# HOWTO install qmail, vpopmail, relay-ctrl, courier 03/15/05

## endtransmission

Hey all

After using THIS for the longest time and making tweak after tweak as time went on, I finally rewrote the howto on the Gentoo-wiki to reflect the current buildsi and thought I'd reproduce it here for the members of this community.  It does not include virus and spam scanning yet, so if someone wants to chip in, man I'm all for it.

CLICK HERE FOR THE ORIGINALHOWTO

::::::::::::::::::::::::::::::::::::::::::: Original Follows :::::::::::::::::::::::::::::::::::::::::::::::::::

This howto has recently been updated (03/15/05) to reflect the following ebuilds.  The previous howto had become so out of date as to now qualify as misleading - this was not due to neglect, just to the way of things.  Software has evolved a little, and so must this.  There is a real argument for stepping off the bleeding edge for a little bit, if only to acrue a solid, accurate body of documentation that remains applicable for longer than the time it takes to write it.  That being said, I will shortly be hosting these ebuilds/source-code for download from my servers as soon as I can find the time so you too may follow these instructions and get qmail/vpopmail/courier-imap/relay-ctrl up with a minimum amount of hassle.  Until then, best of luck.

This is a wiki and everyone can make changes and edits and yes thats a great thing but please, I beg you, for the good of everyone involved who might try and use this howto for help, before editing this please test your changes and be thorough in your documentation so this howto can remain viable and helpful for everyone.

Here we go.  These are the supported ebuilds for this howto.

```
   QMAIL

   sys-apps/ucspi-tcp-0.88-r10

   net-mail/dot-forward-0.71-r1

   net-mail/cmd5checkpw-0.22-r1

   sys-process/daemontools-0.76-r4

   net-mail/queue-fix-1.4-r2

   net-mail/checkpassword-0.90-r1

   mail-mta/qmail-1.03-r15

   RELAY-CTRL

   net-mail/relay-ctrl-3.1.1-r2

   VPOPMAIL

   net-mail/vpopmail-5.4.6-r1

   COURIER-IMAP

   net-libs/courier-authlib-0.54  

   net-mail/courier-imap-4.0.1-r1
```

Now, lets get started.

== Ensure Proper USE Flags Are Set ==

```
# nano -w /etc/make.conf
```

add apache2, maildir, valias, vhosts, authdaemond and mysql as USE flags.

== Install QMAIL ==

First of all, make sure that you unmerge the other mail handlers that may be installed, such as ssmtp, sendmail, or postfix: 

```
 # emerge -C ssmtp sendmail postfix 

 # emerge /usr/portage/net-mail/qmail/qmail-1.03-r15.ebuild 

 # ebuild /var/db/pkg/net-mail/qmail-1.03-r15/qmail-1.03-r15.ebuild config 

   

 # ln -s /var/qmail/supervise/qmail-send /service/qmail-send 

 # ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd 

 

 # rc-update add svscan default 

 # /etc/init.d/svscan start
```

== Install RELAY-CTRL ==

Using relay-ctrl is a simple and straightforward way to allow us to send email with email clients from anywhere.

```
 # emerge relay-ctrl

 # cd /etc/tcprules.d/

 # nano -w tcp.qmail-smtp
```

Delete your tcp.qmail-smtp file and copy this in its place - you only need to change the IP address in the first line to the internal IP address of your server.

```
 

################## START OF tcp.qmail-smtp #######################

#

# CHANGE THIS IP ADDRESS TO THE INTERNAL IP ADDRESS OF YOUR MAIL SERVER

192.168.31.50:allow,RELAYCLIENT="",RBLSMTPD=""

  

#-----------------------------------------------------------------

# DONT ALLOW THESE IPS TO SEND MAIL TO US :

# (Insert banned IP's here)

#

# These IP's pipe out heaps and heaps of spam

#

216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."

64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"

 

#-----------------------------------------------------------------

# DON'T TOUCH THIS

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

#-----------------------------------------------------------------

# DON'T TOUCH THIS

:allow

# You must run the below command after editing this file and then restart the /etc/init.d/svscan service in

# order to activate the changes you make here today.

#

# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp

#

############# END OF FILE #################
```

Change this 192.168.31.50 address to the internal IP address of your personal mail server.

