TITLE Qmail and Cyrus Imap with virtual domains LFS VERSION ...

TITLE: Qmail and Cyrus Imap with virtual domains

LFS VERSION: Tested on LFS-4.0

AUTHOR: Ivo Schaap



SYNOPSIS: How to install and configure a mail system that can

handle mail to multiple domains using virtual domains.



HINT:



version 1.2 (16/10/2002)



- Changed LFS version from 3 to 4

- Added c-client to the list of prerequisites, there could be more deps

!!

- Moved Berkeley DB there as well and version updated from 3.0.1 ->

4.0.14

- Moved cyrus-sasl-1.5.27 -> cyrus-sasl-2.1.9

- Moved cyrus-imapd-2.0.16 -> cyrus-imapd-2.1.9

- Added Transport Layer Security (TLS) support

- Added Openssl 0.9.6g

- Added Avmailgate 2.0.1.7

- Added Nail 10.0

- Added Fcron 2.0.0

- Added Procmail 3.22

- Added SpamAssassin 2.43

- Added Vipul's Razor v2.20 + sdk 2.20

- Added F-prot Antivirus 3.12b

- Added Distributed Checksum Clearinghouse 1.1.15

- Added Anomy-sanitizer 1.55

- Added Various comments and command improvements



version 1.1 (12/15/2001)



- Initial commit







TABLE OF CONTENTS

=================



1. Sources

2. Introduction

3. Prerequisites

4. Installation of Avmailgate

5. Installation of Qmail

6. Installation of Nail

7. Installation of Fcron

8. Installation of Procmail

9. Installation of SpamAssassin

10. Installation of Razor-agents

11. Installation of Razor-agents-sdk

12. Installation of F-Prot Antivirus

13. Installation of Distributed Checksum Clearinghouse

14. Installation of Anomy-sanitizer

15. Installation of Imap

16. Configuration of Qmail and Mailboxes

17. Configuration of Procmail

18. Starting up all processes

19. Monitoring the processes

20. Migrating mail from backups

21. Interesting readings

22. Legal Blurb







1. Sources

==========



Berkeley DB:

http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz



C-client library:

ftp://ftp.cac.washington.edu/imap/c-client.tar.Z

imap-2002.RC7



Openssl:

ftp://ftp.openssl.org/source/openssl-0.9.6g.tar.gz



Avmailgate:

http://www.hbedv.com/files/antivir/release/avlxmgt.tgz

avmailgate-2.0.1.7-Linux-glibc



The free license can be ordered here:

http://www.antivir.de/order/privreg/order_e.htm



Qmail:

http://cr.yp.to/software/qmail-1.03.tar.gz



Nail:

http://omnibus.ruf.uni-freiburg.de/~gritter/archive/nail/nail-10.0.tar.gz



Fcron:

http://fcron.free.fr/fcron-2.0.0.src.tar.gz



Procmail:

http://www.procmail.org/procmail-3.22.tar.gz



SpamAssassin:

http://spamassassin.taint.org/released/Mail-SpamAssassin-2.43.tar.gz



Razor:

http://razor.sourceforge.net/download/index.html

razor-agents-sdk-2.03.tar.gz

razor-agents-2.20.tar.gz



F-Prot Antivirus:

ftp://ftp.f-prot.com/pub/f-prot_3.12b.tar.gz

Distributed Checksum Clearinghouse:

http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z

dcc-dccproc-1.1.15



Anomy-sanitizer:

http://mailtools.anomy.net/dist/anomy-sanitizer-1.55.tar.gz



IMAP/SASL:

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.9.tar.gz

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.9.tar.gz





2. Introduction

===============



First of all I wanna thank Gerard and all the others for providing

the platform where we do the stuff we do.



