Configuration: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
Tag: Reverted
Line 50: Line 50:


==== [[Amavis]] ====
==== [[Amavis]] ====
For testing until production stability proven.
Get Amavis Qmail queue
# grep "release 7" /etc/centos-release
# [ "$?" = "0" ] && cos=7 || cos=8
# echo $cos
# wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos${cos}?raw=true
# chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
# chmod 4711 /var/qmail/bin/qmail-queue.smtp
Build Your Own qmail-queue.smtp
Install Amavis & edit config, run clamd under Amavis, start both services
# yum --enablerepo=epel,PowerTools -y install amavisd-new lz4 perl-Digest-SHA1 perl-IO-stringy
# yum --enablerepo=fedora cabextract
# wget https://www.rarlab.com/rar/rarlinux-x64-6.0.b1.tar.gz
# tar zxvf rarlinux-x64-6.0.b1.tar.gz
# cd rar
# cp rar unrar /usr/local/bin
# sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
# systemctl daemon-reload
# systemctl restart clamd@scan
# vi /etc/amavisd/amavisd.conf
  $mydomain = 'domain.tld';
  $myhostname = 'mx.domain.tld';
  $notify_method = 'smtp:[127.0.0.1]:10025';
  $forward_method = 'smtp:[127.0.0.1]:10025';
# systemctl enable --now amavisd
Create tcp rules for qmail smtp & qmail amavis
# mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak
tee /etc/tcprules.d/tcp.amavis.smtp  > /dev/null <<EOT
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"
EOT
tee /etc/tcprules.d/tcp.smtp  > /dev/null <<EOT
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"
EOT
Edit/Create run files for qmail smtp & qmail amavis
# cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2
tee /var/qmail/supervise/smtp/run > /dev/null <<EOT
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.amavis.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"
exec /usr/bin/softlimit -m 64000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    $SMTPD $VCHKPW /bin/true 2>&1
EOT
tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"
export FORCETLS=0
exec /usr/bin/softlimit -m 64000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 10025 \
    $SMTPD $VCHKPW /bin/true 2>&1
EOT
tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill \
    /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT \
    /var/log/qmail/smtp2 2>&1
EOT
Add Amavis Dspam support
Install Dspam (skip 'install per domain')
# wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
# chmod 755 dspamdb.sh
# ./dpsamdb.sh
Add Under $dspam = 'dspam'
# vi /etc/amavisd/amavisd.conf
@spam_scanners = (
  ['DSPAM', 'Amavis::SpamControl::ExtProg', 'dspam',
      [ qw(--user amavis --deliver=stdout) ],
  ],
);
Add under 'Trust vpopmail'
# vi /etc/dspam.conf
Trust amavis
Start & stat qmail
# qmailctl start
# qmailctl stat
send: up (pid 253068) 97100 seconds
smtp: up (pid 253065) 97100 seconds
smtp2: up (pid 253071) 97100 seconds
smtps: up (pid 253067) 97100 seconds
submission: up (pid 253073) 97100 seconds
send/log: up (pid 253064) 97100 seconds
smtp2/log: up (pid 253070) 97100 seconds
smtp/log: up (pid 253066) 97100 seconds
smtps/log: up (pid 253072) 97100 seconds
submission/log: up (pid 253069) 97100 seconds
Test with Swaks
# swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls
=== Trying 192.168.16.75:25...
=== Connected to 192.168.16.75.
<-  220 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server ESMTP
-> EHLO mx.domain.tld
<-  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<-  250-STARTTLS
<-  250-PIPELINING
<-  250-8BITMIME
<-  250 SIZE 20971520
-> STARTTLS
<-  220 ready for tls
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/O=Qmail Toaster Server/OU=Test Certificate/CN=localhost"
~> EHLO mx.domain.tld
<~  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<~  250-PIPELINING
<~  250-8BITMIME
<~  250 SIZE 20971520
~> MAIL FROM:<myuser@remotedomain.tld>
<~  250 ok
~> RCPT TO:<myuser@domain.tld>
<~  250 ok
~> RCPT TO:<myuser2@domain.tld>
<~  250 ok
~> DATA
<~  354 go ahead
~> Date: Sun, 29 Nov 2020 14:58:40 -0700
~> To: myuser@domain.tld,myuser2@domain.tld
~> From: myuser@remotedomain.tld
~> Subject: test Sun, 29 Nov 2020 14:58:40 -0700
~> Message-Id: <20201129145840.009255@mx.domain.tld>
~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .
<~  250 ok 1606687121 qp 308705
~> QUIT
<~  221 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
=== Connection closed with remote host.
All Amavis output is in the maillog (/var/log/maillog).
Email headers will contain
X-Virus-Scanned: amavisd-new at domain.tld
Email headers will show Amavis routing
Return-Path:
Delivered-To: myemail@domain.tld
Received: (qmail 266650 invoked by uid 89); 29 Nov 2020 00:43:58 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost.localdomain with SMTP; 29 Nov 2020 00:43:58 -0000
X-DSPAM-Processed: Sat Nov 28 17:43:58 2020
X-DSPAM-Confidence: 0.9899
X-DSPAM-Probability: 0.0000
X-Virus-Scanned: amavisd-new at domain.tld
X-DSPAM-Result: Whitelisted
X-DSPAM-Signature: 1,5fc2eece2666485921812939
Received: from unknown ([127.0.0.1])
        by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
        with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)
Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)
  by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000
Received-SPF: none (localhost.localdomain: domain at remotedomain.tld does not designate permitted sender hosts)
Other spam scanners operable with Amavis
  @spam_scanners = (
    ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
      [ qw(-u /var/amavis/home/.crm114 mailreaver.crm
          --dontstore --report_only --stats_only
          --good_threshold=8 --spam_threshold=-8) ],
      mail_body_size_limit => 64000, score_factor => -0.20,
    ],
  );
Other AV scanners operable with Amavis
  ESET NODE32
  Avast
  Trend Micro
  Kaspersky
  Sophos
  F-Secure
  ...
Questions, comments, suggestions, corrections...contact Eric on the QMT list