Once the qmail-smtp file has been edited, enter this long line below (unbroken) and hit enter...

```
 # tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
```

and to finish up...  

```
 # /etc/init.d/svscan restart
```

== Install VPOPMAIL ==

```
 # emerge /usr/portage/net-mail/vpopmail-5.4.6-r1.ebuild
```

First log into mysql as your mysql root user and pass like this.

```
 # mysql -u root -p

 password: (enter root password here)

   ---- you'll be inside mysql at this point ----

 > create database vpopmail;

 > use vpopmail;

 > grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your password';

 > flush privileges;

 > quit
```

 #### Do not replace the phrase 'your password' with your actual password in this instance. ####

Configure vpopmail's mysql user password

```
 # nano /etc/vpopmail.conf 
```

  (Change the password from 'secret' to your root password, and change the user to user root)

If you have problems with vpopmail not accepting mail properly, please ensure that /etc/vpopmail.conf is chmod 600 and owned by vpopmail:vpopmail

```
 # chown root:vpopmail /etc/vpopmail.conf

 # chmod 640 /etc/vpopmail.conf

 # chown root:vpopmail /var/vpopmail/bin/vchkpw

 # chmod 4711 /var/vpopmail/bin/vchkpw
```

   Now you can add a domain from the commandline (NOT IN MYSQL) with the command

```
 # vadddomain blah.com 
```

   You can add a user at the commandline with the command

```
 # vadduser user@blah.com
```

   Or delete a user

```
 # vdeluser user@blah.com
```

   (You only have to do this if the vadddomain step below results in "command not found")

```
 # env-update && source /etc/profile
```

QUICK NOTE : In order to use vpopmail or qmailadmin Apache must run as user vpopmail:vpopmail.  You will need to edit your /etc/apache2/conf/commonbapache.conf file to read / User vpopmail / Group vpopmail / and then restart apache with the command /etc/init.d/apache2 restart.

== Install Courier-IMAP as IMAP & POP3 Server ==

```
 # emerge net-libs/courier-authlib-0.54

 # emerge net-mail/courier-imap-4.0.1-r1
```

We'll configure courier-authlib first.

```
 # nano -w /etc/courier/authlib/authdaemonrc
```

Ensure these headings look exactly like this in the authdaemonrc file

```
   authmodulelist="authvchkpw"

   authmodulelistorig="authvchkpw" 
```

Do not have-leave-put extras in there.  Now onto configuring courier-imap.

```
 # nano -w /etc/courier-imap/imapd
```

Make sure the following entries are put in like this.  They may or may not be right next to each other so look around for them in the conf file.  

```
   IMAPDSTART=YES

   MAXPERIP=20

   MAILDIR=.maildir

   MAILDIRPATH=.maildir

   PRERUN="envdir /etc/relay-ctrl relay-ctrl-chdir"

   LOGINRUN="relay-ctrl-allow"
```

Repeat process for imapd-ssl, pop3d, pop3d-ssl files as well, except instead of IMAPDSTART you'll want to look for POP3DSTART or whatevers appropriate depending on the file.   

Now lets add courier to our bootup scripts so it launches when we fire up Gentoo.

```
 # rc-update add courier-authlib default

 # rc-update add courier-imapd default

 # rc-update add courier-pop3d default

 # /etc/init.d/courier-imapd start

 # /etc/init.d/courier-pop3d start
```

   Addendum: If you want to use SSL and TLS, you'll need to make SSL certs for them.

```
 # nano -w /etc/courier-imap/imapd.cnf
```

   Fill out State, City, Organization name etc etc etc.  For the Common Name (CN) of your server make sure

   its mail.yourservername.com.  Afterwards, run mkimapdcert (or mkpop3dcert), make the cert, then start

   the service and add it to the startup services like before.

```
 # rc-update add courier-imapd-ssl default

 # rc-update add courier-pop3d-ssl default

 # /etc/init.d/courier-imapd-ssl start

 # /etc/init.d/courier-pop3d-ssl start
```

   Last thing: once started, you can totally stop and start the whole courier suite by recycling

   courier-authlib.  Like this

```
 # /etc/init.d/courier-authlib restart
```

Alright, enough of this!  On to business...