In this hint we setup a mail server that serve two virtual example

domains

and have different example users per domain:



- linuxfromsource.org



- John the Ripper john@linuxfromsource.org

- Susie Summer susie@linuxfromsource.org

- Dirk Beekmans dirk@linuxfromsource.org





- linuxfrombinary.org



- Olaf Olsen olaf@linuxfrombinary.org

- Jennifer Loopneus jennifer@linuxfrombinary.org

- Pamela Andersom pamela@linuxfrombinary.org



John is the local administer so he gets the mail for root, postmaster and

himself. All the usernames must be unique as each user has its own box so

if

olaf have a email account on linuxfrombinary AND linuxfromsource he must

be the same person because its the same mailbox. And if Olaf opens his

mailbox he sees mail from both the domains. Comprende ?



There is also a cyrus user to administer the IMAP server daemon and the

mailboxes. But he got a password for both for unix and imap/sasl.



A mail user do not needs a unix password set to get mail. If one of the

mail users needs access on the mail server you give him a unix password

as well as the imap/sasl password.







3. Prerequisites

================

A. The MX record

----------------



Make sure there is an MX record in DNS to point mail for the virtual

domains

to the host running qmail. (Mostly the DNS runs on the ISP side.)



This is what roughly happens:



Here is a mail to olaf@linuxfrombinary.org to your SMTP server.



The SMPT server wants to find out who is linuxfrombinary.org. An email

address

as well as a web site address needs to be resolved in an ip address.

DNS ( Domain Name Server) is used to resolve the domain in an ip address

and point to a mail server that will accept connections.

An MX (mail exchange) record is used for that.



Now the mail is routed to your ip adders for your mail server on port 25.

Port 25 is your SMTP port that listens for mail from your domains.

Your IP address can be your fixed DSL ip address or a connection on your

campus, or other fixed ip address connections to the internet. If you

behind

masquerading you need to set up forwarding rules for both smtp and imap.

It

should be possible have a dynamic ip address domain name solution on the

internet from where you can host your mail server from dailup or isdn

connections.





B. Berkeley DB

--------------



UCB's database library version-4.0.14

Cyrus IMAP will not compile with the version of Berkeley DB 4.1.24.

Or maybe there is a patch for it. Let me know ;)



Use this to install it once your in the unpacked tarball of Berkeley DB.



cd build_unix/

../dist/configure \

--prefix=/usr /

--enable-compat185 \

make docdir=/usr/doc/Berkeley-DB all install



chown -R 0.0 /usr/doc/Berkeley-DB

chmod -R go-w /usr/doc/Berkeley-DB





C. c-client library (Optional)

--------------------------------



I have this already installed and this is imap related. Adjust to taste

this is what i used. Its only a static library with some headers for

development. (this is the minimum requirement for IMAP in PHP.



cd src/osdep/unix

vi Makefile



= New



31,34c31,34

SSLDIR=/usr/ssl

> SSLCERTS=/etc/ssl/certs

> SSLINCLUDE=/usr/include

> SSLLIB=$/usr/lib

73,75c73,75

SPOOLDIR=/var/spool

> MAILSPOOL=/var/mail

> NEWSSPOOL=/var/news



cd ../../../



make slx &&

cd c-client &&

cp c-client.a /usr/lib &&

cp c-client.h /usr/include &&

cp imap4r1.h /usr/include &&

cp rfc822.h /usr/include &&

cp mail.h /usr/include &&

cp linkage.h /usr/include &&

cp env.h /usr/include &&

cp env_unix.h /usr/include &&

cp fs.h /usr/include &&

cp ftl.h /usr/include &&

cp misc.h /usr/include &&

cp nntp.h /usr/include &&

cp nl.h /usr/include &&

cp osdep.h /usr/include &&

cp smtp.h /usr/include &&

cp tcp.h /usr/include &&

ln -s /usr/lib/c-client.a /usr/lib/libc-client.a &&

ln -s /usr/lib/c-client.a /usr/lib/libc-client4.a





D. Open Secure Socket Layer

---------------------------

We Only need it if you plan to use imap with ssl but its also needed

with Openssh so you might already have it.



cp Configure Configure.dist



vi +337 Configure # for optimization edit this file



And change:

-m486



In:

-march=i686



mv doc/apps/passwd.pod doc/apps/openssl-passwd.pod

./Configure linux-elf \

--openssldir=/etc/ssl \

--prefix=/usr shared

make MANDIR=/usr/share/man all install

rmdir /etc/ssl/lib





E. Other deps

-------------



If any one know of other imap/mail deps, mail me, i have 70+ packs

already

installed beyond lfs-4 when i start building this server.

