How To Install Qmailtoaster (CentOS 5.3)

Want to support HowtoForge? Become a subscriber!
 
Submitted by jakev383 (Contact Author) (Forums) on Wed, 2009-06-17 16:29. :: CentOS | Email

How To Install Qmailtoaster (CentOS 5.3)

Introduction

Qmailtoaster (www.qmailtoaster.com) is a project that aims to make the installation of Qmail onto RPM based systems a snap. All of the packages are distributed in source RPMs so building the packages for your particular distro and architecture is as easy as running a script or a simple command for each package. The RPMs have all of the needed and commonly asked for patches included so you can have a mail server up and running in about an hour. When it's all complete, you'll have a full Qmail mail server installation ready for just about anything. I personally run Qmailtoaster servers for other companies and ISPs who have tens of thousands of users on their systems.

The Qmailtoaster project has been around for over 6 years and has it's own wiki for user contributed information and tips, a mailing list where users and other admins can offer support or suggestions on how to fix just about any issue you may run across. They even now have a "Video Magazine" that is a weekly video produced to show you how to install, configure, tune, and troubleshoot your Qmailtoaster system. An ISO is available that will install CentOS and Qmailtoaster for you as well. On a VMWare system a typical install (for me and my hardware) takes about 8 minutes with the ISO. Did we forget to mention that they have VMWare images available for download as well?

Here is a list of the features included with the Qmailtoaster package:

  • Source RPM packages easily rebuilt for multiple distributions
  • SMTP with SMTP-AUTH, TLS, REMOTE-AUTH
  • DomainKeys, SPF "Sender Policy Framework" and SRS "Sender Rewriting Scheme"
  • Integrated SpamAssassin, ClamAV and Simscan
  • Warlord virus and worm loader realtime MIME signature scanning
  • CHKUSER 2.0 functions for qmail-smtpd
  • Qmail-Tap provides email archive capability
  • Virtual Domains and Virtual Users using MySQL
  • Autoresponder for vacation/away from office messages
  • Integrated Mailing List (ezmlm)
  • Web-based email system using Squirrelmail
  • Web-based administration tools
  • POP3, POP3-SSL, IMAP and IMAP-SSL
  • Submission port (587) allows roaming users to skip RBL checks and port 25 blocks
  • eMPF patch for advanced policy control over email

Qmail is a small, fast, stable, and secure mail server suite written by D.J. Bernstein. Bernstein has offered a reward for years for anyone who found a security hole in the code. That reward has never been claimed that I know of. It is used by both small and large providers for as few as a couple users to clusters with over a million users.

Qmailtoaster has support to build for RHEL/CentOS (3.x, 4.x, 5.x including x86_64 architectures), Fedora (Cores 1-6 with x86_64 support for FC6), Fedora 9 and 10 (also with x86_64 support), Suse 10.0, 10.1 (including x86_64 support for both), Suse 11.1, Mandriva 10.2, 10.3 (including x86_64 support) with more architectures coming all the time.

For this how-to we will be installing Qmailtoaster for CentOS 5.3, but installing for other distros/arches is as easy as changing the build flags.

This article is presented with no warranties of any kind. This is only one of many ways of installing Qmailtoaster or Qmail in general. This is what works for me.

 

1) Initial system configuration

For the purposes of this article we're going to assume that you have a base install of CentOS 5.3 and have performed all of the updates.  One of the first things you need to make sure that is set correctly is your hostname:

hostname --fqdn

It should show your fully qualified domain name (mail.example.com). This fully qualified domain name should be set up in DNS with an A record, and it probably should resolve to your rDNS (reverse DNS) name as well. We won't cover these topics in this article as you should already know what these are.

If your hostname does not match what you want go ahead and fix this now and do a reboot to make sure everything is correct in the system, then check it again. While the system will work without this set correctly, you'll find that a lot of your outbound emails will be denied or put into people's spam folders.

