Daemontools-0.76 Patch
Now that you ve downloaded all the needed packages, we can start the install. At this point you should have a qmailrocks source directory located at /downloads/qmailrocks. If you don t, go back to step 1. This step involves the setup of the very heart of you new qmail server. In this step, we ll install qmail itself, ucspi-tcp and daemontools. These 3 packages are the core of the qmail server and will be the foundation on which we build everything else. So don t screw it up.
RH 9/RHEL/Fedora/Slackware users: click here before you start.
To start things off, I ve created a handy little shell script that takes care of the first portion of getting qmail, ucspi-tcp and daemontools intalled. Simply run this script from the command prompt of your Solaris box and you should be golden. The script will tell you what it s doing along the way.
/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script click here to view this script
If all goes well, you should have all the needed user and groups created as well as all the needed directories, permissions and ownership settings needed for the installation of qmail, ucspi-tcp and daemontools
Before we start to compile and install qmail, ucspi-tcp and daemontools, we re going to apply a group of patches to qmail. These patches will build all sorts of cool functionality directly into qmail before we install it. In total, we re going to add around 15 patches, but fortunately John Simpson has combined all but one of these patches into one giant patch file. But it gets even easier because I ve thrown together a shell script that applies ALL the patches in one quick step. I m making this so easy for you it s almost sickening. :
Here s the basic gist of these patches: All critical patches included in this bundle will be automatically integrated in your qmail server s functioning. However, there are a few non-critical patches that have to be configured in order to work. These non-critical patches are included merely to give you a few extra little goodies that you can play with on your own time. Some of these extra little goodies are new to me too, so as I learn more about them I will certainly go into more detail. So that you re not completely ignorant as to what theses patches are going to be doing to your qmail server, here s a quick list of what patches are included. I have color coded these patches so that you will know which ones are critical and which ones are not. Red patch critical patch, as far as the QMR install is concerned, that is automatically integrated into your qmail server and requires no additional work on your part. Blue patch a non-critical patch that merely adds some cool functionality. Blue asterisk patches also will be automatically integrated and require no additional work. Green patch a non-critical patch that merely add some cool functionality, but which needs to be configured in order to be active.
maxrcpt patch - Allows the sysadmin to set limits a message s number of recipients. The default for this patch is set to 100. Mfcheck patch - causes qmail-smtpd to reject messages where the domain portion of the envelope sender is not a valid domain
quota patch - Turns over quota errors into HARD errors, not soft. A wake up call for those 2 or 3 jackasses on your server who never check their mail. Date-localtime patch - causes qmail to use the local timezone in any headers it generates. Qmailqueue - the classic patch that allows qmail-smtpd to call other programs to process messages. Through qmailqueue, we will later tie in Clam Antivirus and Spamassassin. However, many ofther programs can also be tied in if you so desire. Jms1-antispam patch - An anti-spam patch created by John Simpson, which works within qmail-scanner to trick spam servers into believing a spam message is delivered, when in fact it isn t. This is inactive by default, but you can play around with this if you want. Errno.patch - patches error.h to work correctly with libc-2.3, which is used by RedHat 9 and a few other Linux distributions
smtp-auth patch - good old smtp authentication
STARTTLS/AUTH patch - patch from qmail.org, modified by John Simpson to not advertise AUTH unless the command line elements are there, AND adding a check to not advertise or support AUTH unless the connection is secure. Forcetls patch - a patch created by Ryan Schlesinger to compensate for mail clients that do not support TLS. Using this patch, your qmail server will always accept an smtp connection encrypted with TLS. However, if any of your users have a mail client that does NOT support TLS, they will still be able to connect with just a plain AUTH connection. This is the default setting that this patch installs with. However, if you re a security nazi, this patch allows you to set your server so it will REQUIRE a TLS smtp connection no matter what. This patch simply gives you some flexibility with your TLS enabled qmail server. The SPF patch - adds SPF checking to qmail-smtpd. SPF is a system where the owners of domain names can publish the list of IP addresses from which their users send mail. If another mail server sees an incoming message claiming to be From that domain, but not coming from an IP on their SPF list, that server can reliably reject the message as spam. More info can be found here. Qmail-0.0.0.0 patch - fixes a difference between how Linux interprets the IP address 0.0.0.0 and how the BSD systems handle it. According to RFC 1122, the IP address 0.0.0.0 should always be treated as an address for this host, this network. Part of qmail s loop-detection logic is determining whether or not a given IP address is the current machine. This patch teaches qmail that 0.0.0.0 is always the local machine. Qmail_local patch - fixes a possible bug in qmail-local having to do with how the first line of a. Qmail file is interpreted, when it starts with whitespace. Sendmail-flagf patch - fixes how the -f option to /var/qmail/bin/sendmail is handled, so that it more closely matches how the original sendmail program s -f option worked. Bind-interface patch - a patch that lets you control the source IP from which outgoing connections appear from a machine with multiple IP addresses. This page on qmail.org describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses. 8k-buffer-patch - increases the size of the memory buffer that qmail uses when querying the system for a list of all local IP addresses.
