Attention: All pages of this wiki depend on the pages that come before it, in order as they are listed on the Main Page. Please check for Dependencies.
Please also look at What You Need to Know Before Using This Wiki

Install Qmail-ldap, Dovecot, and Related Email Services

From COCNM
Jump to navigation Jump to search

Required Reading

Server Prep

  • apt-get install libgd2-xpm-dev php5-ldap libbz2-dev libmail-spf-perl perl-doc libmail-dkim-perl libencode-detect-perl librhash-perl libdigest-sha-perl libhtml-parser-perl libnet-dns-perl libnet-dns-perl libhttp-date-perl libhttp-date-perl libdb-file-lock-perl libnet-dns-perl libwww-perl libnetaddr-ip-perl libnetaddr-ip-perl libnet-ident-perl libclass-dbi-perl libfile-copy-link-perl python-gdbm libnet-ldap-perl libio-socket-inet6-perl php5-gd libapache2-mod-upload-progress php5-dev php-pear libldap2-dev libdb-dev libcrypt-gpg-perl libio-pty-perl libipc-run-perl libclearsilver-perl libemail-address-perl libcgi-pm-perl libfile-find-rule-perl libfile-copy-recursive-perl libio-all-perl libemail-mime-encodings-perl libapache2-mod-perl2 zip
  • perl -MCPAN -e shell
  • install IO::Zlib IP::Country::Fast Mail::DKIM Encode::Detect Digest::SHA1 IP::Country
  • quit
  • samba-tool dns add houselian computerisms.com @ MX "mail.computerisms.com 10"

Obtain and install UCSPI

create OpenLdap Libraries

Obtain, Patch, and Install Qmail-ldap

Configure Qmail-LDAP

  • cd /var/qmail/control
  • echo "127.0.0.1" > ldapserver
  • echo "CN=Users,DC=computerisms,DC=com" > ldapbasedn
  • echo 'ThisDevilIkn0w' > ldappassword
  • echo "authenticator@computerisms.com" > ldaplogin
  • echo 1 > ldaprebind
  • echo "user" > ldapobjectclass
  • echo 0 > ldaplocaldelivery
  • echo 0 > ldapcluster
  • echo "10000000000" > defaultquotasize
  • echo "1000000000" > defaultquotacount
  • echo "Your Account will soon reach its Maximum Quota. If you exceed your quota, you will stop receiving email. Please contact bob.miller@computerisms.com if you have questions" > quotawarning
  • echo "dotonly" > ldapdefaultdotmode
  • echo "/home/mail" > ldapmessagestore
  • echo "509" > ldapuid
  • echo "509" > ldapgid
  • echo "30" > ldaptimeout
  • echo "So you know, Computerisms bounced this message. If you feel this is an error, please contact bob.miller@computerisms.com" > custombouncetext
  • echo "I am the Computerisms Mail Server. I do not relay unauthorized messages. I actively refuse spam. All other messages are welcome." > smtpgreeting
  • echo "192.168.26.10" > outgoingip
  • echo "|HOME=/home/mail/$LOCAL /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda" > defaultdelivery
  • echo "control/mail.computerisms.com.crt" > smtpcert
  • echo "30" > concurrencyincoming
  • echo "10240000" > databytes
  • echo "300 " > timeoutsmtpd
  • echo "/var/qmail/bin/dirmaker.sh" > dirmaker
  • vi /var/qmail/bin/dirmaker.sh
  • vi /var/qmail/control/rbllist
  • cp /var/CA/computerisms.com/mail.computerisms.com/mail.computerisms.com.crt /var/qmail/control
  • rm qmail-*rules
  • vi /var/qmail/control/qmail-smtp.rules
  • vi /var/qmail/control/qmail-smtpauth.rules
  • sed -i 's/locals.cdb rcpthosts.cdb qmail-smtpd.cdb qmail-qmqpd.cdb/locals.cdb rcpthosts.cdb qmail-smtp.cdb qmail-smtpauth.cdb/' Makefile
  • sed -i 's/qmail-pop3d.cdb qmail-imapd.cdb//' Makefile
  • make
  • chown qmaild:qmail /var/qmail/control/mail.computerisms.com.crt
  • chmod 755 /var/qmail/bin/dirmaker.sh
  • chmod 0640 /var/qmail/control/mail.computerisms.com.crt
  • chmod 0640 /var/qmail/control/ldappassword