We also need to make sure SELinux is turned off. It unfortunately causes some issues with ClamAV, and since we do want to scan our incoming emails for viruses we want this to work. You can check to see if SELinux is running by the command:

getenforce

If the command returns "Disabled" then you're ready to continue. Otherwise, edit the config file for SELinux:

vi /etc/selinux/config

And change the line that says

SELINUX=enforcing

To:

SELINUX=disabled

You'll probably want to do a reboot to clean everything up at this point. On to the next step.

 

2) Fill some dependencies and get some scripts

There are some dependencies that must be initially filled for us to be able to build the packages for our system. Luckily the Qmailtoaster team has set up a repository of handy scripts to handle most of these functions for you. We're going to use some of the scripts to make our installation easier/faster.

The first script we want to grab is going to be the script that fills the dependencies. We're going to create a directory to house all of our downloads (scripts and packages) and run the dependency script:

mkdir QMT
cd QMT
wget http://www.qmailtoaster.com/distro/centos/cnt50/cnt50-deps.sh
sh cnt50-deps.sh

Now this may run for a minute or two depending on what packages you already had installed. Once it's complete, we need to fill some perl dependencies for Spamassassin:

wget http://www.qmailtoaster.com/distro/centos/cnt50/cnt50-perl.sh
sh cnt50-perl.sh

This one may require some answers from you as it runs, but using the defaults should be fine. Once the perl dependencies are fulfilled, we grab the next couple scripts and edit them as needed:

wget http://www.qmailtoaster.com/distro/centos/cnt50/cnt50-svcs.sh
wget http://www.qmailtoaster.com/distro/centos/cnt50/firewall.sh

Make sure to edit both of these scripts to suit your needs. The firewall script is probably okay as it is, but you'll want to definitely edit the cnt50-svcs.sh script as this script will set your MySQL root password for you (assuming it's not already set). If you already have a MySQL root password, comment out the section that sets the password for you and continue.

The script will turn some services on and off for you, as well as set up the database needed for Vpopmail. Let's go ahead and run the script (note: the cnt50-svcs.sh script will automatically run the firewall.sh script, so if you do not need the firewall set up for you comment out that command in the script):

sh cnt50-svcs.sh

 

3) Install a caching DNS server

To cut down on network traffic and make our system run a little faster, it's a good idea to install a caching name server. The Qmailtoaster project does supply a djbdns package that you can use, but for this article we'll use Bind's caching DNS server:

yum -y install caching-nameserver

Let's start the caching nameserver:

service named start

And lastly we make sure that it starts at boot time:

chkconfig named on

You can check to make sure it's running by using the service command:

service named status

 

4) Download the Qmailtoaster packages

The Qmailtoaster team had written a handy script that will download all of the updated packages for you. You're welcome to click each link under the "Stable Packages" tab and download them individually or copy-n-paste the links for wget, but we'll use the script in this article:

wget http://www.qmailtoaster.com/distro/centos/cnt50/current-download-script.sh

And of course run the script:

sh current-download-script.sh

This will take a few minutes as some of the packages are sizable (~34M for ClamAV). Once the script is done downloading the packages, we're in the home stretch.

 

5) Install Qmailtoaster

Now is when the real fun begins: let's install our system!

The Qmailtoaster team has written handy install scripts to help you get everything installed as well. If you want to manually install the packages yourself, you would use a command similar to this (we're using the CentOS 5, 32 bit flags for this example):

rpmbuild --rebuild --with cnt50 daemontools-toaster-*

rpm -Uvh /usr/src/redhat/RPMS/i386/daemontools-toaster-*

For other distros/arches, you would different build flags. --with fedora_9 for (you guess it!) Fedora 9, --with cnt5064 for CentOS 5 x86_64, etc. More information is available on the website: www.qmailtoaster.com

Since we're taking the fast lane for this article, we'll use the Qmailtoaster team's install script. Let's go ahead and download that and run it:

wget http://www.qmailtoaster.com/distro/centos/cnt50/cnt50-install-script.sh
sh cnt50-install-script.sh

The script will run through building each package for you, and installing it. At the end of each build/install process it will pause and ask you if you want to continue. This is so that if you do happen to run into an issue, you'll see it and it won't just scroll on by your screen.

