TITLE: Qmail and Cyrus Imap with virtual domains LFS VERSION: Tested on LFS-3.0 AUTHOR: Ivo Schaap SYNOPSIS: How to install and configure Qmail and Cyrus Imap from source on a lfs system and how to use virtual domains. HINT: version 1.1 (12/15/2001) TABLE OF CONTENTS ================= 1. Introduction 2. Prerequisites 3. Sources 4. Installation of Qmail 5. Installation of Imap 6. Configuration of Qmail and Mailboxes 7. Interesting readings 8. Legal Blurb 1. Introduction =============== First of all I wanna thank Gerard and all the others for providing the platform where we do the stuff we do. In this hint we setup a mail server that serve two example domains and have different example users per domain: - linuxfromsource.org - John the Ripper - Susie Summer - Dirk Beekmans - linuxfrombinary.org - Olaf Olsen - Jennifer Loopneus - Pamela Andersom This is suppose to be a hint on imap and I know there is a pop port running to. I have no idea how to use them together. Maybe someone can fill me in on that. In the future I want to add instructions on how to implement a web interface for all the users. A combination of apache php perl ssl seems logical Also I like to know how to use imap with Secure Socket Layer and a self signed certificate. If anyone has an idea mail me and I will put it here. 2. Prerequisites ================ Make sure there is an MX record in DNS to point mail for the virtual domain to the host running qmail. 3. Sources ========== Qmail: http://cr.yp.to/software/qmail-1.03.tar.gz Berkeley DB: http://www.sleepycat.com/update/3.3.11/db-3.3.11.tar.gz IMAP/SASL: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail 4. Installation of Qmail ======================== A. Create a working directory for Qmail and untar sources --------------------------------------------------------- mkdir /opt/qmail && cd /usr/src && tar zxvpf qmail-1.03.tar.gz && cd qmail-1.03 && B. Change the program parameters. Read the documentation for other modifications ------------------------------------------------------------------ vi conf-qmail Add : /opt/qmail vi conf-cc Add: (Use your own architecture) gcc -O3 -march=i686 C. Create user and group ID's ----------------------------- vi /etc/group Add: (Use your own ID's if this is conflicting) nofiles:x:100: qmail:x:110: vi /etc/passwd Add: (Use your own ID's if this is conflicting) alias:x:1000:100::/opt/qmail/alias: qmaild:x:1001:100::/opt/qmail: qmaill:x:1002:100::/opt/qmail: qmailp:x:1003:100::/opt/qmail: qmailq:x:1004:110::/opt/qmail: qmailr:x:1005:110::/opt/qmail: qmails:x:1006:110::/opt/qmail: D. DNS Hack to use DNS response packets larger than 512 bytes Qmail 1.03 chokes on large DNS packets sometimes. ------------------------------------------------------------- vi +24 dns.c And change: static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response; In: static union { HEADER hdr; unsigned char buf[65536]; } response; E. Final compilation and installation ------------------------------------- make setup check F. Note ------- Configuration of qmail can happen in many ways, read the documentation on the different kinds of configurations. At the end of this document I go into initialization and configuration of qmail. 