Preliminary
This guide is intended as a small tutorial making use email server with packages available in Debian Woody. This document (try to) explain how to install qmail (+ patches), vpopmail, courier-imap, squirrellmail, clamav and some configuration needed.
1. Installing Qmail
Debian Woody provides qmail-src package that contains the source code for qmail that has been equipped with a build-script that allows you to make compiled. Source package qmail is fully equipped with QMAILQUEUE patch that allows you to change the contents of the queue before a mail is sent.
In addition to qmail-src itself, qmail also requires ucspi-tcp are also included in Debian Woody with a package-src-tcp ucspi. This package serves as TCP Server that manage network connections made by qmail.
Installing the two packages above can be done by:
root: ~ # apt-get install qmail-src-tcp-src uscpi
After the above two packages are installed we will compile ucspi-tcp first, then we do a compilation on qmail.
root: ~ # build-ucspi-tcp
You will be prompted to enter the directory to compile (the default / tmp / ucspi-tcp). Follow the instructions on the screen, and once finished you will get a file-tcp_0.88 ucspi-5_i386.deb who can direct you to install.
root: ~ # dpkg-i / tmp/ucspi-tcp/ucspi-tcp_0.88-5_i386.deb
There are some patches required to build a qmail binary, namely:
1. qmail-1:03-maxrcpt.patch: Used to limit the number of recipients per email. RFC2821 states that a MTA should be able to receive at least 100 recipients for each mail, but may also if we do not want to accept it. These restrictions serve to reduce spam.
2. qmail-1:03-mfcheck.3.patch: Used to reject email if the sender domain is invalid.
3. qmail-1:03-quotas-1.1.patch: Used to set the "over quota" as a hard error. Without this patch, "over quota" in the destination address so that only produces a soft error message will be transmitted continuously until the maximum age in the queue is reached.
4. qmail-date-localtime.patch: Useful for qmail to use the local date format in your email header.
5. qmail-smtpd-auth: Forcing users to login before sending email. It is useful to avoid sending emails which carried by a virus / worm.
Some of the patches above have been merged by John M. Simpson (jms1@spamcop.net) into a patch ie-1:03 qmail-jms1.4a.patch that can be downloaded from http://www.jms1.net/qmail/qmail-1.03-jms1.4a.patch.
Note: Make sure that before the compilation process begins mailserver IP addresses and domains you have registered with the Domain Name Server you use. If not please contact your network administrator, or if you are the network administrator immediately add the DNS entry mailserver.
Diasumsukan here that you have downloaded the patch already is in the / tmp directory, and compile done in the directory / tmp / qmail.
root: ~ # build-qmail
This script unpacks the qmail source into a directory, and
compiles it to Produce a qmail binary *. deb files.
The directory will of Nowhere this is done end up containing the source
and package qmail binary files for the package, along with a
directory containing the unpacked source.
Enter a directory Nowhere you would like to do this [/ tmp / qmail]
dpkg-source: extracting 1:03 qmail qmail-ins
dpkg-source: extracting 1:03 qmail qmail-ins
Qmail binary package compiled some will from now
If you want to apply a custom patch, switch to another console and do it now
Can this take long time, depending on your machine
Press ENTER to continue ...
Do not press ENTER, open the shell again, and do a patch on qmail.
root: ~ # cd / tmp/qmail/qmail-1.03
root: / # patch-p1 tmp/qmail/qmail-1.03 You will get some error, fix the file content by mengkopikan Makefile.rej and qmail-smtpd.c.rej manually (how? Please ask your neighbors, or asked to mbah google). After you fix it press ENTER to start the compilation process.
After the compilation process is completed you will get the file / tmp/qmail/qmail_1.03-24_i386.deb in the directory / tmp / qmail. This file can be directly installed on multiple computers without having to recompile.
root: ~ # dpkg-i / tmp/qmail/qmail_1.03-24_i386.deb
When the installation process failed to detect qmail domain that you use, fill in your domain name for the mailserver on file / var / qmail / control / me by editing the file directly, or by executing the following:
root: ~ # echo "nama.domain.anda"> / var / qmail / control / me
After installation is complete do not forget to enter the domain that are handled in / var / qmail / control / rcpthosts. This is intended to put your mailserver does not become an open relay mail server that can be misused by parties who do not bertanggugjawab.