Once the script is all done, I recommend a reboot. Congratulations! You should have a fully installed Qmailtoaster system with spam and virus scanning and a whole bag full of advanced features that used to take all day to patch and compile. That was easy!

 

6) Final Steps

For the final steps in your system, let's make sure that the Qmailtoaster server is up and running:

qmailctl stat

This will show you the Qmailtoaster components, their status, and how long they have been running.

Let's add our first domain:

/home/vpopmail/bin/vadddomain example.com password

There are some web-based tools to administer your system as well. Check out the website for more details on those.

To add users, let's use the Qmailadmin web based package. Simply go to the web page at http://your-server/qmailadmin and login with the username (assuming you created example.com above) postmaster@example.com and the password you defined above. You can now create, modify, and delete email addresses as you see fit. You'll also have access to ezmlm where you can create mailing lists for your domain as well.

There's a lot packed into this installation, so I suggest that you run over to the main site and read the documentation there and also check out the wiki (wiki.qmailtoaster.com). Almost every question you may have is answered in those two places.

If you're still having problems, join their mailing list. There are some really knowledgeable people in there (including the developers) who will answer your questions for you. Commercial support is also available and sources are listed in the wiki.

Enjoy your new email server!


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Tom Cowin (not registered) on Wed, 2009-09-09 18:48.

The firewall script should be edited to insert your IP.
Also -  I found that DomainKeys install failed during the perl dependencies install, and I had to follow this thread: http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23540.html to arrive at a solution, on a slightly modified CentOS 5.3 install.
 
HTH,
Tom

Submitted by Old qmail-admin (not registered) on Tue, 2009-06-30 10:29.

Please dont use qmail..  please.

qmail's insane security design makes it unable to reject mail based on unknown users, without first receiving it, and then bouncing it. With the current spamfilled internet environment, this creates loads of backscatter spam with a default qmail configuration. This is:

1. annoying
2. likely to get you into a RBL
3. creating load and queues on your server

Also, all this qmailtoaster project would not be nessasary if qmail had a proper license, which it does not. Thats right..  qmail is not free software. It is open source, but it is not free. Please support a proper mailserver project.

 So, please, pretty please, if you can, use a more sane MTA like Postfix, Exim or Sendmail.

Submitted by jakev383 (registered user) on Wed, 2009-07-01 12:47.

Thanks for your opinions, but they are wrong.

Qmailtoaster will reject messages for unknown recipients without accepting them. It has been this way for a LONG time.

The old license for the software was put into place to ensure that you did not get code with sloppy patches or unknown patches applied. The author required that everyone distribute clean, pristine code as he had written it since he had his money riding on a guarantee that his code was secure. If he allowed just anyone to write code into his software and it created a security hole, he would be responsible for the reward money.

We created source RPMs that compiled Qmail from the original code and applied commonly used patches to it. DJB has since changed his license on the software, so binary packages are now allowed.

Submitted by Old time qmail admin (not registered) on Thu, 2009-07-02 08:26.

"Thanks for your opinions, but they are wrong."

Or rather outdated, it seems :)

"Qmailtoaster will reject messages for unknown recipients without accepting them. It has been this way for a LONG time."

It is very nice to see that this has changed. You might want to correct the wikipedia-article on qmail,  http://en.wikipedia.org/wiki/Qmail since it states that qmail indeed does accept messages to nonexisting users.

 "The old license for the software was put into place to ensure that you did not get code with sloppy patches or unknown patches applied. The author required that everyone distribute clean, pristine code as he had written it since he had his money riding on a guarantee that his code was secure. If he allowed just anyone to write code into his software and it created a security hole, he would be responsible for the reward money.

