QMail

Aus crazylinux.de
Zur Navigation springen Zur Suche springen

als Vorlage diente http://www.debianhowto.de/doku.php/de:howtos:sarge:qmail

1 Installation

apt-get install qmail-src ucspi-tcp-src

1.1 UCSPI-TLS (UCSPI-SSL patched)

a replacement for inetd

from spamcontrol
Current patch for ucspi-ssl-0.70 (ucspi-ssl-0.70_ucspitls-0.6.patch) providing 'delayed' (i.e. STARTTLS/STLS) TLS support.


if you get segfault like this (same here)

Jan 30 23:41:48 hostname kernel: [680228.819023] sslserver[25616]: segfault at 6e69622f ip b768a7a2 sp bf8bd1c8 error 4 in libcrypto.so.0.9.8[b75e3000+13a000]


you have the wrong patch! Don't use this one from http://www.suspectclass.com/sgifford/ucspi-tls/files/ucspi-ssl-0.70-ucspitls-0.1.patch


1.2 Qmail bauen

Qmail patchen mit Spamcontrol

1.3 Qmailadmin

qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains: http://www.inter7.com/index.php?page=qmailadmin

./configure --enable-cgipath=/member/cgi-bin/qmailadmin --enable-autoresponder-path=/usr/bin --enable-ezmlmdir=/usr/bin --enable-maxpopusers=100
--enable-maxaliases=100 --enable-maxforwards=100 --enable-maxautorepsonders=100 --enable-maxmailinglists=100 --disable-ezmlm-mysql
--enable-htmldir=/home/www/mygretchen.de/htdocs --enable-cgibindir=/home/www/mygretchen.de/cgi-bin --enable-vpopmaildir=/var/vpopmail
--enable-qmaildir=/var/qmail --enable-true-path=/bin/true --enable-no-cache --disable-catchall --disable-trivial-password


            qmailadmin 1.2.13
            Current settings
---------------------------------------
       cgi-bin dir = /home/www/mygretchen.de/cgi-bin
          html dir = /home/www/mygretchen.de/htdocs
         image dir = /home/www/mygretchen.de/htdocs/images/qmailadmin
         image URL = /images/qmailadmin
      template dir = /usr/local/share/qmailadmin
         qmail dir = /var/qmail
      vpopmail dir = /var/vpopmail
   autorespond dir = /usr/bin
         ezmlm dir = /usr/bin
         ezmlm idx = yes
   mysql for ezmlm = no
              help = no
      modify quota = no
   domain autofill = no
 catchall accounts = no
 trivial passwords = no
 modify spam check = no

1.4 Qmail-Scanner

Qmail-Scanner is an add-on that enables a Qmail email server to scan gatewayed email for certain characteristics (i.e. a content scanner). It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments). http://qmail-scanner.sourceforge.net/

This is a patched version (ergo unofficial) of qmail-scanner-2.0x, that adds some options focused in deal with spam and others features: http://toribio.apollinare.org/qmail-scanner/


./configure \
--qs-user qscand \
--qmail-queue-binary /usr/sbin/qmail-queue \
--admin sadmin \
--domain mygretchen.de \
--admin-description "System Anti-Virus Administrator" \
--notify psender,nmlvadm \
--local-domains mygretchen.de \
--silent-viruses auto \
--virus-to-delete 0 \
--skip-text-msgs 1 \
--lang de_DE \
--debug 0 \
--minidebug 1 \
--add-dscr-hdrs 0 \
--dscr-hdrs-text "X-Qmail-Scanner" \
--normalize 1 \
--archive 0 \
--settings-per-domain 0 \
--max-scan-size 100000000 \
--unzip 0 \
--max-zip-size 1000000000 \
--max-unpacked-files 10000 \
--redundant 1 \
--log-details syslog \
--log-crypto 0 \
--fix-mime 2 \
--ignore-eol-check 1 \
--sa-sql 1 \
--sa-subject "***SPAM***" \
--sa-delta 0 \
--sa-alt 0 \
--sa-debug 0 \
--sa-report 1 \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject 0 \
--scanners "clamscan,fast_spamassassin"


