Qmail server Howto

By mailto:JohnLombardo@acm.org

Introduction

• Intent of this document
• Prerequisites
• Why Qmail?
• Why Qmail-ldap?
• Worksheet

Software Installation

• Install Red Hat 7.3
• Set up directories
• Download Software
  • Qmail-1.03
  • Qmail+LDAP patch
  • qmail-scanner
  • qmail-queue patch
  • qmailctl script
  • smtp-poplock
  • daemontools
  • ucspi-tcp
  • Command anti-virus
  • Perl CPAN module
  • Maildrop
  • Webmin
  • gq 0.6.0 (or later)
• Install OpenLDAP
• Build and Install daemontools
• Build and Install ucspi-tcp
• Build and Install smtp-poplock
• Build and Install Qmail-ldap
• Build and Install gq
• Install command anti-virus
• Build and Install Maildrop
• Build and Install Perl CPAN
• Build and Install SpamAssassin
• Build and Install qmail-scanner
• Install Webmin

Configuration

• OpenLDAP
• Qmail
  • /var/qmail/control and /etc files
  • The qmailctl script
  • The /var/qmail/rc and bin/dirmaker scripts
  • The supervise scripts

Conclusion

Tips and Tricks

• Are the processes running?

Resources

• Life with Qmail
• Life with Qmail-ldap

Intent of this document

This document is intended to guide you through the process of installing a new Red Hat 7.3 server that is completely dedicated to the task of working as an email server. This email server will be able to manage the Internet mail of several hundred people with little or no supervision. It will also be able to:

• Find and eliminate most viruses.
• Find and eliminate a lot of spam.

Prerequisites

• Although the document touches on installing Red Hat 7.3, it assumes that you can make most of the installation decisions yourself.
• Once RH 7.3 is installed, you must ensure that the machine is available on the internet at it's chosen IP address. For instance, if your machine is mail.abc.com, go to another machine on another ISP and make sure you can ping your machine as that name. You must also make sure that there is an MX record for your machine.

Why Qmail?

Qmail is wierd. As Unix software goes, it breaks a lot of rules (for instance, it adds four or five directories to root). That being said, it is a really well-put-together set of software that does it's job very well.

Here is the authors (Dan Bernstein) blurb:

Qmail is a secure, reliable, efficient, simple message transfer agent. It is meant as a replacement for the entire sendmail-binmail system on typical Internet-connected UNIX hosts.

It offers POP3, and IMAP (with the help of Courier-IMAP) so that you can use any mail client you prefer.

Secure: Security isn't just a goal, but an absolute requirement. Mail delivery is critical for users; it cannot be turned off, so it must be completely secure. (This is why I started writing qmail: I was sick of the security holes in sendmail and other MTAs.)

Reliable: qmail's straight-paper-path philosophy guarantees that a message, once accepted into the system, will never be lost. qmail also supports maildir, a new, super-reliable user mailbox format. Maildirs, unlike mbox files and mh folders, won't be corrupted if the system crashes during delivery. Even better, not only can a user safely read his mail over NFS, but any number of NFS clients can deliver mail to him at the same time.

Efficient: On a Pentium under BSD/OS, qmail can easily sustain 200000 local messages per day---that's separate messages injected and delivered to mailboxes in a real test! Although remote deliveries are inherently limited by the slowness of DNS and SMTP, qmail overlaps 20 simultaneous deliveries by default, so it zooms quickly through mailing lists. (This is why I finished qmail: I had to get a big mailing list set up.)

Simple: qmail is vastly smaller than any other Internet MTA. Some reasons why: (1) Other MTAs have separate forwarding, aliasing, and mailing list mechanisms. qmail has one simple forwarding mechanism that lets users handle their own mailing lists. (2) Other MTAs offer a spectrum of delivery modes, from fast+unsafe to slow+queued. qmail- send is instantly triggered by new items in the queue, so the qmail system has just one delivery mode: fast+queued. (3) Other MTAs include, in effect, a specialized version of inetd that watches the load average. qmail's design inherently limits the machine load, so qmail-smtpd can safely run from your system's inetd.

