CentOS 5 QmailToaster Install
From QMail-Toaster
- THIS WAS WRITTEN FOR INTERNAL USE AT MY PLACE OF EMPLOYMENT, IT INCLUDED SCREENSHOTS AND A FEW OTHER THINGS I HAD TO TAKE OUT. IT SHOULD STILL MAKE SENSE WITHOUT THEM BUT FEEL FREE TO EDIT ANYTHING THAT LOOKS A LITTLE FUNNY.
- ERIC SCHWARTZ
- STEELE RUBBER PRODUCTS
- DENVER, NC
Contents
|
[edit] Getting Started
Based on and mostly the same as the 4.4 posted on the qmailtoaster.com wiki
[edit] DISTRO NOTES
This tutorial is for CentOS 5 (cnt50) i386
To install CentOS 5 x86_64, replace cnt50 with cnt5064
[edit] DNS NOTES
You must have either a local dns server or a local caching name server. If you need a caching namserver, we will add one in Step 8.
[edit] FIREWALL NOTES
taken from the toaster mailing list Posted by: Eric Shubes on March 14, 2007
The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. Add the following rule near the top of the script:
#Drop all incoming fragments iptables -A INPUT -i eth0 -f -j DROP # shubes 5/16/06 - accept packets from local net iptables -A INPUT -s my.internal.network.id/255.255.255.0 -j ACCEPT # Drop outside packets with local addresses - anti-spoofing measure
Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.
[edit] Downloading CentOS 5
- This section will discuss the method of downloading and creating the CentOS installation media.
- Download CentOS 5 CD iso's or the DVD iso. CentOS 5 iso downloads
- Burn the CentOS iso you downloded with your favorite burning software usually using the "burn image to disk" option.
[edit] Installing CentOS 5
- This section will discuss installing and configuring CentOS 5 getting it ready to take on the role of a mail server.
[edit] Booting to Installation Media
- Boot the computer with your CD or DVD.
- At the splash Page choose <enter> to install in graphical mode.
- At the "CD Found" window Choose "Skip" to bypass the media test. (optional)
- At the CentOS 5 screen Click "Next".
[edit] Setting Language Options
- This section will walk you through the next 2 screens selecting the system and keyboard languages.
- At the Language Selection screen Select your language & click "Next".
- At the Keyboard selection screen select your language & click "Next".
[edit] Disk Partitioning
- This screen deals with Disk Partitioning.
- Leave the defaults and click "Next".
- A warning window will pop up explaining that it will now delete all your partitions. click "Yes".
[edit] Network Configuration
- This screen will setup your network configuration.
- Follow the steps listed below.
[edit] Step 1 - Configure your Network Device
192.168.70.7/255.255.255.0 192.168.2.3/255.255.255.0
- Make sure your network card is slected and click "EDIT"
- Remove the check from "Use dynamic IP configuration (DHCP).
- Remove the check from "Enable IPv6 support" (optional).
- Enter your IP address.
- Enter your Prefix (Netmask).
- Click "OK".
[edit] Step 2 - Enter Your Host
- Deselect "automatically via DHCP"
- Select "manually" & enter your "fully qualified domain name"
mailsrv.cms.vn
[edit] Step 3 - Miscellaneous Settings
- Enter the IP address of your gateway
- Enter the IP address of your primary DNS server
- Enter the IP address of your secondary DNS server
- Once you have finished the above steps click "Next".
192.168.2.1 192.168.70.7 203.162.0.11
[edit] Setting the Time Zone
- This screen will set the time zone used by the system
- You can either click directly on the map to select your region and then time zone or make your selection from the dropdown box.
- If your system clock uses UTC time make sure the "System clock uses UTC" box is checked.
- Click "Next".
[edit] Setting the Root Password
- This screen will set password used by the systems root account.
- IT IS VERY IMPORTANT YOU REMEMBER THIS PASSWORD
- Type the password you would like to use for the root account into the "Root Password" field.
- Try to use a password with a combination of letters and numbers.
- Confirm the root password by typing it in the "Confirm" field.
- Click "Next".