Do not forget to check the contents of the file / etc / network tcp.smtp to determine which ones could use your mailserver. By default, the contents of this file are:
127.0.0.1: allow, RELAYCLIENT = ""
You can change the contents of that file into:
127.0.0.1: allow, RELAYCLIENT = ""
[Your IP Network]: allow, RELAYCLIENT = ""
: Allow
With such a configuration, all mail originating from localhost and from your network can use this mailserver to send email to anywhere, whereas those from outside the network can only use this mailserver to send mail to addresses on the domain that you specify on / var / qmail / control / rcpthosts. The difference of these two models this behavior is determined by RELAYCLIENT = "". This variable option causes menyandangnya network has the right to use this mailserver to send mail to any address (not mentioned only in the / var / qmail / control / rcpthost).
After you change the contents of / etc / tcp.smtp do not forget to build the database by running the command:
root: ~ # tcprules / etc / tcp.smtp.cdb / etc / tcp.smtp.tmp The last thing you should do now is to change the storage behavior of qmail to use Maildir format. Debian qmail compilation does not require supervision and daemontools script but uses the file / etc / init.d / qmail as well as other servers that are in Debian. For that you can change the file on the alias_empty = "| / usr / sbin / qmail-procmail" to alias_empty = ". / Maildir /". These settings are roughly on the lines 14 and 15.
After that you can run (start) / stop (stop) and restart qmail with the command:
root: ~ # / etc / init.d / qmail [start | stop | restart]
You can try out your new mailserver by using telnet as described in the piece of program below.
root: ~ # telnet localhost 25
Trying 127.0.0.1 ...
Connected to localhost.
Escape character is'^]'.
Exp1.its.ac.id 220 ESMTP
MAIL FROM:
250 ok
RCPT TO:
250 ok
DATA
354 go ahead
type your message here
and after completion end with a dot (.)
.
250 ok [odd numbers]
When you get answers like the one above it means that your mailserver is running well. Congratulations! Please make a coffee, drink and rest awhile, the qmail installation has been completed.
2. Installing vpopmail
Vpopmail is a program that allows a mailserver to handle many domains and many users without having to create a user entry in / etc / passwd. Each domain can have one postmaster account itself with a different password. Installing vpopmail is not making us have to change the settings in qmail because these settings are handled by vpopmail installation process automatically.
In addition to the above goal, vpopmail pop3 server is also included which allows us to download emails on the server to the mail client on your local computer, ie Outlook Express or Mozilla. This facility helps you to avoid your mailbox on the mailserver completely, so that emails sent to you will not bounce.
To install this package you do not have to install first like the installation of qmail and ucspi-tcp, but can directly install from the. Deb that exist. To be able to install using apt-get, add the following line to / etc / apt / sources.list you.
http://debian.its.ac.id/other woody deb vpopmail
You can select multiple backend storage username information, including the following:
1. CDB: Storage is done by using the CDB file.
2. MySQL: Storage is done by using the mysql database.
3. lmysql: Same as mysql but with the additional support of Large Sites.
4. pgsql: Storage is done by using a PostgreSQL database.
5. Oracle: database storage using Oracle.
To install vpopmail, type the command below. Later, all sorts of dependency / join dependencies will be installed automatically. Backend authentication is installed by default CDB.
root: ~ # apt-get install-bin vopomail
There are some basic commands provided by vpopmail. These commands are basic commands commonly used in the management of their domain users in it.
· Vadddomain: used to add a virtual domain and that domain postmaster.
· Vadduser: used to add users on virtual domains.
· Vpasswd: used to change user passwords in the virtual domain.
· Vdeluser: used to delete a user's virtual domain.
· Vdeldomain: used to delete a virtual domain.
root: ~ # vadddomain coba.domain.com
Please enter the password for Postmaster: *****
Enter password again: *****
root: ~ # vadduser user1@coba.domain.com
Please enter the password for user1@coba.domain.com: ****
Enter password again: ****
In the above example it appears that coba.domain.com domain has been successfully made and we also have created a new user for that domain name ie user1@coba.domain.com.
3. Installation CourierIMAP
IMAP is provided by CourierIMAP IMAP version 2. The service is similar to that provided by the pop3 service, but we do not have to use the IMAP email on the mailserver to move our computer, but we still can read the email through our favorite email client.
