CentOS 5 QmailToaster Install

From QmailToaster wiki
Jump to navigation Jump to search

Getting Started[edit]

Based on and mostly the same as the 4.4 posted on the qmailtoaster.com wiki

Distro Notes[edit]

This tutorial is for CentOS 5 (cnt50) i386

To install CentOS 5 x86_64, replace cnt50 with cnt5064

DNS Notes[edit]

You must have either a local DNS server or a local caching name server. If you need a caching namserver, we will add one in Step 8.


taken from the toaster mailing list Posted by: Eric Shubes on March 14, 2007

The present firewall configuration is intended for hosts that are on the "front line", not behind a separate firewall with a local address. As such, all local addresses are dropped as an anti-spoofing measure. If you're running the toaster on a private IP address, you'll need to modify the firewall.sh script. Add the following rule near the top of the script:

   #Drop all incoming fragments 
   iptables -A INPUT -i eth0 -f -j DROP
   # shubes 5/16/06 - accept packets from local net 
   iptables -A INPUT -s my.internal.network.id/ -j ACCEPT
   # Drop outside packets with local addresses - anti-spoofing measure 

Another option is to comment out the firewall.sh call within the cnt40-svcs.sh script and manage it with a tool such as fwbuilder if you wish.

Downloading CentOS 5[edit]

This section will discuss the method of downloading and creating the CentOS installation media.
  • Download CentOS 5 CD iso's or the DVD iso. CentOS 5 iso downloads
  • Burn the CentOS iso you downloded with your favorite burning software usually using the "burn image to disk" option.

Installing CentOS 5[edit]

This section will discuss installing and configuring CentOS 5 getting it ready to take on the role of a mail server.

Booting to Installation Media[edit]

  • Boot the computer with your CD or DVD.
  • At the splash Page choose <enter> to install in graphical mode.
  • At the "CD Found" window Choose "Skip" to bypass the media test. (optional)
  • At the CentOS 5 screen Click "Next".

Setting Language Options[edit]

This section will walk you through the next 2 screens selecting the system and keyboard languages.
  • At the Language Selection screen Select your language & click "Next".
  • At the Keyboard selection screen select your language & click "Next".

Disk Partitioning[edit]

This screen deals with Disk Partitioning.
  • Leave the defaults and click "Next".
  • A warning window will pop up explaining that it will now delete all your partitions. click "Yes".

Network Configuration[edit]

This screen will setup your network configuration.
  • Follow the steps listed below.

Step 1 - Configure your Network Device[edit]

  1. Make sure your network card is slected and click "EDIT"
  2. Remove the check from "Use dynamic IP configuration (DHCP).
  3. Remove the check from "Enable IPv6 support" (optional).
  4. Enter your IP address.
  5. Enter your Prefix (Netmask).
  6. Click "OK".

Step 2 - Enter Your Host[edit]

  1. Deselect "automatically via DHCP"
  2. Select "manually" & enter your "fully qualified domain name"


Step 3 - Miscellaneous Settings[edit]

  1. Enter the IP address of your gateway
  2. Enter the IP address of your primary DNS server
  3. Enter the IP address of your secondary DNS server
  • Once you have finished the above steps click "Next".

Setting the Time Zone[edit]

This screen will set the time zone used by the system
  • You can either click directly on the map to select your region and then time zone or make your selection from the dropdown box.
  • If your system clock uses UTC time make sure the "System clock uses UTC" box is checked.
  • Click "Next".

Setting the Root Password[edit]

This screen will set password used by the systems root account.
  • Type the password you would like to use for the root account into the "Root Password" field.
    Try to use a password with a combination of letters and numbers.
  • Confirm the root password by typing it in the "Confirm" field.
  • Click "Next".

Choose Install Type[edit]

This screen will allow you to choose how you want CentOS 5 installed. by default it installs with the Gnome desktop environment. we will be changing the default options to suit the needs of the mail server.
  • Remove the check from "Desktop - Gnome".
  • Check the "Server" option.
  • Choose "Customize Now" at the bottom of the screen.
    This will allow you to pick and choose software to be installed on the system.
  • Click "Next".

Choose Software Packages[edit]

This screen will allow you to choose which software packages you would like installed. The defaults will be kept with a few addition.
  • Follow the steps listed below. they are broken down by category.