In /path/to/cyrus-imapd-2.1.9/doc/install-prereq.html you find them all.







4. Installation of Avmailgate

==============================



Avmailgate offers virus protection by having a daemon listening on port

25.

This is the SMPT port. When mail gets thru, it uses qmail's sendmail

wrapper

to inject the mail into the qmail queue.



The other option is to have qmail's smtp server started from (x)inetd and

listening on port xxx where avmailgate is forwarding virus checked mail

to.

But this gives only more rules for the firewall when heres an other port

open.





cd /usr/src/avmailgate-2.0.1.7-Linux-glibc



mkdir /usr/lib/AntiVir



cp vdf/antivir.vdf /usr/lib/AntiVir

cp bin/antivir /usr/lib/AntiVir

chown -R daemon.daemon /usr/lib/AntiVir



cp etc/avmailgate.conf /etc

cp etc/avmailgate.acl /etc

cp etc/antivir.conf /etc

-------------------------------------------------------------------------

-------

Edit /etc/avmailgate.conf # Here we say witch user and group

# avgate runs under and to use the

# sendmail wrapper from qmail that

# we install in the next section.



Change:



# User uucp

# Group uucp



# ForwardTo /usr/lib/sendmail -oem -oi



In:



User daemon

Group daemon



ForwardTo /usr/sbin/sendmail -oem -oi



-------------------------------------------------------------------------

-------

Edit /etc/avmailgate.acl # We do this to prevent relaying

to

# other domains than ours.

Change:



local: hbedv.com antivir.de



In:



local: linuxfromsource.org linuxfrombinary.org



-------------------------------------------------------------------------

-------



cp bin/avgated /usr/sbin

cp bin/avgatefwd /usr/sbin



mkdir /var/spool/avmailgate

chown daemon.daemon /var/spool/avmailgate



chmod 700 /var/spool/avmailgate

cd /var/spool/avmailgate

mkdir incoming

mkdir outgoing

mkdir rejected

chown daemon.daemon *

chmod -R 700 *



cp hbedv.key /usr/lib/AntiVir/avmgate.key

chown daemon.daemon /usr/lib/AntiVir/avmgate.key



cp script/antivirupdater /usr/sbin



In the fcron section we set the cron job for antivirupdater



cp init/rc.avgate /etc/rc.d/init.d/avgate



chmod 700 /etc/init.d/avgate



Adjust the Sxx and Kxx to your situation



cd /etc/rc.d/rc0.d &&

ln -s ../init.d/avgate Kxxavgate &&

cd ../rc3.d &&

ln -s ../init.d/avgate Sxxavgate &&

cd ../rc6.d &&

ln -s ../init.d/avgate Kxxavgate







5. Installation of Qmail

========================



A. Create a working directory for Qmail and untar sources

---------------------------------------------------------



mkdir /opt/qmail &&

mkdir /opt/qmail/alias &&

cd /usr/src &&

tar zxvpf qmail-1.03.tar.gz &&

cd qmail-1.03 &&





B. Change the program parameters. Read the documentation for other

modifications

------------------------------------------------------------------



vi conf-qmail



Add :



/opt/qmail



vi conf-cc



Add: (Use your own architecture)



gcc -O3 -march=i686

C. Create user and group ID's

-----------------------------



vi /etc/group



Add: (Use your own ID's if this is conflicting)



nofiles:x:100:

qmail:x:110:



vi /etc/passwd



Add: (Use your own ID's if this is conflicting)



alias:x:1000:100::/opt/qmail/alias:

qmaild:x:1001:100::/opt/qmail:

qmaill:x:1002:100::/opt/qmail:

qmailp:x:1003:100::/opt/qmail:

qmailq:x:1004:110::/opt/qmail:

qmailr:x:1005:110::/opt/qmail:

qmails:x:1006:110::/opt/qmail:



pwck && grpck





D. DNS Hack to use DNS response packets larger than 512 bytes

Qmail 1.03 chokes on large DNS packets sometimes.