CourierIMAP Installation is easy enough, add the following line in / etc / apt / sources.list.
http://debian.its.ac.id/other woody deb courier
Installation can be done with the command:
root: ~ # apt-get install courier-imap
Courier IMAP supports multiple authentication modules. Settings for the determination of this module is contained in the file / etc / courier / imapd, in part AUTHMODULES. Some examples of supported authentication methods are:
· Authpam: Used to validate the user using PAM library, so the courier does not perform authentication independently, but by using a library that has been provided by the PAM.
· Authpwd: Used to validate the user based on the file / etc / passwd.
· Authshadow: Just like authpwd, but the password for the user is taken from / etc / shadow.
· Authuserdb: Used to validate a user based userdb database.
· Authvchkpw: Used to validate user from vpopmail.
· Authcram: As authuserdb but not directly take the username and password, but through the mechanism of "Challenge / Response Authentication Mechanism (CRAM)."
· Authmysql: Used to validate the user that is stored in MySQL database.
· Authpgsql: Used to validate the user who deposited the PostgreSQL database.
· Authldap: Used to validate users from an LDAP directory.
Because here we store the username by using vpopmail, then we should run the authentication is authvchkpw. Thus confirm that the file / etc / courier / imapd there is a line that contains: AUTHMODULES = "authvchkpw".
Many other configurations you can do. You can read the configuration file from beginning to end. In each configuration there must be a caption that accompanies it, so you can read to find out the meaning.
After configuration is complete you can run (start) / stop (stop) and restart CourierIMAP with the command:
root: ~ # / etc / init.d / courier-imap [the start | stop | restart]
After you successfully install CourierIMAP, you can try to telnet to the IMAP server with port 143. For example, if you telnet from the computer you are installing, you can run a command like below.
root: ~ # telnet localhost 443
Trying 127.0.0.1 ...
Connected to localhost.
Escape character is'^]'.
* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc..
See COPYING for distribution information.
If you already get an answer as above, means you have an IMAP server works well.
4. Installing Antivirus (ClamAV)
ClamAV antivirus opensource is one whose primary goal is to clean / quarantine files that are exposed to viruses circulating via email. To be able to scan incoming ClamAV does not work alone, but to be able to check ClamAV installation need help qmailscanner which will be discussed in the next chapter.
ClamAV virus database is updated regularly. You can track the activities of this project through the website http://www.clamav.net/. In addition to downloading the manual way, ClamAV has also called freshclam daemon that periodically download the virus database from the internet, so you do not need to routinely conduct anti-virus maintenance (cool term from the world of BSD: Install and forget it).
Before you install ClamAV, add the following line in / etc / apt / sources.list.
http://debian.its.ac.id/other woody deb clamav
For installations using the command:
root: ~ # apt-get install clamav
Once installation is finished you can continue to the next section. ClamAV does not require any configuration.
5. Installing qmail-scanner
Qmail-scanner is a program used by ClamAV (anti-virus or whatever) to check the virus from the qmail-queue (particularly attachments). Qmail-scanner checks all SMTP connections to each connection that entering or exiting the server (depending on configuration). When qmail-scanner found a virus then bervirus emails will be quarantined.
Lo qmail-scanner is not a program. Qmail-scanner is a perl script that is run by the tcp-server to check for viruses on qmail-queue. Qmail-scanner requires some additional libraries from perl is perl-SUID, libtime-hires-perl, as well as several other programs such as tnef, razor, and others. You do not need to install all the programs it manually because when qmail-scanner installation, the programs will come installed automatically. To install qmail-scanner you can run the command:
root: ~ # apt-get install qmail-scanner
After installation is complete your can see, and if necessary change the file / var / spool / qmailscan / quarantine-attachments.txt. This file contains definitions of some viruses and you can also prevent the delivery of several types of files, eg. Scr,. PIF, etc., that you suspect is commonly used by viruses to spread themselves. If you change the file you should run the command
root: ~ # / usr / sbin / qmail-scanner-g-queue.pl
to update the results of your changes on the database file. CDB to be used by qmail-scanner. Apart from that file, you can also change the file / usr / sbin / qmail-scanner-queue.pl to make some adjustments to your system. Full details about this file can you ask Mbah Google.
Now, we need to do is change the course of an email to "stop" prior to the clinic to check for viruses before deployment to the recipient. By default, before an email is sent to the recipient that will go into a queue list. Virus scanning performed just before the email into the queue. That's when qmail-scanner do its job. For that, we should mention an email from the network which must be examined by qmail-scanner.
