CentOS 5 QmailToaster Install
- THIS WAS WRITTEN FOR INTERNAL USE AT MY PLACE OF EMPLOYMENT, IT INCLUDED SCREENSHOTS AND A FEW OTHER THINGS I HAD TO TAKE OUT. IT SHOULD STILL MAKE SENSE WITHOUT THEM BUT FEEL FREE TO EDIT ANYTHING THAT LOOKS A LITTLE FUNNY.
- ERIC SCHWARTZ
- STEELE RUBBER PRODUCTS
- DENVER, NC
Based on and mostly the same as the 4.4 posted on the qmailtoaster.com wiki
This tutorial is for CentOS 5 (cnt50) i386
To install CentOS 5 x86_64, replace cnt50 with cnt5064
You must have either a local DNS server or a local caching name server. If you need a caching namserver, we will add one in Step 8.
taken from the toaster mailing list Posted by: Eric Shubes on March 14, 2007
The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. Add the following rule near the top of the script:
#Drop all incoming fragments iptables -A INPUT -i eth0 -f -j DROP # shubes 5/16/06 - accept packets from local net iptables -A INPUT -s my.internal.network.id/255.255.255.0 -j ACCEPT # Drop outside packets with local addresses - anti-spoofing measure
Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.
Downloading CentOS 5
- This section will discuss the method of downloading and creating the CentOS installation media.
- Download CentOS 5 CD iso's or the DVD iso. CentOS 5 iso downloads
- Burn the CentOS iso you downloded with your favorite burning software usually using the "burn image to disk" option.
Installing CentOS 5
- This section will discuss installing and configuring CentOS 5 getting it ready to take on the role of a mail server.
Booting to Installation Media
- Boot the computer with your CD or DVD.
- At the splash Page choose <enter> to install in graphical mode.
- At the "CD Found" window Choose "Skip" to bypass the media test. (optional)
- At the CentOS 5 screen Click "Next".
Setting Language Options
- This section will walk you through the next 2 screens selecting the system and keyboard languages.
- At the Language Selection screen Select your language & click "Next".
- At the Keyboard selection screen select your language & click "Next".
- This screen deals with Disk Partitioning.
- Leave the defaults and click "Next".
- A warning window will pop up explaining that it will now delete all your partitions. click "Yes".
- This screen will setup your network configuration.
- Follow the steps listed below.
Step 1 - Configure your Network Device
- Make sure your network card is slected and click "EDIT"
- Remove the check from "Use dynamic IP configuration (DHCP).
- Remove the check from "Enable IPv6 support" (optional).
- Enter your IP address.
- Enter your Prefix (Netmask).
- Click "OK".
Step 2 - Enter Your Host
- Deselect "automatically via DHCP"
- Select "manually" & enter your "fully qualified domain name"
Step 3 - Miscellaneous Settings
- Enter the IP address of your gateway
- Enter the IP address of your primary DNS server
- Enter the IP address of your secondary DNS server
- Once you have finished the above steps click "Next".
192.168.2.1 192.168.70.7 220.127.116.11
Setting the Time Zone
- This screen will set the time zone used by the system
- You can either click directly on the map to select your region and then time zone or make your selection from the dropdown box.
- If your system clock uses UTC time make sure the "System clock uses UTC" box is checked.
- Click "Next".
Setting the Root Password
- This screen will set password used by the systems root account.
- IT IS VERY IMPORTANT YOU REMEMBER THIS PASSWORD
- Type the password you would like to use for the root account into the "Root Password" field.
- Try to use a password with a combination of letters and numbers.
- Confirm the root password by typing it in the "Confirm" field.
- Click "Next".
Choose Install Type
- This screen will allow you to choose how you want CentOS 5 installed. by default it installs with the Gnome desktop environment. we will be changing the default options to suit the needs of the mail server.
- Remove the check from "Desktop - Gnome".
- Check the "Server" option.
- Choose "Customize Now" at the bottom of the screen.
- This will allow you to pick and choose software to be installed on the system.