-------------------------------------------------------------



vi +24 dns.c



And change:



static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response;



In:



static union { HEADER hdr; unsigned char buf[65536]; } response;





E. Final compilation and installation

-------------------------------------



make setup check





F. Create the init script.

--------------------------



cat /etc/init.d/qmail



#!/bin/bash

# Begin $rc_base/init.d/qmail

# Based on sysklogd script from LFS-3.1 and earlier.

# Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org



source /etc/sysconfig/rc

source $rc_functions



test -x /opt/qmail/rc || exit 0



case "$1" in

start)

echo -n "Starting Qmail... "

sh -cf '/opt/qmail/rc &'

evaluate_retval

;;



stop)

echo -n "Stopping Qmail... "

killall -9 qmail-send

evaluate_retval

;;



restart)

echo -n "Restarting Qmail... "

killall -HUP qmail-lspawn

killall -ALRM qmail-lspawn

evaluate_retval

;;



*)

echo "Usage: $0 {start|stop|restart}"

exit 1



esac



exit 0



# End /etc/rc.d/init.d/qmail

EOF





G. Set up links and permissions

-------------------------------



chmod 700 /etc/init.d/qmail



Adjust the Sxx and Kxx to your situation



cd /etc/rc.d/rc0.d &&

ln -s ../init.d/qmail Kxxqmail &&

cd ../rc3.d &&

ln -s ../init.d/qmail Sxxqmail &&

cd ../rc6.d &&

ln -s ../init.d/qmail Kxxqmail

cd /usr/sbin &&

ln -s /opt/qmail/bin/sendmail





H. Note

-------



Configuration of qmail can happen in many ways, read the documentation

on the different kinds of configurations. At the end of this document I

go into initialization and configuration of qmail.







6. Installation of Nail

============================



This peace of software is used by internal processes such as

fcron.



./configure --prefix=/usr \

--with-mailspool=/var/mail \

--with-sendmail=/usr/sbin/sendmail &&

make &&

make install &&

cd /usr/bin &&

ln -s /usr/bin/nail mail &&

ln -s /usr/bin/nail mailx







7. Installation of fcron

========================



Fcron is the program we use as scheduler for some virus update scripts.

Its a very handy program anyway so here we go.



A. Setting up a fcron user and group.

-------------------------------------



vi /etc/passwd

fcron:x:14:14::/dev/null:/bin/false



vi /etc/group

fcron:x:14:





B. Configure fcron

------------------



./configure --prefix=/usr \

--with-username=fcron \

--with-sendmail=/usr/sbin/sendmail \

--with-groupname=fcron

C. Add Optimization for you system.

-----------------------------------

vi Makefile



OPTIM = -O3 -march=i686 -Wall





D. Make and install fcron.

--------------------------



make &&

make install &&

cd /usr/sbin &&

ln -s fcron cron &&

cd /usr/bin &&

ln -s fcrontab crontab



E. Add init script to /etc/rc.d/init.d

--------------------------------------



cat > /etc/rc.d/init.d/fcron ::



eg:



perldoc Mail::Audit





Oke now the local source tarball method.



