From QmailToaster wiki
Jump to navigation Jump to search

Note: this is a nice write-up of how to create a separate instance of qmail-smtp. However, there is a much simpler way of implementing fetchmail. I would like to rework this entire page, but don't have the time at the moment. In a nutshell, simply modify your squirrelmail configuration to authenticate, then you can use the 127.: line in tcp.smtp for fetchmail:


Squirrelmail config_local.php with smtp authentication (and dovecot as well):

# Local configuration for Qmail Toaster
# configure to suit your requirements
# these are in toaster config,
#     changed/removed for stock dovecot (w/out courier compat config)
# $imap_server_type = 'courier';
# $optional_delimiter = '.';
# $default_folder_prefix = 'INBOX.';
# $delete_folder = true;
# $show_contain_subfolders_option = false;
# these should be added to the toaster config (imho)
$org_name        = "QmailToaster";
# $org_logo        = SM_PATH . 'images/sm_logo.png';
# $org_logo_width  = '308';
# $org_logo_height = '111';
# $org_title       = "SquirrelMail $version";
$provider_uri       = 'http://www.qmailtoaster.org/';
$provider_name      = 'QmailToaster';
$smtpServerAddress  = 'localhost';
$smtpPort           = 587;
$smtp_auth_mech     = 'login';
$imapServerAddress  = 'localhost';
$imap_server_type   = 'dovecot';
# squirrelmail doesn't support starttls until v5, so we'll use cram-md5 til then
#$use_imap_tls       = true;
$imap_auth_mech     = 'cram-md5';
# these are shubes' preferences
$optional_delimiter       = 'detect';
$default_folder_prefix    = ;
$useSendmail = false;
$show_prefix_option = false;
$force_username_lowercase = true;
$hide_sm_attributions = true;
$plugins[] = 'calendar';
$plugins[] = 'notes';
$plugins[] = 'filters';
$plugins[] = 'quota_usage';
$plugins[] = 'unsafe_image_rules';
$plugins[] = 'qmailadmin_login';

This ends the Note by Eric Shubes 6/1/10.

This page describes how to use Fetchmail to collect mail and scan it with SpamAssassin and ClamAV (via simscan) by creating a second smtp listener.

When you use Fetchmail to collect mail from a remote location and beam it into your qmail, it will be connecting to the local tcpserver on port 25 by default. Now the chances are that you have set up /etc/tcprules.d/tcp.smtp to look something like this:


So all mail coming in from will bypass simscan and therefore not get virus checked or spam checked. Simply changing the first line to pass mail to /var/qmail/bin/simscan instead of RELAYCLIENT can have other unfortunate consequences, like Squirrelmail refusing to send email as the default installation doesn't have it authenticating and besides, why would you want to spam and virus scan other locally sent mail?

The solution is to set up a separate TCP listner on another port that will send mail received at through simscan. Here's how:

1) Stop Qmail Services

qmailctl stop

2) Make a copy of the SMTP supervise folder

cp -R /var/qmail/supervise/smtp /var/qmail/supervise/smtp2

3) Go into your new directory

cd /var/qmail/supervise/smtp2

And edit run to look like this:

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
exec /usr/bin/softlimit -m 12000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 2525 \

Notice that instead of calling tcp.smtp.cdb you're calling tcp.smtp2.cdb and the port is no longer "smtp" but 2525. The SMTPD is now calling qmail-smtpd2 as well.

4) Go into ./supervise and remove the control, lock, ok and status files

cd /var/qmail/supervise/smtp2/supervise
rm -f *

5) Go into ./log/supervise and remove the control, lock, ok and status files

cd /var/qmail/supervise/smtp2/log/supervise
rm -f *

6) Go into cd /var/qmail/supervise/smtp2/log/ directory edit run so it looks like this:

LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp2 2>&1

Note the smtp2, this is what's different!