- Click "Next".
Choose Software Packages
- This screen will allow you to choose which software packages you would like installed. The defaults will be kept with a few addition.
- Follow the steps listed below. they are broken down by category.
- Make sure "Server Configuration Tools" is selected. (should be selected by default)
- Make sure "Web Server" is selected. (should be selected by default)
- with "Web Server" highlighted click the optional packages button and select "php-mysql" along with the defaults and click "Close".
- Make sure "DNS Name Server" is selected. (should be selected by default)
- Make sure "FTP Server" is selected. (should be selected by default)
- Select "MySQL Database". (should 'NOT' be selected by default)
- with "MySQL Database" highlighted click the optional packages button and select "mysql-bench" and if "mysql-server" is not selected go ahead and select it along with the defaults and click "Close".
- Select "Development Tools". (should 'NOT' be selected by default)
- with "Development Tools" highlighted click the optional packages button and select "expect" along with the defaults and click "Close".
- Select "Administration Tools". (should 'NOT' be selected by default)
- Select "System Tools". (should 'NOT' be selected by default)
- with "System Tools" highlighted click the optional packages button and select "mrtg" along with the defaults and click "Close".
- Once you have finished the above steps click "Next".
Note: nroff command is needed for qmail-toaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the qmail-toaster installation.
- This screen gives you some last minute information before starting the CentOS 5 Install.
- Just click "Next"
- This is the last step of the install. The screen explains that the install is complete and you should now reboot after removing any media used during the install of CentOS 5.
- Remove the CentOS 5 install dvd or cd.
- Click "Reboot"
- This is the first screen you should see upon reboot. It will give you the opportunity to change some system settings including the firewall settings which will be the focus of this section.
- If this screen does not appear you can login as root and type setup from the command line to access this screen.
- Highlight "Firewall Configuration".
- Choose "Run Tool"
- Change "Security Level" to "Disabled".
- Change "SELinux" to "Disabled".
- Choose "OK".
- if you decide to leave SELinux enabled you will need to run the command below
setsebool -P httpd_can_network_connect=1
Preparing QmailToaster Install
- This section of this tutorial will walk you through downloading and running the necessary scripts to prepare the server for the QmailToaster install.
Create Install Directory
- Login as root.
- Create the "qtms-install" directory by typing the following command.
mkdir -p /usr/src/qtms-install
Download & Run Pre-Install Scripts
- Change your directory to "/usr/src/qtms-install" created in the above step.
cnt50-deps.sh and cnt5064-deps.sh
- For i386: Download the "cnt50-deps.sh" script with the following command.
- For x86_64: Download the "cnt5064-deps.sh" script with the following command.
- For i386: Run "cnt50-deps.sh" with the following command.
- For x86_64: Run "cnt5064-deps.sh" with the following command.
cnt50-perl.sh and cnt5064-perl.sh
NOTE - Use of CPAN for perl packages is being deprecated in favor of using perl rpms from the rpmforge repository. The *-perl.sh scripts use the old CPAN method. Intead, you may simply install qmailtoaster-plus, and run the qtp-dependencies script, as follows:
# rpm -Uvh http://qtp.qmailtoaster.com/trac/downloads/1 # yum install qmailtoaster-plus # qtp-dependencies
This method will stay current as QMT moves forward.
- For i386: Download the "cnt50-perl.sh" script with the following command.
- For x86_64: Download the "cnt5064-perl.sh" script with the following command.
- For i386: Run "cnt50-perl.sh" with the following command.
- For x86_64: Run "cnt5064-perl.sh" with the following command.
The script will prompt to do a manual configuration, answer no. You will be prompted to answer yes or no a few more times during the execution of this script, just hit enter to give the default answer on these questions.
cnt50-svcs.sh & firewall.sh
- Download the "cnt50-svcs.sh" script with the following command.
