# qmail+courier-imap+vpopmail+spamassassin+more SelfHelp Guide

## spindustrious

Hello,

I have been working on putting together a complete email server solution for the past couple of weeks.  I am working towards a system that uses qmail, courier-imap (for IMAP and POP), vpopmail (for virtual domain management using MySQL), vchkpw (for both IMAP/POP and authenticated SMTP), SpamAssassin, and Horde's IMP for webmail.  I am simply presenting a collection of notes and URLs to prevent needless Google and forum searching/frustration.

QMAIL

In the qmail-1.03-r10 ebuild, I commented out the smtp-auth-close3.patch line.  I then set USE="ssl -ldap" (as per this post) so TLS wouldn't break.  This post offers a suggestion on forcing the use of TLS during SMTP authentication.

I then modified /var/qmail/supervise/qmail-smtpd/run to look like this:

```

#!/bin/sh

UID=`id -u vpopmail`

GID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

exec /usr/bin/softlimit -m 8000000 \

   /usr/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $UID -g $GID 0 smtp \

   /var/qmail/bin/qmail-smtpd localhost \

   /var/vpopmail/bin/vchkpw /bin/true 2>&1

```

I am using vpopmail, hence the vchkpw instead of checkpassword.  When using vchkpw, the daemon needs to be run with the UID and GID of the vpopmail user.  With checkpassword, use the UID and GID of the qmaild user.  Make sure to SUID your password checker: checkpassword and vchkpw ("chmod 6755 vchkpw" followed by "chown vpopmail:vpopmail vchkpw").

This combination worked.  However, I now realize that the smtp-auth-close3.patch needs the morercpthosts control file which wasn't present on my system when I was attempting to run the unmodified ebuild.  This post gives me that impression, though I have yet to test it out.  Apparently even an empty morercpthosts file will allow the patched build to work properly.

This post on the qmail mailing list presents an effective means of diagnosing some SMTP authentication problems.  The thread it was in has some other potentially useful diagnostic info.  

COURIER-IMAP & VPOPMAIL/VCHKPW

Courier-IMAP was a breeze to install.  I used the net-mail/courier-imap-2.1.2-r1 ebuild.  The documentation on the developer's site is reasonably helpful.

I wanted to authenticate against a MySQL database.  I believe my vpopmail installation (net-mail/vpopmail-5.2.1-r8 ebuild) works because it was compiled with USE="mysql" as in my /etc/make.conf, though I didn't really explore it since it worked without any manual intervention.

Since the MySQL installation seems to work smoothly using ebuilds, I'll consider it trivial and won't address it here.

This post gives some information on configuring Courier to authenticate with vchkpw, which has a goofy MySQL database structure that I couldn't get to work with Courier's authmysqlrc.  But, since I found the above solution pretty quickly, I didn't really try to get authmysqlrc working with the vchkpw database.

Apparently I chose vpopmail over vmailmgr rather cavalierly.  The debate rages here and here.  

SPAMASSASSIN

The changes in PERL 5.8 that broke all of the ebuilds are still giving me grief so i just installed the PERL modules that SpamAssassin needs using the CPAN shell ("perl -MCPAN -e shell", then "install <some module>").  I used "emerge -O Mail-SpamAssassin" (with ebuild 2.60-r1).

I used the same strategy for razor.  I used the 2.12 ebuild.

I tried to use qmail-scanner (1.16-r1 ebuild), but it would take several hours for mail to finally get delivered on my capable box with no load.  I reconfigured SpamAssassin using instructions from qmail-scanner's site and bits and pieces from the SpamAssassin documentation (the sections on spamd and Mail_SpamAssassin_Conf are especially useful/relevant).

As a result of this, my /etc/conf.d/spamd looks like:

```

# -a for auto-white-list

# -c to create a per user configuration file

# -x do not create a per user configuration file

# -L if you want to suppress DNS lookup 

# -u USER to run as a user other than root (strongly recommended!)

#

# for more help look in man spamd

SPAMD_OPTS="-x -u spamc"

```

I created the spamc user (perhaps spamd would have been more sensible...) so spamassassin wouldn't be run as root.  This is the same logic behind SUIDing checkpassword/vchkpw as above.