7) Go back to /var/qmail/supervise/ and change the ownership of the new smtp2 folder:

cd /var/qmail/supervise/
chown -R qmaill:qmail smtp2

8) Next we need the new tcp.smtp2 file

cd /etc/tcprules.d
cp tcp.smtp tcp.smtp2

9) Edit tcp.smtp2 removing the RELAYCLIENT="" from the first line. You might want to refer to this mailing list item for more details on tcp.smtp you want this one to send all local mail through simscan.

At the simplist level this is all you need in your new tcp.smtp2 file:


10) Next we need to edit /usr/bin/qmailctl to build tcp.smtp2.cdb and ensure that smtp2 is stopped, started and restarted along with everything else.

First find the bit that starts with restart) and edit it to add an equivalen smtp2 line wherever you see an smtp one! Like so:

   echo "Restarting qmail:"
   echo "* Stopping qmail-smtpd."
   svc -d /var/qmail/supervise/smtp
   svc -d /var/qmail/supervise/smtp2
   echo "* Sending qmail-send SIGTERM and restarting."
   svc -t /var/qmail/supervise/send
   echo "* Restarting qmail-smtpd."
   svc -u /var/qmail/supervise/smtp
   svc -u /var/qmail/supervise/smtp2

Next find the bit that starts with cdb) and edit do the same like so:

  tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp
  tcprules /etc/tcprules.d/tcp.smtp2.cdb /etc/tcprules.d/tcp.smtp2.tmp < /etc/tcprules.d/tcp.smtp2
  chmod 644 /etc/tcprules.d/tcp.smtp*
  echo "Reloaded /etc/tcprules.d/tcp.smtp and tcp.smtp2"

11) Check your new file builds tcp.smtp2.cdb:

qmailctl cdb
ls /etc/tcprules.d/*.cdb

You should see tcp.smtp.cdb and tcp.smtp2.cdb

12) Great, now we need to set up the logging files for the new smtp service. Go to /var/log/qmail and make a copy of the smtp folder:

cd /var/log/qmail
cp -R smtp smtp2

13) Go into your new smtp2 directory and remove the existing files then create a new current file:

cd /var/log/qmail/smtp2
rm -f *
touch current

14) Back up to the /var/log/qmail level and change the ownership of your new logging area:

cd /var/log/qmail
chown -R qmaill:qmail smtp2

15) Almost there! We now need to make a duplicate qmail-smtp for the new socket to call:

cd /var/qmail/bin
cp qmail-smtpd qmail-smtpd2
chown root:qmail qmail-smtpd2

16) Before we start our new listener service we'd better make sure that it is reachable through the firewall:

iptables -A INPUT -p tcp -m tcp --syn --dport 2525 -j ACCEPT
service iptables save

Or, if you're using the RH firewall, run setup and add 2525:tcp to the allowed ports.

17) When you next start qmail you should have another smtp listener running on port 2525 which will obey the rules set up in your tcp.smtp2 file. Let's try it:

qmailctl start
telnet localhost 2525

If you saw the "Welcome to Qmail Toaster" SMTP message then you're fine.

18) Finally get fetchmail to send mail to the new port by calling it with "-S". Also add the "-Z 554" - if simscan rejects a mail because it is too spammy (over the limit you've set in /var/qmail/simcontrol) or has a virus this is the error code it returns, fetchmail needs to know that so it can drop the mail.

Here's a sample of how to do it

fetchmail -v -f /root/fetchctl -a --ssl -Z 554 -t 20 -S

The /root/fetchctl file should look something like this:

poll yourpop3host.com proto pop3:
user "your_pop3_username" with password "yourpassword", is "myaddress@myqmailtoasterdomain.com" here;
user "someoneelse" with password "theirpassword", is "whoever@myqmailtoasterdomain.com" here;

You must chmod 600 the fetchctl file before fetchmail will use it.

If it all works you might want to change that -v to a -s (verbose to silent), pop it in a script and use cron to call it every fifteen minutes. Alternatively you can run it as a deamon that polls intermitently, man fetchmail for lots more options.

The author is indebted to this Qmailrocks post by Donboy.