  • Make sure "Server Configuration Tools" is selected. (should be selected by default)
  • Make sure "Web Server" is selected. (should be selected by default)
    with "Web Server" highlighted click the optional packages button and select "php-mysql" along with the defaults and click "Close".
  • Make sure "DNS Name Server" is selected. (should be selected by default)
  • Make sure "FTP Server" is selected. (should be selected by default)
  • Select "MySQL Database". (should 'NOT' be selected by default)
    with "MySQL Database" highlighted click the optional packages button and select "mysql-bench" and if "mysql-server" is not selected go ahead and select it along with the defaults and click "Close".


  • Select "Development Tools". (should 'NOT' be selected by default)
    with "Development Tools" highlighted click the optional packages button and select "expect" along with the defaults and click "Close".

Base System[edit]

  • Select "Administration Tools". (should 'NOT' be selected by default)
  • Select "System Tools". (should 'NOT' be selected by default)
    with "System Tools" highlighted click the optional packages button and select "mrtg" along with the defaults and click "Close".
  • Once you have finished the above steps click "Next".

Note: nroff command is needed for qmail-toaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the qmail-toaster installation.

Begin Install[edit]

This screen gives you some last minute information before starting the CentOS 5 Install.
  • Just click "Next"


This is the last step of the install. The screen explains that the install is complete and you should now reboot after removing any media used during the install of CentOS 5.
  • Remove the CentOS 5 install dvd or cd.
  • Click "Reboot"

Firewall Configuration[edit]

This is the first screen you should see upon reboot. It will give you the opportunity to change some system settings including the firewall settings which will be the focus of this section.
If this screen does not appear you can login as root and type setup from the command line to access this screen.
  • Highlight "Firewall Configuration".
  • Choose "Run Tool"

  • Change "Security Level" to "Disabled".
  • Change "SELinux" to "Disabled".
  • Choose "OK".
if you decide to leave SELinux enabled you will need to run the command below
setsebool -P httpd_can_network_connect=1

Preparing QmailToaster Install[edit]

This section of this tutorial will walk you through downloading and running the necessary scripts to prepare the server for the QmailToaster install.

Create Install Directory[edit]

  • Login as root.
  • Create the "qtms-install" directory by typing the following command.
mkdir -p /usr/src/qtms-install

Download & Run Pre-Install Scripts[edit]

  • Change your directory to "/usr/src/qtms-install" created in the above step.
cd /usr/src/qtms-install

cnt50-deps.sh and cnt5064-deps.sh[edit]

  • For i386: Download the "cnt50-deps.sh" script with the following command.

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-deps.sh

  • For x86_64: Download the "cnt5064-deps.sh" script with the following command.

wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-deps.sh

  • For i386: Run "cnt50-deps.sh" with the following command.

sh cnt50-deps.sh

  • For x86_64: Run "cnt5064-deps.sh" with the following command.

sh cnt5064-deps.sh

cnt50-perl.sh and cnt5064-perl.sh[edit]

NOTE - Use of CPAN for perl packages is being deprecated in favor of using perl rpms from the rpmforge repository. The *-perl.sh scripts use the old CPAN method. Intead, you may simply install qmailtoaster-plus, and run the qtp-dependencies script, as follows:

# rpm -Uvh http://qtp.qmailtoaster.com/trac/downloads/1
# yum install qmailtoaster-plus
# qtp-dependencies

This method will stay current as QMT moves forward.


  • For i386: Download the "cnt50-perl.sh" script with the following command.

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-perl.sh

  • For x86_64: Download the "cnt5064-perl.sh" script with the following command.

wget http://www.qmailtoaster.com/centos/cnt5064/cnt5064-perl.sh

  • For i386: Run "cnt50-perl.sh" with the following command.

sh cnt50-perl.sh

  • For x86_64: Run "cnt5064-perl.sh" with the following command.

sh cnt5064-perl.sh

The script will prompt to do a manual configuration, answer no. You will be prompted to answer yes or no a few more times during the execution of this script, just hit enter to give the default answer on these questions.

cnt50-svcs.sh & firewall.sh[edit]

