Qmail Howto
I wrote this guide for a couple of reasons. First, the existing qmail guides that I've found on the net did not provide a complete qmail solution. My first qmail installation was such a pain for me, that I had to go through a tough qmail learning process (yes, qmail can sometimes be a real pain, especially for newbies) and discover some things by myself. Of course, such great Internet resources as mailing lists and other qmail contributions made my life a lot easier :-) Konstantin Riabitsev's "Qmail-Vmailmgr-Courier-Squirrelmail Installation Guide" was the first guide that really helped me out. That's where I borrowed some stuff from while writing this guide - of course, with his agreement. Second, I simply love qmail and would like to contribute to its development, even a little bit. Third, I think that many admins out there will find this guide useful and practical. And fourth, every once in a while I do install qmail on different servers for various reasons and I simply got tired of carrying installation notes with me all the time. So, in a way, this guide is for myself too ;-)
Full Qmail Installation and Configuration Guide
or
Qmail + Vmailmgr + Tcpserver + RBL + SpamAssassin + Relay-CTRL + Qmail-Scanner + Courier IMAP Guide + POP3S + SMTPS
1) Who should use this guide?
Anyone who wants to install a complete qmail solution.
2) Can this guide be used for productive systems i.e. big servers?
It sure can. I've done some qmail installations in productive environments with many simultaneous users. And it works perfectly!
3) What about security?
Well, security has never been a problem with qmail. I haven't heard of anyone breaking NetQmail version 1.05 (the one we'll be installing). As for everything else we'll be doing here, many people find it pretty secure.
4) On what operating systems has this guide been tested on?
I've done testing mostly on Linux machines (Fedora, Redhat, Debian, Mandrake). So, I could say that everything should work flawlessly on any linux machine. It should also work on BSD systems.
5) Stuff we'll be needing (sources)
Download the following sources to a src directory i.e. /usr/local/src
Qmail-related stuff:
- NetQmail v1.06 from http://www.qmail.org
- Qmail Patches from http://mansurovs.com
- VMailMgr v0.97 from http://untroubled.org
- VMailMgr Tools v0.2 from http://untroubled.org
- Relay-CTRL v3.1.1 from http://untroubled.org
- Qmail-Autoresponder v0.97 from http://untroubled.org
- Ucspi-UNIX v0.36 from http://untroubled.org
- Ucspi-TCP v0.88 from http://cr.yp.to
- Daemontools v0.76 from http://cr.yp.to
- Courier-IMAP v3.0.8 from http://www.courier-mta.org
- MailDrop v2.0.4 from http://www.courier-mta.org
- TNEF v1.4.4 from http://sourceforge.net/projects/tnef
- SpamAssassin v3.2.5 from http://spamassassin.apache.org
- Qmail-Scanner v2.05 from http://qmail-scanner.sourceforge.net
- Stunnel v3.26 from http://www.stunnel.org
For domain administration (via www) *:
- oMail-admin v1.2rc1 from http://omail.omnis.ch/
* I'm assuming that Apache web server and PHP are both installed, configured and fully operational on the machine you are installing qmail on. If you haven't yet installed Apache, there is another guide written by me which covers Apache installation with modules such as PHP. It can be accessed from here.
6) First things first
First, we'll have to get rid of your existing e-mail server. If you have just finished installing Linux on your machine, most probably sendmail is also installed. So, let's remove sendmail from your machine:
rpm -q -a | grep sendmail rpm -e sendmail --nodeps rpm -e sendmail-cf --nodeps rpm -e sendmail-devel --nodeps
This should get rid of all sendmail files on your machine.
If you have a FreeBSD system, run pkg_info | grep sendmail to see if you have sendmail installed on your system. If you do, run pkg_delete to get rid of sendmail completely.
7) Patch and Install Qmail
All right, now we are going to install Qmail from downloaded sources. We'll apply some necessary patches to Qmail, to make sure that the solution we are going to implement works perfectly.