2 Konfiguration

2.1 Supervise

/service/qmail-send/run

#!/bin/sh
exec /var/qmail/rc


/service/qmail-send/log/run

#!/bin/sh
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s5000000 /var/log/qmail

http://www.datenklause.de/de/software/qgreylistrbl.html

/service/qmail-smtpd/run

#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"
    exit 1
fi

. /var/qmail/ssl/env
exec /usr/bin/softlimit -m 90000000 \
        /usr/local/bin/sslserver -vesn -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" 88.198.8.108 smtp /var/qmail/bin/qgreylistrbl.pl \
 /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 2>&1

#/usr/bin/rblsmtpd -r multihop.dsbl.org -r sbl.spamhaus.org -r ix.dnsbl.manitu.net -r list.dsbl.org


/service/qmail-smtpd/log/run

#!/bin/sh
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s5000000 /var/log/qmail/smtpd


/etc/tcp.smtp

127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",QS_SPAMASSASSIN="1"
192.168.230.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",QS_SPAMASSASSIN="1"
:allow,MFDNSCHECK="",SMTPAUTH="",BADMIMETYPE="",BADLOADERTYPE="M",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

cdb neubauen:

tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

2.2 Qmail

Start-Config:

echo "meinhostname.domain.tld" > /etc/qmail/me

Bounce username. Default: MAILER-DAEMON.

bouncefrom

2.3 Procmail

Procmail ist ein Mailfilter mit dem man z.b. Spam- oder Maillinglistenmails automatisch in ein Unterordner verschieben kann. Filterregeln können mit Horde(Ingo) erstellt werden.
von http://www.qmailinfo.org/index.php/Horde-Procmail-Filters

/etc/procmailrc:

SHELL="/bin/sh"
#LOGFILE="/tmp/procmail.log"
#VERBOSE=on
VPOPHOME="/var/vpopmail"
DOMHOME="$VPOPHOME/domains/$DOM"
USERHOME="$DOMHOME/$USERNAME"
SENDMAIL="/usr/sbin/sendmail -f $USERNAME@$DOM"

DEFAULT="$USERHOME/Maildir/"
HOME="$USERHOME"
INCLUDERC="$USERHOME/.procmailrc"

##### move_Spam #####
:0
* ^X-Spam-Status:.*Yes
"$DEFAULT/.Spam/"

##### move_unknown #####
:0
* ^X-Spam-Level:.*++
"$DEFAULT/.Unknown/"

:0 w
| /usr/bin/safecat "${HOME}/Maildir/tmp" "${HOME}/Maildir/new"

/usr/sbin/preprocmail:

#!/bin/sh

VPOPMAIL=`echo ~vpopmail`
DOMDIR=`$VPOPMAIL/bin/vdominfo -d $HOST`

#convert to lower
EXT=`echo $EXT | tr "[:upper:]" "[:lower:]" `;

#check, if maildir exist
if [ -d $DOMDIR/$EXT/Maildir ]; then
        #create spamfolder if not exists
        if [ ! -d $DOMDIR/$EXT/Maildir/.Spam ]; then
                /usr/bin/maildirmake.courier -f Spam $DOMDIR/$EXT/Maildir/
                cat > /dev/null
        fi

        #create unknownfolder if not exists
        if [ ! -d $DOMDIR/$EXT/Maildir/.Unknown ]; then
                /usr/bin/maildirmake.courier -f Unknown $DOMDIR/$EXT/Maildir/
                cat > /dev/null
        fi

        #create subscription or subscribe to spamfolder
        if [ ! -r $DOMDIR/$EXT/Maildir/courierimapsubscribed ]; then
                `echo INBOX.Spam>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`;
        else
                #exist the subscription?
                if [ `/bin/grep Spam $DOMDIR/$EXT/Maildir/courierimapsubscribed |wc -l` = 0 ]; then
                        `echo INBOX.Spam>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`;
                fi
        fi