  • Download the "cnt50-svcs.sh" script with the following command.
    Remember if you're installing CentOS 5 x86_64, replace cnt50 with cnt5064
wget http://www.qmailtoaster.com/centos/cnt50/cnt50-svcs.sh
  • Edit "cnt50-svcs.sh" with "nano" or your favorite text editor.
nano -w cnt50-svcs.sh
  • Find the line that with "MYSQLPW=YOUR_MYSQL_ROOT_PASSWORD" and change "YOUR_MYSQL_ROOT_PASSWORD" to the password you want used for the mysql root account.
  • Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
  • Download the "firewall.sh" script with the following command.
    Remember if your installing CentOS 5 x86_64, replace cnt50 with cnt5064
wget http://www.qmailtoaster.com/centos/cnt50/firewall.sh
  • Edit "firewall.sh" with "nano" or your favorite text editor.
nano -w firewall.sh
  • Find the line that with "MYIP="YOUR_IP_ADDRESS"" and change "YOUR_IP_ADDRESS" to the IP address of the machine.
  • Once you are done press "ctrl-O" and "Enter" to save the changes and "ctrl-X" to exit Nano.
  • Run "cnt50-svcs.sh" with the following command.
sh cnt50-svcs.sh
This script turns on or off all necessary services. Then the script sets
up your mysql root account, creates and grants privileges for your vpopmail
mysql account, makes a symlink so your krb5 is read properly, edits your
php.ini, sets inittab to start at runlevel 3, and sets up your firewall calling firewall.sh.
Note: You might see some service errors while the script runs,
don't worry about them.
Note: You might lost conectivity if your network is,
edit /etc/sysconfig/iptables accordingly and restart service iptables.

NOTE - This part is added by a user 5/1/2009
I personally had to change one line in cnt50-svcs.sh
mysqladmin -uroot password $MYSQLPW
mysqladmin -uroot -p$MYSQLPW
otherwise, it complains 'Access denied for user 'root'@'localhost' (using password: NO)'
Added 13 June 2010
In my installation of CentOS 5.5 the directory /sbin doesn't seem to be in the path for root. This means that all the lines containing chkconfig or service have to be prefixed with /sbin. Alternatively the lines "CHKCONFIG=/sbin/chkconfig" and SERVICE=/sbin/service (without quotes) can be added to the start of the script. Lines containing chkconfig and services can be changed to $CHKCONFIG and $SERVICE respectively.
The same applies to the firewall.sh script where iptables needs to be prefixed with /sbin or the line IPTABLES=/sbin/iptables inserted and references to iptables changed to $IPTABLES.
The reason why /sbin was not in root's path is probably because you did "$ su" instead of "$ su -" to su to root. This is a fairly common mistake. The first method does not pick up root's environment, while the 2nd method does. -shubes 4/2/2012

Update all packages on the machine[edit]

  • We now need to update all the packages on the system with the command below.
yum -y update
  • Once completed reboot the machine by typing reboot at the command line.

Note: The nroff command is needed for Qmailtoaster compilation. The program is part of the groff package so if you don't install it with the system make sure to run "yum install groff" before beginning the Qmailtoaster installation.

Install QmailToaster[edit]

This section will Download all the QmailToaster packages and install them on your machine.

Note Instead of downloading and running the current-download and install scripts below, you may simply run the qtp-newmodel script instead, providing you've installed the qmailtoaster-plus package (see above, or http://qtp.qmailtoaster.com). qtp-newmodel installs and/or upgrades all of the QMT packages. Be sure to answer y to all of the questions (except perhaps vqadmin-toaster, which isn't really needed).

# qtp-newmodel


Download the QmailToaster Packages[edit]

  • Login as root now that you rebooted.
  • Change directories to the install directory "/usr/src/qtms-install/" with the command below
cd /usr/src/qtms-install
  • Download the script "current-download-script.sh" that will download all the QmailToaster packages to be installed on your system.
wget http://www.qmailtoaster.com/info/current-download-script.sh
  • Run the "current-download-script.sh" with the command below.
sh current-download-script.sh

note. i am facing problem during installation of qmailtoster packages,error is blow can any one help me how to fix it or how to install, Resolving www.qmailtoaster.com... Connecting to www.qmailtoaster.com||:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-05-30 12:51:34 ERROR 403: Forbidden.

Install QmailToaster Packages[edit]

  • For i386: Download the "cnt50-install-script.sh" file which will install all the QmailToaster packages on your system.

wget http://www.qmailtoaster.com/centos/cnt50/cnt50-install-script.sh

  • For x86_64: Download the "cnt5064-install-script.sh" file which will install all the QmailToaster packages on your system.

wget http://www.qmailtoaster.org/centos/cnt5064/cnt5064-install-script.sh

  • For i386: Run the "cnt50-install-script.sh" with the command below.

sh cnt50-install-script.sh

  • For x86_64: Run the "cnt5064-install-script.sh" with the command below.

sh cnt5064-install-script.sh

You will be asked to confirm the installation of each package. Press "Enter" to confirm the default answer of "Yes" for every package.