Untar the SpamAssassin archive and say:



perl Makefile.PL

make

make -s install



If you want to prevent spam checking from eg. user@domain.com you

only have to this:



Edit /etc/mail/spamassassin/local.cf



Add:



whitelist_from user@domain.com







10. Installation of Razor-agents.

=================================

Read:

http://razor.sourceforge.net/docs/install.html



Untar the razor-agents archive and say:



perl Makefile.PL

make

make -s install







11. Installation of Razor-agents-sdk.

=====================================



Oke Razor will work fine without them, so this is optional.

perl Makefile.PL

make

make -s install







12. Installation of F-Prot Antivirus.

=====================================



cd /usr



tar zxvf /path/to/fp-linux_3.12b.tar.gz

mv fp-linux_3.12b f-prot



ln -fs /usr/f-prot/f-prot.sh bin/f-prot

ln -fs /usr/f-prot/man8/f-prot.8 man/man8/

ln -fs /usr/f-prot/man8/check-updates.sh.8 man/man8/



chmod +x /usr/f-prot/f-prot*

chmod +x /usr/f-prot/check*



ln -fs /usr/f-prot/man8/f-prot.8 man/man8/

ln -fs /usr/f-prot/man8/check-updates.sh.8 man/man8/



For more information see this:



/usr/bin/f-prot -help







13. Installation of Distributed Checksum Clearinghouse.

=======================================================



./configure \

--bindir=/usr/bin \

--mandir=/usr/man

make all install



Now to see if it all works do:



cdcc 'info'







14. Installation of Anomy-sanitizer.

===================================



Anomy-sanitizer uses this perl library's, but they are already

installed with a standard perl install.



MIME::Base64

MIME::QuotedPrint

Untar the packet in /usr/src



cd /usr/src

mv anomy /usr

chmod 750 /usr/anomy

mkdir /var/quarantine



This whole section is used from the mail.txt hint.

Its a good config so why not use it ?





cat > /usr/anomy/anomy.conf /etc/rc.d/init.d/imapd cm user.john

localhost.localnet> cm user.john.SPAM

localhost.localnet> quit



Become root again



exit



And set the imap password for john



saslpasswd2 john





There are more things possible, but knowing to delete a mailbox is handy

if you new to all this.



Say to the access control list of the user john mailbox that the

cyrus user may delete john's folders, this is not the default case.



localhost.localnet> setaclmailbox user.john cyrus c

localhost.localnet> deletemailbox user.john



If you want to get into it do this:



localhost.localnet> help





authenticate, login, auth authenticate to server

chdir, cd change current directory

createmailbox, create, cm create mailbox

deleteaclmailbox, deleteacl, dam remove ACLs from mailbox

deletemailbox, delete, dm delete mailbox

disconnect, disc disconnect from current server

exit, quit exit cyradm

help, ? show commands

info display mailbox/server metadata

listacl, lam, listaclmailbox list ACLs on mailbox

listmailbox, lm list mailboxes

listquota, lq list quotas on specified root

listquotaroot, lqr, lqm show quota roots and quotas for mailbox

reconstruct reconstruct mailbox (if supported

renamemailbox, rename, renm rename (and optionally relocate)

mailbox

server, servername, connect show current server or connect to

server

setaclmailbox, sam, setacl set ACLs on mailbox

setinfo set server metadata

setquota, sq set quota on mailbox or resource

version, ver display version info of current server







14. Configuration of Qmail and Mailboxes.

=========================================



A. First make sure all mail users have valid unix accounts.

-----------------------------------------------------------



Users will not require a password set. So they become

valid unix accounts without unix login.

John is an admin because root is not supposed to get mail.





vi /etc/passwd



john:x:501:500:John the ripper:/home/john:/bin/bash

susie:x:502:500:Susie Summer:/home/susie:/bin/bash

dirk:x:503:500:Dirk Beekmans:/home/dirk:/bin/bash

olaf:x:504:500:Olaf Olsen:/home/olaf:/bin/bash

jennifer:x:505:500:Jennifer Loopneus:/home/jennifer:/bin/bash

pamela:x:506:500:Pamela Andersom:/home/pamela:/bin/bash/bash



vi /etc/group

mailuser:x:500:john,susie,dirk,olaf,jennifer,pamela



cd /home



mkdir john susie dirk olaf jennifer pamela



chown -R .mailuser / (for all users)



You repeat the above line if you finished or do it as last



B. Create a master user ID and home directory for the new domain

----------------------------------------------------------------



This is roughly how stuff works.

