Configuration: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
Tag: Reverted
No edit summary
 
(50 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Main_Page#Configuration|Back]]
== [[ Initial Configuration ]] ==
== [[ Initial Configuration ]] ==


Line 24: Line 25:




=== [[Control Files List]] ===
=== [[Control Files by Name]] ===
=== [[Control Files by Name]] ===
Table of Control Files organized alphabetically with default values, included with Qmail-Toaster, and used by information.
Table of Control Files organized alphabetically with default values, included with Qmail-Toaster, and used by information.
Line 41: Line 43:


=== Post Receipt ===
=== Post Receipt ===
==== [[domainkeys]] ====
==== [[Simscan]] ====


==== [[simscan]] ====
==== [[Clamav]] ====


==== [[clamav]] ====
==== [[Spamassassin]] ====
 
==== [[spamassassin]] ====


==== [[Amavis]] ====
==== [[Amavis]] ====


For testing until production stability proven.
==== [[Spam Throttle]] ====


Get Amavis Qmail queue
==== [[SURBL]] ====
# grep "release 7" /etc/centos-release
# [ "$?" = "0" ] && cos=7 || cos=8
# echo $cos
# wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos${cos}?raw=true
# chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
# chmod 4711 /var/qmail/bin/qmail-queue.smtp


Build Your Own qmail-queue.smtp
==== [[Dspam|Dspam]] ====


Install Amavis & edit config, run clamd under Amavis, start both services
===== [[Dspam w/PostgreSQL]] =====
# yum --enablerepo=epel,PowerTools -y install amavisd-new lz4 perl-Digest-SHA1 perl-IO-stringy
# yum --enablerepo=fedora cabextract
# wget https://www.rarlab.com/rar/rarlinux-x64-6.0.b1.tar.gz
# tar zxvf rarlinux-x64-6.0.b1.tar.gz
# cd rar
# cp rar unrar /usr/local/bin
# sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
# systemctl daemon-reload
# systemctl restart clamd@scan
# vi /etc/amavisd/amavisd.conf
  $mydomain = 'domain.tld';
  $myhostname = 'mx.domain.tld';
  $notify_method = 'smtp:[127.0.0.1]:10025';
  $forward_method = 'smtp:[127.0.0.1]:10025';
# systemctl enable --now amavisd


Create tcp rules for qmail smtp & qmail amavis
==== [[Domainkeys]] <span style="color:red">***Obsolete***</span> ====
# mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak


tee /etc/tcprules.d/tcp.amavis.smtp  > /dev/null <<EOT
== Networking ==
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
=== [[DNS Server]] ===
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"
EOT


tee /etc/tcprules.d/tcp.smtp  > /dev/null <<EOT
===[[SRS]]===
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"
EOT


Edit/Create run files for qmail smtp & qmail amavis
=== [[tcp.smtp]] ===
# cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2


tee /var/qmail/supervise/smtp/run > /dev/null <<EOT
=== [[tcpserver]] ===
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.amavis.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"


exec /usr/bin/softlimit -m 64000000 \
=== [[DKIM]] ===
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    $SMTPD $VCHKPW /bin/true 2>&1


EOT
== Security ==
=== [[Certificate]] ===


tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT
=== [[eMPF]] ===
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"
export FORCETLS=0


exec /usr/bin/softlimit -m 64000000 \
=== [[Fail2ban]] ===
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 10025 \
    $SMTPD $VCHKPW /bin/true 2>&1


EOT
=== [[SMTPS]] ===


tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT
=== [[Submission]] ===
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill \
    /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT \
    /var/log/qmail/smtp2 2>&1


EOT
=== [[Securing SquirrelMail|SquirrelMail]] ===
 
Add Amavis Dspam support
 
Install Dspam (skip 'install per domain')
# wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
# chmod 755 dspamdb.sh
# ./dpsamdb.sh
 
Add Under $dspam = 'dspam'
# vi /etc/amavisd/amavisd.conf
 
@spam_scanners = (
  ['DSPAM', 'Amavis::SpamControl::ExtProg', 'dspam',
      [ qw(--user amavis --deliver=stdout) ],
  ],
);
 
