QmailtoasterMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

CentOS 5 QmailToaster Install

From Qmailtoaster

THIS WAS WRITTEN FOR INTERNAL USE AT MY PLACE OF EMPLOYMENT, IT INCLUDED SCREENSHOTS AND A FEW OTHER THINGS I HAD TO TAKE OUT. IT SHOULD STILL MAKE SENSE WITHOUT THEM BUT FEEL FREE TO EDIT ANYTHING THAT LOOKS A LITTLE FUNNY.
ERIC SCHWARTZ
STEELE RUBBER PRODUCTS
DENVER, NC

Contents

Getting Started

Based on and mostly the same as the 4.4 posted on the qmailtoaster.com wiki

Distro Notes

This tutorial is for CentOS 5 (cnt50) i386

To install CentOS 5 x86_64, replace cnt50 with cnt5064

DNS Notes

You must have either a local DNS server or a local caching name server. If you need a caching namserver, we will add one in Step 8.

FIREWALL NOTES

taken from the toaster mailing list Posted by: Eric Shubes on March 14, 2007

The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. Add the following rule near the top of the script:

   #Drop all incoming fragments 
   iptables -A INPUT -i eth0 -f -j DROP
   # shubes 5/16/06 - accept packets from local net 
   iptables -A INPUT -s my.internal.network.id/255.255.255.0 -j ACCEPT
   # Drop outside packets with local addresses - anti-spoofing measure 

Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.

Downloading CentOS 5

This section will discuss the method of downloading and creating the CentOS installation media.

Installing CentOS 5

This section will discuss installing and configuring CentOS 5 getting it ready to take on the role of a mail server.

Booting to Installation Media

Setting Language Options

This section will walk you through the next 2 screens selecting the system and keyboard languages.

Disk Partitioning

This screen deals with Disk Partitioning.

Network Configuration

This screen will setup your network configuration.

Step 1 - Configure your Network Device

192.168.70.7/255.255.255.0 192.168.2.3/255.255.255.0

  1. Make sure your network card is slected and click "EDIT"
  2. Remove the check from "Use dynamic IP configuration (DHCP).
  3. Remove the check from "Enable IPv6 support" (optional).
  4. Enter your IP address.
  5. Enter your Prefix (Netmask).
  6. Click "OK".

Step 2 - Enter Your Host

  1. Deselect "automatically via DHCP"
  2. Select "manually" & enter your "fully qualified domain name"

mailsrv.cms.vn

Step 3 - Miscellaneous Settings

  1. Enter the IP address of your gateway
  2. Enter the IP address of your primary DNS server
  3. Enter the IP address of your secondary DNS server

192.168.2.1 192.168.70.7 203.162.0.11

Setting the Time Zone

This screen will set the time zone used by the system

Setting the Root Password

This screen will set password used by the systems root account.
IT IS VERY IMPORTANT YOU REMEMBER THIS PASSWORD

Choose Install Type

This screen will allow you to choose how you want CentOS 5 installed. by default it installs with the Gnome desktop environment. we will be changing the default options to suit the needs of the mail server.

Choose Software Packages

This screen will allow you to choose which software packages you would like installed. The defaults will be kept with a few addition.

Servers

Development

Base System

Note: nroff command is needed for qmail-toaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the qmail-toaster installation.


Begin Install

This screen gives you some last minute information before starting the CentOS 5 Install.

Reboot

This is the last step of the install. The screen explains that the install is complete and you should now reboot after removing any media used during the install of CentOS 5.

Firewall Configuration

This is the first screen you should see upon reboot. It will give you the opportunity to change some system settings including the firewall settings which will be the focus of this section.
If this screen does not appear you can login as root and type setup from the command line to access this screen.

NOTE
if you decide to leave SELinux enabled you will need to run the command below
setsebool -P httpd_can_network_connect=1

Preparing QmailToaster Install

This section of this tutorial will walk you through downloading and running the necessary scripts to prepare the server for the QmailToaster install.