My /etc/mail/spamassassin/local.cf looks like:

```

# Performs local tests and checks razor.  Does not check rbls

# or DCC.  Only adds header info to scanned mail.  Uses Bayesian detection.

# Scoring Options

required_hits 5

# Message Tagging Options

rewrite_subject 0

report_safe 0

fold_headers 1

clear_headers

add_header spam IsSpam _YESNOCAPS_

add_header all Score _HITS_ (_STARS(*)_)

add_header all Evidence _REPORT_

# Network Test Options

use_dcc 0

dcc_timeout 8

use_pyzor 0

use_razor2 1

razor_timeout 10

skip_rbl_checks 1

check_mx_attempts 2

check_mx_delay 5

dns_available yes

# Learning Options

bayes_auto_learn 1

```

Since qmail-scanner was apparently causing problems, I tried a user-level invocation of SpamAssassin that would then deliver a scanned message to a maildir using safecat (net-mail/safecat-1.11).  This page presents that solution, among others.  It's a little out of date, but the ideas are helpful.

Here's a sample .qmail-foo file in /var/vpopmail/domains/bar/:

```

|spamc |maildir /var/vpopmail/domains/bar/foo/Maildir/

```

This works well for me.

I now think that SpamAssassin was misconfigured (too many network tests and long time-outs) and was causing qmail-scanner to act up.  I will give qmail-scanner another shot soon.

HORDE/IMP

I am not particularly adept at leveraging the Portage system to my advantage.  As a result, I have hand-rolled builds of Apache 2 and PHP 4.3.4.  Getting PHP to properly compile with IMAP support was the hardest part of the Horde installation.

I can no longer find the URL where I found these instructions.  I am relating them from memory and I hope I haven't forgotten any steps.

I downloaded UW-IMAP (imap-2002e).  I edited src/osdep/unix/Makefile to reflect my OpenSSL installation.  I built it using "make lnp" (Linux with PAM..."make slx" doesn't seem to do the trick).  I then moved all the .h files into /usr/local/imap-2002e/include (just to put them some place sensible...) and all the .c files into /usr/local/imap-2002e/lib.  c-client.a gets renamed libc-client.a and is put in /usr/local/imap-2002e/lib as well.

I modified this section of imap-2002e/src/osdep/unix/Makefile:

```

# Extended flags needed for SSL.  You may need to modify.

SSLDIR=/etc/ssl

SSLCERTS=$(SSLDIR)/certs

SSLKEYS=$(SSLCERTS)

SSLINCLUDE=/usr/include/openssl

SSLLIB=$(SSLDIR)/lib

```

Add "--with-imap=/usr/local/imap-2002e --with-imap-ssl=/usr/include/openssl" to your PHP configure recipe to add IMAP and IMAP over SSL support to your PHP build.

I just downloaded the various tarballs from www.horde.org and installed them.  IMP is a nice webmail client.  I've never used sqwebmail, but I was a little disappointed by squirrelmail's configurability when I tried it a couple of years ago.

NOTES

Qmailadmin is a simple and effective CGI for managing vpopmail domains over the web.

ezmlm installed from an ebuild with no problems.  It's sort of a low priority right now so I don't have much to say about it.

I think I haven't properly tuned /etc/tcp.smtp yet to work with SMTP authentication.  I currently have:

```

# localhost is allowed to relay

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# allow LAN to relay...

192.168.0.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# everyone else is allowed to connect but can't relay

:allow,QMAILQUEUE="/var/qmail/bin/qmail-queue"

```

It's works but it's incompatible with the realistic need to have relays authenticated (so only roaming system users can relay outside of the lan) as well as allow the unauthenticated delivery of mail to locally handled accounts.

I hope this ends by being helpful to my fellow amateur tinkerers in the Gentoo community.

I will gladly post corrections or explanations if necessary.

Good luck!

Peter

----------