Obtain and Install Ezmlm

Install JGreylist

Start Qmail

  • /etc/init.d/exim4 stop
  • insserv -v -r exim4
  • rm /usr/sbin/sendmail /usr/lib/sendmail
  • ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
  • ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
  • mkdir -m 1755 /var/service/qmail-smtp
  • mkdir -m 0755 /var/service/qmail-smtp/log
  • mkdir -m 1755 /var/service/qmail-smtpauth
  • mkdir -m 0755 /var/service/qmail-smtpauth/log
  • mkdir -m 1755 /var/service/qmail-send
  • mkdir -m 0755 /var/service/qmail-send/log
  • vi /var/service/qmail-smtp/run
  • vi /var/service/qmail-smtpauth/run
  • vi /var/service/qmail-send/run
  • ln -s /var/service/multilog.run /var/service/qmail-smtp/log/run
  • ln -s /var/service/multilog.run /var/service/qmail-smtpauth/log/run
  • ln -s /var/service/multilog.run /var/service/qmail-send/log/run
  • chmod 755 /var/service/qmail-smtp/run /var/service/qmail-smtpauth/run /var/service/qmail-send/run
  • mkdir /var/service/qmail-smtp/env /var/service/qmail-smtpauth/env /var/service/qmail-smtp/log/env
  • ln -s /var/service/qmail-smtp /service/qmail-smtp
  • ln -s /var/service/qmail-smtpauth /service/qmail-smtpauth
  • ln -s /var/service/qmail-send /service/qmail-send

Obtain and Install Dovecot

Configure and Start Dovecot

Obtain and Install ClamAV

Configure and Start ClamAV

  • > /usr/local/etc/clamd.conf; vi /usr/local/etc/clamd.conf
  • > /usr/local/etc/freshclam.conf; vi /usr/local/etc/freshclam.conf
  • vi /usr/local/bin/freshclam-good
  • vi /usr/local/bin/freshclam-bad
  • chmod 755 /usr/local/bin/freshclam-good /usr/local/bin/freshclam-bad
  • chown root:root /usr/local/bin/freshclam-good /usr/local/bin/freshclam-bad
  • mkdir /usr/local/var/run/clamav
  • chmod 2070 /usr/local/var/run/clamav/
  • chown simscan:clamav /usr/local/var/run/clamav/
  • mkdir /usr/local/share/clamav
  • chown clamav:clamav /usr/local/share/clamav/
  • mkdir -m 1755 /var/service/clamd
  • mkdir -m 0755 /var/service/clamd/log
  • mkdir -m 1755 /var/service/freshclam
  • mkdir -m 0755 /var/service/freshclam/log
  • vi /var/service/clamd/run
  • ln -s /var/service/multilog.run /var/service/clamd/log/run
  • vi /var/service/freshclam/run
  • ln -s /var/service/multilog.run /var/service/freshclam/log/run
  • chmod 755 /var/service/clamd/run /var/service/freshclam/run
  • chown root:root /var/service/clamd/run /var/service/clamd/log/run /var/service/freshclam/run /var/service/freshclam/log/run
  • ln -s /var/service/clamd/ /service/
  • ln -s /var/service/freshclam/ /service/
  • sv <= Confirm clamd and freshclam are up

Obtain and Install Spam Assassin

Configure and Start SpamAssassin

Obtain and Install Simscan

Configure Simscan

  • echo "none /var/qmail/simscan tmpfs nodev,noexec,noatime,uid=513,gid=513,mode=2750 0 0" >> /etc/fstab
  • mount -a
  • chmod 2750 /var/qmail/simscan
  • chown simscan:simscan /var/qmail/simscan
  • vi /var/qmail/control/simcontrol
  • vi /var/qmail/control/ssattach
  • /var/qmail/bin/simscanmk -g
  • /var/qmail/bin/simscanmk
  • svc -t /service/{clamd,freshclam}

Obtain and Install Ezmlm-Web

Obtain and Install Ezmlm-Browse

Test Everything

System Checks

  • ss -pantu <= verify the following ports are listening:
    25(tcpserver)
    587(tcpserver)
    993(dovecot)
    995(dovecot)
    4190(managesieve)<= Localhost Only
    143(dovecot)<= Localhost Only
  • sv <= verify all services are running
  • ps faux <= Check readproctitle service errors line for errors