For that purpose we do that by providing a global variable on a particular connection, which this task is performed by TCPSERVER. Required variables are QMAILQUEUE. If at first the contents of / etc / tcp.smtp you like:
127.0.0.1: allow, RELAYCLIENT = ""
192.168.10.: Allow, RELAYCLIENT = ""
: Allow
(Assuming 192.168.10.x is your network) and you want to check all incoming email from outside your network, you can change that file into:
127.0.0.1: allow, RELAYCLIENT = ""
192.168.10.: Allow, RELAYCLIENT = ""
: Allow, QMAILQUEUE = "/ usr / sbin / qmail-scanner-queue.pl"
If you want to check all email that passes through your mailserver, you can add QMAILQUEUE = "/ usr / sbin / qmail-scanner-queue.pl" on all the networks were mentioned. Do not forget that you must re-generate the database qmail-scanner with the command below.
root: ~ # / usr / sbin / qmail-scanner-g-queue.pl
6. Activation SMTP Auth
SMTP Auth is one way to keep your mailserver is not used illegally by the parties are not responsible. Therefore, each connection that will send out an email domain that is mentioned in / var / qmail / control / rcpthosts must provide a username and password. If the username and password mentioned is true, then the email will be forwarded to the recipient, if not then the connection will be closed. Emails that led to a local address does not need to be validated first.
SMTP Auth working mode is to set the variable RELAYCLIENT = "" at each connection of successful authentication. Given the variables, then a connection can send emails to anywhere. Therefore, if you want all connections from the 192.168.10 network. must login first, then you should remove RELAYCLIENT = "" from the file / etc / tcp.smtp so that file now contains:
127.0.0.1: allow, RELAYCLIENT = ""
192.168.10.: Allow
: Allow, QMAILQUEUE = "/ usr / sbin / qmail-scanner-queue.pl"
Now you must change the file / etc / init.d / qmail. Find the command that runs qmail-smtpd and change (given the parameters) to be:
/ Usr / sbin / qmail-smtpd `hostname-f` / usr / bin / checkpassword / bin / true 2> & 1 .......( etc),
and restart qmail. Be sure also to run
root: ~ # chmod 4755 / usr / bin / checkpassword
checkpassword can do so with good authentication.
To try it, we need to provide a valid username and password. Suppose we are admin@exp1.its.ac.id username and password are confidential. We will try the username and password to send out an email to our network. Previously you had to mengencode second string above with the algorithm "base64" that can be made with such a small perl script below. (Thx for asfik mas).
use MIME:: Base64;
print ('Username:');
encode_base64 print ('admin@exp1.its.ac.id');
print ('Password:');
encode_base64 print ('secret');
Suppose the name of the script above is pass.pl, when executed will be like this:
root: ~ # perl pass.pl
Username: YWRtaW5AZG9tYWlua3UuYml6
Password: cmFoYXNpYQ ==
Now we just tried to send an email.
root: ~ # telnet localhost 25
Trying 127.0.0.1 ...
Connected to localhost.
Escape character is'^]'.
Exp1.its.ac.id 220 ESMTP
AUTH LOGIN
334 VXNlcm5hbWU6
YWRtaW5AZG9tYWlua3UuYml6
334 UGFzc3dvcmQ6
== cmFoYXNpYQ
235 ok, go ahead (# 2.0.0)
If you get an answer as above, then the authentication has been running well. But when you get the answer 535 authorization failed (# 5.7.0) that means you should check back if there are less than your installation process.
7. Installing a Webmail (Squirrelmail)
Installing Squirrelmail requires Apache webserver, and PHP4 that supports IMAP. You just download it from http://www.squirrelmail.org and then extract the directory / var / www and run scripts that are included config.pl to configure your webmail.
In addition to their own download, you can also install Debian squirrelmail from the command:
root: ~ # apt-get install squirrelmail
and run the script / etc / squirrelmail / squirrelmail conf.pl to adjust the settings with an existing mailserver.
8. Reference
1. http://www.jerfu.com/toaster/FullToaster_1.0.6.html
2. http://qmail.org
3. http://google.com and all it's derivatives
4. tanya-jawab@linux.or.id mailing list
5. mas tulisan2 asfik that many really
6. and masi much more:)
Jari Dzikir
9 months ago
0 comments:
Post a Comment