Add under 'Trust vpopmail'
# vi /etc/dspam.conf
Trust amavis
 
Start & stat qmail
# qmailctl start
# qmailctl stat
 
send: up (pid 253068) 97100 seconds
smtp: up (pid 253065) 97100 seconds
smtp2: up (pid 253071) 97100 seconds
smtps: up (pid 253067) 97100 seconds
submission: up (pid 253073) 97100 seconds
send/log: up (pid 253064) 97100 seconds
smtp2/log: up (pid 253070) 97100 seconds
smtp/log: up (pid 253066) 97100 seconds
smtps/log: up (pid 253072) 97100 seconds
submission/log: up (pid 253069) 97100 seconds
 
Test with Swaks
# swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls
=== Trying 192.168.16.75:25...
=== Connected to 192.168.16.75.
<-  220 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server ESMTP
-> EHLO mx.domain.tld
<-  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<-  250-STARTTLS
<-  250-PIPELINING
<-  250-8BITMIME
<-  250 SIZE 20971520
-> STARTTLS
<-  220 ready for tls
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/O=Qmail Toaster Server/OU=Test Certificate/CN=localhost"
~> EHLO mx.domain.tld
<~  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<~  250-PIPELINING
<~  250-8BITMIME
<~  250 SIZE 20971520
~> MAIL FROM:<myuser@remotedomain.tld>
<~  250 ok
~> RCPT TO:<myuser@domain.tld>
<~  250 ok
~> RCPT TO:<myuser2@domain.tld>
<~  250 ok
~> DATA
<~  354 go ahead
~> Date: Sun, 29 Nov 2020 14:58:40 -0700
~> To: myuser@domain.tld,myuser2@domain.tld
~> From: myuser@remotedomain.tld
~> Subject: test Sun, 29 Nov 2020 14:58:40 -0700
~> Message-Id: <20201129145840.009255@mx.domain.tld>
~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .
<~  250 ok 1606687121 qp 308705
~> QUIT
<~  221 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
=== Connection closed with remote host.
 
All Amavis output is in the maillog (/var/log/maillog).
 
Email headers will contain
X-Virus-Scanned: amavisd-new at domain.tld
 
Email headers will show Amavis routing
Return-Path:
Delivered-To: myemail@domain.tld
Received: (qmail 266650 invoked by uid 89); 29 Nov 2020 00:43:58 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost.localdomain with SMTP; 29 Nov 2020 00:43:58 -0000
X-DSPAM-Processed: Sat Nov 28 17:43:58 2020
X-DSPAM-Confidence: 0.9899
X-DSPAM-Probability: 0.0000
X-Virus-Scanned: amavisd-new at domain.tld
X-DSPAM-Result: Whitelisted
X-DSPAM-Signature: 1,5fc2eece2666485921812939
Received: from unknown ([127.0.0.1])
        by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
        with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)
Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)
  by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000
Received-SPF: none (localhost.localdomain: domain at remotedomain.tld does not designate permitted sender hosts)
 
 
 
Other spam scanners operable with Amavis
 
  @spam_scanners = (
    ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
      [ qw(-u /var/amavis/home/.crm114 mailreaver.crm
          --dontstore --report_only --stats_only
          --good_threshold=8 --spam_threshold=-8) ],
      mail_body_size_limit => 64000, score_factor => -0.20,
    ],
  );
 
Other AV scanners operable with Amavis
  ESET NODE32
  Avast
  Trend Micro
  Kaspersky
  Sophos
  F-Secure
  ...
 
Questions, comments, suggestions, corrections...contact Eric on the QMT list
 
==== [[SURBL]] ====
 
 
== Networking ==
=== Domain Name Server ===
[http://www.oreilly.com/catalog/linuxckbk/ <i>The Linux Cookbook</i> (O'Reilly) by Carla Schroder] has very good recipes for setting up a DNS server. Caching, public and private servers for both bind and djbdns are covered. You can also read it online [http://safari.oreilly.com/0596006403/linuxckbk-PREFACE-2#X2ludGVybmFsX1RvYz94bWxpZD0wNTk2MDA2NDAzL2xpbnV4Y2tiay1DSFAtMjQ= here].
 