[edit] Choose Install Type
- This screen will allow you to choose how you want CentOS 5 installed. by default it installs with the Gnome desktop environment. we will be changing the default options to suit the needs of the mail server.
- Remove the check from "Desktop - Gnome".
- Check the "Server" option.
- Choose "Customize Now" at the bottom of the screen.
- This will allow you to pick and choose software to be installed on the system.
- Click "Next".
[edit] Choose Software Packages
- This screen will allow you to choose which software packages you would like installed. The defaults will be kept with a few addition.
- Follow the steps listed below. they are broken down by category.
[edit] Servers
- Make sure "Server Configuration Tools" is selected. (should be selected by default)
- Make sure "Web Server" is selected. (should be selected by default)
- with "Web Server" highlighted click the optional packages button and select "php-mysql" along with the defaults and click "Close".
- Make sure "DNS Name Server" is selected. (should be selected by default)
- Make sure "FTP Server" is selected. (should be selected by default)
- Select "MySQL Database". (should 'NOT' be selected by default)
- with "MySQL Database" highlighted click the optional packages button and select "mysql-bench" and if "mysql-server" is not selected go ahead and select it along with the defaults and click "Close".
[edit] Development
- Select "Development Tools". (should 'NOT' be selected by default)
- with "Development Tools" highlighted click the optional packages button and select "expect" along with the defaults and click "Close".
[edit] Base System
- Select "Administration Tools". (should 'NOT' be selected by default)
- Select "System Tools". (should 'NOT' be selected by default)
- with "System Tools" highlighted click the optional packages button and select "mrtg" along with the defaults and click "Close".
- Once you have finished the above steps click "Next".
[edit] Begin Install
- This screen gives you some last minute information before starting the CentOS 5 Install.
- Just click "Next"
[edit] Reboot
- This is the last step of the install. The screen explains that the install is complete and you should now reboot after removing any media used during the install of CentOS 5.
- Remove the CentOS 5 install dvd or cd.
- Click "Reboot"
[edit] Firewall Configuration
- This is the first screen you should see upon reboot. It will give you the opportunity to change some system settings including the firewall settings which will be the focus of this section.
- If this screen does not appear you can login as root and type setup from the command line to access this screen.
- Highlight "Firewall Configuration".
- Choose "Run Tool"
- Change "Security Level" to "Disabled".
- Change "SELinux" to "Disabled".
- Choose "OK".
- NOTE
- if you decide to leave SELinux enabled you will need to run the command below
setsebool -P httpd_can_network_connect=1
[edit] Preparing QmailToaster Install
- This section of this tutorial will walk you through downloading and running the necessary scripts to prepare the server for the QmailToaster install.
[edit] Create Install Directory
- Login as root.
- Create the "qtms-install" directory by typing the following command.
mkdir -p /usr/src/qtms-install
[edit] Download & Run Pre-Install Scripts
- Change your directory to "/usr/src/qtms-install" created in the above step.
cd /usr/src/qtms-install
[edit] cnt50-deps.sh and cnt5064-deps.sh
- For i386: Download the "cnt50-deps.sh" script with the following command.
wget http://www.qmailtoaster.com/centos/cnt50/cnt50-deps.sh
- For x86_64: Download the "cnt5064-deps.sh" script with the following command.
wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-deps.sh
- For i386: Run "cnt50-deps.sh" with the following command.
sh cnt50-deps.sh
- For x86_64: Run "cnt5064-deps.sh" with the following command.
sh cnt5064-deps.sh
[edit] cnt50-perl.sh and cnt5064-perl.sh
- For i386: Download the "cnt50-perl.sh" script with the following command.
wget http://www.qmailtoaster.com/centos/cnt50/cnt50-perl.sh
- For x86_64: Download the "cnt5064-perl.sh" script with the following command.
wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-perl.sh
- For i386: Run "cnt50-perl.sh" with the following command.
sh cnt50-perl.sh
- For x86_64: Run "cnt5064-perl.sh" with the following command.
sh cnt5064-perl.sh
The script will prompt to do a manual configuration, answer no. You will be prompted to answer yes or no a few more times during the execution of this script, just hit enter to give the default answer on these questions.