We created source RPMs that compiled Qmail from the original code and applied commonly used patches to it. DJB has since changed his license on the software, so binary packages are now allowed."

To be honest that sounds like a lame excuse. I didnt not read the terms of his reward, but it seems lame that he should be responsible for other peoples bad code. The GPL or BSD licences would not have made a difference IMO, so my opinion is still that the old license was lame.

However, it is nice to see that the license has changed to public domain (as I read in another thread).

Submitted by Marco Cordeiro (not registered) on Tue, 2009-06-23 16:57.

Jake ,  great job.

I wanna ask if is not better to use RPMforge instead doing CPAN install of perl dependencies ?

I always do this and I think it is a easy way .

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

Regards,

 Marco.

Submitted by Marco Cordeiro (not registered) on Tue, 2009-06-30 14:52.

Jake , just for you known I replaced steps 4 and 5 to :

4 - install qmailtoaster-plus 

http://qtp.qmailtoaster.com/trac/wiki/WikiStart#a1-InstallQMTRepository

5 - deploy qmailtoaster using qtp-newmodel

#qtp-newmodel

 Regards, Marco.


Submitted by Server Support (not registered) on Tue, 2009-06-23 07:37.

Qmail is really a awesome package containing RPM information. It has script for all RPMs. I really loved the inforamtion provided in this article.

Full information with steps of installation.  Awesome tips.

Thanks for cool stuff!!!!

Submitted by Anonymous (not registered) on Fri, 2009-06-19 19:24.
Qmail is not dead. It has not needed any security updates since it was written, so people confuse this with "dead". There are many large corporations and ISPs who use Qmail. This, to me, means it's so stable and well written that nothing needed to be changed.
Submitted by Anonymous (not registered) on Fri, 2009-06-19 12:00.

I dont get it. isnt Qmail kinda dead. ref: http://en.wikipedia.org/wiki/Qmail

Why would someone want to deploy it.

 

--

 Ozzy

 

Submitted by jakev383 (registered user) on Fri, 2009-06-19 16:15.

It is not dead at all. Don't confuse the fact that there has not been a need to update anything with it being dead. There have been no security holes, so no need for updates.

Many large organizations use Qmail. Many large ISPs use Qmail. It is deployed because admins want fast, secure, scalable email servers. It has been rock solid for many years without constant security fixes and updates. Doesn't that say something there?

Submitted by Anonymous (not registered) on Tue, 2009-06-23 06:12.

You dont often see rpms (or other binaries) for the recent distributions. That also played in its-dead mentality. Not to mention the lack to quality/updated howto doc/tutorials etc..

 Anyway I was thinking of deploying a production email server. this solution also cross the radar. but this howto is way to messy for a server deployment. I mean installing development libs on the server to compile the packages .. too messy.

Correct me.

--

Ozzy

 

Submitted by jakev383 (registered user) on Thu, 2009-06-25 03:04.

You need the development libs to build the packages. Once the packages are built, you can just install the binary RPMs on the production machine. No need to install the libs on the production machine that way if you build them in a VM or another machine.

In the past we were not allowed to release binary RPMs due to licensing, only source. This has changed and we will be offering a binary version download in the near future. It takes time to scale and build binary RPMs for  the 5 different distributions and 30 different versions of those same distributions.

Submitted by Anonymous (not registered) on Thu, 2009-06-25 12:13.

I would assume some very recent source of events have been responsible for sudden reversal of this  licensing policy thing. Anyway all´s well that ends well.

Regarding ur insinuation about binary release for distributions, packages for only the core/production kind (read stable) distributions would suffice & be appreciated.

Cheers.

---

Ozzy

Submitted by Rafiqul Islam (not registered) on Wed, 2012-03-21 06:08.
I have install qmail toaster smoothly .its working very good . Every day I have sent & receive 5000 thousand ...Email...