OK, so first, we untar qmail and change directory to qmail sources. Then, we apply the needed patches to Qmail:
cd /usr/local/src tar zxf netqmail-1.06.tar.gz tar zxf qmail_patches.tar.gz mv qmail_patches/* netqmail-1.06/ rmdir ../qmail_patches cd netqmail-1.06 patch < qmail-big-ext-todo.patch patch < qmail-big-concurrency.patch patch < qmail-doublebounce-trim.patch patch < qmail-1.03-dns.patch patch < qmail-1.03-mfcheck.4.patch patch < qmail-1.03-pop3d-stat.patch patch < qmail-bounce.patch patch < qmail-bouncecontrol-1.03.patch patch < qmail-tarpit.patch patch < qmail-badrcptto.patch patch < qmail-smtpd-relay-reject.patch patch < qmail-accept-5xx.patch patch < qmail-nullenvsender.patch
Some of the above patches were modified by me because of some code conflicts. I did not create one big patch for everything since some of you might not want to install a specific patch. If you are interested in what each of the above patches does, here is some info:
- qmail-big-ext-todo.patch: The exttodo patch addresses a problem known as the silly qmail (queue) problem. This problem is found only on systems with high injection rates. qmail with a big local and remote concurrency could deliver a tremendous amount of messages but normally this can not be achieved because qmail-send becomes a bottleneck on those high volume servers. qmail-send preprocesses all new messages before distributing them for local or remote delivering. In one run qmail-send does one todo run but has the ability to close multiple jobs. Because of this layout qmail-send can not feed all the new available (local/remote) delivery slots and therefore it is not possible to achieve the maximum throughput. This would be a minor problem if one qmail-send run could be done in extreme short time but because of many file system calls (fsync and (un)link) a todo run is expensive and throttles the throughput. The exttodo patch tries to solve the problem by moving the todo routine into an external program. This reduces the run time in qmail-send.
- qmail-big-concurrency.patch: Allows qmail to use a concurrency greater than 240 (current qmail limit). It has been reported to work well in almost all environments and might be handy if you are expecting high volumes of mail traffic.
- qmail-doublebounce-trim.patch: I decided to integrate this patch because I got sick of double bounce messages sitting in qmail queue forever. Spammers usually fake the from field with an invalid email address, which results in thousands of bounce messages. This patch allows you to complete discard all double bounce messages to save server load and traffic.
- qmail-1.03-dns.patch: Christopher Davis's oversize DNS patch - it makes qmail accept oversized DNS packets. If you do not want some of the legitimate mail to get lost, I would recommend you to use this patch.
- qmail-1.03-mfcheck.4.patch: I consider this patch mandatory for any qmail installation. A lot of spammers use fake domain names in their messages - this patch checks if the domain in "from" field exists. If it doesn't, the email simply gets rejected.
- qmail-1.03-pop3d-stat.patch: This patch changes the number of messages returned in qmail-pop3d's reponse to STAT. The patch makes qmail fully compliant with RFC 1939, which specifies that deleted messages aren't counted in total.
- qmail-bounce.patch: Allows you to specify the limit for bounce messages in /var/qmail/control/bouncemaxbytes.
- qmail-bouncecontrol-1.03.patch: Allows you to control the appearance of bounce messages. Very handy if you want to change the default bounce message or add a message in another language.
- qmail-tarpit.patch: The tarpit patch is targeted towards spammers who try to bomb your mail server with a long list of recipients. It inserts small delays in an smtp session for each recipient in the mail message (after some set number of recipients). This slows down their session, resulting in timeouts in spammer's mail software.
- qmail-badrcptto.patch: Lets you reject e-mail at the smtp envelope (rcpt) phase, which can produce a considerable bandwidth saving when a lot of e-mail is directed at non-existing users. Instead of receiving the body of the e-mail and then rejecting it in qmail-send, you can reject it before receiving the body. This can be very useful in a setup where you have one qmail box accepting all the e-mail, which then passes it on to another (q)mail box behind it.