5. Installation of Imap ======================= A. First make sure you have Berkeley DB. Otherwise use this to install it (taken from the GNOME-Hint). --------------------------------------------------------------- Berzerkeley DB: (3.3.11 specific) UCB's database library. cd build_unix/ ../dist/configure \ --prefix=/usr \ --enable-compat185 \ --enable-static \ --enable-shared make docdir=/usr/doc/Berkeley-DB all install cd /usr/lib/ && ln -s libdb-3.3.a libdb.a sed 's/^DB185/DB/' /usr/include/db_185.h > /usr/include/db_185.h.new mv /usr/include/db_185.h.new /usr/include/db_185.h B. Compile and install SASL --------------------------- ./configure --prefix=/usr && make && make install C. Compile and install IMAP --------------------------- First find this one and put it in /usr/include or if you dont have it get it here: http://www.ludd.luth.se/~jnilsson/cvsweb/cvsweb.cgi/src/contrib/com_err locate com_err.h cp /usr/include/et/com_err.h /usr/include/ ./configure --prefix=/usr --with-auth=unix vi /etc/group Add: (Use your own ID's if this is conflicting) mail:x:90:daemon vi /etc/passwd Add: (Use your own ID's if this is conflicting) cyrus:x:90:90:Imap-Server:/usr/cyrus:/bin/bash passwd cyrus && pwck && pwconv && make depend && make all CFLAGS=-O && make install D. Configuring IMAP ------------------- Added to /etc/syslog.conf local6.debug -/var/adm/imapd.log auth.debug -/var/adm/auth.log /etc/init.d/sysklogd restart Added to /etc/imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root srvtab: /var/imap/srvtab allowanonymouslogin: no mkdir /var/adm touch /var/adm/imapd.log /var/adm/auth.log mkdir /var/imap /var/spool/imap /var/imap/srvtab chown cyrus /var/imap /var/spool/imap /var/imap/srvtab chgrp mail /var/imap /var/spool/imap /var/imap/srvtab chmod 750 /var/spool/imap /var/imap/srvtab chmod 755 /var/imap (in src dir of imap !!) su cyrus tools/mkimap cd /var/imap chattr +S . user quota user/* quota/* chattr +S /var/spool/imap exit touch /var/spool/mqueue chattr +S /var/spool/mqueue Added to /etc/services pop3 110/tcp imap 143/tcp imsp 406/tcp kpop 1109/tcp sieve 2000/tcp vi /etc/sendmail.mc (Note: Make Damn sure the last 3 lines contain TABS !!!!) MAILER(local) MAILER(cyrus) define(`confLOCAL_MAILER',`cyrus') LOCAL_RULE_0 R$=N$: $#local $: $1 R$=N < @ $=w . > $: $#local $: $1 Rbb + $+ < @ $=w . > $#cyrusbb $: $1 cd /etc m4 sendmail.mc > sendmail.cf /usr/sbin/saslpasswd cyrus chown cyrus.mail /etc/sasldb cd usr/src/cyrus-imapd-2.0.16 cp master/conf/small.conf /etc/cyrus.conf cat << EOF > /etc/init.d/imap #!/bin/sh # Begin /etc/init.d/imap # # Include the functions declared in the /etc/init.d/functions file # source /etc/init.d/functions case "$1" in start) echo -n "Starting IMAP..." /usr/cyrus/bin/master & evaluate_retval ;; stop) echo -n "Stopping IMAP..." killproc /usr/cyrus/bin/master ;; reload) echo -n "Reloading IMAP..." reloadproc /usr/cyrus/bin/master ;; restart) $0 stop /usr/bin/sleep 1 $0 start ;; status) statusproc /usr/cyrus/bin/master ;; *) echo "Usage: $0 {start|stop|reload|restart|status}" exit 1 ;; esac # End /etc/init.d/imap EOF chmod 700 /etc/init.d/imap /etc/init.d/imap start E. Check configuration ---------------------- su cyrus imtest -m login -p imap localhost Use this to bail out !! . logout F. Per User Imap Configuration ------------------------- There are more things possible but this is the bare minimum. Perform this for each user. And understand that there are two passwords for each user, the unix one, and the imap one. su - cyrus cyradm localhost cm user.john quit exit saslpasswd john 6. Configuration of Qmail and Mailboxes ======================================= A. First make sure all users have valid unix accounts and john is an admin because root is not supposed to get mail. ------------------------------------------------------------- vi /etc/passwd john:x:501:500:John the ripper:/home/john:/bin/bash susie:x:502:500:Susie Summer:/home/susie:/bin/bash dirk:x:503:500:Dirk Beekmans:/home/dirk:/bin/bash olaf:x:504:500:Olaf Olsen:/home/olaf:/bin/bash jennifer:x:505:500:Jennifer Loopneus:/home/jennifer:/bin/bash pamela:x:506:500:Pamela Andersom:/home/pamela:/bin/bash vi /etc/group mailuser:x:500:john,susie,dirk,olaf,jennifer,pamela cd /home mkdir john susie dirk olaf jennifer