==== [[SURBL]] ====
==== [[SURBL]] ====

Revision as of 14:28, 26 March 2024

Initial Configuration

Domains

Follow this link for information about configuring domains.

Users

Follow this link for information about configuring users.

List of Mobile Device which succesfully connect to QmailToaster with SMTP-Auth and Submission Port

List of Wapmail for mobile users with GPRS and Wap Browser Handphone

Control Files

The majority of the configuration files are located in the /var/qmail/control directory.


man qmail-control excerpt:

You can change the behavior of the qmail system by modifying qmail's control files in /var/qmail/control.

qmail [but not Qmail-Toaster] can survive with just one control file, me, containing the fully-qualified name of the current host. This file is used as the default for other hostname-related control files.

Comments are allowed in badhelo, badmailfrom, badmailfromnorelay, badmailto, badmailtonorelay, locals, percenthack, qmqpservers, rcpthosts, smtproutes, and virtualdomains. Trailing spaces and tabs are allowed in any [qmail] control file.


Control Files by Name

Table of Control Files organized alphabetically with default values, included with Qmail-Toaster, and used by information.

Control Files by Function

Links to Control File descriptions organized by module.


Filtering

Pre Receipt

chkuser

RBLs

SPF

Spamdyke

Post Receipt

domainkeys

simscan

clamav

spamassassin

Amavis

For testing until production stability proven.
Get Amavis Qmail queue
  1. grep "release 7" /etc/centos-release
  2. [ "$?" = "0" ] && cos=7 || cos=8
  3. echo $cos
  4. wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos${cos}?raw=true
  5. chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
  6. chmod 4711 /var/qmail/bin/qmail-queue.smtp
Build Your Own qmail-queue.smtp
Install Amavis & edit config, run clamd under Amavis, start both services
  1. yum --enablerepo=epel,PowerTools -y install amavisd-new lz4 perl-Digest-SHA1 perl-IO-stringy
  2. yum --enablerepo=fedora cabextract
  3. wget https://www.rarlab.com/rar/rarlinux-x64-6.0.b1.tar.gz
  4. tar zxvf rarlinux-x64-6.0.b1.tar.gz
  5. cd rar
  6. cp rar unrar /usr/local/bin
  7. sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
  8. systemctl daemon-reload
  9. systemctl restart clamd@scan
  10. vi /etc/amavisd/amavisd.conf
 $mydomain = 'domain.tld';
 $myhostname = 'mx.domain.tld';
 $notify_method = 'smtp:[127.0.0.1]:10025';
 $forward_method = 'smtp:[127.0.0.1]:10025';
  1. systemctl enable --now amavisd
Create tcp rules for qmail smtp & qmail amavis
  1. mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak

tee /etc/tcprules.d/tcp.amavis.smtp > /dev/null <<EOT 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"

allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"

EOT

tee /etc/tcprules.d/tcp.smtp > /dev/null <<EOT 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"

allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"

EOT

Edit/Create run files for qmail smtp & qmail amavis
  1. cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2

tee /var/qmail/supervise/smtp/run > /dev/null <<EOT

  1. !/bin/sh

QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.amavis.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPAUTH="-"

exec /usr/bin/softlimit -m 64000000 \

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT

  1. !/bin/sh

QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPAUTH="-" export FORCETLS=0

exec /usr/bin/softlimit -m 64000000 \

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 10025 \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT

  1. !/bin/sh

LOGSIZE=`cat /var/qmail/control/logsize` LOGCOUNT=`cat /var/qmail/control/logcount` exec /usr/bin/setuidgid qmaill \

    /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT \
    /var/log/qmail/smtp2 2>&1

EOT

Add Amavis Dspam support
Install Dspam (skip 'install per domain')
  1. wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
  2. chmod 755 dspamdb.sh
  3. ./dpsamdb.sh
Add Under $dspam = 'dspam'
  1. vi /etc/amavisd/amavisd.conf