NOTE - this part is added by a user 5/2/2009 My email didn't work when the install finished. I opened up the install script and found out there were a dozen or so sections. You can cut-paste a section and run independently. For example, I found imap was not working, so I just ran the following segment manually

DISTRO=cnt50 ARCH=i386 BDIR=redhat IMAP=courier-imap-toaster-*.src.rpm rpmbuild --rebuild --with $DISTRO $IMAP rpm -Uvh /usr/src/$BDIR/RPMS/$ARCH/courier-imap-toaster*.rpm

I saw it was failing because cyrus-imap package conflicit. I did "yum -y remove cyrus-imapd-2.3.7-2.el5.i386", then ran the script segment again, and it took care of the imap problem

NOTE - for (maybe not only) Fedora 7 users (by chhh on 2009.11.04)
i was installing qmail-toaster on fedora 7, the only option apart from centOs 5 provided for vps by my hosting. It had lots of mail-connected programs installed, all of which were handled nicely by the scripts from this manual with one notable exception: postfix.
in my case it has created a usergroup with group id (GID) 89, which is used by vpopmail-toaster (at least by default).

if during installation when you run "sh cnt50-install-script.sh" you get errors while installing vpopmail-toaster-5.4.13-1.3.1 (something like 'cant run even the simplest ANSI C program.... create usergroup, create user...'), then:

  • check if postfix is installed with "rpm -q postfix"
    • if it is
      • then try "rpm -e --nodeps postfix" to delete it
      • delete string "postfix:x:89:" from /etc/group, this deletes the usergroup with GID that toaster needs
      • then add the required usergroup "groupadd --gid 89 vchkpw"
      • then add the required user "adduser --gid 89 vpopmail"
      • now try "sh cnt50-install-script.sh" one more time (you may skip ('s') building the modules that have already been installed by your previous attempts)

Installation on Fedora Core 12 with i686-PAE kernel...
mjgolli, 03-June-2010

I installed the toaster on a clean install of FC12, installed via the FC12 netinst iso. This installs a superbly compact, ultra-minimal system which is perfect for the install of the toaster packages.

Install all the prereqs as according to the instructions on the toaster site for Fedora 12, under "Distribution Specific Scripts".

There are two caveats I found while installing...
First, the toaster package installer "fedora_12-install-script.sh" has two variables, DISTRO and ARCH. I changed DISTRO to be DISTRO=fedora_12 (which may or may not make a difference). The variable ARCH is set to i386. None of the packages would compile because RPM Build was looking for directories for i386, while the system wanted to compile against the i686 kernel. I changed this to ARCH=i686 and everything started smoothly. You could set the variable to ARCH=`uname -p` to get your proper architecture.

Second, during the packaging of EZMLM, the compile failed at the point where it was looking for the mysqlclient. It was, for some reason ... possibly due to the PAE kernel on my machine? ... looking for /usr/lib64/ to hold the mysqlclient libraries. Just for giggles, I created a symbolic link ln -s /usr/lib /usr/lib64 to see if it would work. It did.

This install is on a Dell PowerEdge 2600 server with dual Xeon 2.4GHz procs, running kernel

Other than the two caveats above, the scripts ran perfectly.

--Mucip 05:00, 16 November 2011 (EST)

For CentOS 6.0 you need to replace "usr/src" string by "/root" in install-script batch file. Because CentOS started to save this new location src.rpm files. By the way you need to change BDIR variable to "rpmbuild" in install-script...

Check System Services[edit]

This section will make sure that all the proper services will be running when the machine is started.
  • Run the "setup" command at the command line.
  • Select "System Services" and choose "Run Tool".
  • Verify that the following services are selected.
Also irqbalance (w/ dual processors) xfs (w/ x windows)

Install djbdns (if you don't want bind)[edit]

In this section we will remove bind and install djbdns.
  • Remove bind with the following command.
rpm -e --nodeps bind bind-chroot
  • Build the djbdns rpm for i386 with the following command.
rpmbuild --rebuild --with cnt50 djbdns*.src.rpm
  • Build the djbdns rpm for x86_64 with the following command.
rpmbuild --rebuild --with cnt5064 djbdns*.src.rpm
  • Install djbdns for i386 with the following command.
rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm
  • Install djbdns for x86_64 with the following command.
rpm -Uvh ../redhat/RPMS/x86_64/djbdns-localcache*.rpm
  • Add "search your-domain.com" to the "/etc/resolv.conf" replaceing "your-domain.com" with your actual domain by running the following command.
echo "search your-domain.com" > /etc/resolv.conf
  • Add "nameserver" to your "/etc/resolv.conf" file with the following command.
echo "nameserver" >> /etc/resolv.conf
  • Reboot the machine with the reboot command.