Protocol Checks Using Telnet

  • Test SMTP - Server accepts mail for local user
  • Test SMTPAUTH - Local user authenticates to server to relay mail
  • Test IMAP - Connect to unencrypted IMAP server for webmail
  • Test IMAP over SSL - Connect to encrypted IMAP server for mail clients
  • Test POP - Connect to unencrypted POP server - not used
  • Test POP over SSL - Connect to encrypted POP server for mail clients
  • Test Sieve - Connect to Sieve on Loopback for webmail

Software Checks

  • Test masteruser
  • Test Spamassassin:
    cd /usr/src
    wget http://spamassassin.apache.org/gtube/gtube.txt
    cat gtube.txt | spamassassin -D 2>&1 | less <= Make sure the file contains no errors, check at the bottom to ensure the GTUBE header shows up
  • Test Simscan:
    vi /root/test.mail.txt
    QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 NOP0FCHECK=1 /var/qmail/bin/qmail-inject bob.miller@computerisms.com < /root/test.mail.txt
    l /var/qmail/bin/simscan <= Make sure this command yields this output:
    -rws--x--x 1 simscan root 20088 Jul 25 15:39 /var/qmail/bin/simscan
  • Test ClamAV:
    l /usr/local/var/run/ <= Make sure this command yields this output:
    drwxrws--- 1 simscan clamav 0 Dec 23 10:45 clamav
    l /usr/local/var/run/clmav <= Make sure this command yields this output:
    srw-rw-rw- 1 clamav clamav 0 Aug 15 16:08 clamd.socket

Creating and Testing Mailing Lists

  • navigate to http://listadmin.computerisms.com and login as user administrator
  • Click Create new list=>set List Name as computerists=>set email address as computerists@computerisms.com
  • On the next page at the bottom, add bob.miller@computerisms.com as a subscriber
  • open ADUC=>new user "Computerists MailingList"=>set Logon Name as newsletter=>Next=>RandomPassx2=>password never expires=>=>next=>finish
  • Open properties and set Description as Mailing List
  • for i in $(ls /home/mail/.qmail-computerists-* | cut -f 3,4,5 -d -); do mv /home/mail/.qmail-computerists-$i /home/mail/computerists/.qmail-$i; done; mv /home/mail/.qmail-computerists /home/mail/computerists/.qmail
  • Use a mail client on Adminlian to send a test message to computerists@computerisms.com
  • navigate to http://listadrchive.computerisms.com and login as user bob.miller <= User must be member of listarchive group
  • Confirm you can see the Computerists Mailing List and its history

Configure Mail Aliases and Forwarding

  • on a terminal on Adminlian: regsvr32 schmmgmt.dll
  • start=>run=>mmc=>file=>add/remove snapin=>Active Directory Schema=>add=>ok
  • expand active directory schema=>right click attributes=>create Attribute
  • Set Common Name as mailAlternateAddress=>set OID as 1.3.6.1.4.1.1466.115.121.1.26=>Set Syntax as Case Insensitive String=>select Multi-Valued=>OK
  • Refresh/Resort=>Right Click mailAlternateAddress=>properties=>select index this attribute=>ok
  • On Houselian: vi /root/scripts/mailutils.sh

Notes/Troubleshooting

  • ldapbasedn is the base search, and it searches everything below it. Added OUs must be under this basedn in order for mail authentication to work.
  • to modify the tcp file, edit /var/qmail/control/qmail-smtp(auth).rules, then issue a make command from the /var/qmail/control directory
  • only users added to the listarchive group in AD will be able to access https://listarchive.computerisms.com
  • t64all is a command from your bashrc that is useful for watching interaction between samba and qmail-ldap. set -d3 or higher in samba's run script
  • wget http://qmail.jms1.net/scripts/qfixpermissions <= run this if you are having permissions issues
  • The LearnAsSpam folder should be disabled for users who can/do not understand the difference between usolicited mail and mail they don't want anymore.
  • the samba4 patch basically allows qmail to know if the account is active. All other values, such as must change password at next logon, return as inactive.