Replacement for sendmail: qmail supports host and user masquerading, full host hiding, virtual domains, null clients, list-owner rewriting, relay control, double-bounce recording, arbitrary RFC 822 address lists, cross-host mailing list loop detection, per-recipient checkpointing, downed host backoffs, independent message retry schedules, etc. In short, it's up to speed on modern MTA features. qmail also includes a drop-in ``sendmail'' wrapper so that it will be used transparently by your current UAs.

Why Qmail-ldap?

qmail-ldap is a patch to qmail 1.03 to retrieve all user data from a ldap-directory rather then from files on the disk. This allows easier administration, especially in distributed environments. There is also clustering support builtin making qmail-ldap very well suited for big mail installations at ISPs.

Worksheet

Before you begin, it will be very useful to fill out the following worksheet. Refer back to the worksheet as you go through the installation and configuration instructions.

Variable	Your Value	Description
LDAP_ORG		The name of your organization (i.e. "ABC Insustries").
DOMAIN		This is the main domain you are going to receive mail for. If your domian is "abc.com", then the value should be "abc.com".
FQDN		This is the fully qualified domain name of your machine. It's probably something like "mail.abc.com". The domain part of the FQDN must match the DOMAIN varaible above.
LDAP_SUFFIX		This is the "DOMAIN" variable reformatted for LDAP. If your domian is "abc.com", then the value should be "dc=abc,dc=com".
LDAP_MANAGER_PASSWORD		The password that you will use to make changes to your ldap user base.

Install Red Hat 7.3

Installing Red Hat Linux 7.3 is a fairly straightforward process. Just make sure you give enough room for your root and home partitions. I like to give root at least two gigabytes and home the rest of the drive. The following notes may help you along the way:

• Installation type: Server
• Firewall Configuration: High, Customize: Allow incoming SSH and SMTP. Type "pop3:tcp" in "other ports".
• Desktop: kde (or choose gnome, but you don't need both).

For the remainder of this setup, it would be wise to ssh into the mail server as root from the machine you're viewing this web page from. That way you can copy and paste the commands and scripts into the command line. This procedure requires a lot of typing if you don't cut and paste. All this typing will be error prone and since there are so many pieces that must work correctly in concert, you may have trouble finding the errors. Do yourself a favor -- ssh in now. If you don't know how to use ssh, take the time to learn it.

Set up Directories

1. Log in as root.
2. cd /usr/src
   Change to the sources directory.
3. mkdir qmail gq rpms command perl maildrop /package
   Create some directories. Yes, there is a slash before the "p" in package. Daemontools and ucspi-tcp like to be installed in strange places.
4. chmod 1755 /package

Download Software

Install OpenLDAP and other tools

If you're not using OpenLDAP on this machine, then you can do all of the OpenLDAP configuration tweeks on that other mahcine.

1. Mount the third Red Hat 7.3 cd on /mnt/cdrom
2. rpm -i /mnt/cdrom/RedHat/RPMS/openldap-servers-2.0.23-4.i386.rpm
   Install the OpenLDAP server.
3. rpm -i /mnt/cdrom/RedHat/RPMS/perl-suidperl-5.6.1-34.99.6.i386.rpm
   Install suidperl.
4. Unmount the third CD.

Build & Install daemontools

Daemontools is used by qmail to start servers, much like inetd in RedHat.

1. Log in as root.
2. cd /package
   Change to the sources directory.
3. tar xvzf daemontools-0.76.tar.gz
   Untar the tarball.
4. cd admin/daemontools-0.76/
   Change to the source directory.
5. package/install
   Build and install the daemontools package.

Build & Install ucspi-tcp

1. Log in as root.
2. cd /package
   Change to the sources directory.
3. tar xvzf ucspi-tcp-0.88.tar.gz
   Untar the tarball.
4. cd ucspi-tcp-0.88/
   Change to the source directory.
5. make
   Build the ucspi-tcp package.
6. make setup check
   Install the ucspi-tcp package.

