QmailtoasterMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

CentOS 4.4 QmailToaster Install

From Qmailtoaster


EZ QmailToaster Fresh Install on CentOS 4.4


Based and mostly the same as the 4.3 version by: Nick Hemmesch <nick@ndhsoft.com> June 08, 2006

So he is the hard working man, not I. I just added some additional notes more than anything.

Dustin Krysak <d.k.emaillists@gmail.com> March 16 2007


DISTRO NOTES:

This tutorial is for CentOS 4.4 (cnt40) i386

To install CentOS 4.4 x86_64, replace cnt40 with cnt4064

To install Fedora Core 4 & 5, change download path from centos to fedora & cnt40 to fdr40, fdr4064, fdr50 or fdr5064 per your distro


DNS NOTES:

You must have either a local dns server or a local caching name server. If you need a caching namserver, we will add one in Step 8.

Be sure to replace "your-domain.com" with your real domain name, and "your.fqdn.com" with your server's "Fully Qualified Domain Name".


FIREWALL NOTES:

*taken from the toaster mailing list*

Posted by: Eric Shubes on March 14, 2007

Subject: [qmailtoaster] FW: HELP please

The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. I added the following rule near the top of the script:


#Drop all incoming fragments

iptables -A INPUT -i eth0 -f -j DROP

# shubes 5/16/06 - accept packets from local net

iptables -A INPUT -s my.internal.network.id/255.255.255.0 -j ACCEPT

# Drop outside packets with local addresses - anti-spoofing measure



This is just a handy note that is not yet on the site or FAQ (as of this date).

Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.


INSTALL NOTES:

If you skip over the centos install details outlined in this page, and have installed from the server cd (as I did) and chose the "minimal" install, be sure to add the following packages to the cnt40-deps.sh script:

perl-HTML-Parser

If using Bind and not DJBDNS also add:

bind
bind-chroot
caching-nameserver


1. Download CentOS 4.4 CD iso's or the DVD iso.


 Burn iso's to CD, or DVD if you downloded a DVD iso
 
 Boot with your CD 1 or the DVD



2. CentOS Installation (This is the configuration of my test box):


 Splash Page: <enter> to install in graphical mode  
 
 CD Found window: Choose "Skip" to bypass media test  
 Welcome to CentOS: Click "Next"
 Language Selection: Select your language & Click "Next"
 Keyboard Configuration: Select language type & Click "Next"
 Installation Type: Select "Server" & Click "Next"
 Disk Partitioning Setup: Select "Automatically Partition & Click "Next"
     Warning: Click "Yes"
 Automatic Partitioning: Select "Remove all partitions" & Click "Next"
     Warning: Click "Yes"
 Disk Setup: Click "Next"
 Boot Loader Configuration: Click "Next"
 Network Configuration: Click "Edit"
     Edit Interface eth0: Deselect "Configure using DHCP"
  
     Select "Activate on boot"
     Enter your "IP Address" & "Netmask"
     Click "OK
     Set the hostname:
         Deselect "automatically via DHCP"
         Select "manually" & enter your "fully qualified domain name"
     Miscellaneous Settings:
         Gateway: enter IP address of your gateway
         Primary DNS: enter IP address of primary dns server
         Secondary DNS: enter IP address of secondary dns server
     Click "Next"
 Firewall Configuration:
     Select "No firewall"
     Select "Disabled" mode for SELinux
     Click "Next"
         Warning - No Firewall: Click "Proceed"
 Additional Language Support" Click "Next"
 Time Zone Selection: Select your time zone & Click "Next"
 Set Root Password: Enter your root password twice & Click "Next"



3. Package Group Selection - Select ONLY the following groups:


 Server Configuration Tools: Select
 Web Server: Select
     Click "Details" and add php-mysql plus the defaults
 DNS Name Server: Select
 FTP Server: Select
 MySQL Database: Select
     Click "Details" and add mysql-bench, mysql-server plus the defaults


 Development Tools: Select
     Click "Details" and add expect to the defaults
 Administration Tools: Select
 System Tools: Select
     Click "Details" and add mrtg to the defaults
 Click "Next"


 About to Install: Click "Next"
     Required Install Media: verify and click "Continue"


 Installing Packages: Click "Next" & watch the install


 After installation: remove your media & Click "Reboot"
 

4. After reboot, login as root:


 mkdir -p /usr/src/qtms-install
 
 cd /usr/src/qtms-install
 
 
 This example is CentOS 4.4 i386 so the qmailtoaster switch is cnt40 
 

5. Prepare to Install QmailToaster:


 wget http://www.qmailtoaster.com/centos/cnt40/cnt40-deps.sh
 
     sh cnt40-deps.sh


 wget http://www.qmailtoaster.com/centos/cnt40/cnt40-perl.sh
 
     sh cnt40-perl.sh
# rpm -ivh http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
# yum install perl-HTML-Parser
# yum install perl-IO-Zlib
# yum install perl-Archive-Tar

If SpamAssassin required other perl module (say: Mail::SPF) you can easily type

# yum install perl-Mail-SPF

Failing to satisfy perl module needed by SpamAssassin, SpamAssassin not installed and also broke Simscan and ClamAV installation.

 wget http://www.qmailtoaster.com/centos/cnt40/cnt40-svcs.sh
 wget http://www.qmailtoaster.com/centos/cnt40/firewall.sh
     nano -w cnt40-svcs.sh
     edit MYSQLPW=your-mysql-password
     ctl-o and enter to save
     ctl-x to exit


     nano -w firewall.sh
     edit MYIP="your-IP-address"
     ctl-o and enter to save
     ctl-x to exit
     sh cnt40-svcs.sh


 === NOTE ===
 This script turns on or off all necessary services. Then the script sets 
 up your mysql root account, creates and grants privileges for your vpopmail
 mysql account, makes a symlink so your krb5 is read properly, edits your 
 php.ini, sets inittab to start at runlevel 3, and sets up your firewall.
 Note: You might see some service errors while the script runs,
 don't worry about them.
 ============


 Update all your packages:
     yum -y update
 REBOOT



6. Get QmailToaster Packages:


 cd /usr/src/qtms-install


 wget http://www.qmailtoaster.com/info/current-download-script.sh
     sh current-download-script.sh


 This script downloads all necessary packages into you current
 directory (should be /usr/src/qtms-install/).