Ok, so enough talk. Let s apply these mega-patches and get this patching business out of the way
/downloads/qmailrocks/scripts/util/qmail_big_patches.script click here to view this script
Now we build Qmail
cd /usr/src/qmail/qmail-1.03
make man make setup check
./config-fast your_fqdn_hostname ex. /config-fast mail.mydomain.com
OK, qmail itself is now built and installed. Now let s generate a secure certificate that will be used to encrypt your server s TLS encrypted SMTP sessions
make cert
When you run the above command you will be asked a series of questions regarding the generation of your certificate. They are non-technical questionssuch as your location, business name, organaization name, common name and so forth. If you ve ever generated an SSL cert before, this should be familiar stuff to you. If you haven t, simply follow the directions. It s easy. If you have trouble following the directions, you might as well give up now because you re a RETARD. Since the cert you are generating is already NOT from a trusted authority such as Verisign or Thawte, the information you provide here is not really THAT important, so don t sweat it. Here s a sample of my cert cert configs. Don t be an idiot. Substitute in your own information. Country Name 2 letter code GB :USState or Province Name full name Berkshire :GeorgiaLocality Name eg, city Newbury :AtlantaOrganization Name eg, company My Company Ltd :qmailrocks.orgOrganizational Unit Name eg, section :mailCommon Name eg, your name or your server s hostname :mail.qmailrocks.orgEmail Address :postmaster thisdomain.org
If the cert is successfully generated it will be automatically installed at /var/qmail/control/servercert.pem, along with a symlink to that cert at /var/qmail/control/clientcert.pem
Now we set the right ownership for the newly create cert
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
Now we build ucspi-tcp
cd /usr/src/qmail/ucspi-tcp-0.88/
RH 9/RHEL/Fedora/Slackware users: You will need to patch ucspi-tcp with an additional errno patch:
patch /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch
make make setup check
If you don t get any errors, that s it for ucspi-tcp. Now we build the daemontools. Cd /package/admin/daemontools-0.76
RH 9/RHEL/Fedora/Slackware users:You will need to patch daemontools with an additional errno patch:
cd /package/admin/daemontools-0.76/src
patch /downloads/qmailrocks/patches/daemontools-0.76.errno.patch
cd /package/admin/daemontools-0.76
package/install
If no errors are reported, you ve successfully compiled the daemontools package. All done for now
If you run take a look at the running processes on your server at this point, you should see the daemon svscanboot running. You can usually do this with a ps -aux command. Here s a screenshot of it. If you see svscanboot running, you re in good shape. OK, Qmail is almost totally installed but we re going to pause right here and install a bunch of handy tools and features that will make Qmail pretty and fun. After that, we ll make some final changes to Qmail and then crank it up. Proceed to Part 3.
- Daemontools install instructions ucspi-tcp install instructions getting started with tcpserver setup of a daytime server common tcpserver setups daemontools-0.76.
- Maxrcpt patch - Allows the sysadmin to set limits a message s number of recipients. The default for this patch is set to 100. Mfcheck patch.
- Commercial support is available for qmail. Crynwr Software. Support is available on-site, by phone, or over the Internet. 1-315-323-1241 or FWD 404529.
- QMAIL Vpopmail courier-imap Qmailadmin MySql Spamassassin clamav Squirrelmail stats Isoqlog, qms-analog, qmailanalog qmail MRTG under Linux.
- Yum install patch sudo mkdir -p /package sudo chmod 1755 /package/ cd /package/ sudo wget sudo tar xzf.
6. Additoinal Software 6.1. Daemontools. Daemontools is a companion package, prerequisite to qmail-ldap. It provides some helper programs which assist in.