- qmail-smtpd-relay-reject.patch: Russell Nelson's patch to reject relay probes generated by "anti-spammers". These relay probes have '!', '%' and '@' in the local (username) part of the address. The patch detects them and issues a 553 error "we don't relay".
- qmail-accept-5xx.patch: Adrian Ho's patch to increase qmail-remote's compliance with RFC2821. Some smtp servers are now emitting 5xx responses from the get-go, and mere RFC821 behavior doesn't deal well with them.
- qmail-nullenvsender.patch: A lot of your spam will be arriving with a null envelope sender. When those spam messages have multiple envelope recipients, they cannot be bounce messages. This patch rejects emails addressed to multiple recipients with a null envelope sender.
Right now qmail is fully patched. All we need to do is install it. Before running make, we'll first create necessary user accounts and groups that qmail needs for running. We will also create a qmail directory /var/qmail. Make sure that you have enough space in that partition.
mkdir /var/qmail cd /usr/local/src/netqmail-1.05/netqmail-1.05 groupadd -g 5000 nofiles groupadd -g 5001 qmail useradd -u 5000 -g nofiles -d /var/qmail/alias alias useradd -u 5001 -g nofiles -d /var/qmail qmaild useradd -u 5002 -g nofiles -d /var/qmail qmaill useradd -u 5003 -g nofiles -d /var/qmail qmailp useradd -u 5004 -g qmail -d /var/qmail qmailq useradd -u 5005 -g qmail -d /var/qmail qmailr useradd -u 5006 -g qmail -d /var/qmail qmails
If you have a FreeBSD system, the above won't work. You will have to add groups and users manually into /etc/groups and /etc/master.passwd and then remake the user database by issuing pwd_mkdb -p /etc/master.passwd. Here is what you would have to do under FreeBSD:
cd /etc echo "nofiles:*:5000:" >> group echo "qmail:*:5001:" >> group echo "alias:*:5000:5000::0:0::/var/qmail/alias:" >> master.passwd echo "qmaild:*:5001:5000::0:0::/var/qmail:" >> master.passwd echo "qmaill:*:5002:5000::0:0::/var/qmail:" >> master.passwd echo "qmailp:*:5003:5000::0:0::/var/qmail:" >> master.passwd echo "qmailq:*:5004:5001::0:0::/var/qmail:" >> master.passwd echo "qmailr:*:5005:5001::0:0::/var/qmail:" >> master.passwd echo "qmails:*:5006:5001::0:0::/var/qmail:" >> master.passwd pwd_mkdb -p /etc/master.passwd
Related posts:
10/31/2007 - 10:10
I have a problem with autoresponse. When it send’s the response, the sender address goes like this “”@domain.com . This way, it’s always flaged as relay, on my relay server.
Do you have any hint?
11/14/2007 - 02:40
Hi,
Really good site. Thanks for your valuable help. Do you have anything similar for postfix,mysql,dovecoat with webmail option. Since all these can be installed along with the O.S. and only need to integrate.
Rgds,
Saji Alexander.
11/28/2007 - 18:32
if you’re having problems making Courier for Fedora/Redhat with error /usr/include/stdio.h:385: error: syntax error before ‘&&’ token , you can find information here http://atmail.com/view_article.php?num=199
02/19/2010 - 02:45
That article no longer exists.
It has been replaced by: http://atmail.com/kb/?p=270
Just in case it disappears again, here it is:
———————-
Description: The standard Courier-IMAP 3.0.8 distribution will not build on stock Fedora/Redhat systems. Compilation fails while building the authlib library, usually with an error message like:
In file included from authstaticlistsearch.c:9:
/usr/include/stdio.h:385: error: syntax error before ‘&&’ token
A review of the stdio.h file shows that no ‘&&’ symbols appears on or near line 385.