Build & Install smtp-poplock

1. Log in as root.
2. cd /usr/src/qmail
   Change to the sources directory.
3. tar xvzf smtp-poplock-2.06.tar.gz
   Untar the tarball.
4. cd smtp-poplock-2.06
   Change to the source directory.
5. make install
   Install the package files.
6. vi /etc/smtp-poplock.conf
   Around line 73, change the "$logpopauth_where" variable so that it reads like this:

   $logpopauth_where = "/var/smtp-poplock/fifo";
   

Build & Install Qmail-ldap

The following step by step procedure has been tested on the latest versions of all of the software mentioned as of 9/9/2002. If you're using later (or earlier) versions, your mileage may vary.

1. Log in as root.
2. cd /usr/src/qmail
   Change to the sources directory.
3. tar xvzf qmail-1.03.tar.gz
   Untar the qmail tarball
4. gzip -d qmail-ldap-1.03*patch.gz
   Uncompress the qmail-ldap patch.
5. ln -s qmail-1.03 qmail
   Create a versionless symlink useful if you ever want to upgrade to a new version of qmail.
6. cd qmail-1.03
   Change to the qmail directory
7. patch -p1 < ../qmail-ldap-1.03*patch
   Patch with the qmail-ldap sources.
8. patch -p1 < ../qmailqueue-patch
   Apply the qmail-queue patch.
9. vi Makefile
   Make the following changes to Makefile:
   • Add the following line for LDAPFLAGS: (around line 15):
     LDAPFLAGS=-DQLDAP_CLUSTER -DCLEARTEXTPASSWD
   • Uncomment (remove the leading pound (#) sign) the following lines around line 44, 47, and 61:
     #MDIRMAKE=-DAUTOMAILDIRMAKE
     #HDIRMAKE=-DAUTOHOMEDIRMAKE
     #DEBUG=-DEBUG
10. vi auth_pop.c
    Around line 111, hand apply the following patch. Note that you're adding the line that begins with "log(3..." -- that's all you should have to change. Don't try to paste in the entire patch and run the "patch" program -- it won't work. Just paste in the one line you need.

    diff -ru qmail-1.03-less-jl-changes/auth_pop.c qmail-1.03/auth_pop.c
    --- qmail-1.03-less-jl-changes/auth_pop.c       Tue Sep 10 16:44:39 2002
    +++ qmail-1.03/auth_pop.c       Mon Sep 16 16:43:22 2002
    @@ -108,6 +108,7 @@
                                      char* home, char* homedirmake, char *md)
     /* starts the next auth_module, or what ever (argv ... ) */
     {
    +       log(3,"qmail-pop3d authenticated host: %s\n",env_get("TCPREMOTEIP"));
            log(16, "auth_success: login=%s, uid=%u, ", login, uid);
            log(16, "gid=%u, home=%s, maildir=%s, aliasempty=%s, hdm=%s\n",
                            gid, home, md, argv[argc-1], homedirmake );
    

11. groupadd nofiles
    Create the "nofiles" group.
12. groupadd qmail
    Create the "qmail" group.
13. groupadd vmail
    Create the "vmail" group.
14. useradd -g nofiles -d /var/qmail qmaild
    Create the "qmaild" user.
15. useradd -g nofiles -d /var/qmail qmaill
    Create the "qmaill" user.
16. useradd -g nofiles -d /var/qmail qmailp
    Create the "qmailp" user.
17. useradd -g nofiles -d /var/qmail/alias alias
    Create the "alias" user.
18. useradd -g qmail -d /var/qmail qmailq
    Create the "qmailq" user.
19. useradd -g qmail -d /var/qmail qmailr
    Create the "qmailr" user.
20. useradd -g qmail -d /var/qmail qmails
    Create the "qmails" user.
21. useradd -g vmail -s /bin/true vmail
    Create the "vmail" user.
22. make setup check
    Build, check and install the qmail software. This step may take awhile depending on the speed of your machine.

Build and Install gq

There is a gq rpm on the Red Hat CD, but it's too old of a version.

1. Log in as root.
2. cd /usr/src/gq
   Change to the gq directory.
3. tar xvzf gq-0.6.0.tar.gz
   Untar the gq sources.
4. ln -s gq-0.6.0 gq
   Create a versionless symlink useful if you ever want to upgrade to a new version.
5. cd gq
   Go to the source.
6. ./configure
   Configure the source to the local machine.
7. make
   Build the gq executables.
8. make install
   Install the binaries into the file system. The gq executable can be found at /usr/local/bin/gq.