pamela chown -R .mailuser / (for all users) passwd B. Create a master user ID and home directory for the new domain ---------------------------------------------------------------- This is roughly how stuff works. Mail is coming in for a domain, lets say pamela@linuxfrombinary.org. It's first put into a drop box /home/binary/Maildir/ and then processed further via .qmail-xxx files. These files contain a user name who is supposed to get the mail. The user has a .qmail file in his or her home dir which says what to do with the incoming mail. In this case pipe it to the program /usr/cyrus/bin/deliver. cd /home mkdir source binary vi /etc/passwd source:x:507:500:Mail account for linuxfromsource.org:/home/source:/bin/bash binary:x:508:500:Mail account for linuxfrombinary.org:/home/binary:/bin/bash vi /etc/group mailuser:x:500:john,susie,dirk,olaf,jennifer,pamela,source,binary chown -R source.mailuser source/ chown -R binary.mailuser binary/ passwd source passwd binary C. Editing the Qmail Control/Config files ----------------------------------------- Editing the control files is tricky and I've spent lot's of time fiddling around with it. Key thing to understand is that the host and domainname have something to do with the canonicalized name that is assigned to your link with the internet. For the people that use a ppp or an adsl connection this is often something like sdf23-2.dsl.blabla.com Please dont ask me why, it works and if anyone has a good explanation mail me !! One way of finding out is with the commands that come with bind dig or nslookup you can also try to login on an other box, logout, and than run to that other box login again and read: your last login was on xxx.xxxx.xxxxx.org or do an chat session on that box. I know it isn't elegant but it works ;-) For now lets hack some qmail cat << EOF > /opt/qmail/rc #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to Maildir by default. exec env - PATH="/opt/qmail/bin:$PATH" \ qmail-start ./Maildir/ splogger qmail & EOF chmod 700 /opt/qmail/rc cd /opt/qmail/control vi me Add: (example adsl32.net.xs4all.nl) vi virtualdomains Add: linuxfromsource.org:source linuxfrombinary.org:binary vi locals Add: and whatever domain name should be treated as local localhost adsl32.net.xs4all.nl intern.net vi defaultdomain Add: (example net.xs4all.nl) vi smtpgreeting Hi and welcome to this SMTP server chmod 644 * Make the aliases, john is a mortal user on the system who get's administrative email eg for root and for bounced or failed messages. The first three aliases are necessary. cd /opt/qmail/alias echo john > .qmail-mailer-daemon echo john > .qmail-postmaster echo john > .qmail-root and further for all users: echo > .qmail- eg echo john > .qmail-john Now the init scripts: cat << EOF > /etc/init.d/qmail #!/bin/sh # Begin /etc/init.d/qmail source /etc/init.d/functions test -x /opt/qmail/rc || exit 0 case "$1" in start) echo -n "Starting Qmail... " sh -cf '/opt/qmail/rc &' evaluate_retval ;; stop) echo -n "Stopping Qmail... " killall -9 qmail-send evaluate_retval ;; restart) echo -n "Restarting Qmail... " killall -HUP qmail-lspawn killall -ALRM qmail-lspawn evaluate_retval ;; *) echo "Usage: /etc/init.d/qmail {start|stop|restart}" exit 1 esac exit 0 # End /etc/init.d/qmail EOF chmod 700 /etc/init.d/qmail Now we are going to setup the SMTP port: cat << EOF > /etc/inetd.conf # See "man 8 inetd" for more information. # # If you make changes to this file, either reboot your machine or send the # inetd a HUP signal: # Do a "ps x" as root and look up the pid of inetd. Then do a # "kill -HUP ". # The inetd will re-read this file whenever it gets that signal. # # # smtp stream tcp nowait qmaild /opt/qmail/bin/tcp-env tcp-env /opt/qmail/bin/qmail-smtpd # End EOF An other init script cat << EOF > /etc/init.d/inetd #!