SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Qmail
Primary tabs
Initial setup
A directory for qmail to reside in needs to be created:
mkdir /var/qmail
Rather than being a single program, Qmail is a collection of smaller programs doing specific tasks. Each run as their own user to provide further security to your server - those users need to be created.
One thing to note - the numeric UID/GID values used by qmail and vpopmail are hard-coded into the programs when they are compiled. If you backup and restore your mail onto a different server, the UID and GID MUST HAVE THE SAME NUMERIC VALUE ON BOTH SERVERS! The easiest way to ensure this is to manually specify the values when the users and groups are created. Check your /etc/passwd
and /etc/groups
files first to make sure the numbers given here aren't used. Most Linux systems use numbers higher than 500 for "regular" users and less than 100 for "system" so we've picked a middle ground.
groupadd -g 161 nofiles
groupadd -g 162 qmail
adduser -u 161 -g 161 -s /bin/true -M -d /var/qmail/alias -c 'QMail alias user' alias
adduser -u 162 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail daemon user' qmaild
adduser -u 163 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail log user' qmaill
adduser -u 164 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail password user' qmailp
adduser -u 165 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail queue user' qmailq
adduser -u 166 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail remote user' qmailr
adduser -u 167 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail send user' qmails
Download Compile Qmail
Qmail, by itself, is lacking some of the capabilities we want on our server. So we'll also download the latest version of John Simpson's Combined Patch which will add some very useful features to our install.
cd /extra/src
wget http://qmail.jms1.net/patches/qmail-1.03-jms1-7.10.patch
wget http://cr.yp.to/software/qmail-1.03.tar.gz
tar xzf qmail-1.03.tar.gz
cd qmail-1.03
Apply the patch then compile and install qmail:
patch < ../qmail-1.03-jms1-7.10.patch
make setup check
Configure Qmail
cd /var/qmail/control
echo server.domain.com > me
echo domain.com > defaultdomain
echo "server.domain.com NO UCE" > smtpgreeting
echo 50 > concurrencyremote
echo 1 > mfcheck
echo 100 > maxrcpt
echo 3 > spfbehavior
touch locals
touch rcpthosts
chmod 644 *
cd /var/qmail/alias
echo '&postmaster@domain.com' > .qmail-mailer-daemon
echo '&postmaster@domain.com' > .qmail-postmaster
echo '&postmaster@domain.com' > .qmail-root
chmod 644 .qmail-*
Set up the daemontools service
Create the "container" directory which will contain the service directories for all of the qmail-related services...
mkdir -m 755 /var/service
Create the service directory structure for the qmail-send service itself:
cd /var/service
mkdir -m 1755 qmail-send
cd qmail-send
wget http://qmail.jms1.net/scripts/service-qmail-send-run
mv service-qmail-send-run run
chmod 755 run
Then create the log directory and run script:
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
Finally, start the service running.
ln -s /var/service/qmail-send /service/
After a few seconds, confirm that the service is running:
svstat /service/qmail-send
Create an SSL certificate
- Certificate from LetsEncrypt
cd /var/qmail/control
ln -s /etc/letsencrypt/live/server.domain.com/combined-for-pound.pem servercert.pem
ln -s /etc/letsencrypt/live/server.domain.com/combined-for-pound.pem clientcert.pem - Self-Signed Certificate
In order to provide secure, encrypted access to some of the services on this server, we're going to create a self-signed SSL certificate. When creating the certificate, it will ask for a "Common Name" - this must exactly match the name by which clients will connect to your server.cd /var/qmail/control
Create the "servercert.pem" file, which is used to encrypt incoming SMTP connections as needed:
openssl req -newkey rsa:1024 -nodes -x509 -days 3650 -keyout servercert.pem -out servercert.pem
Change the permissions to secure the file:
chown root:nofiles servercert.pem
chmod 640 servercert.pemThen make a copy of the key file and change it's group to qmail. The copy will be used by the qmail-remote user for outgoing mail deliveries.
cd /var/qmail/control
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod 640 clientcert.pem
Remove Sendmail
- CentOS 5/6
Now that qmail is up and running, we'll remove Sendmail from our machine. Find out what the Sendmail package is called:rpm -qa | grep sendmail
Then stop Sendmail and remove the found package. On a CentOS 4 server it was sendmail-8.13.1.3.2.el4 for CentOS 5 it was sendmail-8.13.8-2.el5.
/etc/rc.d/init.d/sendmail stop
rpm -e --nodeps sendmail-8.13.8-2.el5Qmail works as a drop-in replacement for Sendmail, so create some symbolic links for any programs on our system that might use Sendmail:
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail - CentOS 7
Stop and disable Postfix:systemctl stop postfix
systemctl disable postfixFind out what the Postfix package is called:
rpm -qa | grep postfix
Then stop Sendmail and remove the found package.
rpm -e --nodeps postfix-2.10.1-6.el7.x86_64
Add the symlinks:
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
Install the man pages
The man pages are installed in /var/qmail/man
You'll need to add that to your MANPATH
variable. Edit /etc/man.config
and add:
MANPATH /var/qmail/man
Or export it temporarily with
MANPATH=$MANPATH:/var/qmail/man; export MANPATH
- Log in to post comments
Credits
Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.