=== Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches: ===
* SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html)
* qmail-dnsbl patch (added logging)
* qmail-queue-custom-error.patch (for simscan)
* qmail-smtp-log-patch
* chkuser 2.0.9
* qmail-queue-custom-error
* Outgoingip patch
* **(NEW)** DENYMSG patch
* **(NEW)** TLS PATCH
* **(NEW)** maildir++ patch
* **(NEW)** big concurrency patch
* **(NEW)** sendmail flag patch
* **(NEW)** More verbose patch
//**qmail-dnsbl patch**// lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.
If the check fails, the server closes the SMTP conversation before receiving the mail, **avoiding any resource wasting.**
//**chkuser 2.0**// The original qmail-smtpd accepts by default all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existing recipient, a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.
chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.
qmail-smtpd patched with chkuser __may check the existence of e-mail recipient__s immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus **avoiding additional traffic**, workload and messages bounced more times.
These goals are achieved by querying the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.
chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of “who’s sending to whom”. This can facilitate any further enhancements of anti-SPAM features.
//**DENYMSG patch**//
New patch, now in your tcp.smtp you can add DENYMSG, for example: 151.53.135.52:allow,DENYMSG="Too much spam from this network" will block 151.53.135.52 with the DENYMSG
N.B. __Current qmail version works only with my vpopmail-mysql package!__
So, let’s go, in less than ten minutes we can have a fully performing mail server!
Just open your terminal and add my deb repository in your sources.list:
debian:~# vi /etc/apt/sources.list
Add these lines (Etch):
deb http://debian.iuculano.it/apt etch main contrib non-free
deb-src http://debian.iuculano.it/apt etch main contrib non-free
wget http://debian.iuculano.it/AE3BE9AA.gpg -O- | apt-key add -
and:
debian:~# apt-get update
My vpopmail package uses mysql backend, so we need mysql-server:
apt-get install mysql-server
It is strongly recommended to set a password for the mysql root user
(which is NOT the same as the “normal” root user) with the command:
mysqladmin -u root password 'enter-your-good-new-password-here'
debian:~# mysqladmin -u root -p create vpopmail
debian:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql> GRANT ALL PRIVILEGES ON vpopmail . * TO 'vpopmail'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
debian:~#
On some configuration, you will need to install dpatch to build qmail
debian:~# apt-get install dpatch
Good, now we can install qmail, vpopmail, spamassasin (N.B. You should have official contrib and non-free repository in your sources.list)
debian:~# apt-get install qmail-src spamassassin vpopmail-mysql spamc razor pyzor ucspi-tcp-src libmailtools-perl libmail-spf-query-perl libsys-hostname-long-perl
Now we build ucspi-tcp
debian:~# build-ucspi-tcp
And finally, we build qmail!
debian:~# build-qmail
Don’t worry if you get an error message when installing the .deb package; we need to remove exim4!
debian:~# dpkg --force-depends --purge exim4 exim4-base exim4-config exim4-daemon-light
Now:
debian:~# dpkg -i /tmp/qmail/qmai*.deb
After installing it, if you want TLS:
cd /tmp/qmail/qmail-1.03/ && make cert && make tmprsadh
Very well, now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail
If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS
If you want chkuser you should replace:
-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \
with:
-u vpopmail -g vchkpw -x /etc/tcp.smtp.cdb 0 smtp \
Setting your mail name:
echo mail.domain.org > /etc/qmail/me
Setting mysql username and password for vpopmail
debian:~# vi /etc/vpopmail/vpopmail.mysql
and restart qmail and popmail POP3
debian:~# /etc/init.d/qmail restart && /etc/init.d/vpopmail-mysql restart
Stopping mail-transfer agent: qmail.
Starting mail-transfer agent: qmail.
Restarting vpopmail pop3 server: vpopmail.
debian:~#
Very well, we ‘re almost done!!
Some check-ups:
We must remove temporarily localhost whitelist from /etc/tcp.smtp, so open /etc/tcp.smtp, and replace:
127.0.0.1:allow,RELAYCLIENT=""
with:
#127.0.0.1:allow,RELAYCLIENT=""
And rebuilt cdb:
/etc/init.d/qmail cdb
Now:
debian:~# apt-get install recode telnet
[...]
debian:~# vadddomain test.bogus
Please enter password for postmaster:
enter password again:
debian:~# ls -la /var/lib/vpopmail/domains/
totale 3
drwx------ 3 vpopmail vchkpw 1024 2006-07-07 16:34 .
drwxr-xr-x 6 root root 1024 2006-07-07 16:09 ..
drwx------ 3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus
debian:~# echo -en "postmaster@test.bogus" | recode data..base64
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
debian:~# echo -en "test" | recode data..base64
dGVzdA==
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO TEST
250 mail.domain.com
EHLO
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
mail from: test@nonexact.from
511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
mail from: test@test.com
250 ok
RCPT TO: notexist@test.bogus
511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
RSET
250 flushed
AUTH LOGIN
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
334 UGFzc3dvcmQ6
dGVzdA==
235 ok, postmaster@test.bogus, go ahead (#2.0.0)
mail from: test@test.com
250 ok
RCPT TO: postmaster@test.bogus
250 ok
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~#
Good! Everything seems to work finely!
Uncomment localhost entry in /etc/smtp:
replace:
#127.0.0.1:allow,RELAYCLIENT=""
with:
127.0.0.1:allow,RELAYCLIENT=""
And rebuilt cdb:
/etc/init.d/qmail cdb
Now, the last thing you have to do is:
debian:~# apt-get install qmailadmin autorespond ezmlm-src clamav clamav-daemon clamav-freshclam ripmime
Install simscan - start by getting the simscan source, and patching for working with last clamav version:
wget http://downloads.sourceforge.net/simscan/simscan-1.4.0.tar.gz
tar -zxvf simscan-1.4.0.tar.gz
cd simscan-1.4.0
wget http://qmail.jms1.net/simscan/simscan-1.4.0-clamav.3.patch
cat simscan-1.4.0-clamav.3.patch | patch -p1
Then compile it - here's a ./configure example:
./configure --enable-user=clamav --enable-clamav=y --enable-custom-smtp-reject=y --enable-attach=y \
--enable-spam=y --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y \
--enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n \
--enable-quarantinedir=/var/qmail/quarantine
Then edit /etc/init.d/qmail - uncomment the following two lines:
QMAILQUEUE="/var/qmail/bin/simscan"
export QMAILQUEUE
button=static
thing=57348