- Remember if you're installing CentOS 5 x86_64, replace cnt50 with cnt5064
- Edit "cnt50-svcs.sh" with "nano" or your favorite text editor.
nano -w cnt50-svcs.sh
- Find the line that with "MYSQLPW=YOUR_MYSQL_ROOT_PASSWORD" and change "YOUR_MYSQL_ROOT_PASSWORD" to the password you want used for the mysql root account.
- Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
- Download the "firewall.sh" script with the following command.
- Remember if your installing CentOS 5 x86_64, replace cnt50 with cnt5064
- Edit "firewall.sh" with "nano" or your favorite text editor.
nano -w firewall.sh
- Find the line that with "MYIP="YOUR_IP_ADDRESS"" and change "YOUR_IP_ADDRESS" to the IP address of the machine.
- Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
- Run "cnt50-svcs.sh" with the following command.
- This script turns on or off all necessary services. Then the script sets
- up your mysql root account, creates and grants privileges for your vpopmail
- mysql account, makes a symlink so your krb5 is read properly, edits your
- php.ini, sets inittab to start at runlevel 3, and sets up your firewall calling firewall.sh.
- Note: You might see some service errors while the script runs,
- don't worry about them.
- Note: You might lost conectivity if your network is 192.168.0.0/16,
- edit /etc/sysconfig/iptables accordingly and restart service iptables.
- NOTE - This part is added by a user 5/1/2009
- I personally had to change one line in cnt50-svcs.sh
- mysqladmin -uroot password $MYSQLPW
- mysqladmin -uroot -p$MYSQLPW
- otherwise, it complains 'Access denied for user 'root'@'localhost' (using password: NO)'
- Added 13 June 2010
- In my installation of CentOS 5.5 the directory /sbin doesn't seem to be in the path for root. This means that all the lines containing chkconfig or service have to be prefixed with /sbin. Alternatively the lines "CHKCONFIG=/sbin/chkconfig" and SERVICE=/sbin/service (without quotes) can be added to the start of the script. Lines containing chkconfig and services can be changed to $CHKCONFIG and $SERVICE respectively.
- The same applies to the firewall.sh script where iptables needs to be prefixed with /sbin or the line IPTABLES=/sbin/iptables inserted and references to iptables changed to $IPTABLES.
- The reason why /sbin was not in root's path is probably because you did "$ su" instead of "$ su -" to su to root. This is a fairly common mistake. The first method does not pick up root's environment, while the 2nd method does. -shubes 4/2/2012
Update all packages on the machine
- We now need to update all the packages on the system with the command below.
yum -y update
- Once completed reboot the machine by typing reboot at the command line.
Note: The nroff command is needed for Qmailtoaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the Qmailtoaster installation.
- This section will Download all the QmailToaster packages and install them on your machine.
Note Instead of downloading and running the current-download and install scripts below, you may simply run the qtp-newmodel script instead, providing you've installed the qmailtoaster-plus package (see above, or http://qtp.qmailtoaster.com). qtp-newmodel installs and/or upgrades all of the QMT packages. Be sure to answer y to all of the questions (except perhaps vqadmin-toaster, which isn't really needed).
Download the QmailToaster Packages
- Login as root now that you rebooted.
- Change directories to the install directory "/usr/src/qtms-install/" with the command below
- Download the script "current-download-script.sh" that will download all the QmailToaster packages to be installed on your system.
- Run the "current-download-script.sh" with the command below.
note. i am facing problem during installation of qmailtoster packages,error is blow can any one help me how to fix it or how to install, Resolving www.qmailtoaster.com... 18.104.22.168 Connecting to www.qmailtoaster.com|22.214.171.124|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-05-30 12:51:34 ERROR 403: Forbidden.
Install QmailToaster Packages
- For i386: Download the "cnt50-install-script.sh" file which will install all the QmailToaster packages on your system.
- For x86_64: Download the "cnt5064-install-script.sh" file which will install all the QmailToaster packages on your system.
- For i386: Run the "cnt50-install-script.sh" with the command below.
- For x86_64: Run the "cnt5064-install-script.sh" with the command below.
You will be asked to confirm the installation of each package. Press "Enter" to confirm the default answer of "Yes" for every package.