== Update the SMTPD Config to Allow SMTP-AUTH Using VPOPMAIL ==

I've tried alot of iterations on this but the easiest and most straight forward way is to completely delete the 

contents of your /var/qmail/control/conf-smtpd file and just replace it with this.  You need not replace or tweak this file at all after putting this in.

```
  

################## START OF /var/qmail/control/conf-smtp #######################

#

TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

   

QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"

QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"

   

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

#

################## END OF /var/qmail/control/conf-smtp #######################
```

Final touches to bring this together

```
 svc -t /var/qmail/supervise/qmail-smtpd

chmod u+s /var/vpopmail/bin/vchkpw
```

The following step makes sending mail a lot faster under some circumstances, and I highly recommend that you do the following if you notice delays of 30 to 45 seconds sending mail:

```
 # nano -w /var/qmail/control/conf-common

TCPSERVER_OPTS="-H -R -l 0" (that's lower-case L followed by zero)
```

== Install Spam Database Clients ==

 - snip - 

I have mercilessly edited the following spam/virus scanning instructions out for -again- being out of touch with the times.  I am personally going to workshop this in the next 30 days (today is March 12th) and will update this howto to reflect these new versions.  Heck you couldn't even get ebuilds for the versions this was previously written for.  That being said, if you get everything going this far and want to get on this before I do, please feel free.  Functionality we're trying to reestablish from the original version of this how to includes

   Qmail Scanner

   F-prot

   ClamAV

   SpamAssassin

   Pyzor

   Razor

   DCC

== Install Squirrel Mail ==

```
 # emerge squirrelmail

 # cd /var/www/localhost/htdocs

 # mv squirrelmail mail

 # cd mail

 # ./configure
```

   Go forth and setup squirrelmail.  Make sure the mail/data and mail/plugins directories are owned by

   vpopmail:vpopmail

Theres are some great plugins for squirrelmail including one for qmailadmin and another for virtual hosting.  I encourage you to take a look and shop around a bit at http://squirrelmail.org for more details.

== Install QMAIL Admin ==

```
 # emerge /usr/portage/net-mail/ezmlm-idx-mysql/ezmlm-idx-mysql-0.40-r2.ebuild

 # emerge /usr/portage/net-mail/autorespond/autorespond-2.0.4.ebuild

 # emerge /usr/portage/net-mail/qmailadmin/qmailadmin-1.2.0_rc2-r1.ebuild
```

You can access qmailadmin from [http://www.youdomain.com/cgi-bin/qmailadmin here]. If the image files are not showing, you'll have to copy the qmailadmin images to wherever apache is trying to access them from.  You can find out where by checking your /var/log/apache2/error_log. Note that this version still does not use valias to maintain forward/alias info, and you'll need to install 1.2.1 from source for that to work.

== Troubleshooting ==

Forthcoming.Last edited by endtransmission on Sat Mar 19, 2005 11:15 pm; edited 3 times in total

----------

## endtransmission

well I guess no news is good news.

----------

## Freelance

I am currently giving another shot at this , this time using your guide  :Smile: 

I had pretty much everything covered but your section for vpopmail-imap is what i needed.

More feed back after compilation  :Smile: 

----------

## Strowi

hi,

thx for updating!

ATM i'm giving qmail another shot (the older howto never really worked for me).

Looks like you have a little typo in the "Install Qmail" -Section. The Version-numbers don't match:

"# ebuild /var/db/pkg/net-mail/qmail-1.03-r13/qmail-1.03-r15.ebuild config"

ebuild /var/db/pkg/mail-mta/qmail-1.03-r13/qmail-1.03-r13.ebuild config

UPDATE1:

1. "ebuild /var/db/pkg/net-mail/qmail-1.03-r13/qmail-1.03-r13.ebuild config" should be 

    "ebuild /var/db/pkg/mail-mta/qmail-1.03-r13/qmail-1.03-r13.ebuild config"

2. I don't have a tcp.qmail-smtp to delete; and what about the /etc/tcp.* files?

i'll edit this post later to reflect my experience with this one.

----------

## petterg

Note there is a bug in courier-authlib-0.5*.ebuild for compiling authvchkpw (vpopmail authentication)

Read this to fix:

https://bugs.gentoo.org/show_bug.cgi?id=85794

Edit: Corrected linkLast edited by petterg on Sun Mar 20, 2005 10:25 am; edited 1 time in total

----------

## endtransmission

 *Strowi wrote:*   

> hi,
> 
> thx for updating!
> 
> ATM i'm giving qmail another shot (the older howto never really worked for me).
> ...

