CentOS 4.4 QmailToaster Install
EZ QmailToaster Fresh Install on CentOS 4.4
Based and mostly the same as the 4.3 version by: Nick Hemmesch <email@example.com> June 08, 2006
So he is the hard working man, not I. I just added some additional notes more than anything.
Dustin Krysak <firstname.lastname@example.org> March 16 2007
This tutorial is for CentOS 4.4 (cnt40) i386
- note: these install steps also working for CentOS 4.6, just make sure to satisfy SpamAssasin perl modules.
To install CentOS 4.4 x86_64, replace cnt40 with cnt4064
To install Fedora Core 4 & 5, change download path from centos to fedora & cnt40 to fdr40, fdr4064, fdr50 or fdr5064 per your distro
You must have either a local dns server or a local caching name server. If you need a caching namserver, we will add one in Step 8.
Be sure to replace "your-domain.com" with your real domain name, and "your.fqdn.com" with your server's "Fully Qualified Domain Name".
*taken from the toaster mailing list*
Posted by: Eric Shubes on March 14, 2007
Subject: [qmailtoaster] FW: HELP please
The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. I added the following rule near the top of the script:
#Drop all incoming fragments
iptables -A INPUT -i eth0 -f -j DROP
# shubes 5/16/06 - accept packets from local net
iptables -A INPUT -s my.internal.network.id/255.255.255.0 -j ACCEPT
# Drop outside packets with local addresses - anti-spoofing measure
This is just a handy note that is not yet on the site or FAQ (as of this date).
Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.
If you skip over the centos install details outlined in this page, and have installed from the server cd (as I did) and chose the "minimal" install, be sure to add the following packages to the cnt40-deps.sh script:
If using Bind and not DJBDNS also add:
bind bind-chroot caching-nameserver
1. Download CentOS 4.4 CD iso's or the DVD iso.
Burn iso's to CD, or DVD if you downloded a DVD iso Boot with your CD 1 or the DVD
2. CentOS Installation (This is the configuration of my test box):
Splash Page: <enter> to install in graphical mode CD Found window: Choose "Skip" to bypass media test
Welcome to CentOS: Click "Next"
Language Selection: Select your language & Click "Next"
Keyboard Configuration: Select language type & Click "Next"
Installation Type: Select "Server" & Click "Next"
Disk Partitioning Setup: Select "Automatically Partition & Click "Next"
Warning: Click "Yes"
Automatic Partitioning: Select "Remove all partitions" & Click "Next"
Warning: Click "Yes"
Disk Setup: Click "Next"
Boot Loader Configuration: Click "Next"
Network Configuration: Click "Edit"
Edit Interface eth0: Deselect "Configure using DHCP" Select "Activate on boot"
Enter your "IP Address" & "Netmask"
Set the hostname:
Deselect "automatically via DHCP"
Select "manually" & enter your "fully qualified domain name"
Gateway: enter IP address of your gateway
Primary DNS: enter IP address of primary dns server
Secondary DNS: enter IP address of secondary dns server
Select "No firewall"
Select "Disabled" mode for SELinux
Warning - No Firewall: Click "Proceed"
Additional Language Support" Click "Next"
Time Zone Selection: Select your time zone & Click "Next"
Set Root Password: Enter your root password twice & Click "Next"
3. Package Group Selection - Select ONLY the following groups:
Server Configuration Tools: Select
Web Server: Select
Click "Details" and add php-mysql plus the defaults
DNS Name Server: Select
FTP Server: Select
MySQL Database: Select
Click "Details" and add mysql-bench, mysql-server plus the defaults
Development Tools: Select
Click "Details" and add expect to the defaults
Administration Tools: Select
System Tools: Select
Click "Details" and add mrtg to the defaults
About to Install: Click "Next"
Required Install Media: verify and click "Continue"
Installing Packages: Click "Next" & watch the install
After installation: remove your media & Click "Reboot"
4. After reboot, login as root:
mkdir -p /usr/src/qtms-install cd /usr/src/qtms-install This example is CentOS 4.4 i386 so the qmailtoaster switch is cnt40
5. Prepare to Install QmailToaster:
wget http://www.qmailtoaster.com/centos/cnt40/cnt40-deps.sh sh cnt40-deps.sh
wget http://www.qmailtoaster.com/centos/cnt40/cnt40-perl.sh sh cnt40-perl.sh
- note: the new SpamAssasin also required newer perl-module which may not satisfy by just running the script above. so here easy way to updates perl modules. Visit http://dag.wieers.com/rpm/packages/rpmforge-release/ and make sure you choose the latest, and correct version for your distro and architecture.