NOTE - this part is added by a user 5/2/2009 My email didn't work when the install finished. I opened up the install script and found out there were a dozen or so sections. You can cut-paste a section and run independently. For example, I found imap was not working, so I just ran the following segment manually DISTRO=cnt50 ARCH=i386 BDIR=redhat IMAP=courier-imap-toaster-*.src.rpm rpmbuild --rebuild --with $DISTRO $IMAP rpm -Uvh /usr/src/$BDIR/RPMS/$ARCH/courier-imap-toaster*.rpm I saw it was failing because cyrus-imap package conflicit. I did "yum -y remove cyrus-imapd-2.3.7-2.el5.i386", then ran the script segment again, and it took care of the imap problem
NOTE - for (maybe not only) Fedora 7 users (by chhh on 2009.11.04)
i was installing qmail-toaster on fedora 7, the only option apart from centOs 5 provided for vps by my hosting. It had lots of mail-connected programs installed, all of which were handled nicely by the scripts from this manual with one notable exception: postfix.
in my case it has created a usergroup with group id (GID) 89, which is used by vpopmail-toaster (at least by default).
if during installation when you run "sh cnt50-install-script.sh" you get errors while installing vpopmail-toaster-5.4.13-1.3.1 (something like 'cant run even the simplest ANSI C program.... create usergroup, create user...'), then:
- check if postfix is installed with "rpm -q postfix"
- if it is
- then try "rpm -e --nodeps postfix" to delete it
- delete string "postfix:x:89:" from /etc/group, this deletes the usergroup with GID that toaster needs
- then add the required usergroup "groupadd --gid 89 vchkpw"
- then add the required user "adduser --gid 89 vpopmail"
- now try "sh cnt50-install-script.sh" one more time (you may skip ('s') building the modules that have already been installed by your previous attempts)
--Mucip 05:00, 16 November 2011 (EST)
Installation on Fedora Core 12 with i686-PAE kernel...
I installed the toaster on a clean install of FC12, installed via the FC12 netinst iso. This installs a superbly compact, ultra-minimal system which is perfect for the install of the toaster packages.
Install all the prereqs as according to the instructions on the toaster site for Fedora 12, under "Distribution Specific Scripts".
There are two caveats I found while installing...
First, the toaster package installer "fedora_12-install-script.sh" has two variables, DISTRO and ARCH. I changed DISTRO to be DISTRO=fedora_12 (which may or may not make a difference). The variable ARCH is set to i386. None of the packages would compile because RPM Build was looking for directories for i386, while the system wanted to compile against the i686 kernel. I changed this to ARCH=i686 and everything started smoothly. You could set the variable to ARCH=`uname -p` to get your proper architecture.
Second, during the packaging of EZMLM, the compile failed at the point where it was looking for the mysqlclient. It was, for some reason ... possibly due to the PAE kernel on my machine? ... looking for /usr/lib64/ to hold the mysqlclient libraries. Just for giggles, I created a symbolic link ln -s /usr/lib /usr/lib64 to see if it would work. It did.
This install is on a Dell PowerEdge 2600 server with dual Xeon 2.4GHz procs, running kernel 126.96.36.199-115.fc12.i686.PAE.
Other than the two caveats above, the scripts ran perfectly.
For CentOS 6.0 you need to replace "usr/src" string by "/root" in install-script batch file. Because CentOS started to save this new location src.rpm files. By the way you need to change BDIR variable to "rpmbuild" in install-script...
Check System Services
- This section will make sure that all the proper services will be running when the machine is started.
- Run the "setup" command at the command line.
- Select "System Services" and choose "Run Tool".
- Verify that the following services are selected.
- Also irqbalance (w/ dual processors) xfs (w/ x windows)
Install djbdns (if you don't want bind)
- In this section we will remove bind and install djbdns.
