Disclaimer

This document assumes you have a working knowledge of Unix and Unix-like systems. This installation works for me, on my systems. Your systems are probably different from mine, so your mileage may vary. I am not responsible for any problems you may encounter such as server malfunctions, e-mail problems, and burnt toast. I have provided links to the source for every package you install here. Be responsible, know what you're installing!

Installation

Before jumping into the qmail installation, we need to be sure that we have a few other tools set up and running. I run RedHat Linux systems here, so I've provided links to all of the RPM's as well as the source packages. I've tried to include information on both RPM and Source installation where applicable. You can find my GPG Signature here.

Any RPMs I have provided were built with pristine sources. As such, any certification tests (MD5, PGP, etc) should match the archives found in the SRPM. If they do not, please let me know so I can investigate and correct the problem!!!

Also, be sure to run all commands as a non-root user unless otherwise indicated. RPM commands to install packages must be run as root.

Install Daemontools (Source) (errno patch) (RPM) (SRPM)

  • RPM Install
shell> rpm -ivh daemontools-0.76-2.i386.rpm
  • Source Install - Detailed instructions can be found on the daemontools homepage
Daemontools must be configured, compiled, and installed as root.
rootshell> mkdir -p /package
rootshell> chmod 1755 /package
rootshell> cd /package
rootshell> tar zxvpf /path/to/daemontools-0.76.tar.gz
rootshell> rm daemontools-0.76.tar
rootshell> cd admin/daemontools-0.76
rootshell> patch -p1 /path/to/daemontools-0.76.errno.patch
rootshell> package/install

Install ucspi-tcp (Source) (errno patch) (RPM) (SRPMS)

  • RPM Install
rootshell> rpm -ivh ucspi-tcp-0.88-5.i386.rpm
  • Source Install - Detailed instructions can be found on the daemontools homepage
shell> tar zxvf ucspi-tcp-0.88.tar.gz
shell> cd ucspi-tcp-0.88
shell> patch -p1 < /path/to/ucspi-tcp-0.88.errno.patch
shell> make
rootshell> make setup check

Install MySQL Server (Binaries & RPMs)

Note: At the time of this writing, the current version of MySQL is 5.0.27. I am still using the 4.1.x train of MySQL releases, however, although the 5.0.x releases should work just fine. It is also possible to use the latest 3.23 or 4.0 version as well. I prefer using the latest and greatest, but some of the software I'm currently using doesn't yet work with 5.0.x.
  • RPM Install
An RPM installation of MySQL is fairly straightforward. Install these RPM's just like you install any other RPM. You'll need to install the following packages:
  • MySQL-server
  • MySQL-cient
  • MySQL-shared-compat
  • MySQL-devel
rootshell> rpm -ivh MySQL-server-4.1.22-0.i386.rpm
rootshell> rpm -ivh MySQL-client-4.1.22-0.i386.rpm
rootshell> rpm -ivh MySQL-shared-compat-4.1.22-0.i386.rpm
rootshell> rpm -ivh MySQL-devel-4.1.22-0.i386.rpm
  • Binary Install

Note : This information was copied directly from the MySQL Manual. Current information can be found there.

The basic commands you must execute to install and use a MySQL binary distribution are:

rootshell> groupadd mysql
rootshell> useradd -g mysql mysql
rootshell> cd /usr/local
rootshell> tar zxvf /path/to/mysql-VERSION-OS.tar.gz
rootshell> ln -s full-path-to-mysql-VERSION-OS mysql
rootshell> cd mysql
rootshell> scripts/mysql_install_db --user=mysql
rootshell> chown -R root .
rootshell> chown -R mysql data
rootshell> chgrp -R mysql .
rootshell> bin/mysqld_safe --user=mysql &

For versions of MySQL older than 4.0, substitute bin/safe_mysqld for bin/mysqld_safe in the final command.

  • Source Install - Don't do this. Source installs of MySQL are not recommended. Not even by the developer.

