Qmail/vpopmail Virtual mail Server System Configuration Guide

Introduction: This document describes in detail how to create a mail server system based on QMail, Vpopmail, Courier-imap, MySQL, and Horde ' imp.

1. Preamble

Whether you are for the system daemon, a single server or domain name address, or for multiple virtual domain name e-mail delivery, QMail can be a simple setup to meet your needs. This guide will guide you through all the work described above, based on a focus on remote access and encrypted transmission.

This guide will help you to use Qmail,courier-imap, Vpopmail and Horde/imp. And the content will also involve Daemontools, ucspi-tcp, MySQL, Apache and mod_php. In the relevant core components, QMAIL provides the core MTA functionality, COURIER-IMAP provides a remote mailbox IMAP access Service, Vpopmail provides virtual domain name management, and Horde/imp provides webmail access.

Before emerge the related packages, you need to activate the following use variables. If you have emerge any of the above packages, you may need to emerge them again. Use= "Maildir SSL IMAP mysql". In addition, if you use Horde/imp for your webmail, you need to use use= "NLS" before emerge mod_php.

Note: This guide is for step-by-step, and you may not have to go any further if you think you have completed the setup.

In the final step of the course, you only need to give all the work to QMail to complete. Of course, you can use many other packages to build your e-mail server system. Now you have to decide if qmail is right for you, and we've prepared another interesting guide for you around Postfix, or you can study exim. For you, you should choose the best solution for yourself, and for us it will show you how to use QMail.

2. QMail (local-oriented)

Code 2.1:emerge qmail

# emerge qmail

Important: This guide is explained around Qmail-1.03-r13 or newer versions. Does it apply to previous versions as well? Well, maybe. Should you upgrade your qmail? Yes-as long as you're sure this guide will guide you correctly.

Warning: If you encounter a hint such as the VIRTUAL/MTA package conflicts with another package, you will need to unemerge the other MTA on the system. To see which packages are causing the conflict, run emerge qmail-p.

Emerge QMail will also Emerge ucspi-tcp and Daemontools. If you want, you can study ucspi-tcp and Daemontools. Daemontools is primarily responsible for managing qmail as a service, while UCSPI-TCP is responsible for managing TCP connections that are introduced to qmail services.

First, let's do some setup after installation.

Quick Settings for Code 2.2:qmail

(自定义你的个人信息) # nano /var/qmail/control/servercert.cnf # ebuild /var/db/pkg/net-mail/qmail-1.03-r*/qmail-1.03-r*.ebuild config

QMail's design is heavily focused on its security, so it does not send any mail to the root account. So now you need to specify an account on your system that can be used instead of root to receive mail. In this guide, I will use the ' vapier ' user for the relevant setup instructions.

Code 2.3: Set non-root account

# cd /var/qmail/alias # echo vapier > .qmail-root # echo vapier > .qmail-postmaster # echo vapier > .qmail-mailer-daemon

Now start and run the QMail mail distribution service.

Code 2.4: Start qmail mail distribution service

# rc-update add svscan default # /etc/init.d/svscan start # cd /service # ln -s /var/qmail/supervise/qmail-send qmail-send

We want to know if qmail can work properly, so let's test it quickly.

Code 2.5: Test mail distribution Service

# ssh vapier@localhost # maildirmake .maildir # qmail-inject root << EOF test root e-mail! EOF # qmail-inject postmaster << EOF test postmaster e-mail! EOF # qmail-inject vapier << EOF test vapier e-mail! EOF # mutt(在收件箱中你应该有3封电子邮件)

It's done! Now you have a mail system that can work with a local computer or a system daemon/user about a mail delivery request task.

Warning: If you do not receive a message or you see a strange error message about ' Localhost.localhost ' in a log file (see/var/log/qmail/), this means your domain or DNS is not set up properly. By default, QMail uses the output information of hostname--fqdn. If this command outputs ' localhost ' on your machine, check/etc/hostname,/etc/hosts, whether your DNS has been set up. After you finish this work, edit the configuration file below/var/qmail/control/. If you need more help, please refer to the sample file below.

Code 2.6:/var/qmail/control/Two-level domain name Setup sample file

# hostname --fqdn wh0rd.org # cat me wh0rd.org # cat defaultdomain wh0rd.org # cat plusdomain wh0rd.org # cat locals wh0rd.org # cat rcpthosts wh0rd.org

Code 2.7:/var/qmail/control/three-level domain name Setup sample file

# hostname --fqdn mail.wh0rd.org # cat me mail.wh0rd.org # cat defaultdomain wh0rd.org # cat plusdomain wh0rd.org # cat locals mail.wh0rd.org # cat rcpthosts mail.wh0rd.org

3. Vpopmail

Code 3.1:emerge Vpopmail

# emerge vpopmail

Important: This guide is explained around Vpopmail-5.4.0_rc1 or newer versions. Does it apply to previous versions as well? Well, maybe. Should you upgrade your vpopmail? Yes-as long as you're sure this guide will guide you correctly.