Mail is coming in for a domain, lets say pamela@linuxfrombinary.org.

It's first put into a drop box /home/binary/Maildir/ and then processed

further via .qmail-xxx files. These files contain a user name who is

supposed

to get the mail. The user has a .qmail file in his or her home directory

which says what to do with the incoming mail. In this case pipe it to

the program /usr/bin/procmail that filters the mail and send that to the

/usr/cyrus/bin/deliver program which stores it in the IMAP boxes.



cd /home



mkdir source binary



vi /etc/passwd



source:x:507:500:Mail account for

linuxfromsource.org:/home/source:/bin/bash

binary:x:508:500:Mail account for

linuxfrombinary.org:/home/binary:/bin/bash



vi /etc/group



mailuser:x:500:john,susie,dirk,olaf,jennifer,pamela,source,binary





chown -R source.mailuser source/

chown -R binary.mailuser binary/





C. Editing the Qmail Control/Config files

-----------------------------------------



Editing the control files is tricky and I've spent lot's of time

fiddling around with it. Key thing to understand is that

the host and domainname have something to do with the canonicalized

name that is assigned to your link with the internet.

For the people that use a ppp or an adsl connection this is often

something like sdf23-2.dsl.blabla.com Please don't ask me why,

it works and if anyone has a good explanation mail me !!

One way of finding out is with the commands that come with bind

dig or nslookup you can also try to login on an other box, logout,

and than run to that other box login again and read: your last login

was on xxx.xxxx.xxxxx.org or do an chat session on that box. I know

it isn't elegant but it works ;-)



For now lets hack some qmail





-------------------------------------------------------------------------

-------

cat /opt/qmail/rc

#!/bin/sh



# Using splogger to send the log through syslog.

# Using qmail-local to deliver messages to Maildir by default.



exec env - PATH="/opt/qmail/bin:$PATH" \

qmail-start ./Maildir/ splogger qmail &

EOF

-------------------------------------------------------------------------

-------



chmod 700 /opt/qmail/rc



cd /opt/qmail/control



-------------------------------------------------------------------------

-------



Edit: me # This is the hostname of local

server



Add:



(example adsl32.net.xs4all.nl)



-------------------------------------------------------------------------

-------



Edit: virtualdomains # Specify virtual domains



Add:



linuxfromsource.org:source

linuxfrombinary.org:binary



-------------------------------------------------------------------------

-------



Edit: locals # Domains that should be treated

as

locals

Add:



localhost # The local name

adsl32.net.xs4all.nl # The canonicalized name

intern.net # An example local domain



-------------------------------------------------------------------------

-------



Edit: defaultdomain # Same as 'me' minus the first

part



Add:



(example net.xs4all.nl)



-------------------------------------------------------------------------

-------



Edit: smtpgreeting # Adjust to taste



Add:



Hi and welcome to this SMTP server



-------------------------------------------------------------------------

-------



Edit: rcpthosts # Important file to prevent

relaying of

mail by outsiders, List all

machines

and domains on the network that

allowed to relay mail on this

server.



Add:



linuxfrombinary.org

linuxfromsource.org

otherinterndomain.org

internhost1

internhost2



chmod 644 *





Make the aliases, John is a mortal user on the system who gets

administrative email eg for root and for bounced or failed messages.

The first three aliases are necessary. For each user an alias is a

necessity.

and only needs the username



cd /opt/qmail/alias

echo john > .qmail-mailer-daemon

echo john > .qmail-postmaster

echo john > .qmail-root



and further for all users:



echo > .qmail-



eg



echo john > .qmail-john





D. Per user virtual domain config

--------------------------------



Now we split up our users for the virtual domains. If new mail arrives it

is

forwarded to the user in the first part of the email address. Lets say

there

is mail for susie@linuxfromsource.org. The alias file .qmail-susie is

used to

forward the mail to susie, '&user' means forward. The .qmail file in her

home

directory now determine the faith of the message.



The file .qmail-default is used if all other usernames fails to have a

.qmail- alias for it. For example 'zuzie@linuxfromsource.org'.