# rpm -ivh http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm # yum install perl-HTML-Parser # yum install perl-IO-Zlib # yum install perl-Archive-Tar
If SpamAssassin required other perl module (say: Mail::SPF) you can easily type
# yum install perl-Mail-SPF
Failing to satisfy perl module needed by SpamAssassin, SpamAssassin not installed and also broke Simscan and ClamAV installation.
nano -w cnt40-svcs.sh
ctl-o and enter to save
ctl-x to exit
nano -w firewall.sh
ctl-o and enter to save
ctl-x to exit
=== NOTE ===
This script turns on or off all necessary services. Then the script sets up your mysql root account, creates and grants privileges for your vpopmail mysql account, makes a symlink so your krb5 is read properly, edits your php.ini, sets inittab to start at runlevel 3, and sets up your firewall.
Note: You might see some service errors while the script runs, don't worry about them.
Update all your packages:
yum -y update
6. Get QmailToaster Packages:
This script downloads all necessary packages into you current directory (should be /usr/src/qtms-install/).
7. Install QmailToaster Packages:
wget http://www.qmailtoaster.com/centos/cnt40/cnt40-install-script.sh sh cnt40-install-script.sh
Check your services:
setup: Select Services
See that the following services are selected: acpid anacron atd autofs cpuspeed crond djbdns freshclam haldaemon httpd
iptables kudzu messagebus mysqld network ntpd qmail rawdevices
smartd sshd syslog xinet
Also: irqbalance (w/dual processors) xfs (w/xwindows)
8. Add djbdns (if you don't want bind)
rpm -e --nodeps bind bind-chroot caching-nameserver
rpmbuild --rebuild --with cnt40 djbdns*.src.rpm
rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
echo "search your-domain.com" > /etc/resolv.conf echo "nameserver 127.0.0.1" >> /etc/resolv.conf
9. Setup QmailToaster:
(Should look somewhat like this)
[root@gateway ~]# qmailctl stat authlib: up (pid 2425) 65 seconds clamd: up (pid 2425) 65 seconds imap4: up (pid 2421) 65 seconds imap4-ssl: up (pid 2423) 65 seconds pop3: up (pid 2414) 65 seconds pop3-ssl: up (pid 2409) 65 seconds send: up (pid 2416) 65 seconds smtp: up (pid 2418) 65 seconds spamd: up (pid 2407) 65 seconds authlib/log: up (pid 2417) 65 seconds clamd/log: up (pid 2417) 65 seconds imap4/log: up (pid 2422) 65 seconds imap4-ssl/log: up (pid 2424) 65 seconds pop3/log: up (pid 2415) 65 seconds pop3-ssl/log: up (pid 2413) 65 seconds send/log: up (pid 2420) 65 seconds smtp/log: up (pid 2419) 65 seconds spamd/log: up (pid 2408) 65 seconds [root@gateway ~]#
Add a domain:
/home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>
Add a user:
/home/vpopmail/bin/vadduser email@example.com <your-password>
Edit /etc/php.ini and set register_globals = On
service httpd restart Bring up your browser and go to:
Username: admin Password: toaster
Change your password . . .
Edit /etc/php.ini and set register_globals = Off
service httpd restart
Check your mail server:
login with your full email address and your password
Send yourself an email - should show right away
Send an email to yourself if you have another address
Go to your other email account and reply to the message you sent
If Isoqlog doesn't show right away, do this: sh /usr/share/toaster/isoqlog/bin/cron.sh
10. Add domainkeys:
Note: I found the links sent to me by Eric Shupes on the toaster list VERY helpful.
http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2 http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record
I suggest going there as the links contain a more in depth set of details. Below is borrowed from those links.
Create the directory for your domain's private key:
cd /var/qmail/control/domainkeys mkdir your-domain.com Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:
cd your-domain.com dknewkey private > public.txt
You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:
chmod 440 private cd .. chown -R root:vchkpw yourdomain.com
Make dns entry:
BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):
_domainkey.your-domain.com. IN TXT "t=y; o=-"
Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.
_domainkey.your-domain.com. IN TXT "o=-"
Then also add this to your zone file:
private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key" (NOTE QUOTATION MARKS MUST BE THERE)
Note: I have not tested DJBDNS as I do not run it - DK
DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt):
'_domainkey.your-domain.com:o=-; firstname.lastname@example.org 'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key
Test your mailserver:
In squirrelmail, send a test email, select View Full Header and you should find something like the following:
----------- snip ------------ DomainKey-Status: good Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL autolearn=no version=3.1.1 Received: from unknown (HELO ns1.ndhsdns.com) (126.96.36.199) by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000 Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 188.8.131.52 as permitted sender) Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=ndhsdns.com; b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ; Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1) by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000 ----------- snip ------------
11. Logs for all packages except freshclam are at:
Freshclam is at /var/log/clamav