FAQ.caslavka.cz

1) instalace qmail podle návodu na qmailrocks.org, ale bez vpopmail:

predpokladem jsou nainstalovane daemontools, ucspi-tcp podle navodu instalace dnscache

instalace / odinstalace sw:

apt-get install libssl-dev ncftp ftp unzip
apt-get remove exim4 exim4-base exim4-config exim4-daemon-light
update-rc.d -f exim4 remove
apt-get install libdigest-sha-perl libdigest-hmac-perl libnet-dns-perl
perl -MCPAN -e 'install Time::HiRes'

stažení, rozbalení balíčku z qmailrocks.org:

mkdir /downloads && cd /downloads
wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
tar zxvf qmailrocks.tar.gz && cd /downloads/qmailrocks
mkdir -p /var/qmail && mkdir /usr/src/qmail

uživatelé do systému:

groupadd nofiles
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmailp
groupadd qmail
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmails

rozbalit, připravit adresáře:

cd /usr/src/qmail
tar zxvf /downloads/qmailrocks/qmail-1.03.tar.gz

mkdir /var/log/qmail && cd /var/log/qmail
mkdir qmail-send qmail-smtpd

chown -R qmaill:root /var/log/qmail
chmod -R 750 /var/log/qmail

mkdir /var/qmail/supervise && cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log
chmod +t qmail-smtpd qmail-send

echo 211 > /usr/src/qmail/qmail-1.03/conf-split
echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn

opatchovat qmail:

cd /usr/src/qmail/qmail-1.03
patch < /downloads/qmailrocks/patches/qmail-1.03-jms1.5.patch
patch < /downloads/qmailrocks/patches/qmail-1.03-forcetls-20040703.patch

kompilace qmailu:

cd /usr/src/qmail/qmail-1.03
make man && make setup check

konfigurace a generování certifikátu:

./config-fast mail.example.com
make cert

závěrečná nastavení:

cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_run /var/qmail/supervise/qmail-smtpd/run
cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_log /var/qmail/supervise/qmail-smtpd/log/run

cp /downloads/qmailrocks/scripts/finalize/linux/send_run /var/qmail/supervise/qmail-send/run
cp /downloads/qmailrocks/scripts/finalize/linux/send_log /var/qmail/supervise/qmail-send/log/run

cp /downloads/qmailrocks/scripts/finalize/rc /var/qmail/
cp /downloads/qmailrocks/scripts/finalize/qmailctl /var/qmail/bin/

chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl

chmod 751 /var/qmail/supervise/qmail-smtpd/run
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run

chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run

echo ./Maildir > /var/qmail/control/defaultdelivery

echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote

echo 30 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming

ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service

editace /var/qmail/supervise/qmail-smtpd/run - vypada pak napr.:

#!/bin/sh
QMAILDUID=´id -u qmaild´
NOFILESGID=´id -g qmaild´
MAXSMTPD=´cat /var/qmail/control/concurrencyincoming´
SMTPD="/var/qmail/bin/qmail-smtpd"
RBLSMTPD="/usr/local/bin/rblsmtpd -b -r dnsbl.sorbs.net -r cbl.abuseat.org -r dynablock.njabl.org -r sbl.spamhaus.org"
LOCAL=´head -1 /var/qmail/control/me´
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 50000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$RBLSMTPD $SMTPD mail.example.com 2>&1

#/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

editace /var/qmail/bin/qmailctl - zakomentovat zminky o pop3d (neinstalovali jsme)

povolit relaying pro localhost:

qmailctl stop
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb

nastavit základní účty:

cd /var/qmail/alias
echo root-mail@example.com > .qmail-root
chmod 644 .qmail-root
ln -s .qmail-root .qmail-postmaster
ln -s .qmail-root .qmail-mailer-daemon
ln -s .qmail-root .qmail-anonymous

nainstalovat fake sendmail, symlinky pro sendmail

ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

otestovat úspěšnou instalaci, hlášek o chybějícím pop3d si nevšímáme :-)

/downloads/qmailrocks/scripts/util/qmr_inst_check

qmailctl stop
qmailctl start
qmailctl stat

2) instalace SPAMASSASSIN

apt-get install libparse-syslog-perl perl-suid maildrop
perl -MCPAN -e 'install Statistics::Distributions'

groupadd spamd
useradd -g spamd -s /bin/false -m -d /home/spamassassin spamd

v /etc/default/spamassassin zapnout a nastavit usera spamd pod kterym pobezi:
ENABLED=1
SAHOME="/home/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"

3) instalace CLAMAV
groupadd qscand
useradd -c "Qmail-Scanner Account" -g qscand -d /var/spool/qmailscan -s /bin/false qscand

clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem:


Most likely clamd is not running at all, or you are running Qmail-Scanner and clamd under a different uid. If you are running Qmail-Scanner as qscand (default setting) you could put User qscand inside your clamd.conf file and restart clamd. Remember to check that qscand can create clamd.ctl (usually located at /var/run/clamav/clamd.ctl). The same applies to the log file. The suggested setup is: put User qscand and AllowSupplementaryGroups in clamd.conf, then add user qscand to group clamav and make the socket dir and the log dir group writable by clamav.