Install Qmail

The Qmail license does not allow for binary distribution. So we need to compile from source to install qmail. This works out well as we will be applying a few patches to the source. Also, since we are adding TLS support, you will need to ensure that the openssl-devel package is installed.
The qmail-spp patch provided above may not be included in the normal qmail-spp distribution. This version is patched against netqmail 1.05 with the smtp-auth tls patch. I have provided a link to the qmail-spp homepage for further information regarding qmail-spp.
First add the qmail users.
Note : The uid and gid numbers I've indicated below are my preference. There is no "standard" for this that I have been able to find. My standard is here. If you are creating a Qmail cluster, do yourself a favor and make sure the uid/gid's are the same across all of the servers. This will save you from some VERY large headaches, I promise.
rootshell> mkdir /var/qmail
rootshell> groupadd -g 310 nofiles
rootshell> useradd -g nofiles -d /var/qmail/alias -u 312 alias
rootshell> useradd -g nofiles -d /var/qmail -u 313 qmaild
rootshell> useradd -g nofiles -d /var/qmail -u 314 qmaill
rootshell> useradd -g nofiles -d /var/qmail -u 315 qmailp
rootshell> groupadd -g 311 qmail
rootshell> useradd -g qmail -d /var/qmail -u 316 qmailq
rootshell> useradd -g qmail -d /var/qmail -u 317 qmailr
rootshell> useradd -g qmail -d /var/qmail -u 318 qmails
Now that the users have been created, we need to uncompress, patch, and install Qmail. We recommend compiling all of your source in a central directory. We use /usr/local/src for our central directory.
shell> cd /usr/local/src
shell> tar zxvf netqmail-1.06.tar.gz
shell> tar zxvf qmail-spp-0.42.tar.gz
shell> cd netqmail-1.06
shell> patch -p0 < /path/to/netqmail-1.05-tls-smtpauth-20070417.patch
shell> patch -p0 < /path/to/qmail-spp-0.42-smtpauth-tls-20060105.patch
shell> make
The update_tmprsadh script creates temporary ssl certificates. These certificates are used for ssl authentication and need to be readable by qmail, pop3, and imap. By default, the certificates are owned by qmaild, so we need to change the ownership to vpopmail. The following command updates the necessary script.
shell> cat update_tmprsadh | sed s/qmaild\.qmail/vpopmail\.qmail/m > update_tmprsadh.tmp
shell> mv update_tmprsadh.tmp update_tmprsadh
shell> chmod 755 update_tmprsadh
Note for Redhat Users : If you get an excess of openssl errors when compiling, edit the conf-cc file and add -I/usr/kerberos/include at the end of the first line.
rootshell> make setup check
Replace hostname below with the full hostname of your server
rootshell> ./config-fast hostname
rootshell> make cert
rootshell> chown vpopmail.qmail /var/qmail/control/servercert.pem
Note : This next step may take a while
rootshell> make tmprsadh
That's all that needs to be done to install qmail. However, there is a bit of configuration to be done. See the configuration section for more information.

Install vpopmail (Source)

Note : Vpopmail is currently under active development. At the time of this writing, version 5.4.32 is the latest.
Vpopmail must be configured, compiled, and installed as root.
First we create the user and group for vpopmail.
rootshell> groupadd -g 89 vchkpw
rootshell> useradd -u 89 -g vchkpw vpopmail
rootshell> tar zxvf /path/to/vpopmail-5.4.32.tar.gz
rootshell> cd vpopmail-5.4.32
rootshell> ./configure --enable-logging=v --enable-clear-passwd --enable-auth-module=mysql --enable-auth-logging --enable-sql-logging --disable-passwd --enable-valias --disable-mysql-limits
The configuration options above are defined as follows :
--enable-logging=OPT
Log to syslog: n=nothing, e=errors only (default), y=all attempts, p=errors with passwords, v=verbose (all attempts, with passwords).
--enable-clear-passwd
Store a cleartext version of the password in addition to the encrypted version.
--enable-auth-module=MOD
Nominate how to store the vpopmail account information (cdb (default), mysql, pgsql, ldap, oracle, sybase, or activedir).
--enable-auth-logging
Record time and ip of last auth attempt. Valid only for CDB, MySQL, PGSQL, LDAP, ActiveDir.
--enable-sql-logging
Enable authentication logging to MySQL/Postgres.
--disable-passwd
Disable /etc/passwd (or shadow) accounts in addition to virtual domains.
--enable-valias
Store email aliases in MySQL.
--disable-mysql-limits
Don't use MySQL to store limits instead of .qmailadmin-limits files.
rootshell> make
rootshell> make install-strip
Vpopmail installation is now complete. There is still a bit of configuration to be done. See the below configuration section for more information.