Install Command anti-virus

Command anti-virus is a commercial package used to scan incoming email for viruses. It must be installed before qmail-scanner.

1. Log in as root.
2. cd /usr/src/command
   Change to the source directory.
3. rpm -i csav-4.70.0-shared.i386.rpm
   Install the anti-virus software.
4. rpm -i deflinux.rpm
   Install the virus definitions.

Build & Install maildrop

1. Log in as root.
2. cd /usr/src/maildrop
   Change to the sources directory.
3. tar xvzf maildrop-1.4.0.tar.gz
   Untar the tarball.
4. cd maildrop-1.4.0
   Change to the source directory.
5. ./configure
   Configure the package files.
6. make
   Build the binaries.
7. make install
   Install the binaries.

Build and Install Perl CPAN

The CPAN module makes it easy to install the other necessary perl modules.

1. Log in as root.
2. cd /usr/src/perl
   Change to the source directory.
3. tar xvzf CPAN-1.63.tar.gz
   Untar the CPAN module.
4. cd CPAN-1.63
   Change to the module directory.
5. perl < Makefile.PL
   Don't worry about the Test::More error.
6. make
   Build the CPAN module.
7. make install
   Install the module.
8. cd ..
   Change back to the /usr/src/perl directory.
9. cpan
   NOTE: You must be on line with the Internet for the rest of this process to complete
   Go through the configuration process. You should read all of the questions and answer appropriately. I just kept pressing "enter" until I got to the question about my continent, then I started paying attention. Make sure you select several servers in case the first server you select doesn't work for some reason.
10. install Bundle::CPAN
    Once you get to the "cpan>" prompt, installing the CPAN bundle will complete the CPAN process. It will take several minutes, and may ask several questions. Just tell it the most expediant answer.
11. install Time::HiRes
    Install the Time::HiRes module from CPAN. By the way, this module can be installed directly from the Red Hat CD too.

Build & Install SpamAssassin

1. Log in as root.
2. perl -MCPAN -e shell
   Start the CPAN shell.
3. o conf prerequisites_policy ask
   Ask about prerequisites.
4. install Mail::SpamAssassin
   Install SpamAssassin. If the CPAN module doesn't work for some reason, then you can install this the old fashioned way (see the SpamAssassin web site). If you just can't get this working, then your mail server will still work -- it'll just let more spam through.
5. quit
   Quit CPAN.
6. vi /etc/mail/spamassassin/local.cf
   Edit the spamassassin configuration file. Add the following lines:

   
   skip_rbl_checks 1
   required_hits 8
   rewrite_subject 0
   report_header 1
   use_terse_report 1
   defang_mime 0
   

7. vi /usr/bin/spamd
   (You'll only have to do this for version 2.41 -- this is fixed in 2.50 and above).
   • Go to line 400.
   • Look for this line:

     $response_header .= "Spam: False ; $msg_score / $msg_threshold";

   • Change the "false" to "$response_spam_status" so it looks like this:

     $response_header .= "Spam: $response_spam_status ; $msg_score / $msg_threshold";

Build and install qmail-scanner

Qmail-scanner uses the command anti-virus to disinfect all email as it flows through the system.

1. Log in as root.
2. cd /usr/src/qmail
   Change to the source directory.
3. tar xvzf qmail-scanner-1.14.tgz
   Untar the sources.
4. cd qmail-scanner-1.14
   Change to the source directory.
5. spamd -d
   Start up SpamAssassin. If you get an about the address already being in use, then it's already started -- the failure is OK.
6. ./configure --debug no --install --admin postmaster --domain DOMAIN --notify sender,admin --local-domains "DOMAIN,FQDN"
   Configure qmail scanner for the local machine. Don't forget to use the values you wrote down in the worksheet where you see "DOMAIN" and "FQDN". It will ask you if you want to continue, tell it yes. Make sure it finds your virus checker.
7. killall spamd
   If you did not get an error on the "spamd -d" step, then go ahead and kill SpamAssassin. You'll restart it later in this procedure.