- Remove bind with the following command.
rpm -e --nodeps bind bind-chroot
- Build the djbdns rpm for i386 with the following command.
rpmbuild --rebuild --with cnt50 djbdns*.src.rpm
- Build the djbdns rpm for x86_64 with the following command.
rpmbuild --rebuild --with cnt5064 djbdns*.src.rpm
- Install djbdns for i386 with the following command.
rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
- Install djbdns for x86_64 with the following command.
rpm -Uvh ../redhat/RPMS/x86_64/djbdns-localcache*.rpm
- Add "search your-domain.com" to the "/etc/resolv.conf" replaceing "your-domain.com" with your actual domain by running the following command.
echo "search your-domain.com" > /etc/resolv.conf
- Add "nameserver 127.0.0.1" to your "/etc/resolv.conf" file with the following command.
echo "nameserver 127.0.0.1" >> /etc/resolv.conf
- Reboot the machine with the reboot command.
- In this section you will configure QmailToaster. This section covers adding domain names and how to access the mail server administration.
Check QmailToaster Status
- First check the status of the mail server with the command belowq
- The output should look somewhat like this.
root@gateway ~]# qmailctl stat authlib: up (pid 2425) 65 seconds clamd: up (pid 2425) 65 seconds imap4: up (pid 2421) 65 seconds imap4-ssl: up (pid 2423) 65 seconds pop3: up (pid 2414) 65 seconds pop3-ssl: up (pid 2409) 65 seconds send: up (pid 2416) 65 seconds smtp: up (pid 2418) 65 seconds spamd: up (pid 2407) 65 seconds authlib/log: up (pid 2417) 65 seconds clamd/log: up (pid 2417) 65 seconds imap4/log: up (pid 2422) 65 seconds imap4-ssl/log: up (pid 2424) 65 seconds pop3/log: up (pid 2415) 65 seconds pop3-ssl/log: up (pid 2413) 65 seconds send/log: up (pid 2420) 65 seconds smtp/log: up (pid 2419) 65 seconds spamd/log: up (pid 2408) 65 seconds
Add a domain
add a domain:
/home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>
Add a user: /home/vpopmail/bin/vadduser firstname.lastname@example.org <your-password>
Edit /etc/php.ini and set register_globals = On service httpd restart Bring up your browser and go to: http://www.your-domain.com/admin-toaster/ Username: admin Password: toaster Change your password . . .
Edit /etc/php.ini and set register_globals = Off service httpd restart Check your mail server: http://www.your-domain.com/webmail login with your full email address and your password Send yourself an email - should show right away Send an email to yourself if you have another address Go to your other email account and reply to the message you sent
If Isoqlog doesn't show right away, do this: sh /usr/share/toaster/isoqlog/bin/cron.sh
10. Add domainkeys:
Note: I found the links sent to me by Eric Shupes on the toaster list VERY helpful. http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2 http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record I suggest going there as the links contain a more in depth set of details. Below is borrowed from those links.
Create the directory for your domain's private key:
cd /var/qmail/control/domainkeys mkdir your-domain.com
Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:
cd your-domain.com dknewkey private > public.txt
You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:
chmod 440 private cd .. chown -R root:vchkpw yourdomain.com
Make dns entry: BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):
_domainkey.your-domain.com. IN TXT "t=y; o=-"
Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.
_domainkey.your-domain.com. IN TXT "o=-"
Then also add this to your zone file:
private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key" (NOTE QUOTATION MARKS MUST BE THERE)
Note: I have not tested DJBDNS as I do not run it - DK
DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt): '_domainkey.your-domain.com:o=-; email@example.com 'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key
Test your mailserver: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net/selectorcheck.html In squirrelmail, send a test email, select View Full Header and you should find something like the following: ----------- snip ------------ DomainKey-Status: good Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL autolearn=no version=3.1.1 Received: from unknown (HELO ns1.ndhsdns.com) (188.8.131.52) by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000 Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 184.108.40.206 as permitted sender) Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=ndhsdns.com; b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ; Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1) by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000 ----------- snip ------------
11. Logs for all packages except freshclam are at:
/var/log/qmail/* Freshclam is at /var/log/clamav