Summary
How I set up qmail on my server.
This project documents the methods I use to install qmail on my mail server, my method of managing virtual users (a separate system user per domain), and any scripts I use to automate the process or authenticate the users.
Assumptions
Ability to request and/or generate SSL certificates, and configure software (sslsvd) to use them.
Basic knowledge of runit and log services.
The working directory is
~/qmw.$domainis replaced by the virtual domain.$duseris replaced by the system account in control of$domain.- To generate the
$duserfrom$domain, simply translate any dot (.) in$domainto a dash (-).
- To generate the
Purpose
I was unsatisfied with any of the cookie-cutter approaches to setting up qmail.
I wanted to learn more about how the pieces of qmail and associated programs work together.
I did not want email-only users to have system accounts.
Procedure
Install runit, runit-services, and ucspi-tcp.
If you are not familiar with runit, then check the following sources for information. They contain some very good examples. The DJB Way, in particular, is worth reading (although it covers daemontools instead of runit).
(optional) If you want runsvdir to log using svlogd instead of using readproctitle, then install the runsvdir-start script. Understand - if you don't install this, then you will have no log files for runsvdir: You will have to check its status status using ps.
# dpkg-divert --add /usr/sbin/runsvdir-start # mv /usr/sbin/runsvdir-start /usr/sbin/runsvdir-start.distrib # cp files/runsvdir-start.replacement /usr/sbin/runsvdir-startAt this point you can either reboot or kill the runsvdir process. Either one should start the new process and start logging the results using svlogd.
Check to make sure this worked by looking in the
/var/log/runsvdir-service/currentfile.- You must be in the adm group to read the log.
NOTE - possibly revise based on http://thread.gmane.org/gmane.comp.sysutils.supervision.general/1373/focus=1380 http://trac.mcs.anl.gov/projects/bcfg2/browser/trunk/bcfg2/encap/src/encap-profiles/runit-1.7.2.ep
Install necessary users and groups. Life With Qmail shows you how to set all required UID/GIDs if you do not run debian and/or do not want to install that package.
- If you run debian, and want to, you can use Gerrit Pape's qmail-uid-gid package.
If installing on a debian system, use equivs to create a dummy MTA debian package.
I will use John M. Simpson's combined qmail-patch. It provides me everything I need to use.
Follow Life with qmail (replacing tcpserver with tcpsvd, and daemontools with runit) using the following patches.
Do not allow qmail-smtpd to run until you've finished setting up the users (using the next step to set up virtual domains).
Configure qmail using for virtual domains only as a guideline.
Create the necessary base directory and group.
mkdir -p /home/mail
groupadd mailboxen
Multiple scripts will be needed. A description of each follows.
checkpassword-assign.pl: Provides checkpassword interface using
users/assignas the user database.gen-domain-assigns.sh: Generates assign files from the users in all virtual domains.
gen-global-assign.sh: Generates an assign file combining all virtual domains and any system users.
gen-req-aliases.sh: Generate required aliases in a given virtual domain. If your list of required aliases differs from mine, edit this script.
gen-user-mailbox.sh: Generate a mailbox and password for a user based on an email address given on the command line.
gen-validrcptto.pl: Generate list of all email addresses valid on this system. List those email addresses one per line.
gen-validrcptto.cdb.sh: Generate a constant database to be used as a database of all valid email addresses on this system. Requires the use of the
cdbmakecommand and thecdbmake-12script. Both are in the cdb package, which is listed on the cdb installation web page.
For any domain name, a duser is created by replacing all periods in the domain name with "-". The domain name "weller-fahy.com" would become the duser "weller-fahy-com".
- In commands below replace $domain with the domain name, replace $duser with the duser name (as described above).
To create a duser to control a domain do the following.
# echo $domain > /var/qmail/control/rcpthosts# echo $domain:$duser > /var/qmail/control/virtualdomains# useradd -c "$domain mailbox user" -d /home/mail/$duser -g mailboxen -s /bin/false -m $duser# echo $domain > ~$duser/.domain# gen-req-aliases.sh $duser $email$duser as described above
$email is the user or email address to receive any emails to the system aliases
To make sure emails to the system aliases (abuse, hostmaster, mailer-daemon, postmaster, and root) on the host listed in
meare not bounced, make sure to add the following lines to /var/qmail/users/system, and ensure the proper .qmail-(system-alias) files are created with delivery instructions.=abuse:user:UID:GID:/home/user::: =hostmaster:user:UID:GID:/home/user::: =mailer-daemon:user:UID:GID:/home/user::: =postmaster:user:UID:GID:/home/user::: =root:user:UID:GID:/home/user:::If any system user wants to receive mail in their home directory, and they have an email address in a virtual domain, then for each user place the following lines in the /var/qmail/users/system file.
=duser-user:user:UID:GID:/home/user::: +duser-user-:user:UID:GID:/home/user:-::Assuming you want to give complete control of
john@example.comandjohn-*@example.comto the system user john you would use the following lines.=example-com-john:john:UID:GID:/home/john::: +example-com-john-:john:UID:GID:/home/john:-::To create aliases within a domain (johnny for john, etc) link the alias to the users mailbox. For example, if I wanted john@example.com to get any email addressed to johnny@example.com, then I would:
$ cd /home/mail/example-com$ sudo -u example-com ln -s john johnny# gen-validrcptto-cdb.sh
For the pop-mail setup, use chkpw-assign.pl.
Cover the SSL aspect
Cover the IMAP setup.