Install Webmin

Once Qmail is up and running, webmin gives you a GUI configuration tool for much of qmail. Since this is qmail-ldap, it isn't perfect.

1. Log in as root.
2. cd /usr/src/rpms
   Change to the rpms directory.
3. rpm -i webmin-0.990-1.noarch.rpm
   Install the webmin rpm.

Configure OpenLDAP

1. cd /etc/openldap
   Change to the /etc/openldap directory.
2. cp slapd.conf slapd.conf.orig
   Make a copy of the file you're about to change.
3. echo "rootpw `slappasswd -h {MD5}`" >> slapd.conf
   Generate the encrypted version of the LDAP_MANAGER_PASSWORD. Type in the password when prompted (twice). The results are formatted an put into the slapd.conf file.
4. vi /etc/openldap/slapd.conf
   Edit the LDAP server configuration file. And make the following changes:
   • Add the following "include" command after all the other "include" commands (probably after line 12):
     include /usr/src/qmail/qmail/qmail.schema
   • Find the line that begins with the word "suffix" (around line 64). Change the string in the quotes (dc=my-domain,dc=com) to the value of the LDAP_SUFFIX variable from the worksheet.
   • Do the same for "rootdn". Find the line that begins with the word "rootdn" (around line 66). Change the part of the string in the quotes that reads "dc=my-domain,dc=com" to the value of the LDAP_SUFFIX variable from the worksheet. For example, if the value for LDAP_SUFFIX in your worksheet is "dc=abc,dc=com", then the line would read:
     rootdn "cn=manager,dc=abc,dc=com"
   • Add the following lines to the bottom of the file. They restrict access to the LDAP directory:

     access to *
             by self write
             by users read
             by anonymous auth
             by * none
     	

5. /etc/init.d/ldap restart
   Restart the OpenLDAP server so your changes take place.
6. chkconfig --level 345 ldap on
   Make sure that the OpenLDAP server will be restarted next time the computer reboots.
7. vi /tmp/hier.ldif
   Create an .ldif file that will set up the initial structure of your LDAP database. Make sure you substitute LDAP_SUFFIX, and LDAP_ORG from the worksheet as appropriate:

   dn: LDAP_SUFFIX
   objectclass: top
   objectclass: organization
   o: LDAP_ORG
   description: LDAP_ORG
   
   dn: ou=people,LDAP_SUFFIX
   objectclass: top
   objectclass: organizationalUnit
   ou: people
   description: mail users

8. ldapadd -acrvx -h localhost -D "cn=manager,dc=abc,dc=com" -w secret -f /tmp/hier.ldif
   Remember to change the "dc=abc,dc=com" to the value of the LDAP_SUFFIX variable from the worksheet, and change the "secret" to the value of the LDAP_MANAGER_PASSWORD.
9. vi /tmp/usertemplate.ldif
   Create an .ldif template file for users in your LDAP database. Make sure you substitute LDAP_SUFFIX and DOMAIN from the worksheet as appropriate. Leave "FIRST" "LAST" and "UID" as they are in the template, they're used in the next step. Note: Make sure there are NO BLANK LINES in this file.

   dn: cn=FIRST LAST,ou=people,LDAP_SUFFIX
   objectClass: top
   objectClass: inetOrgPerson
   objectClass: qmailUser
   objectClass: person
   cn: FIRST LAST
   givenname: FIRST
   sn: LAST
   uid: UID
   mail: UID@DOMAIN
   mailAlternateAddress: UID@FQDN
   mailMessageStore: UID
   

10. cp /tmp/usertemplate.ldif /tmp/fflintstone.ldif
    Copy the template so you can create your first user, Fred Flintstone.
11. vi /tmp/fflintstone.ldif
    Modify the copy of the template so that it reflects all of the actual values for a real person. Make sure it the "FIRS", "LAST" and "UID" values are changed to a real first and last name and email address. The example below shows the DOMAIN as "abc.com" and the LDAP_SUFFIX as "dc=abc,dc=com".