Create Install Directory

mkdir -p /usr/src/qtms-install

Download & Run Pre-Install Scripts

cd /usr/src/qtms-install


cnt50-deps.sh and cnt5064-deps.sh

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-deps.sh

wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-deps.sh


sh cnt50-deps.sh

sh cnt5064-deps.sh

cnt50-perl.sh and cnt5064-perl.sh

NOTE - Use of CPAN for perl packages is being deprecated in favor of using perl rpms from the rpmforge repository. The *-perl.sh scripts use the old CPAN method. Intead, you may simply install qmailtoaster-plus, and run the qtp-dependencies script, as follows:

# rpm -Uvh http://qtp.qmailtoaster.com/trac/downloads/1
# yum install qmailtoaster-plus
# qtp-dependencies

This method will stay current as QMT moves forward.

---END NOTE

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-perl.sh

wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-perl.sh

sh cnt50-perl.sh

sh cnt5064-perl.sh

The script will prompt to do a manual configuration, answer no. You will be prompted to answer yes or no a few more times during the execution of this script, just hit enter to give the default answer on these questions.

cnt50-svcs.sh & firewall.sh

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-svcs.sh
nano -w cnt50-svcs.sh
wget http://www.qmailtoaster.com/centos/cnt50/firewall.sh
nano -w firewall.sh
sh cnt50-svcs.sh
NOTE
This script turns on or off all necessary services. Then the script sets
up your mysql root account, creates and grants privileges for your vpopmail
mysql account, makes a symlink so your krb5 is read properly, edits your
php.ini, sets inittab to start at runlevel 3, and sets up your firewall calling firewall.sh.
Note: You might see some service errors while the script runs,
don't worry about them.
Note: You might lost conectivity if your network is 192.168.0.0/16,
edit /etc/sysconfig/iptables accordingly and restart service iptables.

NOTE - This part is added by a user 5/1/2009
I personally had to change one line in cnt50-svcs.sh
from
mysqladmin -uroot password $MYSQLPW
to
mysqladmin -uroot -p$MYSQLPW
otherwise, it complains 'Access denied for user 'root'@'localhost' (using password: NO)'
Added 13 June 2010
In my installation of CentOS 5.5 the directory /sbin doesn't seem to be in the path for root. This means that all the lines containing chkconfig or service have to be prefixed with /sbin. Alternatively the lines "CHKCONFIG=/sbin/chkconfig" and SERVICE=/sbin/service (without quotes) can be added to the start of the script. Lines containing chkconfig and services can be changed to $CHKCONFIG and $SERVICE respectively.
The same applies to the firewall.sh script where iptables needs to be prefixed with /sbin or the line IPTABLES=/sbin/iptables inserted and references to iptables changed to $IPTABLES.
The reason why /sbin was not in root's path is probably because you did "$ su" instead of "$ su -" to su to root. This is a fairly common mistake. The first method does not pick up root's environment, while the 2nd method does. -shubes 4/2/2012

Update all packages on the machine

yum -y update
reboot.


Note: The nroff command is needed for Qmailtoaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the Qmailtoaster installation.


Install QmailToaster

This section will Download all the QmailToaster packages and install them on your machine.

Note Instead of downloading and running the current-download and install scripts below, you may simply run the qtp-newmodel script instead, providing you've installed the qmailtoaster-plus package (see above, or http://qtp.qmailtoaster.com). qtp-newmodel installs and/or upgrades all of the QMT packages. Be sure to answer y to all of the questions (except perhaps vqadmin-toaster, which isn't really needed).

# qtp-newmodel

Simple.

Download the QmailToaster Packages

cd /usr/src/qtms-install
wget http://www.qmailtoaster.com/info/current-download-script.sh
sh current-download-script.sh

note. i am facing problem during installation of qmailtoster packages,error is blow can any one help me how to fix it or how to install, Resolving www.qmailtoaster.com... 173.230.142.232 Connecting to www.qmailtoaster.com|173.230.142.232|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-05-30 12:51:34 ERROR 403: Forbidden.

Install QmailToaster Packages

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-install-script.sh

wget http://www.qmailtoaster.org/centos/cnt5064/cnt5064-install-script.sh

sh cnt50-install-script.sh

sh cnt5064-install-script.sh

You will be asked to confirm the installation of each package. Press "Enter" to confirm the default answer of "Yes" for every package.

