Qmail OpenLdap On Ubuntu

Want to support HowtoForge? Become a subscriber!
 
Submitted by nbhadauria (Contact Author) (Forums) on Wed, 2010-09-08 22:17. :: Ubuntu | Email

Qmail OpenLdap On Ubuntu

This guide will help you easily set up a Email server On Ubuntu using Qmail as MTA, OpenLDAP as a back-end for users authentication database, and Courier IMAP for IMAP server.

 

Introduction

Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts. As of October 2001, qmail is the second most common SMTP server on the Internet, and has by far the fastest growth of any SMTP server.

 

Installation

This guide will help you easily set up a email server using Qmail as MTA, OpenLDAP as a back-end for users, and Courier IMAP for IMAP server. Follow These simple steps.

 

Qmail

In this setup I assume that your domain is yourdomain.com and it has a valid MX record setup as mail.yourdomain.com. Remember to replace yourdomain.com with your actual domain in the example codes in this howto. Also I assume that you know what an MX record is. To find out MX your type in a terminal:

Note: I will use root login from here.

dig mx yourdomain.com

Prerequisite packages for Qmail:

apt-get install libldap2-dev libssl-dev openssl sharutils unzip maildrop perl-suid

mkdir /downloads
cd /downloads
wget http://www.qmailrocks.org/downloads/qmail-1.03.tar.gz
wget http://www.qmailrocks.org/downloads/ucspi-tcp-0.88.tar.gz
wget http://www.qmailrocks.org/downloads/daemontools-0.76.tar.gz
wget http://www.qmailrocks.org/downloads/patches/daemontools-0.76.errno.patch
wget http://www.qmailrocks.org/downloads/patches/ucspi-tcp-0.88.errno.patch
wget http://www.qmailrocks.org/downloads/scripts/finalize/qmailctl
wget http://www.nrg4u.com/qmail/qmail-ldap-1.03-20060201.patch.gz
gunzip /downloads/qmail-ldap-1.03-20060201.patch.gz

Click here for an alternative link to qmailrocks packages. 

Creating users and groups.

mkdir -p /var/qmail
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmailp
groupadd qmail
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmails
groupadd vmail
useradd -g vmail -s /bin/true vmail
mkdir /home/vmail
chown vmail.vmail /home/vmail
chmod 700 /home/vmail

Qmail complile:

mkdir -p /var/qmail
mkdir /usr/src/qmail
cd /usr/src/qmail
tar zxvf /downloads/qmail-1.03.tar.gz
cd qmail-1.03
patch -p1 < /downloads/qmail-ldap-1.03-20060201.patch

vi Makefile

LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE

# ZLIB needed for -DDATA_COMPRESS and -DQMQP_COMPRESS
ZLIB=-lz

# to enable the auto-maildir-make feature
MDIRMAKE=-DAUTOMAILDIRMAKE

# to enable the auto-homedir-make feature
HDIRMAKE=-DAUTOHOMEDIRMAKE

# on most systems we need this to make auth_pop and auth_imap
SHADOWLIBS=-lcrypt

# to enable the possibility to log and debug imap and pop
DEBUG=-DDEBUG

make setup check

Qmail configure and ldap control files:

cd /var/qmail/control
echo 100 > concurrencyincoming
echo 255 > concurrencyremote
echo ./Maildir/ > defaultdelivery
echo yourdomain.com > defaultdomain
echo 10000 > defaultquotacount
echo 10000000 > defaultquotasize
echo /var/qmail/bin/dirmaker > dirmaker
echo yourdomain.com > defaultdomain
echo dc=yourdomain,dc=com > ldapbasedn
echo 0 > ldapcluster
id -g vmail > ldapgid
echo cn=manager,dc=yourdomain,dc=com > ldaplogin
echo /home/vmail > ldapmessagestore
echo qmailUser > ldapobjectclass
echo secret > ldappassword
echo 127.0.0.1 > ldapserver
id -u vmail > ldapuid
echo mail.yourdomain.com > me
echo 80000000 > qmail-smtpd-softlimit
echo 80000000 > qmail-pop3d-softlimit
echo 3 > qmail-pop3d-loglevel
echo 3 > qmail-start-loglevel
echo yourdomain.com > rcpthosts
ln -s rcpthosts locals

UCSPI-TCP / Daemontools install:

cd /usr/src/qmail
tar zxvf /downloads/ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch < /downloads/ucspi-tcp-0.88.errno.patch
make && make setup check

mkdir -p /package
chmod 1755 /package
cd /package
tar zxvf /downloads/daemontools-0.76.tar.gz
cd /package/admin/daemontools-0.76/src
patch < /downloads/daemontools-0.76.errno.patch
cd /package/admin/daemontools-0.76
package/install
/command/svscanboot &
chmod 755 /etc/rc.local

vi /etc/rc.local

/command/svscanboot &
exit 0
 
 