 

If you installed relay-ctrl then it should have installed or moved those files into /etc/tcprules.d/*.  Are you sure you're in the proper directory?

Thanks for the typo hit.  Has been corrected to reflect r15, the version I've installed.

----------

## endtransmission

 *petterg wrote:*   

> Note there is a bug in courier-authlib-0.5*.ebuild for compiling authvchkpw (vpopmail authentication)
> 
> Read this to fix:
> 
> https://bugs.gentoo.org/show_bug.cgi?id=85391

 

Hunh.  Good to know.  This howto makes allowances for that so users who are using this need not jump through those hoops if they don't want to.  Glad to see active development still going on though.  Just proves that this howto will have to be rewritten again eventually as things continue to evolve.

----------

## Strowi

hi,

looks like the /etc/tcprules.d/* files didn't appear because i emerged qmail -r13 instead of -r15 before emerging relay-ctrl. Also i think it would be good to mention that -r15 ist marked ~x86 atm.

@petterg: thx for that tip about authvchkpw! i almost gave up logging in with squirrelmail. But the solution on your link didn't work, because i couldn't find the path within the ebuild. However.. this thread worked for me.

And.. does anyone know if/how it is possible to merge a var/vpopmail/domain/* and a local /home/* account and make squirrelmail work with that solution? I tried linking ~/.maildir to /var/vpopmail/domain/user/.maildir but that gives an access-error. Apparently users cant access files owned by vpopmail..

----------

## endtransmission

 *Strowi wrote:*   

> hi,
> 
> looks like the /etc/tcprules.d/* files didn't appear because i emerged qmail -r13 instead of -r15 before emerging relay-ctrl. Also i think it would be good to mention that -r15 ist marked ~x86 atm.

 

ah, fair enough.  Will get to it here within the hour.

 *Strowi wrote:*   

> @petterg: thx for that tip about authvchkpw! i almost gave up logging in with squirrelmail. But the solution on your link didn't work, because i couldn't find the path within the ebuild. However.. this thread worked for me.

 

just curiously, did you know that after you implement a vpopmail setup, all your login names will have to include the entire email address from now on?  so your login name is no longer simply login but login@domain.com.

 *Strowi wrote:*   

> And.. does anyone know if/how it is possible to merge a var/vpopmail/domain/* and a local /home/* account and make squirrelmail work with that solution? I tried linking ~/.maildir to /var/vpopmail/domain/user/.maildir but that gives an access-error. Apparently users cant access files owned by vpopmail..

 

I think I understand what you're asking but it doesn't make sense to me why you'd want to do it that way.  In actual answer to your question though, no I don't know how to do it.  It seems to me the strength of vpopmail is the ability to create virtual accounts without actually having to create them real system accounts - so if an email acct gets hacked, no biggie, theres still no risk to the system.  Vpopmail keeps all the users mail files inside its own /var/vpopmail/domains/domain.com/username/.maildir - why are you trying to force vpopmail into stuffing their mail into individual shell accounts?  Is this something Pine requires maybe?

I'm rather scattered tonight.  Will make more sense tomorrow.  

(right....  :)  )

----------

## petterg

Sorry guys, I posted link to the wrong bug!

The correct vpopmail bug link is https://bugs.gentoo.org/show_bug.cgi?id=85794

as Strowi pointed out.

----------

## petterg

There are a few things in this guide that I would like to point out, some things I don't agree with, and a couple of things that make huge security holes.

1:

Before emerging qmail, make sure the 'notlsbeforeauth' use flag is DISABLED. And that the SSL use flag is ENABLED. (This makes sure that passwords for smtp-auth gets encrypted. - This works for qmail-1.03-r15 only.)

2:

Relay-ctrl why would anyone need it if they use SMTP-auth? My advice: just skip installing it.

3:

For the tcp.qmail-smtp file:

The line 192.168.31.50:allow,RELAYCLIENT="",RBLSMTPD="", where 192.168.31.50 is the server internal ip of the server. You may repeat this line for all trusted ip adresses - ip's to computers that are alowed to relay mail through the smtp server without authentication. Say your internal network is 192.168.31.*. Then you may allow all computers at the internal network by using the line 192.168.31.:allow,RELAYCLIENT="",RBLSMTPD="".

Note the dot after 31!

4:

In mysql:

grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost identified by 'your password';

Make sure the password is a password you've not used (or going to use) anywhere else! The reason is that you'll need to store this password in cleartext in the next step! Make sure you manage to remember it (or write it down) for 5 minutes. After you've finished #5 you'll never need this password again.