    dn: cn=Fred Flintstone,ou=people,dc=abc,dc=com
    objectClass: top
    objectClass: inetOrgPerson
    objectClass: qmailUser
    objectClass: person
    cn: Fred Flintstone
    givenname: Fred
    sn: Flintstone
    uid: fflintstone
    mail: fflintstone@abc.com
    mailAlternateAddress: fflintstone@mail.abc.com
    mailMessageStore: fflintstone
    

12. echo "userPassword: `slappasswd -h {MD5}`" >> /tmp/fflintstone.ldif
    Generate the encrypted version of the Fred Flintstone's password. Type in the password when prompted (twice). The results are formatted an put into the ldif.file. Remember this password (it's not on the worksheet). From here on out, I'll refer to it as "Fred's password".
13. ldapadd -acrvx -h localhost -D "cn=manager,dc=abc,dc=com" -w secret -f /tmp/fflintstone.ldif
    Add the Fred Flintstone user to the ldap database. Remember to change the "dc=abc,dc=com" to the value of the LDAP_SUFFIX variable from the worksheet, and change the "secret" to the value of the LDAP_MANAGER_PASSWORD.
14. Repeat the last four steps as many times as necessary to add the users to your database. If you have a lot of users, you may want to build one large ldif file instead of one for each user. Put a blank line between each user. Alternatively, you can use the gq program to add users using a gui interface.

Configure Qmail

Configuring qmail is quite complex. The tasks are broken down here into managable pieces. They should be done in the order shown to work correctly.

/var/qmail/control and /etc files

The /var/qmail/control directory contains most of the qmail configuration files. Each file holds one value.

1. cd /var/qmail/control
   Change to the main qmail control directory.
2. echo "./Maildir/" > defaultdelivery
   Set up a maildir as the default delivery mechanism.
3. echo 3 > qmail-start-loglevel
   Logging level for start. 3 is good for a production system, 255 gives you lots of detail for debugging.
4. echo 3 > qmail-pop3d-loglevel
   Logging level for pop3d. 3 is good for a production system, 255 gives you lots of detail for debugging.
5. echo 4000000 > qmail-pop3d-softlimit
   Limits the amount of memory used by the pop3 system. Effictively limits the size of an email too.
6. echo 8000000 > qmail-smtpd-softlimit
   Limits the amount of memory used by the smtp system. Effictively limits the size of an email too. It's 8 megs on onbound for the virus/spam protection software.
7. (cd ~vmail && pwd) > ldapmessagestore
   Set the message store for all qmail messages (should be /home/vmail).
8. id -u vmail > ldapuid
   Set up the owner of all of the messages.
9. id -g vmail > ldapgid
   Set up the group of all of the messages.
10. hostname > me
    Put the fully qualified domain name of this server into the "me" file.
11. echo DOMAIN > defaultdomain
    That is, DOMAIN from the worksheet.
12. echo DOMAIN > rcpthosts
    The rcpthosts file contans _all_ of the names that this machine will accept mail for.
13. hostname >> rcpthosts
    Append the host name to the rcpthosts file. You should put any other domains you might collect mail for here also.
14. cp rcpthosts locals
    This is a list of domains for which mail will be locally delivered.
15. echo "LDAP_SUFFIX" > ldapbasedn
    Get LDAP_SUFFIX from the worksheet.
16. echo localhost > ldapserver
    If your ldap server is not on this machine then change this accordingly.
17. echo "cn=manager,LDAP_SUFFIX" > ldaplogin
    Get LDAP_SUFFIX from the worksheet.
18. echo "LDAP_MANAGER_PASSWORD" > ldappassword
    Get LDAP_MANAGER_PASSWORD from the worksheet.
19. chmod 600 ldappassword
    Cleartext, so secure.
20. echo 20 > concurrencyincoming
    Number of concurrent inbound messages.
21. chmod 644 concurrencyincoming
    Cleartext, so secure.
22. echo "/var/qmail/bin/dirmaker" > dirmaker
    Name the script that creates directories as needed in /var/home/vmail.
23. vi /etc/tcp.smtp
    Create a tcp.smtp file with the following two lines:

    127.:allow,RELAYCLIENT=""
    :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
    

The qmailctl script

The qmailctl script, which is not part of the qmail package, is useful for bringing qmail up and down, and for integrating it into Red Hat's init procedures.