==== bind ====
A very nice tutorial for bind can be found [http://www.troubleshooters.com/linux/dns.htm here].
 
To install a bind caching name server, you can follow these steps.
Note: This was done on CentOS 5.4 x86_64, so YMMV.
Do this all as root.
 
# Install caching name-server
#* # yum -y install bind caching-nameserver
# Set named up to run after reboot. And start named
#* # chkconfig named on
#* # service named start
# Edit /etc/resolv.conf and add the following above other entries
#* nameserver 127.0.0.1
# Test
#* # dig qmailtoaster.com | grep "^;; SERVER"
#* If you get ";; SERVER: 127.0.0.1#53(127.0.0.1)" then you're good to go.
 
==== djbdns ====
A very nice tutorial for djbdns can be found [http://www.troubleshooters.com/linux/djbdns/index.htm here].
 
=== SRS - [[Configuring SRS on Toaster 1.03-1.3.13+]] ===


=== [[tcp.smtp]] ===
=== [[ Secure /admin-toaster/ ]] ===


=== [[tcpserver options/flags]] ===
== [[Dovecot]] ==


== Security ==
== [[Vpopmail]] ==
=== [[Certificate]] ===


=== [[eMPF]] ===
== [[PHP]] ==


=== [[Fail2Ban]] ===
== [[Qmail queue]] ==


=== [[SSL]] ===
== [[Qmail Dovecot Authentication]] ==


=== [[SSL on submission port]] ===
== [[Qmail Active Directory Authentication]] ==


=== [[Securing SquirrelMail|SquirrelMail]] ===
== [[Dovecot Active Directory Authentication]] ==


=== [[ Secure Qmail web administration ]] ===
== [[IMAP/SMTP Authentication tests]] ==


== [[Redirection]] ==
== [[Redirection]] ==
Follow this link for information about how to redirect email to different addresses.
Follow this link for information about how to redirect email to different addresses.

Latest revision as of 08:08, 2 November 2024

Back

Initial Configuration

Domains

Follow this link for information about configuring domains.

Users

Follow this link for information about configuring users.

List of Mobile Device which succesfully connect to QmailToaster with SMTP-Auth and Submission Port

List of Wapmail for mobile users with GPRS and Wap Browser Handphone

Control Files

The majority of the configuration files are located in the /var/qmail/control directory.


man qmail-control excerpt:

You can change the behavior of the qmail system by modifying qmail's control files in /var/qmail/control.

qmail [but not Qmail-Toaster] can survive with just one control file, me, containing the fully-qualified name of the current host. This file is used as the default for other hostname-related control files.

Comments are allowed in badhelo, badmailfrom, badmailfromnorelay, badmailto, badmailtonorelay, locals, percenthack, qmqpservers, rcpthosts, smtproutes, and virtualdomains. Trailing spaces and tabs are allowed in any [qmail] control file.


Control Files List

Control Files by Name

Table of Control Files organized alphabetically with default values, included with Qmail-Toaster, and used by information.

Control Files by Function

Links to Control File descriptions organized by module.


Filtering

Pre Receipt

chkuser

RBLs

SPF

Spamdyke

Post Receipt

Simscan

Clamav

Spamassassin

Amavis

Spam Throttle

SURBL

Dspam

Dspam w/PostgreSQL

Domainkeys ***Obsolete***

Networking

DNS Server

SRS

tcp.smtp

tcpserver

DKIM

Security

Certificate

eMPF

Fail2ban

SMTPS

Submission

SquirrelMail

Secure /admin-toaster/

Dovecot

Vpopmail

PHP

Qmail queue

Qmail Dovecot Authentication

Qmail Active Directory Authentication

Dovecot Active Directory Authentication

IMAP/SMTP Authentication tests

Redirection

Follow this link for information about how to redirect email to different addresses.