Install Spamassassin (Source)

Spamassassin is an open-source Spam filtering system. It's primary objective is to identify and tag messages as spam.
  • RPM Install
Note : In order to get the RPM files necessary for installation, you need to build them directly from the source. I have included directions on this below. Also, because of UTF-8 settings on some Linux installations, I am explicitly setting the LANG environment variable before compiling.
shell> export LANG=C ; rpmbuild -tb Mail-SpamAssassin-3.0.2.tar.gz
By default, the RPM files are built and placed into /usr/src/redhat/RPMS/i386 on a Redhat system.
shell> cd /usr/src/redhat/RPMS/i386
rootshell> rpm -ivh spamassassin-3.0.2-1.i386.rpm perl-Mail-SpamAssassin-3.0.2-1.i386.rpm
  • Source Install - Detailed instructions can be found on the Spamassassin homepage
shell> tar zxvf Mail-Spamassassin-3.0.2.tar.gz
shell> cd Mail-Spamassassin-3.0.2
shell> perl Makefile.PL
shell> make
rootshell> make install
Spamassassin installation is now complete. There is still a bit of configuration to be done. See the below configuration section for more information.

Install ClamAV (Source) (RPM) ([[Attach:clamav-0.87.1-1.src.rpm | SRPM)

  • RPM Install
rootshell> rpm -ivh clamav-0.87-1.i386.rpm
  • Source Install - Detailed instructions can be found on the clamav homepage
shell> tar zxvf clamav-0.80.tar.gz
shell> cd clamav-0.80
shell> ./configure
shell> make
shell> make check
rootshell> make install
ClamAV installation is now complete. There is still a bit of configuration to be done. See the below configuration section for more information.

Install Simscan

Simscan is a C program that allows the administrator to do virus, spam, and attachment scanning at the SMTP level. It is still very much under development, and often the best features are only available via CVS.
rootshell> useradd -u 320 -c "SimScan Daemon" simscan
shell> cvs -d :pserver:anonymous@chicago.inter7.com:/home/cvs checkout simscan
shell> cd simscan
shell> ./configure --enable-spam --enable-clamav --enable-per-domain --enable-spam-hits=100 --enable-spamc-user --enable-received --disable-ripmime --enable-spamc-args='-U /tmp/spamd.sock'
The configuration options above are defined as follows :
--enable-spam
Turn on spam scanning
--enable-clamav
Turn on clamav scanning
--enable-per-domain
Turn on per domain based checking
--enable-spam-hits=number
Reject spam above this hit level
--enable-spamc-user
Set user option to spamc
--enable-received
Add a Received: line to the message, showing the scanners run and some stats
--disable-ripmime
Disable ripmime program
--enable-spamc-args=ARGS
Override the default spamc arguments
Some quick notes. Setting the spam-hits option is not strictly necessary since we are enabling per-domain settings. However, this will allow for an upper default limit for all domains. The spamc arguments I specify above use a local socket connection rather than a tcp connection.
shell> make
rootshell> make install
Simscan installation is now complete. There is still a bit of configuration to be done. See the below configuration section for more information.

Install bincIMAP (Source) (SRPM)

BincIMAP is a well designed, modular IMAP server for Maildir. Its goals are to be secure, stable, and fast, yet flexible and easy to maintain.
  • RPM Install
The only RPM's on the bincIMAP site are for Redhat 7.3. As such, I assume here that you have either found an RPM for your version of Linux, or you have rebuilt the RPM using the SRPM I've linked above.
rootshell> rpm -ivh bincimap-1.2.11final-1.i386.rpm
  • Source Install - Detailed instructions can be found in the README found when uncompressing the tarball
shell> tar jxvf bincimap-1.2.11final.tar.bz2
shell> cd bincimap-1.2.11final
shell> ./configure
shell> make
rootshell> make install
bincIMAP installation is now complete. There is still a bit of configuration to be done. See the below configuration section for more information.