1. cd /var/qmail
   Back to the qmail install root directory.
2. mv /usr/src/qmail/qmailctl-script-dt70 bin/qmailctl
   Move the qmailctl script some place more handy
3. chmod a+x bin/qmailctl
   Change the permissions of the qmailctl script source to executable.
4. ln -s /var/qmail/bin/qmailctl /usr/bin/qmailctl
   Put the qmailctl script on the path.
5. ln -s /var/qmail/bin/qmailctl /etc/init.d/qmailctl
   Make the qmailctl script available to the init system.
6. qmailctl cdb
   Rebuild the cdb database.
7. chkconfig --level 2345 qmailctl on
   Enable qmail on reboot.
8. chkconfig --level 2345 sendmail off
   Disable sendmail on reboot.
9. /etc/init.d/sendmail stop
   Stop currently running sendmail.

The /var/qmail/rc and bin/dirmaker scripts

The /var/qmail/rc script, which comes from section 2.8.1 of Life with Qmail, actually boots qmail.

1. cd /var/qmail
   Back to the qmail install root directory.
2. vi bin/dirmaker
   Create the script that creates user directories as they are needed.

   #!/bin/sh
   echo '----------------------------------------------' >> /tmp/dirmaker
   date >> /tmp/dirmaker
   echo $1 >> /tmp/dirmaker
   id >> /tmp/dirmaker
   
   mkdir --parents -m 700 -p $1/Maildir
   mkdir --parents -m 700 -p $1/Maildir/tmp
   mkdir --parents -m 700 -p $1/Maildir/cur
   mkdir --parents -m 700 -p $1/Maildir/new
   chown -R vmail:vmail $1
   

3. vi rc
   Using your favorite editor, create the rc file as follows. Make sure that you get the backward and forward quotes correct (See "Life with Qmail" for more information.

   #!/bin/sh
   QLOG="`cat /var/qmail/control/qmail-start-loglevel`"
   DEFD="`cat /var/qmail/control/defaultdelivery`"
   exec env - PATH="/var/qmail/bin:$PATH" LOGLEVEL="$QLOG" qmail-start "$DEFD"
   

4. chmod 755 rc bin/dirmaker
   Don't forget to make them executable.

The supervise scripts

The supervise scripts set up the run-time environment for the various qmail services. This whole section is a superset of section 2.8.2.2 of Life with Qmail. Several scripts from this section are quite long. You should probably paste them in.

1. mkdir -p /var/qmail/supervise/qmail-send/log
   Create the path to the qmail-send log.
2. mkdir -p /var/qmail/supervise/qmail-smtpd/log
   Create the path to the qmail-smtpd log.
3. mkdir -p /var/qmail/supervise/qmail-pop3d/log
   Create the path to the qmail-pop3d log.
4. mkdir -p /var/qmail/supervise/qmail-poplock
   Create the path to the qmail-poplock.
5. mkdir -p /var/qmail/supervise/spamd
   Create the path to the spamd start script.
6. Create the /var/qmail/supervise/qmail-send/run with your favorite editor.

   #!/bin/sh
   exec /var/qmail/rc
   

7. Create the /var/qmail/supervise/qmail-send/log/run with your favorite editor.

   #!/bin/sh
   exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail
   

8. Create the /var/qmail/supervise/qmail-smtpd/run with your favorite editor. Note, for this one you might want to paste the script in from this web page.

   #!/bin/sh
   QUID=`id -u qmaild`
   QGID=`id -g qmaild`
   MAXD=`head -1 /var/qmail/control/concurrencyincoming`
   HOST=`head -1 /var/qmail/control/me`
   SOFT=`head -1 /var/qmail/control/qmail-smtpd-softlimit`
   CDBF="/etc/tcp.smtp.cdb"
   
   if [ -z "$QUID" -o -z "$QGID" -o -z "$MAXD" -o -z "$HOST" ]; then
       echo QUID, QGID, MAXD, or HOST is unset in
       echo /var/qmail/supervise/qmail-smtpd/run
       exit 1
   fi
   
   exec    /usr/local/bin/softlimit        -m $SOFT        \
           /usr/local/bin/tcpserver        -v              \
                                           -R              \
                                           -l $HOST        \
                                           -x $CDBF        \
                                           -c $MAXD        \
                                           -u $QUID        \
                                           -g $QGID        \
                                           0               \
                                           smtp            \
           /var/qmail/bin/tcp-env                          \
           relaylock                                       \
           /var/qmail/bin/qmail-smtpd      2>&1
   