Solution: The courier-imap/authlib directory contains a file named ‘debug.h’ to support the debugging of authentication attempts against the Courier IMAP server. This file contains a C preprocessor macro named ‘dprintf’ that conflicts with the ‘dprintf’ function defined in glibc’s ’stdio.h’. This conflict isn’t a problem so long as ‘#include ‘ appears before ‘#include “debug.h”‘ in the authlib source files. Unfortunately, this is not the case for files ‘authstaticlistsearch.c’, ‘authmoduser3.c’, ‘mod.h’, ‘authtest.c’, ‘debug.c’, and ‘authdaemon.c’.
To fix this problem, open these files in a text editor and move the ‘#include “debug.h”‘ line so that it is the last include directive. Make sure that you do not paste it into a ‘#if … #endif’ block. Once you have made these changes, the build process should succeed.
01/20/2008 - 15:07
I installed Your Qmail-modification a couple of years ago. Thanks for that! Now I would like to use your patch for bounce handling.
patch
03/04/2008 - 02:46
Hi,
how can we know a email is bounced or not ?? qmail handles smtp return codes ??
Thanks,
Satish.K
03/25/2008 - 03:46
/usr/local/bin/setuidgid qmaill “contrib/test_installation.sh -doit”
i stuck at that line and my fedora 8 give me :
/usr/local/bin/setuidgid qmaill “contrib/test_installation.sh -doit”
setuidgid: fatal: unable to run contrib/test_installation.sh -doit: file does not exist
AND also when i run : # /usr/local/bin/setuidgid qmaill \
“/var/qmail/bin/qmail-scanner-queue.pl” -g
perlscanner: generate new DB file
perlscanner: total of 9 entries.
my fedora 8 only reply : perlscanner: generate new DB file
**Please help me, it’s already 2 to 3 days since i tried to solve it but can’t…
04/30/2008 - 17:53
Hi Nasim. Thanks a lot for providing nice and very helpful instructions in plain english :-)
I’ve installed mail production server on Debian(4) using your guidlines.
Although I came across some problems after install, i.e. when I have created second virtual domain, mail server stopped recieving any messages at all(even though the first virtual domain was working on it’s own before). Is it something to do with Qmail-Scanner, where by one required to enter domains’ names before installing it(–local-domains “domain.one.com,domain.two.com”; page 5 of your instractions)?
Thanks a lot in advance if you can spare some time to answer this question.
Kind regards,
yuriy
05/01/2008 - 10:31
Yuriy, are you still receiving mail for the first domain that you had created before? Also, a little troubleshooting would definitely help. Try this:
1) Telnet to your server’s IP address port 25 by typing “telnet x.x.x.x 25″
2) Type “HELO test.com” or some other domain and press enter
3) Type “MAIL FROM:test@test.com” and press enter
4) Type “RCPT TO:test@yourdomain.com” and press enter
5) Type “DATA” and press enter
6) Type some garbage and then type “.” on a separate line. The server should respond “250 ok xxxxxxx qp xxxxx”.
7) Type “quit” on a separate line and see what output you get.
8) While doing all of the above check your qmail logs. Both the incoming tcp logs and your qmail logs.
9) After you are done with the telnet session, your logs should report what the problem is.
If your domain is not in one of the configuration files, you will get a descriptive error in the log. If there is any other problem, you should see it in the log as well.
If you can’t telnet to your server, then your tcpserver is having a problem and might need to be rebooted.
Hope the above helps.
Nasim
05/06/2008 - 07:36
i’m sorry..could you give me a module to make QMAIL in SLACKWARE 12, i have try to make it, but not suxess..please. for my homework
05/06/2008 - 11:11
Hi Nazim.
I can telnet to my server and do all steps you have listed alright. It’s just when I’m trying to set additional virtual domain it stops receiving emails(one can still send emails though) even to the first virtual domain. When I remove the second virtual domain it will start to receive emails but only after couple hours.I reckon that it’s Qmail-Scanner coursing this problem. I probably leave this issue to sort later on(I’m planning to install another test server but will keep in mind using more than one domain then).