NOTE - this part is added by a user 5/2/2009 My email didn't work when the install finished. I opened up the install script and found out there were a dozen or so sections. You can cut-paste a section and run independently. For example, I found imap was not working, so I just ran the following segment manually DISTRO=cnt50 ARCH=i386 BDIR=redhat IMAP=courier-imap-toaster-*.src.rpm rpmbuild --rebuild --with $DISTRO $IMAP rpm -Uvh /usr/src/$BDIR/RPMS/$ARCH/courier-imap-toaster*.rpm I saw it was failing because cyrus-imap package conflicit. I did "yum -y remove cyrus-imapd-2.3.7-2.el5.i386", then ran the script segment again, and it took care of the imap problem
NOTE - for (maybe not only) Fedora 7 users (by chhh on 2009.11.04)
i was installing qmail-toaster on fedora 7, the only option apart from centOs 5 provided for vps by my hosting. It had lots of mail-connected programs installed, all of which were handled nicely by the scripts from this manual with one notable exception: postfix.
in my case it has created a usergroup with group id (GID) 89, which is used by vpopmail-toaster (at least by default).

if during installation when you run "sh cnt50-install-script.sh" you get errors while installing vpopmail-toaster-5.4.13-1.3.1 (something like 'cant run even the simplest ANSI C program.... create usergroup, create user...'), then:
  • check if postfix is installed with "rpm -q postfix"
    • if it is
      • then try "rpm -e --nodeps postfix" to delete it
      • delete string "postfix:x:89:" from /etc/group, this deletes the usergroup with GID that toaster needs
      • then add the required usergroup "groupadd --gid 89 vchkpw"
      • then add the required user "adduser --gid 89 vpopmail"
      • now try "sh cnt50-install-script.sh" one more time (you may skip ('s') building the modules that have already been installed by your previous attempts)

Installation on Fedora Core 12 with i686-PAE kernel...
mjgolli, 03-June-2010

I installed the toaster on a clean install of FC12, installed via the FC12 netinst iso. This installs a superbly compact, ultra-minimal system which is perfect for the install of the toaster packages.

Install all the prereqs as according to the instructions on the toaster site for Fedora 12, under "Distribution Specific Scripts".

There are two caveats I found while installing...
First, the toaster package installer "fedora_12-install-script.sh" has two variables, DISTRO and ARCH. I changed DISTRO to be DISTRO=fedora_12 (which may or may not make a difference). The variable ARCH is set to i386. None of the packages would compile because RPM Build was looking for directories for i386, while the system wanted to compile against the i686 kernel. I changed this to ARCH=i686 and everything started smoothly. You could set the variable to ARCH=`uname -p` to get your proper architecture.

Second, during the packaging of EZMLM, the compile failed at the point where it was looking for the mysqlclient. It was, for some reason ... possibly due to the PAE kernel on my machine? ... looking for /usr/lib64/ to hold the mysqlclient libraries. Just for giggles, I created a symbolic link ln -s /usr/lib /usr/lib64 to see if it would work. It did.

This install is on a Dell PowerEdge 2600 server with dual Xeon 2.4GHz procs, running kernel 2.6.32.12-115.fc12.i686.PAE.

Other than the two caveats above, the scripts ran perfectly.

--Mucip 05:00, 16 November 2011 (EST)

For CentOS 6.0 you need to replace "usr/src" string by "/root" in install-script batch file. Because CentOS started to save this new location src.rpm files. By the way you need to change BDIR variable to "rpmbuild" in install-script...

Check System Services

This section will make sure that all the proper services will be running when the machine is started.
setup
acpid
anacron
atd
autofs
cpuspeed
crond
freshclam
haldaemon
httpd
iptables
kudzu
messagebus
mysqld
network
ntpd
qmail
smartd
sshd
syslog
xinet
Also irqbalance (w/ dual processors) xfs (w/ x windows)

Install djbdns (if you don't want bind)

In this section we will remove bind and install djbdns.
rpm -e --nodeps bind bind-chroot
rpmbuild --rebuild --with cnt50 djbdns*.src.rpm
rpmbuild --rebuild --with cnt5064 djbdns*.src.rpm
rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
rpm -Uvh ../redhat/RPMS/x86_64/djbdns-localcache*.rpm
echo "search your-domain.com" > /etc/resolv.conf
echo "nameserver 127.0.0.1" >> /etc/resolv.conf
reboot

QmailToaster Configuration

In this section you will configure QmailToaster. This section covers adding domain names and how to access the mail server administration.