7. Install QmailToaster Packages:


 wget http://www.qmailtoaster.com/centos/cnt40/cnt40-install-script.sh
 
     sh cnt40-install-script.sh


 Check your services:
     setup: Select Services
         See that the following services are selected: acpid anacron
         
         atd autofs cpuspeed crond djbdns freshclam haldaemon httpd
         iptables kudzu messagebus mysqld network ntpd qmail rawdevices
         smartd sshd syslog xinet
         Also: irqbalance (w/dual processors) xfs (w/xwindows)



8. Add djbdns (if you don't want bind)


 rpm -e --nodeps bind bind-chroot caching-nameserver
 rpmbuild --rebuild --with cnt40 djbdns*.src.rpm
 rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
 echo "search your-domain.com" > /etc/resolv.conf
 echo "nameserver 127.0.0.1" >> /etc/resolv.conf


 REBOOT



9. Setup QmailToaster:


 qmailctl stat
 (Should look somewhat like this)
     [root@gateway ~]# qmailctl stat
     authlib: up (pid 2425) 65 seconds
     clamd: up (pid 2425) 65 seconds
     imap4: up (pid 2421) 65 seconds
     imap4-ssl: up (pid 2423) 65 seconds
     pop3: up (pid 2414) 65 seconds
     pop3-ssl: up (pid 2409) 65 seconds
     send: up (pid 2416) 65 seconds
     smtp: up (pid 2418) 65 seconds
     spamd: up (pid 2407) 65 seconds
     authlib/log: up (pid 2417) 65 seconds
     clamd/log: up (pid 2417) 65 seconds
     imap4/log: up (pid 2422) 65 seconds
     imap4-ssl/log: up (pid 2424) 65 seconds
     pop3/log: up (pid 2415) 65 seconds
     pop3-ssl/log: up (pid 2413) 65 seconds
     send/log: up (pid 2420) 65 seconds
     smtp/log: up (pid 2419) 65 seconds
     spamd/log: up (pid 2408) 65 seconds
     [root@gateway ~]#


 Add a domain:
     /home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>


 Add a user:
     /home/vpopmail/bin/vadduser you@your-domain.com <your-password>


 Edit /etc/php.ini and set register_globals = On
     service httpd restart  
 
 
 Bring up your browser and go to:
     http://www.your-domain.com/admin-toaster/
       Username: admin
       Password: toaster
     Change your password . . . 


 Edit /etc/php.ini and set register_globals = Off
     service httpd restart  
 
 Check your mail server:
     http://www.your-domain.com/webmail
     login with your full email address and your password
     Send yourself an email - should show right away
     Send an email to yourself if you have another address
     Go to your other email account and reply to the message you sent


 If Isoqlog doesn't show right away, do this:
     
     sh /usr/share/toaster/isoqlog/bin/cron.sh



10. Add domainkeys:


Note:
I found the links sent to me by Eric Shupes on the toaster list VERY helpful.
http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2
http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record
http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record
I suggest going there as the links contain a more in depth set of details.
Below is borrowed from those links.


Create the directory for your domain's private key:
    cd /var/qmail/control/domainkeys  
    mkdir your-domain.com
 
Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:
    cd your-domain.com
    dknewkey private > public.txt


You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:
    chmod 440 private
    cd ..
    chown -R root:vchkpw yourdomain.com


 Make dns entry: 
     BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):


    _domainkey.your-domain.com.         IN TXT "t=y; o=-"

Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.

    _domainkey.your-domain.com.         IN TXT "o=-"


Then also add this to your zone file:

     private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key" 
           (NOTE QUOTATION MARKS MUST BE THERE)
Note: I have not tested DJBDNS as I do not run it - DK
     DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt): 
       '_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com 
       'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key 


 Test your mailserver:
     http://domainkeys.sourceforge.net/policycheck.html
     http://domainkeys.sourceforge.net/selectorcheck.html
    
     In squirrelmail, send a test email, select View Full Header and you
     should find something like the following:
     ----------- snip ------------
     DomainKey-Status: good 
     Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s
          scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1
     X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org
     X-Spam-Level: *
     X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL 
          autolearn=no version=3.1.1
     Received: from unknown (HELO ns1.ndhsdns.com) (216.221.100.227)
          by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000
     Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 216.221.100.227 as permitted sender)
     Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000
     Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
     DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
          s=private; d=ndhsdns.com;
          b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ;
     Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1)
          by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000
     ----------- snip ------------



11. Logs for all packages except freshclam are at:


 /var/log/qmail/*
 Freshclam is at /var/log/clamav

Retrieved from "http://wiki.qmailtoaster.com/index.php/CentOS_4.4_QmailToaster_Install"

This page has been accessed 49,593 times. This page was last modified on 24 March 2008, at 08:31. Content is available under GNU Free Documentation License 1.2.


Find

Browse
Main page
Community portal
Current events
Recent changes
Random page
Help
Edit
View source
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
More...