Vpopmail relative to QMail, it takes a little more time to set up. Since Vpopmail requires MySQL to run, we first start and run MySQL, and then we can set up the Vpopmail database and follow the steps. Before you do this, you should make sure that MySQL has done the right emerge and related settings. Please note that the password I set for Vpopmail is ' VPOPPW ', of course you should choose a different password.

Code 3.2: Set Vpopmail

# rc-update add MySQL default if you are emerged MySQL for the first time, be sure to run before starting the MySQL server ebuild <mysql.ebuild> Config command and follow the prompts to complete the appropriate steps. #/etc/init.d/mysql Start # nano/etc/vpopmail.conf (Modify Password: Change ' secret ' to ' VPOPPW ') # mysql-p << EOF Create Database Vpopmail; Use MySQL; Grant SELECT, INSERT, UPDATE, delete, create, drop on vpopmail.* to vpopmail@localhost identified by ' VPOPPW '; Flush Privileges; EOF (The following command may not be required, but for the sake of insurance we still run it) # chown root:vpopmail/etc/vpopmail.conf # chmod 640/etc/vpopmail.conf # chown ROOT:VPOPMAIL/VAR/VPOPMAIL/BIN/VCHKPW # chmod 4711/VAR/VPOPMAIL/BIN/VCHKPW

Warning: If you have a problem with Mysql/vpopmail permissions, you may need to restart your MySQL. Completing this work requires only running/etc/init.d/mysql restart.

Now, Vpopmail can run. In this guide, we will establish a virtual host for the "wh0rd.org" domain name. This means that we need to specify the domain name of the virtual host in Vpopmail. At the same time, we will quickly add an account named ' Vapier '.

Code 3.3: Add a domain name

# source /etc/profile(只有当你运行下面的vadddomain 得到"command not found"的时候你才有必要执行这个步骤) # vadddomain wh0rd.org postpass(现在快速检查一下域名是否设置正确) # printf "postmaster@wh0rd.org\0postpass\0blah\0" | vchkpw `which id` 3<&0 uid=89(vpopmail) gid=89(vpopmail) groups=0(root) (如果你没有得到类似上面的内容, 则可能是权限设置不当) # vadduser vapier@wh0rd.org vappw

Each creation of a domain name in Vpopmail will generate an account name called ' Postmaster '. Here we set the password for the postmaster account is ' Postpass '. Before Vpopmail can be fully functional, we need to courier to receive mail, to send mail through QMail and SMTP.

4. Courier Pop/imap

Code 4.1:emerge COURIER-IMAP

# emerge net-mail/courier-imap

Important: You must emerge courier-imap after emerge vpopmail so that the AUTHVCHKPW module will be created.

Important: This guide is explained around NET-MAIL/COURIER-IMAP-2.1.2-R1 or newer versions. Does it apply to previous versions as well? Well, maybe. Should you upgrade your qmail? Yes-as long as you're sure this guide will guide you correctly.

Now do some basic setup after installation. Only when you are ready to use SSL encrypted communication (you should use it!) , these steps are necessary, otherwise skip to the last two steps of each setting in the command list below and remove the '-ssl ' suffix from the init script.

Quick Settings for Code 4.2:POP3/SSL

# cd /etc/courier-imap # nano authdaemonrc(设置authmodulelist变量使其只包含"authvchkpw") # nano pop3d.cnf(编辑 [ req_dn ] 段落) # mkpop3dcert # rc-update add courier-pop3d-ssl default # /etc/init.d/courier-pop3d-ssl start

Quick Settings for Code 4.3:IMAP/SSL

# cd /etc/courier-imap # nano imapd.cnf(编辑 [ req_dn ] 段落) # mkimapdcert # rc-update add courier-imapd-ssl default # /etc/init.d/courier-imapd-ssl start

Now your mail client should be able to log on to the host to send and receive mail. For me, I can use the account ' vapier@wh0rd.org ' and password ' VAPPW ' for landing.

5. QMail (towards the outside)

Now start and run SMTP, and make sure that we don't create another vulnerability for spam.