[edit] cnt50-svcs.sh & firewall.sh
- Download the "cnt50-svcs.sh" script with the following command.
- Remember if you're installing CentOS 5 x86_64, replace cnt50 with cnt5064
wget http://www.qmailtoaster.com/centos/cnt50/cnt50-svcs.sh
- Edit "cnt50-svcs.sh" with "nano" or your favorite text editor.
nano -w cnt50-svcs.sh
- Find the line that with "MYSQLPW=YOUR_MYSQL_ROOT_PASSWORD" and change "YOUR_MYSQL_ROOT_PASSWORD" to the password you want used for the mysql root account.
- Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
- Download the "firewall.sh" script with the following command.
- Remember if your installing CentOS 5 x86_64, replace cnt50 with cnt5064
wget http://www.qmailtoaster.com/centos/cnt50/firewall.sh
- Edit "firewall.sh" with "nano" or your favorite text editor.
nano -w firewall.sh
- Find the line that with "MYIP="YOUR_IP_ADDRESS"" and change "YOUR_IP_ADDRESS" to the IP address of the machine.
- Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
- Run "cnt50-svcs.sh" with the following command.
sh cnt50-svcs.sh
- NOTE
- This script turns on or off all necessary services. Then the script sets
- up your mysql root account, creates and grants privileges for your vpopmail
- mysql account, makes a symlink so your krb5 is read properly, edits your
- php.ini, sets inittab to start at runlevel 3, and sets up your firewall calling firewall.sh.
- Note: You might see some service errors while the script runs,
- don't worry about them.
- Note: You might lost conectivity if your network is 192.168.0.0/16,
- edit /etc/sysconfig/iptables accordingly and restart service iptables.
[edit] Update all packages on the machine
- We now need to update all the packages on the system with the command below.
yum -y update
- Once completed reboot the machine by typing reboot at the command line.
reboot.
[edit] Install QmailToaster
- This section will Download all the QmailToaster packages and install them on your machine.
[edit] Download the QmailToaster Packages
- Login as root now that you rebooted.
- Change directories to the install directory "/usr/src/qtms-install/" with the command below
cd /usr/src/qtms-install
- Download the script "current-download-script.sh" that will download all the QmailToaster packages to be installed on your system.
wget http://www.qmailtoaster.com/info/current-download-script.sh
- Run the "current-download-script.sh" with the command below.
sh current-download-script.sh
[edit] Install QmailToaster Packages
- For i386: Download the "cnt50-install-script.sh" file which will install all the QmailToaster packages on your system.
wget http://www.qmailtoaster.com/centos/cnt50/cnt50-install-script.sh
- For x86_64: Download the "cnt5064-install-script.sh" file which will install all the QmailToaster packages on your system.
wget http://www.qmailtoaster.org/centos/cnt5064/cnt5064-install-script.sh
- For i386: Run the "cnt50-install-script.sh" with the command below.
sh cnt50-install-script.sh
- For x86_64: Run the "cnt5064-install-script.sh" with the command below.
sh cnt5064-install-script.sh
You will be asked to confirm the installation of each package. Press "Enter" to confirm the default answer of "Yes" for every package.
[edit] Check System Services
- This section will make sure that all the proper services will be running when the machine is started.
- Run the "setup" command at the command line.
setup
- Select "System Services" and choose "Run Tool".
- Verify that the following services are selected.
- acpid
- anacron
- atd
- autofs
- cpuspeed
- crond
- freshclam
- haldaemon
- httpd
- iptables
- kudzu
- messagebus
- mysqld
- network
- ntpd
- qmail
- smartd
- sshd
- syslog
- xinet
- Also irqbalance (w/ dual processors) xfs (w/ x windows)
[edit] Install djbdns (if you don't want bind)
- In this section we will remove bind and install djbdns.