@spam_scanners = (

  ['DSPAM', 'Amavis::SpamControl::ExtProg', 'dspam',
     [ qw(--user amavis --deliver=stdout) ],
  ],

);

Add under 'Trust vpopmail'
  1. vi /etc/dspam.conf

Trust amavis

Start & stat qmail
  1. qmailctl start
  2. qmailctl stat

send: up (pid 253068) 97100 seconds smtp: up (pid 253065) 97100 seconds smtp2: up (pid 253071) 97100 seconds smtps: up (pid 253067) 97100 seconds submission: up (pid 253073) 97100 seconds send/log: up (pid 253064) 97100 seconds smtp2/log: up (pid 253070) 97100 seconds smtp/log: up (pid 253066) 97100 seconds smtps/log: up (pid 253072) 97100 seconds submission/log: up (pid 253069) 97100 seconds

Test with Swaks
  1. swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls

=== Trying 192.168.16.75:25... === Connected to 192.168.16.75. <- 220 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server ESMTP

-> EHLO mx.domain.tld

<- 250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server <- 250-STARTTLS <- 250-PIPELINING <- 250-8BITMIME <- 250 SIZE 20971520

-> STARTTLS

<- 220 ready for tls === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 === TLS no local certificate set === TLS peer DN="/O=Qmail Toaster Server/OU=Test Certificate/CN=localhost"

~> EHLO mx.domain.tld

<~ 250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server <~ 250-PIPELINING <~ 250-8BITMIME <~ 250 SIZE 20971520

~> MAIL FROM:<myuser@remotedomain.tld>

<~ 250 ok

~> RCPT TO:<myuser@domain.tld>

<~ 250 ok

~> RCPT TO:<myuser2@domain.tld>

<~ 250 ok

~> DATA

<~ 354 go ahead

~> Date: Sun, 29 Nov 2020 14:58:40 -0700
~> To: myuser@domain.tld,myuser2@domain.tld
~> From: myuser@remotedomain.tld
~> Subject: test Sun, 29 Nov 2020 14:58:40 -0700
~> Message-Id: <20201129145840.009255@mx.domain.tld>
~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .

<~ 250 ok 1606687121 qp 308705

~> QUIT

<~ 221 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server === Connection closed with remote host.

All Amavis output is in the maillog (/var/log/maillog).
Email headers will contain

X-Virus-Scanned: amavisd-new at domain.tld

Email headers will show Amavis routing

Return-Path: Delivered-To: myemail@domain.tld Received: (qmail 266650 invoked by uid 89); 29 Nov 2020 00:43:58 -0000 Received: from unknown (HELO localhost) (127.0.0.1)

 by localhost.localdomain with SMTP; 29 Nov 2020 00:43:58 -0000

X-DSPAM-Processed: Sat Nov 28 17:43:58 2020 X-DSPAM-Confidence: 0.9899 X-DSPAM-Probability: 0.0000 X-Virus-Scanned: amavisd-new at domain.tld X-DSPAM-Result: Whitelisted X-DSPAM-Signature: 1,5fc2eece2666485921812939 Received: from unknown ([127.0.0.1])

       by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
       with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)

Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)

 by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000

Received-SPF: none (localhost.localdomain: domain at remotedomain.tld does not designate permitted sender hosts)


Other spam scanners operable with Amavis
 @spam_scanners = (
   ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
     [ qw(-u /var/amavis/home/.crm114 mailreaver.crm
          --dontstore --report_only --stats_only
          --good_threshold=8 --spam_threshold=-8) ],
     mail_body_size_limit => 64000, score_factor => -0.20,
   ],
 );
Other AV scanners operable with Amavis
 ESET NODE32
 Avast
 Trend Micro
 Kaspersky
 Sophos
 F-Secure
 ...
Questions, comments, suggestions, corrections...contact Eric on the QMT list

SURBL

Networking

Domain Name Server

The Linux Cookbook (O'Reilly) by Carla Schroder has very good recipes for setting up a DNS server. Caching, public and private servers for both bind and djbdns are covered. You can also read it online here.

bind

A very nice tutorial for bind can be found here.

To install a bind caching name server, you can follow these steps. Note: This was done on CentOS 5.4 x86_64, so YMMV.

Do this all as root.
  1. Install caching name-server
    • # yum -y install bind caching-nameserver
  2. Set named up to run after reboot. And start named
    • # chkconfig named on
    • # service named start
  3. Edit /etc/resolv.conf and add the following above other entries
    • nameserver 127.0.0.1
  4. Test
    • # dig qmailtoaster.com | grep "^;; SERVER"
    • If you get ";; SERVER: 127.0.0.1#53(127.0.0.1)" then you're good to go.

djbdns

A very nice tutorial for djbdns can be found here.

SRS - Configuring SRS on Toaster 1.03-1.3.13+

tcp.smtp

tcpserver options/flags

Security

Certificate

eMPF

Fail2Ban

SSL

SSL on submission port

SquirrelMail

Secure Qmail web administration

Redirection

Follow this link for information about how to redirect email to different addresses.