Qmail Configuration

Configuring Qmail is simple, but involved. There are a number of scripts that need to be created as well as some configuration files. Be sure to follow all of the following instructions for best results.
  • First create all of the necessary directories
All commands in this section need to be run as root
rootshell> mkdir /var/log/qmail
rootshell> mkdir -p /var/log/qmail/smtpd
rootshell> mkdir -p /var/log/qmail/pop3d
rootshell> mkdir -p /var/log/qmail/pop3ds
rootshell> mkdir -p /var/qmail/supervise/qmail-send/log
rootshell> mkdir -p /var/qmail/supervise/qmail-smtpd/log
rootshell> mkdir -p /var/qmail/supervise/qmail-pop3d/log
rootshell> mkdir -p /var/qmail/supervise/qmail-pop3ds/log
rootshell> chmod +t /var/qmail/supervise/qmail-send
rootshell> chmod +t /var/qmail/supervise/qmail-smtpd
rootshell> chmod +t /var/qmail/supervise/qmail-pop3d
rootshell> chmod +t /var/qmail/supervise/qmail-pop3ds
rootshell> echo ./Maildir/ >/var/qmail/control/defaultdelivery
  • This section links the necessary files to ensure that we don't break any scripts that rely on sendmail. Qmail has a special binary devoted to emulating sendmail for this purpose.
rootshell> chmod 755 /var/qmail/bin/qmailctl
rootshell> ln -s /var/qmail/bin/qmailctl /usr/bin
rootshell> ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
rootshell> ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
  • Now we need to make sure all of the run files are set to executable.
rootshell> chmod 755 /var/qmail/rc
rootshell> chmod 755 /var/qmail/supervise/qmail-send/run
rootshell> chmod 755 /var/qmail/supervise/qmail-send/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-smtpd/run
rootshell> chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3d/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3ds/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3ds/log/run
rootshell> chown -R qmaill /var/log/qmail
rootshell> echo 20 > /var/qmail/control/concurrencyincoming
rootshell> chmod 644 /var/qmail/control/concurrencyincoming
  • This last command creates the smtpplugins file required by the qmail-spp patch. If this file is not present, qmail-smtpd will not start. Please check the documentation for qmail-spp for more information about this file.
rootshell> touch /var/qmail/control/smtpplugins
  • Before we turn on the toaster, we need to make sure that the root, postmaster, and mailer-daemon aliases are properly set up. Replace admin@example.com with the email address of the user you want to receive mail. You can put separate addresses in for each alias if necessary.
rootshell> echo "admin@example.com" > /var/qmail/alias/.qmail-root
rootshell> ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
rootshell> ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-mailer-daemon
rootshell> chmod 644 /var/qmail/alias/.qmail-*
  • Now we can link the run files to daemontools and start up the toaster.
rootshell> ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
rootshell> qmailctl stat
  • Lastly, in order to rebuild the temporary certificates each night, add the following to the root crontab.
01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1
Optionally, you can set up MSA (Port 587) support. MSA support is outlined in RFC 2476
  • First create the directories
rootshell> mkdir -p /var/qmail/supervise/qmail-msa/log
rootshell> mkdir -p /var/log/qmail/msa
rootshell> chmod +t /var/qmail/supervise/qmail-msa
rootshell> chmod 755 /var/qmail/supervise/qmail-msa/run
rootshell> chmod 755 /var/qmail/supervise/qmail-msa/log/run
rootshell> ln -s /var/qmail/supervise/qmail-msa /service
By default, the msa port will act exactly like the normal smtp port. This is not desirable since the RFC requires that the MSA port is SMTP-AUTH only, and only allows mail submission, not delivery. To make this port work as intended, we need to add a special tcprules file, and a plugin.
  • First, create the tcprules file for the msa port
rootshell> echo '127.:allow,SPPCONFFILE="/var/qmail/control/msaplugins"' >/home/vpopmail/etc/tcp.msa
rootshell> cd ~vpopmail/etc
rootshell> tcprules tcp.msa.cdb tcp.msa.tmp < tcp.msa
  • Next, create the msaplugins file
shell> cat /var/qmail/control/msaplugins
[connection]