Test that you new mysqluser/password works

```
# mysql -uvpopmail -p vpopmail

Enter password:

```

Enter the password. If you get an Access denied error you've done something wrong in the mysql part.

If you get 

```
mysql>
```

you're fit to go.

5:

 *endtransmission wrote:*   

> Configure vpopmail's mysql user password
> 
> ```
>  # nano /etc/vpopmail.conf 
> ```
> ...

 

NO NO NO!!!!!

DO NEVER STORE YOUR ROOT PASSWORD IN CLEARTEXT - ANYWHERE!!

That was the whole point of the grant-line in mysql - you create a user that has limited access. The user you created in mysql got the username 'vpopmail' and the whatever password you chose. Also you created a database called vpopmail. The vpopmail.conf should look like

```

# host|port|user|password|database

localhost|0|vpopmail|whatever_password|vpopmail

localhost|0|vpopmail|whatever_password|vpopmail

```

Yes, the line has to be entered twice. (Assume you use the same user for read as for write)

Replace "whatever_password" with the password you entered on the grant-line in mysql.

Save the file, forget the password, throw away the note with the password you've forgotten... You'll never need it again.

6:

 *endtransmission wrote:*   

> 
> 
> If you have problems with vpopmail not accepting mail properly, please ensure that /etc/vpopmail.conf is chmod 600 and owned by vpopmail:vpopmail
> 
> ```
> ...

 

No. If you have problems with vpopmail not accepting mail properly, please ensure that vpopmail is running as vpopmail:vpopmail! Make sure the primary group of user vpopmail is vpopmail.

7:

 *endtransmission wrote:*   

> 
> 
> QUICK NOTE : In order to use vpopmail or qmailadmin Apache must run as user vpopmail:vpopmail. You will need to edit your /etc/apache2/conf/commonbapache.conf file to read / User vpopmail / Group vpopmail / and then restart apache with the command /etc/init.d/apache2 restart.
> 
> 

 

NO! Do not run apache as vpopmail, or any other user. If you do run apache as vpopmail, any user who has access to put serverside scripts (cgi / php files) on your webserver will also get access to read, delete, edit, publish any mail on your mailserver, and even be able to change your users passwords, reconfigure the server, create an open relay.... Do you need any more arguments for not to do that?

This does not affect squirrelmail (which is using local imap server) or qmailadmin (which is using cgi-bin wrapper) at all.

8:

If you're not using relay-ctrl you should leave the PRERUN and LOGINRUN lines at their default value when editing the config files for courier-imap.

9: The same goes for QMAIL_TCPSERVER_PRE and QMAIL_SMTP_PRE in /var/qmail/control/conf-smtp

10:

Why install the masked package qmailadmin-1.2.0_rc2-r1 when qmailadmin-1.2.1 is unmasked? (and was been unmasked since May 2004)

For those who are waitng for this guide to include viruscheck and spamfilter... take a look at Sabrex guide - a bit outdated, but still good: https://forums.gentoo.org/viewtopic-t-171499-highlight-.html

When it comes to installing ClamAV be avare the 0.81, 0.82 and 0.83 does not detect NetSky D virus. The 0.80 does. However all versions prior to 0.81 has some kind of bug that can make the clamd die. For the 12 past months I've used clamav on 2 of my servers, it still hasn't died.

----------

## endtransmission

Great.  Thanks for that.  Will throw your changes up on the bench box to test and then edit this appropriately.

----------

## syn_ack

 *petterg wrote:*   

> There are a few things in this guide that I would like to point out, some things I don't agree with, and a couple of things that make huge security holes.

 

Thanks for your posting. This is going to help out quite a bit in my initial install. Knowing the info that you've posted in advance is going to help save on tons of unneeded frustration. Much appreciated.

 *petterg wrote:*   

> 
> 
> 1:
> 
> Before emerging qmail, make sure the 'notlsbeforeauth' use flag is DISABLED. And that the SSL use flag is ENABLED. (This makes sure that passwords for smtp-auth gets encrypted. - This works for qmail-1.03-r15 only.)