You can write one line that says: ./Maildir/ to .qmail-default.

Now unresolved mail is sitting in the /home/virt-dom/Maildir/new

directory.



John is the local mail admin who loves to get the unresolved mail and

therefore

we say &john to '.qmail-default'. Now John determine the faith of the

message.

He either trash it of forward it to the appropriate recipient.







cd /home/source

/opt/qmail/bin/maildirmake Maildir

echo '&john' > .qmail-default

echo '&john' > .qmail-postmaster

echo '&john' > .qmail-webmaster

echo '&john' > .qmail-root

echo '&john' > .qmail-john

echo '&susie' > .qmail-susie

echo '&dirk' > .qmail-dirk

chown -R source.mailuser .

chmod 640 .qmail-*

cd /home/binary

/opt/qmail/bin/maildirmake Maildir

echo '&john' > .qmail-default

echo '&john' > .qmail-postmaster

echo '&john' > .qmail-webmaster

echo '&john' > .qmail-root

echo '&olaf' > .qmail-olaf

echo '&jennifer' > .qmail-jennifer

echo '&pamela' > .qmail-pamela

chown -R binary.mailuser .

chmod 640 .qmail-*





And now for all users substitute for the login name. Here comes

the

filtering with procmail into play.



cd /home/



echo '| preline /usr/bin/procmail' > .qmail



Now make sure the permissions are set right.



chown -R .mailuser / (for all users)







16. Configuration of Procmail.

==============================



Here you find a example configuration file, adjust to taste

This goes to each users home directory, change the

with the real user name eg. john



touch /var/log/procmail.log

chmod 666 /var/log/procmail.log



chmod 600 /home//.procmailrc



cat > .procmailrc "

PATH=/usr/bin:/bin:/usr/cyrus/bin:/usr/anomy/bin

SHELL=/bin/bash

#VERBOSE=1 # uncomment these if you want to

see

#LOGABSTRACT=all # more what's happening in

procmail.log

LOGFILE="/var/log/procmail.log"

SANE="deliver -a $USER -m user.$USER"

SPAM="$SANE.SPAM"

ANOMY=/usr/anomy



#######################################################

# FIRST: REMOVE THE LEADING "From " field #

# Cyrus bombs if it sees a leading "From " (not #

# to be confused with "From:"). By running sed #

# as a filter we simply remove the first line without #

# any real thought. #

#######################################################



:0f

| sed 1d



# Anomy mail sanitizer



:0fw

| sanitizer.pl /usr/anomy/anomy.conf





# Spam Assassin



:0fw

| spamassassin



:0

* ^X-Spam-Status: Yes

| $SPAM





# Empty To: From: Subject:



:0

* !^To:

| $SPAM



:0

* !^From:

| $SPAM



:0

* !^Subject:

| $SPAM





# Porn Spam although you might wand to see those ;-)



:0

* ^Subject.*(\|)

| $SPAM



:0 B

* ^.*(\|)

| $SPAM





# Example From spam traps although SpamAssassin should filter it.



:0

* ^FROM_advertising

| $SPAM



:0

* ^From:.*(advertising|sales|offers|promotion|reply|request|theuseful)

| $SPAM





# Example Subject spam traps



:0

* ^Subject:.*\[ADV\]

| $SPAM



:0

* ^Subject:\ ADV

| $SPAM





# Else



:0

| $SANE



:0w

{

EXITCODE=$?

HOST

}

EOF







16. Starting up all processes

=============================



You should know how to make the links for the different run levels.

Otherwise Gerard Beekmans has a guide where this issue is addressed.