/bin/sh # Begin /etc/init.d/inetd source /etc/init.d/functions case "$1" in start) echo -n "Starting Internet Server daemon..." /usr/sbin/inetd evaluate_retval ;; stop) echo -n "Stopping Internet Server daemon..." killall -9 inetd evaluate_retval ;; reload) echo -n "Reloading Internet Server daemon..." killall -HUP inetd evaluate_retval ;; *) echo "Usage: $0 {start|stop}" ;; esac # End /etc/init.d/inetd EOF chmod 700 /etc/init.d/inetd D. Per user virual domain config -------------------------------- cd /home/source /opt/qmail/bin/maildirmake Maildir echo './Maildir/' > .qmail-default echo '&john' > .qmail-postmaster echo '&john' > .qmail-webmaster echo '&john' > .qmail-root echo '&john' > .qmail-john echo '&susie' > .qmail-susie echo '&dirk' > .qmail-dirk chown -R source.mailuser . chmod 640 .qmail-* cd /home/binary /opt/qmail/bin/maildirmake Maildir echo './Maildir/' > .qmail-default echo '&john' > .qmail-postmaster echo '&john' > .qmail-webmaster echo '&john' > .qmail-root echo '&olaf' > .qmail-olaf echo '&jennifer' > .qmail-jennifer echo '&pamela' > .qmail-pamela chown -R binary.mailuser . chmod 640 .qmail-* And now for all users substitude for the login name cd /home/ echo '|/usr/cyrus/bin/deliver ' > .qmail E. Starting up all processes and test if we have got things running ------------------------------------------------------------------- /etc/init.d/qmail start /etc/init.d/inetd start /etc/init.d/imap start You should know howto make the links for the different runlevels. Otherwise Gerard Beekmans has a guide where this issue is addressed. Oke just start mailing everyone from localhost and remote and have a terminal running with the following command: tail -f /var/log/mail.log or tail -f /var/log/sys.log or tail -f /var/adm/imapd.log If you wanna know WTF Qmail is doing: for reading the que /opt/qmail/bin/qmail-qread for statistics /opt/qmail/bin/qmail-qstat for information /opt/qmail/bin/qmail-showctl netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:pop3 *:* LISTEN tcp 0 0 *:imap *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:smtp *:* LISTEN Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 16068 /var/imap/socket/lmtp If you want a hint on reading a imap box with fetchmail, compile fetchmail and procmail and put the following in a .fetchmailrc in your home dir and do fetchmail -v poll "linuxfromsource.org" protocol imap no envelope no dns username "john" password "xxxx" mda "/usr/bin/procmail -d john" 7. Interesting readings ======================= All this information didn't come to me in a dream. It's a combination of sources that I used. A little file that I used to log thing has grown into this hint and hopefully it's usefull for others as well. Understanding e-mail by this hint is not gonna help you enough, you have to RTFM A LOT. The Big HOWTO: http://linuxdoc.org/HOWTO/Cyrus-IMAP.html Source documentation: file://localhost/usr/src/cyrus-imapd-2.0.16/doc/index.html A nice Article: http://www.linuxjournal.com/article.php?sid=2313 And another one: http://www.abiglime.com/webmaster/articles/cgi/062398.htm Google, Some guys on #lfs, a friend enz Running Qmail - ISBN 0-672-31945-4 - Richard Blum - Sams Publishing 2000 8. Legal Blurb ============== The author does not feel responsible for loss or destruction of data and mail due to typo's and bad language. So if you wipe out you system or get your dog killed don't come to me to cry on my shoulder. Be a man/woman and take responsibility for your own actions. On the other hand if your are succesfull and want to contribute, throw a BIG bag of money to Gerard Beekmans, he deserves it. This is my contribution to LFS and improvements are welcome.