Part 2 - Installing Qmail Itself

Now that you've downloaded all the needed packages, we can start the install. At this point you should have a qmailrocks source directory located at /downloads/qmailrocks. If you don't, go back to step 1. This step involves the setup of the very heart of you new qmail server. In this step, we'll install qmail itself, ucspi-tcp and daemontools. These 3 packages are the core of the qmail server and will be the foundation on which we build everything else. So don't screw it up!

(RH 9/RHEL/Fedora/Slackware users: click here before you start.)

To start things off, I've created a handy little shell script that takes care of the first portion of getting qmail, ucspi-tcp and daemontools intalled. Simply run this script from the command prompt of your Solaris box and you should be golden. The script will tell you what it's doing along the way.

/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script   (click here to view this script)

If all goes well, you should have all the needed user and groups created as well as all the needed directories, permissions and ownership settings needed for the installation of qmail, ucspi-tcp and daemontools

Before we start to compile and install qmail, ucspi-tcp and daemontools, we're going to apply a group of patches to qmail. These patches will build all sorts of cool functionality directly into qmail before we install it. In total, we're going to add around 15 patches, but fortunately John Simpson has combined all but one of these patches into one giant patch file. But it gets even easier because I've thrown together a shell script that applies ALL the patches in one quick step. I'm making this so easy for you it's almost sickening. :)

Here's the basic gist of these patches: All critical patches included in this bundle will be automatically integrated in your qmail server's functioning. However, there are a few non-critical patches that have to be configured in order to work. These non-critical patches are included merely to give you a few extra little goodies that you can play with on your own time. Some of these "extra little goodies" are new to me too, so as I learn more about them I will certainly go into more detail.

So that you're not completely ignorant as to what theses patches are going to be doing to your qmail server, here's a quick list of what patches are included. I have color coded these patches so that you will know which ones are critical and which ones are not.

red patch = critical patch, as far as the QMR install is concerned, that is automatically integrated into your qmail server and requires no additional work on your part.

blue patch = a non-critical patch that merely adds some cool functionality. Blue asterisk patches also will be automatically integrated and require no additional work.

green patch = a non-critical patch that merely add some cool functionality, but which needs to be configured in order to be active.

maxrcpt patch - Allows the sysadmin to set limits a message's number of recipients. The default for this patch is set to 100.

mfcheck patch - causes qmail-smtpd to reject messages where the domain portion of the envelope sender is not a valid domain

quota patch - Turns "over quota" errors into HARD errors, not soft. A wake up call for those 2 or 3 jackasses on your server who never check their mail.

date-localtime patch - causes qmail to use the local timezone in any headers it generates.

qmailqueue - the classic patch that allows qmail-smtpd to call other programs to process messages. Through qmailqueue, we will later tie in Clam Antivirus and Spamassassin. However, many ofther programs can also be tied in if you so desire.

jms1-antispam patch - An anti-spam patch created by John Simpson, which works within qmail-scanner to trick spam servers into believing a spam message is delivered, when in fact it isn't. This is inactive by default, but you can play around with this if you want.

errno.patch - patches error.h to work correctly with libc-2.3, which is used by RedHat 9 and a few other Linux distributions

smtp-auth patch - good old smtp authentication

STARTTLS/AUTH patch - patch from qmail.org, modified by John Simpson to not advertise AUTH unless the command line elements are there, AND adding a check to not advertise or support AUTH unless the connection is secure.

forcetls patch - a patch created by Ryan Schlesinger to compensate for mail clients that do not support TLS. Using this patch, your qmail server will always accept an smtp connection encrypted with TLS. However, if any of your users have a mail client that does NOT support TLS, they will still be able to connect with just a plain AUTH connection. This is the default setting that this patch installs with. However, if you're a security nazi, this patch allows you to set your server so it will REQUIRE a TLS smtp connection no matter what. This patch simply gives you some flexibility with your TLS enabled qmail server.