I have couple more issues which require immediate attention and I was trying to sort them out but no luck so far.
1. I need to set our email server to give a 550 error for an invalid address. I have used Andrew Richards’ qmail-verify patch(http://free.acrconsulting.co.uk/email/qmail-verify.html). I can see qmail-verify daemon is running on our server but it’s not rejecting non-existing users(so it’s accepting anything with our domain). The problem could be that /home/email/[virtual_domain]/.qmail-default telling that anything coming with this domain is valid.
But because I’m using virtual domain .qmail-default pipes to /usr/local/bin/vdeliver.So vdeliver is deciding who is right users on our server. Andrew suggested to remove /home/email/[virtual_domain]/.qmail-default but when I did it email server stopped to receive emials. Do you know what parameters I need to pass to /usr/local/bin/vdeliver in /home/email/[virtual_domain]/.qmail-default so qmail-verify can properly filter email users?
2. Due to the increase in the number of ISP’s blocking port 25 for third party mailservers I need to set on mail server additional port to answer SMTP request. I was looking on google and found the following link http://www.skorpionweb.org/archives/2005/09/running_qmail_s.php.
So I followed the logic in this article and set separate tcpserver which listens to different port:
1) Created /var/qmail/rc2 :
#!/bin/sh
PATH=”/var/qmail/bin:/usr/local/bin”
export PATH
cd /
qmail-start ./Maildir | setuidgid qmaill \
multilog t n50 s1000000 \
/var/qmail/logs/qmail2 &
2) Created /usr/local/bin/runmail2:
exec softlimit -m 10000000 \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -H -R -l $HOSTNAME -x /etc/tcp.smtp.cdb -c200 -u5002 -g5000 0 587 qmail-smtpd 2>&1 &
3) Created /var/qmail/logs/qmail2 and chown it to qmaill:nofiles.
Now I can start separate tcpserver with port 587 and everything looks healthy with but when I change port 25 to 587 and try to send mail I have got an error “…The server may be unavailable or refusing connection…”
I wonder whether I need to set another instance of qmail-smtpd(may be qmail-smtpd2, just guessing here).
Thanks a lot again for your time and effort to keep this site going & helping folks like myself :-)
Kind regards, yuriy
05/24/2008 - 23:59
Hi Nazim,
Problem with setting second virtual domain was sorted out. It turned out that one needs to restart qmail server after adding another virtual domain.
Also I have sorted an issue with 550 error page(I have wrote about it in one of my previous posts).
With virtual domain .qmail-default file should exist for each user. So solution was pretty simple: copy original .qmail-default to .qmail-USERNAME in /home/email/yourdomain/ folder. Also my /etc/tcp.smtp looks like this:
127.:allow,RELAYCLIENT=”",RBLSMTPD=”",QMAILQUEUE=”/var/qmail/bin/qmail-queue”
:allow,QMAILQUEUE=”/var/qmail/bin/qmail-scanner-queue.pl”,VERIFY=”"
05/25/2008 - 02:29
Hi Nazim,
Sometimes I have an error when sending email(addresses which I used before or new):
An error occurred while sending mail.The mail server responded: sorry, that domain isn’t in my list of allowed rcpthosts(#5.7.1). Please check the message recipients and try again.
I thought that it something to do with timing out authentication so I have removed 900 from /etc/relay-ctrl/expiry(step 12->Installing Relay-CTRL; pagehttp://mansurovs.com/2002/12/20/qmail-howto/4) but I’m still getting this error.
I’ll appreciate if you could advice on what could be wrong, please.
Thanks a lot in advance,
yuriy
05/30/2008 - 10:10
Hi Nasim:
Have you tried to use CourierIMAP 4.3.1 (with AuthLib)?
I would appreciate your comments about it.
Thanks.
06/20/2008 - 19:22
This was helpful. Thank you.