QmailToaster Configuration[edit]

In this section you will configure QmailToaster. This section covers adding domain names and how to access the mail server administration.

Check QmailToaster Status[edit]

  • First check the status of the mail server with the command belowq
qmailctl stat
  • The output should look somewhat like this.
root@gateway ~]# qmailctl stat
authlib: up (pid 2425) 65 seconds
clamd: up (pid 2425) 65 seconds
imap4: up (pid 2421) 65 seconds
imap4-ssl: up (pid 2423) 65 seconds
pop3: up (pid 2414) 65 seconds
pop3-ssl: up (pid 2409) 65 seconds
send: up (pid 2416) 65 seconds
smtp: up (pid 2418) 65 seconds
spamd: up (pid 2407) 65 seconds
authlib/log: up (pid 2417) 65 seconds
clamd/log: up (pid 2417) 65 seconds
imap4/log: up (pid 2422) 65 seconds
imap4-ssl/log: up (pid 2424) 65 seconds
pop3/log: up (pid 2415) 65 seconds
pop3-ssl/log: up (pid 2413) 65 seconds
send/log: up (pid 2420) 65 seconds
smtp/log: up (pid 2419) 65 seconds
spamd/log: up (pid 2408) 65 seconds

Add a domain[edit]

add a domain:

    /home/vpopmail/bin/vadddomain your-domain.com <postmaster-password>

Add a user:
    /home/vpopmail/bin/vadduser you@your-domain.com <your-password>

Edit /etc/php.ini and set register_globals = On
    service httpd restart  

Bring up your browser and go to:
      Username: admin
      Password: toaster
    Change your password . . . 

Edit /etc/php.ini and set register_globals = Off
    service httpd restart  

Check your mail server:
    login with your full email address and your password
    Send yourself an email - should show right away
    Send an email to yourself if you have another address
    Go to your other email account and reply to the message you sent

If Isoqlog doesn't show right away, do this:
    sh /usr/share/toaster/isoqlog/bin/cron.sh

10. Add domainkeys:

Note: I found the links sent to me by Eric Shupes on the toaster list VERY helpful. http://wiki.qmailtoaster.com/index.php/Domainkeys#bind_2 http://wiki.qmailtoaster.com/index.php/Domainkeys#Policy_Record http://wiki.qmailtoaster.com/index.php/Domainkeys#Selector_Record I suggest going there as the links contain a more in depth set of details. Below is borrowed from those links.

Create the directory for your domain's private key:

   cd /var/qmail/control/domainkeys  
   mkdir your-domain.com

Create your domain's key pair (a private key and a corresponding public key) with the dknewkey command:

   cd your-domain.com
   dknewkey private > public.txt

You want to be sure that the private key is kept private, so to change its ownership and permissions accordingly:

   chmod 440 private
   cd ..
   chown -R root:vchkpw yourdomain.com

Make dns entry: 
    BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry):

   _domainkey.your-domain.com.         IN TXT "t=y; o=-"

Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below.

   _domainkey.your-domain.com.         IN TXT "o=-"

Then also add this to your zone file:

    private._domainkey.your-domain.com. IN TXT "k=rsa; p=MEwwDQY . . . to end of key" 

Note: I have not tested DJBDNS as I do not run it - DK

    DJBDNS - in /var/djbdns/tinydns/root/data (make from public.txt): 
      '_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com 
      'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key 

Test your mailserver:
    In squirrelmail, send a test email, select View Full Header and you
    should find something like the following:
    ----------- snip ------------
    DomainKey-Status: good 
    Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s
         scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1
    X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org
    X-Spam-Level: *
    X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL 
         autolearn=no version=3.1.1
    Received: from unknown (HELO ns1.ndhsdns.com) (
         by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000
    Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates as permitted sender)
    Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000
    Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
         s=private; d=ndhsdns.com;
         b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ;
    Received: from unknown (HELO www.ndhsdns.com) (
         by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000
    ----------- snip ------------

11. Logs for all packages except freshclam are at:

Freshclam is at /var/log/clamav