Check QmailToaster Status

qmailctl stat
root@gateway ~]# qmailctl stat
authlib: up (pid 2425) 65 seconds
clamd: up (pid 2425) 65 seconds
imap4: up (pid 2421) 65 seconds
imap4-ssl: up (pid 2423) 65 seconds
pop3: up (pid 2414) 65 seconds
pop3-ssl: up (pid 2409) 65 seconds
send: up (pid 2416) 65 seconds
smtp: up (pid 2418) 65 seconds
spamd: up (pid 2407) 65 seconds
authlib/log: up (pid 2417) 65 seconds
clamd/log: up (pid 2417) 65 seconds
imap4/log: up (pid 2422) 65 seconds
imap4-ssl/log: up (pid 2424) 65 seconds
pop3/log: up (pid 2415) 65 seconds
pop3-ssl/log: up (pid 2413) 65 seconds
send/log: up (pid 2420) 65 seconds
smtp/log: up (pid 2419) 65 seconds
spamd/log: up (pid 2408) 65 seconds

Add a domain

add a domain:

    /home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>


Add a user:
    /home/vpopmail/bin/vadduser you@your-domain.com <your-password>


Edit /etc/php.ini and set register_globals = On
    service httpd restart  


Bring up your browser and go to:
    http://www.your-domain.com/admin-toaster/
      Username: admin
      Password: toaster
    Change your password . . . 


Edit /etc/php.ini and set register_globals = Off
    service httpd restart  

Check your mail server:
    http://www.your-domain.com/webmail
    login with your full email address and your password
    Send yourself an email - should show right away
    Send an email to yourself if you have another address
    Go to your other email account and reply to the message you sent


If Isoqlog doesn't show right away, do this:
    
    sh /usr/share/toaster/isoqlog/bin/cron.sh




10. Add domainkeys:



Note: I found the links sent to me by Eric Shupes on the toaster list VERY helpful. http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2 http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record I suggest going there as the links contain a more in depth set of details. Below is borrowed from those links.


Create the directory for your domain's private key:

   cd /var/qmail/control/domainkeys  
   mkdir your-domain.com

Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:

   cd your-domain.com
   dknewkey private > public.txt


You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:

   chmod 440 private
   cd ..
   chown -R root:vchkpw yourdomain.com


Make dns entry: 
    BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):


   _domainkey.your-domain.com.         IN TXT "t=y; o=-"

Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.

   _domainkey.your-domain.com.         IN TXT "o=-"

Then also add this to your zone file:

    private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key" 
          (NOTE QUOTATION MARKS MUST BE THERE)

Note: I have not tested DJBDNS as I do not run it - DK

    DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt): 
      '_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com 
      'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key 


Test your mailserver:
    http://domainkeys.sourceforge.net/policycheck.html
    http://domainkeys.sourceforge.net/selectorcheck.html
   
    In squirrelmail, send a test email, select View Full Header and you
    should find something like the following:
    ----------- snip ------------
    DomainKey-Status: good 
    Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s
         scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1
    X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org
    X-Spam-Level: *
    X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL 
         autolearn=no version=3.1.1
    Received: from unknown (HELO ns1.ndhsdns.com) (216.221.100.227)
         by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000
    Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 216.221.100.227 as permitted sender)
    Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000
    Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
         s=private; d=ndhsdns.com;
         b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ;
    Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1)
         by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000
    ----------- snip ------------




11. Logs for all packages except freshclam are at:



/var/log/qmail/*
Freshclam is at /var/log/clamav

Retrieved from "http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install"

This page has been accessed 127,131 times. This page was last modified on 30 May 2012, at 07:53. Content is available under GNU Free Documentation License 1.2.


Find

Browse
Main page
Community portal
Current events
Recent changes
Random page
Help
Edit
View source
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
More...