        #create subscription or subscribe to unknownfolder
        if [ ! -r $DOMDIR/$EXT/Maildir/courierimapsubscribed ]; then
                `echo INBOX.Unknown>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`;
        else
                #exist the subscription?
                if [ `/bin/grep Unknown $DOMDIR/$EXT/Maildir/courierimapsubscribed |wc -l` = 0 ]; then
                        `echo INBOX.Unknown>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`;
                fi
        fi
fi

if [ -r $DOMDIR/$EXT/.procmailrc ]; then
        env -i DOM=$HOST USERNAME=$EXT /usr/bin/procmail -p -m /etc/procmailrc
        cat > /dev/null
        exit 99
else
        env -i DOM=$HOST USERNAME=$EXT /usr/bin/procmail -p -m /etc/procmailrc
        cat > /dev/null
fi
cat > /dev/null
exit 0


This script will be called from a .qmail file. For example,

/var/vpopmail/domains/somedomain.com/.qmail-default:

| /var/qmail/bin/preline /usr/sbin/preprocmail
| /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox

3 Links

Beispiele für Filterung

4 Betrieb

4.1 Logfiles

QMail schreibt seine Daten in dem im TAI64N-Format in seine Logfiles. Das mag zwar für die Auswertung der Logfiles sehr nützlich sein, lesbar ist es nicht.

cat /var/log/qmail/smtpd/current | tai64nlocal

4.2 Start/Stop/Status

qmailctl
Usage: /usr/sbin/qmailctl {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}
mygretchen:/# qmailctl stat
/service/qmail-send: up (pid 5465) 151263 seconds
/service/qmail-send/log: up (pid 2106) 151373 seconds
/service/qmail-smtpd: up (pid 2109) 151373 seconds
/service/qmail-smtpd/log: up (pid 2111) 151373 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0


4.3 Email an alle User/Domains

from http://www.mail-archive.com/vchkpw@inter7.com/msg24692.html
We use something like this, WARNING not real code.

#!/bin/sh
#
TEXT=/usr/local/src/MASSMAIL/email.txt

LIST=`/home/vpopmail/bin/vpopbull -Vn`
for i in $LIST; do
        /var/qmail/bin/sendmail $i < $TEXT
        echo "Sending to account $i"
done

For any ezmlm lists we have, I make sure the system admin is always a moderator. I just send a maintenance message to each list. Keep in mind the email.txt needs to be properly formatted as well.

http://www.inter7.com/vpopmail/doc/vpopbull.html
http://www.qmailwiki.org/Vpopmail#vpopbull

4.4 Quota

Überprüfung des Quotas inkl. E-Mail-Report

als Vorlage diente http://puuhis.net/vhcs/quota.txt

5 Tools

5.1 qmHandle - queue management made easy

This little jewel, created by Michele Beltrame (according to qmail.org), gives you an easy way to view and manage the Qmail queue. It even lets you view some stats on the queue. It's a single Perl based script that is command line based, not GUI based (for you all you newbies out there). Don't fret though, because it's incredibly easy to use. If you have trouble setting it up and using it, you need to go back to school. If you think I'm kidding, wait till you set it up and you'll see. It doesn't get any easier than this. You can download the latest version of qmHandle from: http://sourceforge.net/projects/qmhandle. Normally, I would publish a tutorial on how to set it up, but the README file included with it does a wonderful job. Read the README file!

5.2 qmailalizer - a tool to generate graphs from Qmail's logs.

http://qmailalizer.sourceforge.net/

6 Links

6.1 Howtos & Co

http://qmail.jms1.net/
http://www.lifewithqmail.org/lwq.html, german version: http://www.wallroth.de/sebastian/lwq.html#installation
http://www.gentoo.org/doc/de/qmail-howto.xml
http://www.debianhowto.de/doku.php/de:howtos:sarge:qmail
http://www.cargal.org/downloads/HOW-TO/debianqmail/debianqmail.html
Installing Qmail, Courier, Ezmlm, ... on Debian
Qmail smtps

6.2 AntiSpam

qgreylistrbl
Big all-in-one patch. MUST!
Erstellt badmailfrom-file
http://www.chrishardie.com/tech/qmail/qmail-antispam.html

6.3 Patches

Integrate Virusscanner/Spamassassin
http://toribio.apollinare.org/qmail-scanner/
Qmail SMTP Plugin patch (SPP)

6.4 Sonstiges

Qmail Ldap/Big Picture
About relaying (blacklist und smtp_auth)
Qmail Bugs and Wishlist