Code 5.1: Start the qmail SMTP service

# cd /var/qmail/control/ # nano conf-smtpd(去掉SMTP-AUTH 变量并且将 QMAIL_SMTP_CHECKPASSWORD 设置到 /var/vpopmail/bin/vchkpw 上) # nano servercert.cnf(编辑[ req_dn ] 段落) # mkservercert # cd /service # ln -s /var/qmail/supervise/qmail-smtpd qmail-smtpd # /etc/init.d/svscan restart

If you have not yet adjusted the QMail profile, QMail will accept all mail from wh0rd.org virtual domain and local computer users. In addition, qmail processes mail-sending requests only for users who send mail through 127.0.0.1 and for users who have passed Vpopmail authentication. So when you use mail clients to send messages, be sure to select an option similar to "server requires authentication." For me, I log in using the username ' vapier@wh0rd.org ' and password ' VAPPW '. Finally, you also need to set the mail client to open the SSL/TLS option for SMTP, otherwise you will not be able to authenticate through qmail.

6. Horde/imp Webmail Client

While there are quite a few Webmail clients (and you can use them for free), I prefer to use IMP Webmail client, which is made up of the Horde framework. The main reason is that horde can provide you with convenient webmail access, and you can add plug-ins to handle such things as address books, calendars, scheduled tasks, and so on. If these are not enough to attract you, then maybe you can visit Horde's official website.

All right! Now, we need emerge IMP.

Code 6.1:emerge IMP

# emerge horde-imp

Important: This guide is explained around horde-2.2.4 and horde-imp-3.2.2. The CVS version (that is, the next version of the upcoming release) may be significantly different on the related configuration settings.

Unless you already know exactly how horde should be set up, it's not easy to configure Horde for the first time. Luckily, I know how to do it, so you can finish the job with ease.

Code 6.2:horde quick Setting

# cd/var/www/localhost/htdocs/horde/config/ # for F in *.dist, do MV ${f} ${f/.dist}, done # nano horde.ph P (in ' Horde authentication ' paragraph:) $conf [' auth '] [' driver '] = ' IMAP '; $conf [' auth '] [' params '] [' dsn '] = ' {Localhost:993/imap/ssl} '; (in ' Horde Logging ' paragraph:) $conf [' Log '] [' name '] = '/var/log/apache2/horde.log '; (In ' Problem Reporting ' paragraph:) $conf [' Problems '] [' enabled '] = true; $conf [' Problems '] [' email '] = ' webmaster@wh0rd.org '; # Nano registry.php (in ' handlers ' paragraph:) $this->registry[' auth ' [' login '] = ' imp '; $this->registry[' auth ' [' logout '] = ' imp '; (in ' Application Registry ' paragraph:) change the ' status ' in [' imp '] from ' inactive ' to ' active ' # touch/var/log/apache2/ Horde.log # chown apache:apache/var/log/apache2/horde.log

Note: For some reason you may want to change the e-mail account for ' webmaster ', if so, you need to add the user through Vpopmail (or refer to the qmailadmin narration below).

Now start setting up Imp.

Quick Settings for Code 6.3:IMP

# cd /var/www/localhost/htdocs/horde/imp/config/ # for f in *.dist ; do mv ${f} ${f/.dist} ; done # nano servers.php(编辑 $servers['imap'] 阵列:) $servers['imap'] = array( 　　'name' => 'wh0rd.org', 　　'server' => 'localhost', 　　'protocol' => 'imap/ssl/novalidate-cert', 　　'port' => 993, 　　'folders' => '', 　　'namespace' => 'INBOX', 　　'maildomain' => 'wh0rd.org', 　　'smtphost' => 'localhost', 　　'realm' => '', 　　'preferred' => '' );

Finally, start Apache and start using webmail.

Code 6.4: Running Apache

# nano /etc/conf.d/apache2(取消 APACHE2_OPTS="-D SSL -D PHP4" 注释) # rc-update add apache2 default # /etc/init.d/apache2 start

Warning: You might want to consider forcing horde users to connect through HTTPS. This is not an important issue, but you'd better set it up for security reasons.

To test your IMP settings, start your Web browser and then access http://localhost/horde/(or replace localhost with the server you are setting up). You should be able to see a welcome page and you can login to horde from this page. For my settings, I just need to use ' vapier@wh0rd.org ' and ' VAPPW ' as the username and password to log in.

Now, Hoede and IMP have been set up. But maybe you should look back at your profile directory and optimize it according to what you need.

7. Additional Packages

Qmailadmin

The first package I recommend is qmailadmin. It is a web-based management interface for managing virtual domain names. All you need is a simple emerge net-mail/qmailadmin and then open http://localhost/cgi-bin/qmailadmin in your Web browser to start using it. This software will make your work exceptionally easy.