[auth]

[helo]

[mail]
plugins/chkauth.sh

[rcpt]

[data]
  • And finally, create the plugin itself, ensuring that permissions are correct
shell> cat /var/qmail/plugins/chkauth.sh
#!/bin/sh

if [ "$SMTPAUTHUSER" == "" ]
then
   echo "R550 sorry, SMTP-AUTH is required to use the MSA port (#5.7.0 - chkauth)"
   echo "chkauth : Mail from $TCPREMOTEIP rejected, no SMTP-AUTH" >&2
fi
rootshell> chmod 755 /var/qmail/plugins/chkauth.sh

VPopMail Configuration

Once everything is installed, it needs to be configured. Configuration is a pretty straightforward process.

  • Initial Configuration
rootshell> echo '127.:allow,RELAYCLIENT=""' >/home/vpopmail/etc/tcp.smtp
rootshell> cd ~vpopmail/etc
rootshell> tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
rootshell> ln -s /var/qmail/supervise/qmail-pop3d /var/qmail/supervise/qmail-pop3ds /service
rootshell> qmailctl popstat
  • Configuring vpopmail to use MySQL
First, create the mysql config file for vpopmail. This file contains 5 fields, each separated by a '|'.
  • Field 1 - Location of the MySQL Server
  • Field 2 - The port MySQL is running on
  • Field 3 - Login Name
  • Field 4 - Password
  • Field 5 - Database Name
As an example, the following tells vpopmail to connect to MySQL on the local machine using the default port, a login of vpopmailuser, a password of vpoppasswd, and a database name of vpopmail.
localhost|0|vpopmailuser|vpoppasswd|vpopmail
And to set this up, the following commands need to be run :
rootshell> echo "localhost|0|vpopmailuser|vpoppasswd|vpopmail" > ~vpopmail/etc/vpopmail.mysql
rootshell> chown vpopmail.vchkpw ~vpopmail/etc/vpopmail.mysql
rootshell> chmod 640 ~vpopmail/etc/vpopmail.mysql
  • MySQL Database Setup
Since vpopmail is now set up to talk to MySQL, I suppose we need to create the database. We'll do this by logging into MySQL as the root user, creating the database, and then granting access to it for the user we set up above. Don't worry about a database schema, vpopmail will create this automatically for you the first time it needs to add data.
shell> /usr/local/mysql/bin/mysql -u root -p
mysql> CREATE DATABASE vpopmail;
mysql> GRANT select,insert,update,delete,create,drop ON vpopmail.* TO vpopmailuser@localhost IDENTIFIED BY 'vpoppasswd';
mysql> quit
  • Setting the Default Limits
Review the contents of ~vpopmail/etc/vlimits.default. This file is used to set the default limits for any domains/mailboxes in the vpopmail system. Make sure it contains reasonable defaults for your system.
NOTE : bincIMAP does not yet support quotas. If your users will be using IMAP, make sure you do not set a quota in vpopmail or you're going to wind up with a nice headache...
  • Setting up the default domain
If you want to be able to offer some users the ability to login with just their username and not their full email address, you need to create this file and populate it with the default domain. All other users will need to use their full email address as their login name.
rootshell> echo "yourdomain.com" > /home/vpopmail/etc/defaultdomain