 

Interesting. Ok. Question. Sorry to be so detailed but I figure it's all about details so please bare with me. Right now I have a domainname that I just registered and host through Noip.com. Because I have a dynamic ip through Comcast I use two mail features/services through Noip.com as well as their dyndns client (noip-updater) so that I can run an MTA using an Alternate smtp port. To do this I had to setup "mydomainname.com" dns record to point/list  noip.com's Mail Exchangers.

Mail Services:

Mail Reflector service:

For mail being sent to mydomainname.com from out on the internet, mail is routed to Noip.com's MX's which in turn then relays the mail to mail.mydomainnam.com on an alternate port to get around Comcast blocking port 25 traffic. I'll get this part of the Qmail configuration figured out with some more reading. Unsure of what relay rules I would need in this situation and how to change to an alternate port. Homework for me.

This is where my question comes in.

AlternatePort SMTP service: 

For me to send mail out I relay all mail to noip.com's mx. To do this they require that I use SMTP-Authentication. This is what they've said they require:

 *Quote:*   

> 
> 
> ******************************************
> 
>  "To send, your mail client must support SMTP Authentication. Consult 
> ...

 

So please correct me if I'm wrong but if I've read the qmail doc's correclty and from what you said above I would need to do the following in /var/qmail/control/smtproutes

```

# perl -e 'use MIME::Base64;print encode_base64($ARGV[0])' mydomainname.com@noip-smtp

bXlkb21haW5uYW1lLmNvbUBub2lwLXNtdHA=

# perl -e 'use MIME::Base64;print encode_base64($ARGV[0])' mypassword

bXlwYXNzd29yZA==

```

/var/qmail/control/smtproutes adjusted with the base64 encoding.

```

:smtp-auth.no-ip.com:3325 bXlkb21haW5uYW1lLmNvbUBub2lwLXNtdHA= bXlwYXNzd29yZA==

```

......or do I just put my username and password in clear text in the smtproutes control file and qmail automagically encrypts it for me? From what I here you saying, is that this is done in the r15 release but not in the stable r13 release of Qmail.  Thanks for any help or suggestions. I just want to make sure I'm understanding this correctly . I'm assuming I'm doing this correctly because the stable r13 Qmail build doesn't supply a  'notlsbeforeauth' USE flag. Only  'ssl' and 'selinux'. My current USE flags are '-X -ipv6 apache2 gtk mmx mysql maildir nls ssl'. I hope those are correct. Thanks again.Last edited by syn_ack on Sun Mar 20, 2005 10:00 pm; edited 1 time in total

----------

## petterg

Thread starter has some huge personal problems with people suggesting changes / alternatives / improvements to his private thread. I'll post the PM he sent me as a warning to anyone who consider to post anything into this thread:

 *endtransmission-pm wrote:*   

> coulda pm'd me or emailed me with that and I'd of happily adjusted the howto, asshole.

 

(At least he acts like a grownup when posting in the forums.)

----------

## endtransmission

Listen mate, theres a tactful way to do things and then theres your way.  I have no problem adjusting documentation or howtos, nor do I have any problem taking criticism, however strong.  But this was an asshole way to go about it.

Yeah, that was a pretty rough PM I sent you.  Dunno how you're gonna recover from that one.

I encourage you to sit down and rewrite the whole thing with current information and detail out the howto for people coming from ground zero.  If this is what it takes to drag knowledge and solid documentation out of the woodwork, so be it.  This isn't a dare.  I have no doubt you can do it.  I'm saying go ahead and do it.

This isn't a personal battle man.  Leave your baggage at home.Last edited by endtransmission on Sun Mar 20, 2005 11:08 pm; edited 1 time in total

----------

## Strowi

hi,

i don't know what your problem is, petterg was right in all 10 points. And i couldn't find anything offensive or so in his post... 

Nonetheless thanks for your efforts!

Now Back to topic!

hail me! I finally got it working, our home-server now receives, checks (spam/virus) and sends mail. :Wink: 

Now i need to find out how to realize a pop3-fetcher with qmail (not squirrelmail since i want it to run always, not only when logging in to squirrelmail).