Qmail Run Script Files:

mkdir /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d

vi qmail-smtpd/run

#!/bin/sh
QUID=`id -u qmaild`
QGID=`id -g qmaild`
MAXD=`head -1 /var/qmail/control/concurrencyincoming`
HOST=`head -1 /var/qmail/control/me`
SOFT=`head -1 /var/qmail/control/qmail-smtpd-softlimit`
CDBF="/etc/tcp.smtp.cdb"

if [ -z "$QUID" -o -z "$QGID" -o -z "$MAXD" -o -z "$HOST" ]; then
echo QUID, QGID, MAXD, or HOST is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

exec /usr/local/bin/softlimit -m $SOFT \
/usr/local/bin/tcpserver -v \
-H \
-R \
-l $HOST \
-x $CDBF \
-c $MAXD \
-u $QUID \
-g $QGID \
0 \
smtp \
/var/qmail/bin/qmail-smtpd \
/var/qmail/bin/auth_smtp /usr/bin/true 2>&1

vi qmail-smtpd/log/run

#!/bin/sh
export PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/qmail-smtpd 2>&1

vi /var/qmail/rc

#!/bin/sh
QLOG="`cat /var/qmail/control/qmail-start-loglevel`"
DEFD="`cat /var/qmail/control/defaultdelivery`"
exec env - PATH="/var/qmail/bin:$PATH" LOGLEVEL="$QLOG" qmail-start "$DEFD"

vi qmail-send/run

#!/bin/sh
exec /var/qmail/rc

vi qmail-send/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/qmail-send 2>&1

vi qmail-pop3d/run

#!/bin/sh
IP=`head -1 /var/qmail/control/me`
LL=`head -1 /var/qmail/control/qmail-pop3d-loglevel`
SL=`head -1 /var/qmail/control/qmail-pop3d-softlimit`
exec \
env LOGLEVEL=$LL \
softlimit -m $SL \
/usr/local/bin/tcpserver -v -R -H -l 0 0 pop3 \
/var/qmail/bin/qmail-popup $IP \
/var/qmail/bin/tcp-env \
/var/qmail/bin/auth_pop \
/var/qmail/bin/qmail-pop3d Maildir 2>&1

vi qmail-pop3d/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/qmail-pop3d 2>&1

vi /var/qmail/bin/dirmaker

#!/bin/sh
echo '----------------------------------------------' >> /tmp/dirmaker
date >> /tmp/dirmaker
echo $1 >> /tmp/dirmaker
id >> /tmp/dirmaker

mkdir --parents -m 700 -p $1/Maildir
mkdir --parents -m 700 -p $1/Maildir/tmp
mkdir --parents -m 700 -p $1/Maildir/cur
mkdir --parents -m 700 -p $1/Maildir/new
chown -R vmail:vmail $1
 

chmod 755 qmail-pop3d/run qmail-smtpd/run qmail-send/run
chmod 755 qmail-pop3d/log/run qmail-smtpd/log/run qmail-send/log/run
chmod 755 /var/qmail/rc /var/qmail/bin/dirmaker

vi /etc/tcp.smtp

127.:allow,RELAYCLIENT="",MAXRCPTCOUNT="200"
192.168.:allow,BLOCKRELAYPROBE="",RCPTCHECK="",SENDERCHECK="",AUTHPREPEND="Authenticated user: ",SANITYCHECK="",SMTPAUTH="",LOGLEVEL="3",AUTHREQUIRED="",MAXRCPTCOUNT="100"
:allow,BLOCKRELAYPROBE="",RCPTCHECK="",SANITYCHECK="",RETURNMXCHECK="STRICT",RBL="",REJECTEXEC="",LOGLEVEL="3",TARPITCOUNT="10",TARPITDELAY="10",SMTPAUTH="",MAXRCPTCOUNT="25"
 
 

Note: 192.168.is my local ip range; to know more about options used go to www.nrg4u.com.

mkdir /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:root /var/log/qmail
chmod -R 750 /var/log/qmail
cd /var/qmail
cp -p /downloads/qmailctl /var/qmail/bin/.
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin/
qmailctl cdb
/etc/init.d/exim4 stop
dpkg -r exim4
dpkg -P exim4
cd /service/
ln -s /var/qmail/supervise/qmail-* .

