SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Qmail
Primary tabs
Initial setup
A directory for qmail to reside in needs to be created:
mkdir /var/qmailRather than being a single program, Qmail is a collection of smaller programs doing specific tasks. Each run as their own user to provide further security to your server - those users need to be created.
One thing to note - the numeric UID/GID values used by qmail and vpopmail are hard-coded into the programs when they are compiled. If you backup and restore your mail onto a different server, the UID and GID MUST HAVE THE SAME NUMERIC VALUE ON BOTH SERVERS! The easiest way to ensure this is to manually specify the values when the users and groups are created. Check your /etc/passwd and /etc/groups files first to make sure the numbers given here aren't used. Most Linux systems use numbers higher than 500 for "regular" users and less than 100 for "system" so we've picked a middle ground.
groupadd -g 161 nofiles
groupadd -g 162 qmail
adduser -u 161 -g 161 -s /bin/true -M -d /var/qmail/alias -c 'QMail alias user' alias
adduser -u 162 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail daemon user' qmaild
adduser -u 163 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail log user' qmaill
adduser -u 164 -g 161 -s /bin/true -M -d /var/qmail -c 'QMail password user' qmailp
adduser -u 165 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail queue user' qmailq
adduser -u 166 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail remote user' qmailr
adduser -u 167 -g 162 -s /bin/true -M -d /var/qmail -c 'QMail send user' qmailsDownload Compile Qmail
Qmail, by itself, is lacking some of the capabilities we want on our server. So we'll also download the latest version of John Simpson's Combined Patch which will add some very useful features to our install.
cd /extra/src
wget http://qmail.jms1.net/patches/qmail-1.03-jms1-7.10.patch
wget http://cr.yp.to/software/qmail-1.03.tar.gz
tar xzf qmail-1.03.tar.gz
cd qmail-1.03Apply the patch then compile and install qmail:
patch < ../qmail-1.03-jms1-7.10.patch
make setup checkConfigure Qmail
cd /var/qmail/control
echo server.domain.com > me
echo domain.com > defaultdomain
echo "server.domain.com NO UCE" > smtpgreeting
echo 50 > concurrencyremote
echo 1 > mfcheck
echo 100 > maxrcpt
echo 3 > spfbehavior
touch locals
touch rcpthosts
chmod 644 *
cd /var/qmail/alias
echo '&postmaster@domain.com' > .qmail-mailer-daemon
echo '&postmaster@domain.com' > .qmail-postmaster
echo '&postmaster@domain.com' > .qmail-root
chmod 644 .qmail-*Set up the daemontools service
Create the "container" directory which will contain the service directories for all of the qmail-related services...
mkdir -m 755 /var/serviceCreate the service directory structure for the qmail-send service itself:
cd /var/service
mkdir -m 1755 qmail-send
cd qmail-send
wget http://qmail.jms1.net/scripts/service-qmail-send-run
mv service-qmail-send-run run
chmod 755 runThen create the log directory and run script:
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 runFinally, start the service running.
ln -s /var/service/qmail-send /service/After a few seconds, confirm that the service is running:
svstat /service/qmail-sendCreate an SSL certificate
- Certificate from LetsEncrypt
cd /var/qmail/control
ln -s /etc/letsencrypt/live/server.domain.com/combined-for-pound.pem servercert.pem
ln -s /etc/letsencrypt/live/server.domain.com/combined-for-pound.pem clientcert.pem - Self-Signed Certificate
In order to provide secure, encrypted access to some of the services on this server, we're going to create a self-signed SSL certificate. When creating the certificate, it will ask for a "Common Name" - this must exactly match the name by which clients will connect to your server.cd /var/qmail/controlCreate the "servercert.pem" file, which is used to encrypt incoming SMTP connections as needed:
openssl req -newkey rsa:1024 -nodes -x509 -days 3650 -keyout servercert.pem -out servercert.pemChange the permissions to secure the file:
chown root:nofiles servercert.pem
chmod 640 servercert.pemThen make a copy of the key file and change it's group to qmail. The copy will be used by the qmail-remote user for outgoing mail deliveries.
cd /var/qmail/control
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod 640 clientcert.pem
Remove Sendmail
- CentOS 5/6
Now that qmail is up and running, we'll remove Sendmail from our machine. Find out what the Sendmail package is called:rpm -qa | grep sendmailThen stop Sendmail and remove the found package. On a CentOS 4 server it was sendmail-8.13.1.3.2.el4 for CentOS 5 it was sendmail-8.13.8-2.el5.
/etc/rc.d/init.d/sendmail stop
rpm -e --nodeps sendmail-8.13.8-2.el5Qmail works as a drop-in replacement for Sendmail, so create some symbolic links for any programs on our system that might use Sendmail:
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail - CentOS 7
Stop and disable Postfix:systemctl stop postfix
systemctl disable postfixFind out what the Postfix package is called:
rpm -qa | grep postfixThen stop Sendmail and remove the found package.
rpm -e --nodeps postfix-2.10.1-6.el7.x86_64Add the symlinks:
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
Install the man pages
The man pages are installed in /var/qmail/man You'll need to add that to your MANPATH variable. Edit /etc/man.config and add:
MANPATH /var/qmail/manOr export it temporarily with
MANPATH=$MANPATH:/var/qmail/man; export MANPATH- Log in to post comments
Credits
Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.