here is a sample-header from a received mail:

```

Return-Path: <strowi at gmx.de>

Delivered-To: strowi at xxx.dyndns.org

Received: (qmail 6493 invoked by uid 210); 20 Mar 2005 23:06:57 +0100

Received: from 213.165.64.20 by Yggdrasill (envelope-from <strowi at gmx.de>, uid 201) with qmail-scanner-1.25st 

     (f-prot: 4.5.4/3.16.6. spamassassin: 3.0.2. perlscan: 1.25st. 

     Clear:RC:0(213.165.64.20):SA:0(1.6/5.0):. 

     Processed in 11.319872 secs); 20 Mar 2005 22:06:57 -0000

X-Spam-Status: No, hits=1.6 required=5.0

X-Spam-Level: +

Received: from unknown (HELO mail.gmx.net) (213.165.64.20)

     by 0 with SMTP; 20 Mar 2005 23:06:43 +0100

Received: (qmail invoked by alias); 20 Mar 2005 22:07:02 -0000

Received: from ip-address.netcologne.de (EHLO sleipnir) [ip-address]

     by mail.gmx.net (mp022) with SMTP; 20 Mar 2005 23:07:02 +0100

X-Authenticated: #746518

Received: from localhost [127.0.0.1]

     by sleipnir (192.168.xxx.xxx) (userid 1)

     with ESMTP (Classic Hamster Version 2.0 Build 2.0.6.0) ; Sun, 20 Mar 2005 23:06:49 +0100

From: Roman v. Gemmeren <strowi at gmx.de>

To: strowi at xxx.dyndns.org

Subject: 

Date: Sun, 20 Mar 2005 23:06:49 +0100

Message-ID: <rusr31hsn42tdnhq4hbtk76h2me1t6mv67@4ax.com>

X-Mailer: Forte Agent 2.0/32.652

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

X-Posting-Agent: Hamster/2.0.6.0

Return-Path: <strowi at gmx.de>

X-Y-GMX-Trusted: 0

```

But i've also got some more notes:

1. Courier-authlib 0.5* bug (the one from above)

it should've been emerged as dependency of courier-imap, 

but since there is a bug in courier-authlib-0.5*.ebuild regarding "authvchkpw" we need to reemerge it:

- mkdir /PATH_TO_PORTAGE_LOCAL/net-libs/courier-authlib

- cd /PATH_TO_PORTAGE_LOCAL/net-libs/courier-authlib

- cp /usr/portage-net-libs/courier-authlib/courier-authlib-0.53.ebuild .

- nano -w courier-authlib-0.53.ebuild

- change 

```

if [ has_version 'net-mail/vpopmail' ]; then

   myconf="${myconf} --with-authvchkpw --without-authmysql --without-authpgsql"

   use mysql && ewarn "vpopmail found. authmysql will not be built."

  use postgres && ewarn "vpopmail found. authpgsql will not be built."

else

```

to

```

if has_version 'net-mail/vpopmail'; then

   myconf="${myconf} --with-authvchkpw --without-authmysql --without-authpgsql"

  use mysql && ewarn "vpopmail found. authmysql will not be built."

  use postgres && ewarn "vpopmail found. authpgsql will not be built."

else

```

- ebuild courier-authlib-0.53.ebuild digest

- emerge courier-authlib

- check the following settings in /etc/courier/authlib/authdaemonrc

```

authmodulelist="authvchkpw" 

authmodulelistorig="authvchkpw" 

```

/etc/init.d/courier-authlib restart

2.  qmail-scanner-queue.pl

when setting up tcprules like in the first post, add this to /var/qmail/control/conf-common:

```

export QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

```

(note the missing ".pl"! this is now using the wrapper-class)

3. spam + virus filters

mostly like sabrex's howto, BUT:

```

> nano -w /etc/conf.d/spamd.conf 

  SPAMD_OPTS="-d -u vpopmail -v -x -c --siteconfigpath=/etc/mail/spamassassin/local.cf"

> rc-update add spamd default 

> /etc/init.d/spamd start 

```

4. Then install qmail-scanner.

ok, this has become a little tricky since perl doesn't allow setuid anymore (for some reason; check google), the easiest way is to reemerge perl:

```

> echo "dev-lang/perl perlsuid" > /etc/portage/package.use

> emerge perl

```

now before emerging qmail-scanner make sure that spamd is running, otherwise it won't work.

During emerge qmail-scanner watch for the scanning-process if it finds spamd...

[code]

> echo "mail-mta/qmail-scanner spamassassin" > /etc/portage/package.use

> emerge maildrop

> emerge qmail-scanner

[code]

----------

## Xeper

Hi guys,

I've big problem to change from the old-style to relay-ctrl (on an existing installation) - I followed the tutorial so far.