/etc/init.d/sysklogd restart

/etc/init.d/avgate start

/etc/init.d/qmail start

/etc/init.d/imap start







17. Monitoring the processes.

=============================



Oke just start mailing everyone from localhost and remote and

have a terminal running with the following command:



tail -f /var/log/mail.log

or

tail -f /var/log/sys.log

or

tail -f /var/adm/imapd.log

or

tail -f /var/log/procmail.log



netstat -vat

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:pop3 *:*

LISTEN

tcp 0 0 *:imap *:*

LISTEN

tcp 0 0 *:ssh *:*

LISTEN

tcp 0 0 *:smtp *:*

LISTEN

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 16068

/var/imap/socket/lmtp





If you wanna know WTF Qmail is doing:



for reading the queue:

/opt/qmail/bin/qmail-qread



for statistics:

/opt/qmail/bin/qmail-qstat



for information:

/opt/qmail/bin/qmail-showctl







18. Migrating mail from backups.

================================



Make a back up of the /var/spool/imap/user directory

and the /var/imap/mailboxes.db on your existing mail server.



cd /var/spool/imap

tar cvpf user-backup.tar user/

mv user-backup.tar ../../imap



Add to the backup /var/imap/mailboxes.db



cd ../../imap

tar uvpf user-backup.tar mailboxes.db



gzip -9 user-backup.tar

Go to the new system and unpack the user folders and mailboxes.db



mv user-backup.tar.gz /var/spool/imap

cd /var/spool/imap

tar zxvpf user-backup.tar.gz

mv mailboxes.db ../../imap/



Now that all the old mailboxes are restored, we can rebuild the

mailboxes.db.



su - cyrus # Become the cyrus user.



ctl_cyrusdb -r # rebuild the cyrus mailboxes

database

reconstruct # reconstruct mailboxes



cyradm --auth login localhost # Use the admin console for cyrus-

imap.

Password: # Enter the imap/sasl password.

localhost.localnet> lm # Check to see if mailboxes are

restored.

localhost.localnet> exit # Leave the cyrusadm console.



exit # exit the cyrus user.



Every user that has imap login access needs a entry in /etc/sasldb2 again

So do this for every imap user on the new server.



saslpasswd2







If you want a hint on reading a remote imap box with fetchmail on a

client,

compile fetchmail and procmail and put the following in a .fetchmailrc in

your

home dir and do



fetchmail -v





poll "linuxfromsource.org"

protocol imap

no envelope

no dns

username "john"

password "xxxx"

mda "/usr/bin/procmail -d john"





Or:





poll mail.linuxfromsource.org port 993

protocol IMAP:

user john

password secret

ssl





Or:





poll mail.linuxfrombinary.org with proto imap:

plugin "ssh %h /usr/cyrus/bin/imtest" auth ssh;

user john is john here







19. Interesting readings.

=========================



All this information didn't come to me in a dream. It's a combination of

sources that I used. A little file that I used to log thing has grown

into

this hint and hopefully it's usefull for others as well. Understanding e-

mail

by this hint is not gonna help you enough, you have to RTFM A LOT.





The Big HOWTO:

http://linuxdoc.org/HOWTO/Cyrus-IMAP.html



Source documentation:

file://localhost/usr/src/cyrus-imapd-2.0.16/doc/index.html



Article's:

http://www.linuxjournal.com/article.php?sid=2313

http://www.linuxworld.com/site-stories/2002/0410.ldap4.html

http://www.abiglime.com/webmaster/articles/cgi/062398.htm

http://www.summersault.com/chris/techno/qmail/qmail-antispam.html

http://sysadmin.oreilly.com/news/imap2_1000.html



Sites:

http://www.openantivirus.org/projects.php

http://docsrv.caldera.com:8457/en/volutionmsg_ag/msgag.mailadmin.html



Google, Some ppl on #lfs, a friend enz



Running Qmail - ISBN 0-672-31945-4 - Richard Blum - Sams Publishing 2000







20. Legal Blurb

==============



The author does not feel responsible for loss or destruction of data and

mail due to typos and bad language. So if you wipe out you system or get

your

dog killed don't come to me to cry on my shoulder. Be a man/woman and

take

responsibility for your own actions. On the other hand if your are

successful

and want to contribute, throw a BIG bag of money to Gerard Beekmans, he

deserves

it. This is my contribution to LFS and improvements are welcome.