Qmhandle

If you're having trouble dealing with qmail queues and you're in a row for certain situations, I suggest you use Qmhandle. It is a Perl applet that allows you to view and manage QMail message queues. Again, all you have to do is emerge net-mail/qmhandle.

Horde add-on software

I would like to strongly recommend some other Horde related applications. Turba, Kronolith and nag can make imp work better in a short time. They are configured in a similar way as IMP, so you should not have any serious problems with this job. Remember to edit the registry.php in the Hoede configuration directory so that these new programs can appear at the bottom of the Horde admin page.

Ucspi-tcp

QMail uses ucspi-tcp when handling connections that are introduced to the server. If you want to customize these filtering rules, refer to the configuration file below/etc/tcprules.d/. Here you can find two related files that correspond to each service, one is a configuration file (such as TCP.QMAIL-SMTP) and the other is a compiled file (such as TCP.QMAIL-SMTP.CDB) for this profile that UCSPI-TCP uses. Once you have updated these two files, you will need to rebuild the binary versions of those files. To complete this work, you only need to run Tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp. Whenever QMail receives a connection, its compiled rule files are re-read once, so you do not need to restart the service.

Qmail-scanner

If you want to implement content filtering (spam or virus scanning) on your server, you need a different queue handler than the default. Qmail-scanner can do this work better, all you need to do is emerge Net-mail/qmail-scanner, then edit/etc/tcprules.d/tcp.qmail-smtp file.

Important: The build process for qmail-scanner is not pleasant, because before emerge qmail-scanner your system must have a corresponding package installed, such as SpamAssassin and/or Clam AntiVirus. For more information please refer to the relevant content below.

Code 7.1: Changing Queuer

# cd /etc/tcprules.d/ # nano tcp.qmail-smtp(将 QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" 加入到catchall过滤规则中) # tcprules tcp.qmail-smtp.cdb tcp.qmail-smtp.tmp < tcp.qmail-smtp

If you want to set up spam filtering and virus filtering, please refer to the following. You can modify the/var/qmail/bin/qmail-scanner-queue.pl to make some customization settings.

SpamAssassin

SpamAssassin is one of the best open source spam filtering programs. You only need to run emerge dev-perl/mail-spamassassin to install it. This software has command line (command-line version) and Client/server (client/server side) versions. If your server does not have a lot of mail, then command line (command-line version) will meet your needs, but if your server needs to handle a lot of mail, you will need to select the Client/server (client/server) version.

Quick Settings for Code 7.2:spamassassin

# nano /etc/mail/spamassassin/local.cf(以下的选项设置为原始最低需求:) required_hits 6 skip_rbl_checks 1 # rc-update add spamd default # /etc/init.d/spamd start # nano /var/qmail/bin/qmail-scanner-queue.pl(请确保$spamc_binary 已经设置到了'/usr/bin/spamc'上.)(如果它被设置到 '' 上, 请参看下面的注意事项.)

Important: If SpamAssassin is not installed in your system before emerge Qmail-scanner, you will now need to emerge qmail-scanner again. The Qmail-scanner build process is not pleasant, and in the build process it will only add those packages that have been detected to its functional features.

All messages are now transmitted through Qmail-scanner and SpamAssassin are scanned for these messages.

Clam AntiVirus

Similar to the SpamAssassin, Clam AntiVirus has two versions, and I'll show you how to quickly set up the Client/server (client/server side) version. But first, you need to emerge net-mail/clamav.

Quick settings for Code 7.3:clam antivirus

# nano /etc/conf.d/clamd(设置 START_CLAMD=yes) # nano /etc/clamav.conf(按你的需要对其进行修改和设置) # rc-update add clamd default # /etc/init.d/clamd start # nano /var/qmail/bin/qmail-scanner-queue.pl(请确保 $clamscan_binary 变量已经设置到了 '/usr/bin/clamscan' 上.)(如果它被设置到 '' 上, 请参看下面的注意事项.) # nano /var/qmail/control/conf-common(如果 ClamAV 报告有memory problem（内存读取问题）请尝试将softlimit的值设高一点)

Important: If clam AntiVirus is not installed in your system prior to emerge Qmail-scanner, you will now need to emerge qmail-scanner again. The Qmail-scanner build process is not pleasant, and in the build process it will only add those packages that have been detected to its functional features.

All messages are now transmitted through Qmail-scanner, and Clam AntiVirus scans the messages.

8. The Last Reminder

I don't have any final reminders, unless you have any difficulty reading this guide, and if you find any bugs in this tutorial, please contact me through Gentoo ' s bugtracking Website. If you have any good tips to add colour to this guide, you must also write to me. I love qmail, so I want to make this guide richer so that you can experience the MTA better.