I always get these error messages provided by grsec when I restart svscan (with relay-ctrl stuff):

 *Quote:*   

> 
> 
> grsec: From 80.141.245.239: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /usr/bin/relay-ctrl-chdir[relay-ctrl-chdi:11140] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/supervise[supervise:6624] uid/euid:0/0 gid/egid:0/0
> 
> grsec: From 80.141.245.239: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /usr/bin/relay-ctrl-chdir[relay-ctrl-chdi:21852] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/supervise[supervise:27700] uid/euid:0/0 gid/egid:0/0
> ...

 

I dont get it - no clue what the problem might be  :Crying or Very sad: 

Maybe someone ran into this trouble, too.

Here something about my configuration:

mail-mta/qmail:                [  I] 1.03-r13 (0)

net-mail/courier-imap:       [  I] 4.0.1 (0)

net-mail/relay-ctrl:            [  I] 3.1.1-r2 (0)

net-mail/vpopmail:            [  I] 5.4.6-r1 (0)

When someone needs more information, just say so -Im happy for every hint

thanks.

----------

## Strowi

hi Xeper,

i would suggest using relay-control the "old way" like described in step 8 of the old thread ( https://forums.gentoo.org/viewtopic.php?t=171499&highlight=qmailscanner ).

You really don't need relay-ctrl.

BTW in the meantime i heard, that qmail was unmaintained (well, i would say dead) for ~6 years. Yesterday i tried the postfix Howto and had a working mta (sending & receiving with SMTP-Auth, SASL/SSL/TLS, Imap in less than an hour).

Today i'm going for the spamfiltering and pop3/imap-Fetcher. :Wink: 

----------

## rshadow

perhaps you could post a link to the HOWTO you used.. the last one I used involved using cyrus-sasl .. which was a disaster.   The only thing that comes close to the hatred I have for the .NET is cyrus-sasl.

----------

## cdunham

Nice HOWTO. It would be great if someone could edit the old one(s) and put a link here. I wasted a lot of time going through obsolete directions. Also, how does this relate to the qmail/vpopmail Virtual Mail Hosting System Guide?

One thing that is kind of lacking is the qmail-scanner instructions and caveats. Did you ever make it to the workshop?  :Wink: 

Specifically, qmail-scanner has to be installed *after* the virus and spam tools, clamd and spamd have to be running during the qmail-scanner emerge, and /var/{log,run}/clamav has to be owned by qscand, and ClamAV has to be configured to run as qscand.

----------

## leosgb

Following the directions on this thread I finally got my server to accept connections on ports 995 and 110 correctly from thunderbird. But now I have a problem: I cant actually login! I had qmail-pop3d running and I managed to use it for a couple days until I found out I could use courier and have an SSL pretection so I decided to give it a try. The problem is that since then I cant log in anymore. I could w/ qmail-pop3d but not w/ courier pop3d not courier pop3d-ssl. Does anyone have any idea why? Is there any information I need to post here to help? Thanks!

netstat -nap:

tcp        0      0 :::993                  :::*                    LISTEN      14067/couriertcpd

tcp        0      0 :::995                  :::*                    LISTEN      14227/couriertcpd

tcp        0      0 :::110                  :::*                    LISTEN      14147/couriertcpd

tcp        0      0 :::143                  :::*                    LISTEN      13987/couriertcpd

iptables -L -n:

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:145

----------

## petterg

 *leosgb wrote:*   

> Following the directions on this thread I finally got my server to accept connections on ports 995 and 110 correctly from thunderbird. But now I have a problem: I cant actually login! I had qmail-pop3d running and I managed to use it for a couple days until I found out I could use courier and have an SSL pretection so I decided to give it a try. The problem is that since then I cant log in anymore. I could w/ qmail-pop3d but not w/ courier pop3d not courier pop3d-ssl. Does anyone have any idea why? Is there any information I need to post here to help? Thanks!
> 
> 

 

A year and a half ago I tested imap-ssl with thunderbird. I concluded that the ssl implementation in thunberbid was quite buggy. Maybe you've found the same problem in pop3-ssl?

(I'm assuming you've set up thunderbird to use one of the authentication methodes courier accepts.)

----------

## leosgb

That is a good question. How can I know what are the acceptable methods for authentication? I have this same problem from Outlook Express so maybe that is not the issue but it is always good to check. Thanks for the suggestion!

----------

