Revision of Qmail from Wed, 03/25/2009 - 16:05

Revisions allow you to track differences between multiple versions of your content, and revert back to older versions.

Qmail, by Daniel J. Bernstein is the core MTA of this mail server. It's fast, secure, reliable, flexible, and while not exactly "easy", it's pretty straightforward to adminster.

Initial setup
A directory for qmail to reside in needs to be created:

mkdir /var/qmail

Rather than being a single program, Qmail is a collection of smaller programs doing specific tasks. Each run as their own user to provide further security to your server - those users need to be created.
One thing to note - the numeric UID/GID values used by qmail and vpopmail are hard-coded into the programs when they are compiled. If you backup and restore your mail onto a different server, the UID and GID MUST HAVE THE SAME NUMERIC VALUE ON BOTH SERVERS! The easiest way to ensure this is to manually specify the values when the users and groups are created. Check your /etc/passwd and /etc/groups files first to make sure the numbers given here aren't used. Most Linux systems use numbers >500 for "regular" users and Download Compile Qmail
Qmail, by itself, is lacking some of the capabilities we want on our server. So we'll also download the latest version of John Simpson's Combined Patch which will add some very useful features to our install.

cd /extra/src
wget http://qmail.jms1.net/patches/qmail-1.03-jms1.7.08.patch
wget http://cr.yp.to/software/qmail-1.03.tar.gz
tar xvzf qmail-1.03.tar.gz
cd qmail-1.03

Apply the patch then compile and install qmail:

patch < ../qmail-1.03-jms1.7.08.patch
make setup check

Configure Qmail

cd /var/qmail/control
echo server.domain.com > me
echo domain.com > defaultdomain
echo "server.domain.com NO UCE" > smtpgreeting
echo 50 > concurrencyremote
echo 1 > mfcheck
echo 100 > maxrcpt
echo 3 > spfbehavior
touch locals
touch rcpthosts
chmod 644 *
cd /var/qmail/alias
echo '&postmaster@domain.com' > .qmail-mailer-daemon
echo '&postmaster@domain.com' > .qmail-postmaster
echo '&postmaster@domain.com' > .qmail-root
chmod 644 .qmail-*

Set up the daemontools service
Create the "container" directory which will contain the service directories for all of the qmail-related services...

mkdir -m 755 /var/service

Create the service directory structure for the qmail-send service itself:

cd /var/service
mkdir -m 1755 qmail-send
cd qmail-send
wget http://qmail.jms1.net/scripts/service-qmail-send-run
mv service-qmail-send-run run
chmod 755 run

Then create the log directory and run script:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, start the service running.

ln -s /var/service/qmail-send /service/

After a few seconds, confirm that the service is running:

svstat /service/qmail-send

Create an SSL certificate
In order to provide secure, encrypted access to some of the services on this server, we're going to create a self-signed SSL certificate. When creating the certificate, it will ask for a "Common Name" - this must exactly match the name by which clients will connect to your server.

cd /var/qmail/control

Create the "servercert.pem" file, which is used to encrypt incoming SMTP connections as needed:

openssl req -newkey rsa:1024 -nodes -x509 -days 3650 -keyout servercert.pem -out servercert.pem

Change the permissions to secure the file:

chown root:nofiles servercert.pem
chmod 640 servercert.pem

Then make a copy of the key file and change it's group to qmail. The copy will be used by the qmail-remote user for outgoing mail deliveries.

cd /var/qmail/control
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod 640 clientcert.pem

Remove Sendmail
Now that qmail is up and running, we'll remove Sendmail from our machine. Find out what the Sendmail package is called:

rpm -qa | grep sendmail

Then stop Sendmail and remove the found package. On a CentOS 4 server it was sendmail-8.13.1.3.2.el4 for CentOS 5 it was sendmail-8.13.8-2.el5.

/etc/rc.d/init.d/sendmail stop
rpm -e --nodeps sendmail-8.13.8-2.el5

Qmail works as a drop-in replacement for Sendmail, so create some symbolic links for any programs on our system that might use Sendmail:

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

Install the man pages
The man pages are installed in /var/qmail/man You'll need to add that to your MANPATH variable. Edit /etc/man.config and add:

MANPATH /var/qmail/man

Or export it temporarily with

MANPATH=$MANPATH:/var/qmail/man; export MANPATH

Recent Updates

  • 2 years 1 week ago
  • 2 years 1 week ago
  • 2 years 1 week ago
    php 8.x
  • 2 years 1 week ago
    10.6.7
  • 2 years 2 weeks ago
    Drop Centos 5/6 stuff