktag.c:95: warning: return discards qualifiers from pointer target type

./compile logmsg.c `head -n 1 conf-sqlcc`

logmsg.c: In function 'logmsg':

logmsg.c:52: warning: return discards qualifiers from pointer target type

./compile subscribe.c `head -n 1 conf-sqlcc`

./compile opensql.c `head -n 1 conf-sqlcc`

In file included from subscribe.c:17:

log.h:4: warning: conflicting types for built-in function 'log'

opensql.c: In function 'opensql':

opensql.c:95: error: invalid lvalue in assignment

opensql.c:99: warning: return discards qualifiers from pointer target type

make: *** [opensql.o] Error 1

make: *** Waiting for unfinished jobs....

!!! ERROR: net-mail/ezmlm-idx-mysql-0.40-r2 failed.

Call stack:

  ebuild.sh, line 1546:   Called dyn_compile

  ebuild.sh, line 937:   Called src_compile

  ezmlm-idx-mysql-0.40-r2.ebuild, line 77:   Called die

!!! (no error message)

!!! If you need support, post the topmost build error, and the call stack if relevant.

```

----------

## petterg

I've got around to install everything I want for the promissed guide. Qmail-scanner 2.x and ezmlm are tricky, but there are ways to make them work.

If anyone feel like hosting something for the new guide, please let me know. (my servers are on adsl connection, hence not suitable for public hosting) The new guide will need hosting for:

a new chkuser plugin that actually accepts all kinds of ezmlm commands, valias, vpopmail accounts, .qmail-alias, aliasdomains and valias on aliasdomain

a cronjob+squirrelmail plugin that will provide users with a history of what have happened to his/her mails. It lists the to/from/subject headers with spamlevel/virus status of all mails processed by qmail-scanner. And the action taken (deleted/quarantined/tagged/delivered/viurs)

wapmail interface that does not use the imap server. WAP is not encrypted. Hence sending imap password for wap access should be an issue. This wapmail allow the user to use different passwords for imap and wap. Also it makes use of singel use pin codes that is valid for one hour only. For security mails cannot be deleted with this interface.

The guide is close to finished. But I'm not sure if I managed to update the guide with all the changes I had to make after the initial installation. I think I'll need to make a new test install before posting. Chances are that I'll be abel to free up a server this weekend, and start a new install before next weekend.

Edit: I figured I might as well create three projects on sourceforge for this hosting.

----------

## vult

And I have another issue:

Is it possible to force auth even for emails on local server? 

If I delete content of rctphosts users need to auth when sending email, but when you try to send email from any other server to your local server you get error:

```
Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
```

----------

## petterg

Thanks to a date who canceled on me tonight the new guide is out. It's in pre-tested state, so don't use it unless you feel like experimenting. I might have forgotten something in there.

https://forums.gentoo.org/viewtopic-p-3899255.html

Links for plugins and wapmail will come when those projects are accepted at sf.netLast edited by petterg on Sun Feb 11, 2007 3:30 am; edited 1 time in total

----------

## petterg

 *vult wrote:*   

> And I have another issue:
> 
> Is it possible to force auth even for emails on local server? 
> 
> If I delete content of rctphosts users need to auth when sending email, but when you try to send email from any other server to your local server you get error:
> ...

 

I would assume that would create a lot of mess for other applications as well. I wouldn't even think of trying that.

What purpose would that serve?

----------

## vult

 *petterg wrote:*   

> 
> 
> I would assume that would create a lot of mess for other applications as well. I wouldn't even think of trying that.
> 
> What purpose would that serve?

 

I need it in case that f.e. John will send email to Janet from Steven's address. I'd like to prevent that kind of situations. 

Maybe there's some other way to do that ?

----------

## petterg

 *vult wrote:*   

> 
> 
> I need it in case that f.e. John will send email to Janet from Steven's address. I'd like to prevent that kind of situations. 
> 
> Maybe there's some other way to do that ?

 

Well, you could setup squirrelmail with multiple identities. See https://forums.gentoo.org/viewtopic-t-539101.html#3899812

Same thing can be done with most email clients.

----------

## vult

 *petterg wrote:*   

> 
> 
> Well, you could setup squirrelmail with multiple identities. See https://forums.gentoo.org/viewtopic-t-539101.html#3899812
> 
> Same thing can be done with most email clients.

 

I think you hadn't understood me ;]

I have only one domain. There is almost 100 users. I'd like to prevent that one user will use another's user account to send emails. That's why I'd like to force smtp auth.

----------

## petterg

 *vult wrote:*   

>  *petterg wrote:*   
> 
> Well, you could setup squirrelmail with multiple identities. See https://forums.gentoo.org/viewtopic-t-539101.html#3899812
> 
> Same thing can be done with most email clients. 
> ...

 

With 100 users I would assume they are on local network, not localhost. If so you'll just need to set allow relay from localhost only in your tcprules.

----------