Spamassassin Configuration

  • Configuration File
All custom configuration belongs in the spamassassin local.cf file. In the example below, I have told spamassassin to use SQL to store user preferences, as well as Bayesian filter data, and Auto-Whitelist settings. Pleas refect to the Spamassassin documentation for a more detailed explanation of these options.
shell> cat /etc/mail/spamassassin/local.cf
use_auto_whitelist              1

user_scores_dsn                 DBI:mysql:spamassassin:localhost
user_scores_sql_username        username
user_scores_sql_password        password

bayes_store_module              Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn                   DBI:mysql:spamassassin:localhost
bayes_sql_username              username
bayes_sql_password              password

auto_whitelist_factory          Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn                    DBI:mysql:spamassassin:localhost
user_awl_sql_username           username
user_awl_sql_password           password
  • Spamassassin Startup Options
In order to connect to spamassassin via a local socket, you must be sure to start spamassassin with the correct options. Creating this file will allow the startup script to use the proper options.
rootshell> echo 'SPAMDOPTIONS="-d -q -x -m5 --socketpath=/tmp/spamd.sock"' > /etc/sysconfig/spamassassin
The configuration options above are defined as follows :
-d
   Run in Daemon Mode

-q
   Enable SQL config

-x
   Disable user config files

-m#
   Allow maximum num children

--socket-path=PATH
   Listen on given UNIX domain socket
  • Starting spamd
Now we need to make sure that spamd starts up when the machine reboots. Spamd is the daemon process that actually does all of the work. The RPM version installs the startup scripts automatically. If you've compliled by hand, see the spamassassin documentation for more info.
rootshell> chkconfig --list spamassassin
spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rootshell> chkconfig spamassassin on
rootshell> chkconfig --list spamassassin
spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rootshell> service spamassassin start
Starting spamd: [ OK ]

ClamAV Configuration

  • Configuration File
All configuration for clamav is done in the clamd.conf and freshclam.conf files located in /etc. Please refer to the clamav documentation for a full explanation of each option.
shell> cat /etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime
LogSyslog
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
FixStaleSocket
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanPE
DetectBrokenExecutables
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
shell> cat /etc/freshclam.conf
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
DatabaseOwner clamav
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 24
NotifyClamd /etc/clamav.conf
Note : The configuration below assumes you have installed ClamAV using the RPM I've provided. If you install via source, you may need to tweak some of the permissions on the directories. If someone wants to write up detailed documentation for the source install, I'd be more than happy to post it and give credit.
  • Starting clamd and freshclam
Just like spamassassin, we want to make sure that clamd and freshclam (the virus definition updater) are set to start on a reboot. I'm assuming an RPM install here, see the clamav documentation for other options.
rootshell> chkconfig --list clamd
clamd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rootshell> chkconfig --list freshclam
freshclam 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rootshell> chkconfig clamd on
rootshell> chkconfig freshclam on
rootshell> chkconfig --list clamd
clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rootshell> chkconfig --list freshclam
freshclam 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rootshell> service clamd start
Starting clamd: [ OK ]
rootshell> service freshclam start
Starting freshclam: [ OK ]

SimScan Configuration

  • Making ClamAV and SimScan Play Nice
The clamdscan program needs to have permission to scan directories. By default, the /var/qmail/simscan directory is owned by simscan and grouped to root. This means that only simscan and root can access this directory. We don't want to open this directory up to the world, that might allow an unauthorized user to see someone else's email. So, the easiest way to do this is to change the group ownership of the directory and set a sticky bit.
rootshell> chgrp clamav /var/qmail/simscan
rootshell> chmod g+s /var/qmail/simscan
  • Qmail Queue Setup
In order to have qmail send all emails through simscan, you must place the appropriate setting in the tcp.smtp file. For each netblock you want to use Simscan, add the following :
QMAILQUEUE="/var/qmail/bin/simscan"
For our setup, we want to do the following :
rootshell> echo ':allow,QMAILQUEUE="/var/qmail/bin/simscan"' >> /home/vpopmail/etc/tcp.smtp
rootshell> cd ~vpopmail/etc
rootshell> tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
  • simcontrol configuration file
The simcontrol file is used to set per-domain settings, as well as the site-wide defaults. The format of the file is as follows :
shell> cat /var/qmail/control/simcontrol
postmaster@example.com:clam=yes,spam=no,attach=.txt:.com
example.com:clam=no,spam=yes,attach=.mp3
:clam=yes,spam=yes,trophie=yes,spam_hits=20.1
This file is relatively self explanatory. See the simscan README for more information on settings. For now, set up this file as follows :
rootshell> echo ":clam=yes,spam=yes" > /var/qmail/control/simcontrol
rootshell> /var/qmail/bin/simscanmk