06/29/2008 - 14:03
Nice tutorial. If anyone needs help, you can contact my via email on my website.
I could do it for free.
09/05/2008 - 16:04
> – Qmail Patches from http://mansurovs.com
Where is the patches, i find but…
10/03/2008 - 07:19
So what if I want a more minimalistic solution. Basically I have a mail server that only needs to serve one site, and primarily outgoing mail. So no fancy stuff needed like multiple users and auto-responders.
I would like to have a suite of admin tools, for instance, being able to manually send an email that’s been stuck in the queue and watching the remote mail server response, ideally have a php script parse this information.
Hours on Google have really only given me scripts for the end-user, none for really managing the admin part of qmail.
10/16/2008 - 23:09
Nice tutorial. This is only the patch that I haven’t encountered a problem.
I hope you can add a patch such as validrcptto. This is nice patch. However, I’m getting a hunk failed when I’m trying to patch it after patching all the patch on your tutorial. Probably, some code doesn’t conform to validrcptto patch. I’m not a C programmer so I’m getting a hard time fixing the problem. Please inform me via my email ntserafica@yahoo.com if you have the patch.
This could be a great gift this coming christmas :)
03/27/2009 - 22:20
can you have an instruction on how to get squirrelmail work together with your tutorial..
Thank in advanced
03/28/2009 - 01:50
I followed you through step 17.1 everything work fine but when I telnet to port 15 and 110 …these errors occur
===============================================
telnet 127.0.0.1 25
Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
Escape character is ‘^]’.
220 tnway.com ESMTP
exit
502 unimplemented (#5.5.1)
quit
======================================================
telnet 127.0.0.1 110
Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
Escape character is ‘^]’.
+OK
hello
-ERR authorization first
exit
-ERR authorization first
=============================================
What wrong with me ? I really need your help
Thank in advanced
03/28/2009 - 01:56
billyduc,
Just install Courier IMAP and you will be able to use Squirrelmail or any other web-based mail system. I personally use Horde http://www.horde.org/ and love the functionality.
Regarding your other issues with telnetting – the output seems to be normal and the services are responding. Did you try to send an email to your server through an external provider like gmail/yahoo? Did you try to use a client like Outlook to download emails through POP3/IMAP?
Nasim
03/30/2009 - 01:50
I use Evolution for email client.
I setup for “test” account to send and receive mail
When I clicked Send / Receive Button. It prompt me
Unable to connect to POP server myhost.mydomain.com.
Error Sending password : -ERR authorization failed
Please enter the POP password for test on host myhost.mydomain.com
I enter the password for test account……But the error window is open
Error While Fetching Mail
Unable to connect to POP server myhost.mydomain.com.
Error Sending password : Operation now in progress
05/05/2009 - 13:21
hey, i wrote a practical step-by-step how-to on qmail… please see the link: “http://119.15.153.9/qmail/qmail-install.html” , i hope some one will require it.
07/17/2009 - 11:06
Great howto, tnx!
08/19/2009 - 15:37
When I was trying to compile the qmail-autoresponder-0.97, it gave me the following error messages:
main.c: In function âexec_qmail_injectâ:
main.c:257: warning: missing sentinel in function call
./compile options.c
options.c:1:25: error: mysql/mysql.h: No such file or directory
make: *** [options.o] Error 1
I have the mysql installed. Please help.
Thank you
11/14/2009 - 15:09
I did “apt-get install libmysqlclient15-dev” and it solved the problem with options.c:1:25: error: mysql/mysql.h: No such file or directory
11/14/2009 - 15:13
Andreas, thank you for the input!
Whenever there is a problem with mysql.h not being found, you need to install the mysql client source files, just like you did.
01/02/2010 - 07:39
Hello,
I like to forward all bounced emails for all of my user accounts to a single account.
is there a qmail setting or patch that allows me to forwards all bounced emails of my user accounts to a single admin account?
Regards