 

OpenLDAP

LDAP means Lightweight Directory Access Protocol, a simplified version of X500 protocol. You will find a more detailed presentation on Wikipedia. LDAP is a way to make certain kinds of information available across a network. In this setup the information is user logins - their passwords, user IDs, and various details.

First, install the ldap server daemon (slapd) on the server: install the following packages: slapd, ldap-utils, and db4.8-util.

sudo apt-get install slapd ldap-utils db4.8-util
cp -p /usr/src/qmail/qmail-1.03/qmail.schema /etc/ldap/schema/

Now create a tmp configuration file:

vi slapd-tmp.conf

include         /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/qmail.schema

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

moduleload back_hdb

database hdb
suffix "dc=yourdomain,dc=com"
rootdn "cn=manager,dc=yourdomain,dc=com"
rootpw {SSHA}+xDld2OXYtm0NRlJYXL050VGym/sYUn+

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

Remember to change the rootpw by generating new password hash; use the command slappasswd

rm -rf /etc/ldap/slapd.d/*

slaptest -f slapd-tmp.conf -F /etc/ldap/slapd.d (ignore errors)

chown openldap.openldap -R /etc/ldap/slapd.d
chown openldap.openldap -R /var/lib/ldap

/etc/init.d/slapd restart

Now let's populate some database:

vi yourdomain.ldif

# base dn
dn: dc=yourdomain,dc=com
objectClass: dcObject
objectClass: organization
o: yourdomain
dc: yourdomain

# ou, yourdomain.com
dn: ou=yourdomain.com,dc=yourdomain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: yourdomain.com

vi test.ldif

# test, yourdomain.com
dn: uid=test,ou=yourdomain.com,dc=yourdomain,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: qmailUser
cn: Test User
sn:: User
mail: test@yourdomain.com
accountStatus: active
mailMessageStore: yourdomain.com/test
uid: test
mailHost: mail.yourdomain.com
deliveryMode: noforward
userPassword:: e0NSWVBUfUJuZGZpVzJHQkd0enc=

ldapadd -x -D "cn=manager,dc=yourdomain,dc=com" -W -f yourdomain.ldif
ldapadd -x -D "cn=manager,dc=yourdomain,dc=com" -W -f test.ldif

 

Courier IMAP

apt-get install courier-authdaemon courier-authlib courier-authlib-userdb courier-base courier-imap expect courier-ldap courier-authlib-ldap

vi /etc/courier/authdaemonrc

authmodulelist="authldap"
authmodulelistorig="authldap"

vi /etc/courier/authldaprc

LDAP_URI                ldap://mail.yourdomain.com
LDAP_BASEDN dc=yourdomain,dc=com
LDAP_BINDDN cn=manager,dc=yourdomain,dc=com
LDAP_BINDPW secret
LDAP_MAIL uid
LDAP_FILTER (&(objectClass=qmailUser)(accountStatus=active))
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR mailMessageStore
LDAP_MAILROOT /home/vmail
LDAP_DEFAULTDELIVERY defaultDelivery

vi /etc/courier/imapd

IMAPDSTART=YES

/etc/init.d/courier-ldap start
/etc/init.d/courier-authdaemon start
/etc/init.d/courier-imap start


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Tue, 2012-11-06 20:14.
Got everything to install without trouble and everything appears to be working.  Good tutorial.  Just also wondering if anyone knew of another tutorial that shows how to integrate this with a web management and or webmail tool.  Thanks again for the good tutorial!
Submitted by systemali (not registered) on Sat, 2011-01-15 08:33.

This is a very good article, I need to accomplish similar task but on CentOs 5, Can i follow these steps to get it installed on the required Os ?

 Also i see that this documentation does not mention any thing about Spamd & Clamav, if i follow the above steps which link or url can i follow to get these softwares integrated to Qmail ?

 Thank you

Submitted by nbhadauria (registered user) on Wed, 2011-02-16 07:49.

Surely it will work on CentOS 5+

And i will upload a doc to setup qmail scanner with SA and clamav very soon..

Submitted by nbhadauria (registered user) on Wed, 2011-02-23 13:26.

As I promise I have submitted a doc to setup Qmail-scanner with Spamassassin and clamav on ubuntu ..

http://www.howtoforge.com/qmail-scanner-with-clamav-and-spamassassin-on-ubuntu

 

Best

Nitin Bhadauria

Submitted by yatin (not registered) on Thu, 2010-11-25 07:00.
Thanks for this configuration it works.
Submitted by YurtdışÄ... (not registered) on Thu, 2010-09-09 13:59.
It seems like a very good web site but my English is not good. It would be great if it might be availible in other languages too. But, I like this web site very much, thank you very much share for this information.