   

9. Create the /var/qmail/supervise/qmail-smtpd/log/run with your favorite editor.

   #!/bin/sh
   exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd
   

10. Create the /var/qmail/supervise/qmail-pop3d/run script with your favorite editor.

    #!/bin/sh
    IP=`head -1 /var/qmail/control/me`
    LL=`head -1 /var/qmail/control/qmail-pop3d-loglevel`
    SL=`head -1 /var/qmail/control/qmail-pop3d-softlimit`
    exec                                                            \
            env LOGLEVEL=$LL                                        \
            softlimit -m $SL                                        \
            /usr/local/bin/tcpserver -v -R -H -l 0 -c 100 $IP pop3  \
            /var/qmail/bin/qmail-popup $IP                          \
            /var/qmail/bin/tcp-env                                  \
            /var/qmail/bin/auth_pop                                 \
            /var/qmail/bin/qmail-pop3d Maildir 2>&1
    

11. Create the /var/qmail/supervise/qmail-pop3d/log/run with your favorite editor.

    #!/bin/sh
    exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/pop3d e 2> /var/smtp-poplock/fifo
    

12. Create the /var/qmail/supervise/qmail-poplock/run script with your favorite editor.

    #!/bin/sh
    exec readlog
    

13. Create the /var/qmail/supervise/spamd/run script with your favorite editor.

    #!/bin/sh
    exec spamd -x -L
    

14. find /var/qmail/supervise/ -name run -exec chmod 755 {} \;
    Make the run files executable.
15. mkdir -p /var/log/qmail/smtpd /var/log/qmail/pop3d
    Create the log directories.
16. chown -R qmaill:nofiles /var/log/qmail
    Set the ownership for the log directories.
17. mkdir -p /supervise
    Create the supervise directory in case it doesn't already exist.
18. Note: after the following step, qmail should come to life by itself. If you don't want it to start just yet, then as soon as the next step completes, type qmailctl stop.
19. for x in /var/qmail/supervise/*; do ln -s $x /service ; done
    Link the supervise directories into /service.

Conclusion

That's it! You should now have a running qmail server. Send some mail to and from Fred Flintstone. Create more mail boxes. Set up the server to receive mail for more domains. There's so much you can do with qmail now that you have it up and running. If things don't work, then go over all of the configuration steps with a fine toothed comb (one of the black ones). I've gone through this script from scratch two times, and it does work, but everything must be exactly right.

One thing to realize is you're probably in for a lot more tweaking to get the email server just the way you want it. You're probably going to have to spend some time with the resources at the bottom of this Howto.

Tips and Tricks

1. Are the processes running?
   ps aux
   Do a ps and look for the qmail daemons. There should be four of them, all idle: qmail-send, running as qmails; qmail-lspawn, running as root; qmail-rspawn, running as qmailr; and qmail-clean, running as qmailq. You will also see splogger, running as qmaill.
2. Check the Logs
   The logs are named "current" and are in /var/log/qmail and it's sub directories. Tail them as you try pop3 and smtp to see what's going on. If you're getting ldap errors, try setting "qmail-pop3d-loglevel" and "qmail-smtpd-loglevel" to 255 and restarting qmail.
3. Completely Restarting Qmail
   The best way I've found to completely restart qmail is to comment svcscan out of /etc/inittab, then do a "kill -HUP 1", then uncomment it out of /etc/inittab, then do another "kill -HUP 1".
4. Deleteing a mailbox
   ldapdelete -crvx -h localhost -D "cn=manager,dc=abc,dc=com" -w secret "cn=Fred Flintstone,ou=people,dc=abc,dc=com"
   You can delete and recreate users with this syntax. Obviously, you'll change the particulars to fit your environment.

Resources