bincIMAP Configuration

  • Config File Setup
The majority of the bincIMAP configuration is in the bincimap.conf file. This file should be set up first. The default configuration only needs a few changes. Specifically, you should set the jail path to nothing, the depot type to IMAPDir, and set the pem file to /var/qmail/control/clientcert.pem
shell> cat /etc/opt/bincimap/bincimap.conf
Authentication {
   allow plain auth in non ssl = "yes",
   auth penalty = 4,
   disable starttls = "no"
}
Security {
   jail path = "",
   jail user = "vpopmail",
   jail group = "vchkpw"
}
Log {
   type = "multilog",
   environment ip variable = "TCPREMOTEIP"
}
Mailbox {
   depot = "IMAPdir",
   type = "Maildir",
   path = "Maildir",
   auto create inbox = "yes",
   auto subscribe mailboxes = "INBOX",
   umask = "077"
}
Session {
   idle timeout = 1860,
   auth timeout = 60,
   transfer timeout = 1200,
   transfer buffer size = 1024
}
SSL {
   pem file = "/var/qmail/control/clientcert.pem",
   ca file = "",
   ca path = "",
   cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",
   verify peer = "no"
}
  • Supervise Script Setup
BincIMAP can be set up to be run via daemontools, inetd, or xinetd. The daemontools setup is described below. If you are interested in how to set up inetd or xinetd for binc, please check the README. If you installed via the RPM file, the default scripts have already been installed and only need a little tweaking.
shell> cat /etc/opt/bincimap/service/imap/run
#!/bin/sh

BINCUID=`id -u vpopmail`
BINCGID=`id -g vpopmail`

exec 2>&1

exec    tcpserver -c 100                        \
    -l $(hostname) -HDRP                        \
    -u "$BINCUID" -g "$BINCGID"                 \
    0 143                                       \
    /opt/bincimap/bin/bincimap-up               \
    --logtype=multilog                          \
    --conf=/etc/opt/bincimap/bincimap.conf --   \
    /home/vpopmail/bin/vchkpw                   \
    /opt/bincimap/bin/linkwrapper               \
    /opt/bincimap/bin/bincimapd
shell> cat /etc/opt/bincimap/service/imap/log/run
#!/bin/sh

exec 2>&1

exec multilog t n5 s1048576 /var/opt/log/bincimap
shell> cat /etc/opt/bincimap/service/imaps/run
#!/bin/sh

BINCUID=`id -u vpopmail`
BINCGID=`id -g vpopmail`

exec 2>&1

exec    tcpserver -c 100                              \
    -l $(hostname) -HDRP                              \
    -u "$BINCUID" -g "$BINCGID"                       \
    0 993                                             \
    /opt/bincimap/bin/bincimap-up                     \
    --logtype=multilog                                \
    --conf=/etc/opt/bincimap/bincimap.conf --ssl --   \
    /home/vpopmail/bin/vchkpw                         \
    /opt/bincimap/bin/linkwrapper                     \
    /opt/bincimap/bin/bincimapd
shell> cat /etc/opt/bincimap/service/imaps/log/run
#!/bin/sh

exec 2>&1

exec multilog t n5 s1048576 /var/opt/log/bincimap-ssl
Once all of these files are created, there are 2 steps remaining. First, we need to create the linkwrapper stub. This stub is a quick method to create an IMAPDir structure within a Maildir structure. A complete description of IMAPDir can be found here. In short, this will allow binc to operate correctly. And secondly, we need to link the run files to the supervise directory so daemontools starts the service.
shell> cat /opt/bincimap/bin/linkwrapper
#!/bin/sh
test -e Maildir/INBOX || ln -s . Maildir/INBOX
exec $@
rootshell> chmod 755 /opt/bincimap/bin/linkwrapper
rootshell> ln -s /etc/opt/bincimap/service/imap /service
rootshell> ln -s /etc/opt/bincimap/service/imaps /service


Page last modified on June 11, 2010, at 01:18 PM