Qmail Configuration

Configuring Qmail is simple, but involved. There are a number of scripts that need to be created as well as some configuration files. Be sure to follow all of the following instructions for best results.
  • First create all of the necessary directories
All commands in this section need to be run as root
rootshell> mkdir /var/log/qmail
rootshell> mkdir -p /var/log/qmail/smtpd
rootshell> mkdir -p /var/log/qmail/pop3d
rootshell> mkdir -p /var/log/qmail/pop3ds
rootshell> mkdir -p /var/qmail/supervise/qmail-send/log
rootshell> mkdir -p /var/qmail/supervise/qmail-smtpd/log
rootshell> mkdir -p /var/qmail/supervise/qmail-pop3d/log
rootshell> mkdir -p /var/qmail/supervise/qmail-pop3ds/log
rootshell> chmod +t /var/qmail/supervise/qmail-send
rootshell> chmod +t /var/qmail/supervise/qmail-smtpd
rootshell> chmod +t /var/qmail/supervise/qmail-pop3d
rootshell> chmod +t /var/qmail/supervise/qmail-pop3ds
rootshell> echo ./Maildir/ >/var/qmail/control/defaultdelivery
  • This section links the necessary files to ensure that we don't break any scripts that rely on sendmail. Qmail has a special binary devoted to emulating sendmail for this purpose.
rootshell> chmod 755 /var/qmail/bin/qmailctl
rootshell> ln -s /var/qmail/bin/qmailctl /usr/bin
rootshell> ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
rootshell> ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
  • Now we need to make sure all of the run files are set to executable.
rootshell> chmod 755 /var/qmail/rc
rootshell> chmod 755 /var/qmail/supervise/qmail-send/run
rootshell> chmod 755 /var/qmail/supervise/qmail-send/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-smtpd/run
rootshell> chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3d/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3ds/run
rootshell> chmod 755 /var/qmail/supervise/qmail-pop3ds/log/run
rootshell> chown -R qmaill /var/log/qmail
rootshell> echo 20 > /var/qmail/control/concurrencyincoming
rootshell> chmod 644 /var/qmail/control/concurrencyincoming
  • This last command creates the smtpplugins file required by the qmail-spp patch. If this file is not present, qmail-smtpd will not start. Please check the documentation for qmail-spp for more information about this file.
rootshell> touch /var/qmail/control/smtpplugins
  • Before we turn on the toaster, we need to make sure that the root, postmaster, and mailer-daemon aliases are properly set up. Replace admin@example.com with the email address of the user you want to receive mail. You can put separate addresses in for each alias if necessary.
rootshell> echo "admin@example.com" > /var/qmail/alias/.qmail-root
rootshell> ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
rootshell> ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-mailer-daemon
rootshell> chmod 644 /var/qmail/alias/.qmail-*
  • Now we can link the run files to daemontools and start up the toaster.
rootshell> ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
rootshell> qmailctl stat
  • Lastly, in order to rebuild the temporary certificates each night, add the following to the root crontab.
01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1
Optionally, you can set up MSA (Port 587) support. MSA support is outlined in RFC 2476
  • First create the directories
rootshell> mkdir -p /var/qmail/supervise/qmail-msa/log
rootshell> mkdir -p /var/log/qmail/msa
rootshell> chmod +t /var/qmail/supervise/qmail-msa
rootshell> chmod 755 /var/qmail/supervise/qmail-msa/run
rootshell> chmod 755 /var/qmail/supervise/qmail-msa/log/run
rootshell> ln -s /var/qmail/supervise/qmail-msa /service
By default, the msa port will act exactly like the normal smtp port. This is not desirable since the RFC requires that the MSA port is SMTP-AUTH only, and only allows mail submission, not delivery. To make this port work as intended, we need to add a special tcprules file, and a plugin.
  • First, create the tcprules file for the msa port
rootshell> echo '127.:allow,SPPCONFFILE="/var/qmail/control/msaplugins"' >/home/vpopmail/etc/tcp.msa
rootshell> cd ~vpopmail/etc
rootshell> tcprules tcp.msa.cdb tcp.msa.tmp < tcp.msa
  • Next, create the msaplugins file
shell> cat /var/qmail/control/msaplugins
[connection]

[auth]

[helo]

[mail]
plugins/chkauth.sh

[rcpt]

[data]
  • And finally, create the plugin itself, ensuring that permissions are correct
shell> cat /var/qmail/plugins/chkauth.sh
(:source lang=bash:)
#!/bin/sh

if [ "$SMTPAUTHUSER" == "" ]
then
   echo "R550 sorry, SMTP-AUTH is required to use the MSA port (#5.7.0 - chkauth)"
   echo "chkauth : Mail from $TCPREMOTEIP rejected, no SMTP-AUTH" >&2
fi
rootshell> chmod 755 /var/qmail/plugins/chkauth.sh


Page last modified on June 13, 2010, at 12:35 PM