The SPF patch - adds SPF checking to qmail-smtpd. SPF is a system where the owners of domain names can "publish" the list of IP addresses from which their users send mail. If another mail server sees an incoming message claiming to be "From" that domain, but not coming from an IP on their SPF list, that server can reliably reject the message as spam. More info can be found here.

qmail-0.0.0.0 patch - fixes a difference between how Linux interprets the IP address "0.0.0.0" and how the *BSD systems handle it. According to RFC 1122, the IP address 0.0.0.0 should always be treated as an address for "this host, this network". Part of qmail's loop-detection logic is determining whether or not a given IP address "is" the current machine. This patch "teaches" qmail that 0.0.0.0 is always the local machine.

qmail_local patch - fixes a possible bug in qmail-local having to do with how the first line of a .qmail file is interpreted, when it starts with whitespace.

sendmail-flagf patch - fixes how the "-f" option to /var/qmail/bin/sendmail is handled, so that it more closely matches how the original "sendmail" program's "-f" option worked.

bind-interface patch - a patch that lets you control the "source IP" from which outgoing connections appear from a machine with multiple IP addresses. This page on qmail.org describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses.

8k-buffer-patch - increases the size of the memory buffer that qmail uses when querying the system for a list of all local IP addresses.

Ok, so enough talk. Let's apply these mega-patches and get this patching business out of the way...

/downloads/qmailrocks/scripts/util/qmail_big_patches.script   (click here to view this script)

Now we build Qmail...

cd /usr/src/qmail/qmail-1.03

make man && make setup check

./config-fast your_fqdn_hostname (ex: ./config-fast mail.mydomain.com)

OK, qmail itself is now built and installed. Now let's generate a secure certificate that will be used to encrypt your server's TLS encrypted SMTP sessions...

make cert

When you run the above command you will be asked a series of questions regarding the generation of your certificate. They are non-technical questions...such as your location, business name, organaization name, common name and so forth. If you've ever generated an SSL cert before, this should be familiar stuff to you. If you haven't, simply follow the directions. It's easy. If you have trouble following the directions, you might as well give up now because you're a RETARD. Since the cert you are generating is already NOT from a trusted authority such as Verisign or Thawte, the information you provide here is not really THAT important, so don't sweat it.

Here's a sample of my cert cert configs. Don't be an idiot. Substitute in your own information.

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]:qmailrocks.org
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []:mail.qmailrocks.org
Email Address []:postmaster@thisdomain.org

If the cert is successfully generated it will be automatically installed at /var/qmail/control/servercert.pem, along with a symlink to that cert at /var/qmail/control/clientcert.pem

Now we set the right ownership for the newly create cert...

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem

Now we build ucspi-tcp...

cd /usr/src/qmail/ucspi-tcp-0.88/

RH 9/RHEL/Fedora/Slackware users: You will need to patch ucspi-tcp with an additional errno patch:

patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch

make && make setup check

If you don't get any errors, that's it for ucspi-tcp!

Now we build the daemontools....

cd /package/admin/daemontools-0.76

RH 9/RHEL/Fedora/Slackware users:You will need to patch daemontools with an additional errno patch:

cd /package/admin/daemontools-0.76/src

patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch

cd /package/admin/daemontools-0.76

package/install

If no errors are reported, you've successfully compiled the daemontools package!

All done for now...

If you run take a look at the running processes on your server at this point, you should see the daemon "svscanboot" running. You can usually do this with a "ps -aux" command. Here's a screenshot of it. If you see "svscanboot" running, you're in good shape.

OK, Qmail is almost totally installed but we're going to pause right here and install a bunch of handy tools and features that will make Qmail pretty and fun! After that, we'll make some final changes to Qmail and then crank it up!

Proceed to Part 3


 

Color Coded Qmail Installation Key
 
Regular Black Text 
 Qmail installation notes and summaries by the author. Me talking.
 
Bold Black Text 
 Commands to be run by you, the installer.
 
Bold Maroon Text 
 Special notes for Redhat 9 users.
 
Bold Red Text 
 Vital and/or critical information.
 
Regular/Bold Purple text 
 Denotes helpful tips and hints or hyperlinks.
 
Regular Orange Text 
 Command line output.
Cp

Regular green text 

 Denotes the contents of a file or script.
home | about | the installation | utilities | faq | contact | journal | mailing list | list archive | forum | links | donate | merchandise
 
The Rocks Project