- Remove bind with the following command.
rpm -e --nodeps bind bind-chroot
- Build the djbdns rpm for i386 with the following command.
rpmbuild --rebuild --with cnt50 djbdns*.src.rpm
- Build the djbdns rpm for x86_64 with the following command.
rpmbuild --rebuild --with cnt5064 djbdns*.src.rpm
- Install djbdns for i386 with the following command.
rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
- Install djbdns for x86_64 with the following command.
rpm -Uvh ../redhat/RPMS/x86_64/djbdns-localcache*.rpm
- Add "search your-domain.com" to the "/etc/resolv.conf" replaceing "your-domain.com" with your actual domain by running the following command.
echo "search your-domain.com" > /etc/resolv.conf
- Add "nameserver 127.0.0.1" to your "/etc/resolv.conf" file with the following command.
echo "nameserver 127.0.0.1" >> /etc/resolv.conf
- Reboot the machine with the reboot command.
reboot
[edit] QmailToaster Configuration
- In this section you will configure QmailToaster. This section covers adding domain names and how to access the mail server administration.
[edit] Check QmailToaster Status
- First check the status of the mail server with the command belowq
qmailctl stat
- The output should look somewhat like this.
root@gateway ~]# qmailctl stat authlib: up (pid 2425) 65 seconds clamd: up (pid 2425) 65 seconds imap4: up (pid 2421) 65 seconds imap4-ssl: up (pid 2423) 65 seconds pop3: up (pid 2414) 65 seconds pop3-ssl: up (pid 2409) 65 seconds send: up (pid 2416) 65 seconds smtp: up (pid 2418) 65 seconds spamd: up (pid 2407) 65 seconds authlib/log: up (pid 2417) 65 seconds clamd/log: up (pid 2417) 65 seconds imap4/log: up (pid 2422) 65 seconds imap4-ssl/log: up (pid 2424) 65 seconds pop3/log: up (pid 2415) 65 seconds pop3-ssl/log: up (pid 2413) 65 seconds send/log: up (pid 2420) 65 seconds smtp/log: up (pid 2419) 65 seconds spamd/log: up (pid 2408) 65 seconds
[edit] Add a domain
add a domain:
/home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>
Add a user:
/home/vpopmail/bin/vadduser you@your-domain.com <your-password>
Edit /etc/php.ini and set register_globals = On
service httpd restart
Bring up your browser and go to:
http://www.your-domain.com/admin-toaster/
Username: admin
Password: toaster
Change your password . . .
Edit /etc/php.ini and set register_globals = Off
service httpd restart
Check your mail server:
http://www.your-domain.com/webmail
login with your full email address and your password
Send yourself an email - should show right away
Send an email to yourself if you have another address
Go to your other email account and reply to the message you sent
If Isoqlog doesn't show right away, do this:
sh /usr/share/toaster/isoqlog/bin/cron.sh
10. Add domainkeys:
Note: I found the links sent to me by Eric Shupes on the toaster list VERY helpful. http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2 http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record I suggest going there as the links contain a more in depth set of details. Below is borrowed from those links.
Create the directory for your domain's private key:
cd /var/qmail/control/domainkeys mkdir your-domain.com
Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:
cd your-domain.com dknewkey private > public.txt
You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:
chmod 440 private cd .. chown -R root:vchkpw yourdomain.com
Make dns entry:
BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):
_domainkey.your-domain.com. IN TXT "t=y; o=-"
Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.
_domainkey.your-domain.com. IN TXT "o=-"
Then also add this to your zone file:
private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key"
(NOTE QUOTATION MARKS MUST BE THERE)
Note: I have not tested DJBDNS as I do not run it - DK
DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt):
'_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com
'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key
Test your mailserver:
http://domainkeys.sourceforge.net/policycheck.html
http://domainkeys.sourceforge.net/selectorcheck.html
In squirrelmail, send a test email, select View Full Header and you
should find something like the following:
----------- snip ------------
DomainKey-Status: good
Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s
scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org
X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL
autolearn=no version=3.1.1
Received: from unknown (HELO ns1.ndhsdns.com) (216.221.100.227)
by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000
Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 216.221.100.227 as permitted sender)
Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=private; d=ndhsdns.com;
b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ;
Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1)
by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000
----------- snip ------------
11. Logs for all packages except freshclam are at:
/var/log/qmail/* Freshclam is at /var/log/clamav