基于RedHat Linux的标准qmail系统(qmail System Based RedHat Linux)
2006年国庆删减修正。
What is it?
"基于RedHat Linux的标准qmail系统"从RedHat Linux的系统特点出发,目的是 构建一套可以快速安装的、无错的、具有所有qmail系统功能的、以及大部分必须 的扩展功能的邮件服务器。系统特点:
- Full GPL
此系统并非凭空构建的,此系统所有核心源码具有GPL或者类似授权,系统本身 当然是遵循GPL并且以GPL授权发布。
- Full RPM packet
使用RPM提供快速安装,并且使系统本身易于管理。对于一般的管理员而言,还意味着 更加容易管理系统安全:所有文件是可追踪的;卸载系统不会留下垃圾文件(没有RPM,有谁 能够确切的指出每一个可执行文件是做什么用处的?该不会是backdoor吧?)
- compatible RedHat Linux 7.1(或以上版本)
关于此点,我不想说明,也不想解释。如果你不幸没有使用RedHat 7.1或以上版本, 请自己设法解决所有问题。愿主保佑你!
当前版本(qmail-1.03-7)运行于RedHat 7.2/7.1.
- another Sendmail
我告诉你:Sendmail并不是“妻”,qmail也不是“妾”,他们都是*nix的情人而已, 只不过由于偶然的因素,Sendmail领到了结婚证。现在,你难道不想放弃那难以忍受的 生活,还自己一个幸福的人生吗?
不过,如果你想“包二奶”的话,那既是对Sendmail的不忠,也是对qmail的不负责任, 呜呼,我可以想象你的悲惨下场。 - it's a Server
你要是钟情于桌面、中文支持、游戏以及种种linux的“雀斑”,那么,此处并非久留之地, 请你逃走吧。
我始终坚定的以为:linux或者说GNU/linux是做Server用的,或许不久的将来,她会超出Win$成为主流桌面系统, 但那时,她还会是linux吗?
突出此项的目的是在说:为了玩转qmail,请你首先学会最基本的Server及网络知识吧。 曾经看到过这样的贴子:“我需要什么样的知识才能安装配置qmail”,如果非要我回答, 我只能这样回答:首先,你必须至少能够配置和管理Sendmail。如果不能,神仙也没办法。
- 还有好多,待续吧...
system require
- RedHat Linux 7.2/7.1
qmail-1.03-7/qmail-1.03-5已经在RedHat 7.2/7.1上测试通过,没有任何兼容性问题
建议使用RedHat 7.2 + qmail-1.03-7构建系统
说说系统安装:大部分情况下,我们都是采用Server模式来安装RedHat,我的测试系统则是全部安装, 这对于qmail系统来说没有区别。
注意:Server模式安装不安装mutt,我们需要mutt来在终端模式下读、发邮件, 因为默认的mail程序是不支持Maildir格式的。
(Thanks bjasus@yeah.net report this bug!)
需要指出的是:如果你实在聪明,有可能你不屑于RedHat公司给你 提供的安装方案,而是使用定制安装,此时,您要是不去安装某个看着不顺眼的包的话,很可能会 无法编译src.rpm或者无法安装i386.rpm,如果你在编译src.rpm的时候或者安装i386.rpm的时候提示你 缺少某个包,请自己解决。
- correct NetWork configure
前面已经说了,qmail is a Server,如果你实在不清楚如何配置一台linux box为server的话, 可以参考很多文章,以及很多howto。
由于种种原因,很多人在“localhost.localdomain”运行qmail,当然,由于qmail的强大功能, 竟然也可以跑得不错。对此,我只能表示遗憾,并真诚的奉劝你:为什么不到正确的路上来呢?
配置一台拥有完整网络功能的linux box用来运行qmail吧!
- full effected DNS Server
实际上,这也是上一条的一部分,单列是为了突出。
如果你的qmail第一次运行就因为DNS问题而出错,那我只能说这是一个stupid mistake!
私有网络或者测试系统可以使用未注册的域名,但是,你将遭到来自拥有合法域名主机的 不平等对待(人家不搭理你),早早做好心理准备(你要明白:这不是错误)。
如果没有任何一台DNS主机可以解析你的qmail主机(哪怕是假域名),你将有机会学会排除 qmail系统的种种所谓错误。但愿你不要混到那份上,未雨绸缪吧。
- 其他种种,可以归纳为:qmail所需要的其他运行环境,呵呵~~
packet list
ucspi-tcp
版本:0.88-2
包装:rpm
说明:添加了ucspi-rss.diff补丁(http://www.qmail.org)
Dan's rblsmtpd blocks spam using the RBL and other DNS-based lists. Because of the size of the RSS zone, they have removed the necessary TXT records that rblsmtpd relies on. Alan Curry has a patch to rblsmtpd to make it work with A records.
制作:Bruce Guenter<bruceg@em.ca> and hleil<hleil@163.com>
下载:此处下载!
ucspi-unix
版本:0.34-1
包装:rpm
说明:If you are going to use qmail-mailq, use ucspi-unix。
制作:Bruce Guenter<bruceg@em.ca>。
下载:此处下载!
daemontools
版本:0.70-3
包装:rpm
说明:针对Redhat7.X的编译错误做了修正。
制作:Bruce Guenter<bruceg@em.ca>。
下载:此处下载!
升级说明:deamontools-0.76的rpm包尚不可用,如果想升级到daemontools-0.76,手动安装!
supervise-scripts
版本:3.3-2
包装:rpm
说明:This package is a set of scripts that may be useful for starting and stopping programs that are managed by supervise and svscan, which are part of the daemontools package.
Fixed for need reboot!
制作:Bruce Guenter<bruceg@em.ca> and hleil<hleil@163.com>
下载:此处下载!
qmail
版本:1.03-7
包装:rpm
说明:
- Only one patch from now!
- Support for sending and receiving via QMTP(patch to qmail-remote by Russell Nelson).
- Support for sending more than 255 simultaneous messages(big-concurrency patch by Johannes Erdfelt).
- Support for faster processing when large quantities of mail arrive(big-todo patch by Russell Nelson).
- Support for sites with DNS responses larger than 512 bytes.
- Startup scripts set configurable limits on daemon's CPU time and data size to avoid denial-of-service attacks.
- Integrated optional RBL blocking support from multiple servers.
- UID/GID numbers are configured into a set of control files instead of hard-coded in the binaries. This would allow a binary RPM to be distributed unmodified to any setup.
- The qmail run script uses the contents of /etc/qmail/control/aliasempty for the aliasempty argument to qmail-start
- Message logging is done via the string in /etc/qmail/control/logger
- qmail-showctl shows the contents of all the control files used in this package
- Intelligent login scripts (/etc/profile.d/qmail.sh and /etc/profile.d/qmail.tcsh).
- A man page documenting the control files used by all the init scripts
- All the network daemons use tcpserver to manage connections
- Support for binding outgoing connections to local interfaces (patch to qmail-remote by Chuck Foster).
- Evan Champion's patch to conredirect, ported to qmail-1.03
- A fix for broken CR/LF conventions on SMTP connections using fixcrio, which doesn't require a patch to qmail.
- 修改了原包中的cron.hourly文件,以使得它可以和vpopmail兼容,也就是说,除非你特别指定,否则qmail不会定时重建用户数据库。
- 增 加了smtp-auth patch(http://members.elysium.pl/brush/qmail-smtpd-auth/),现在,qmail系统已经可以进 行smtp验证。为了方便起见,我又增加了两个环境变量,smtpcheckpass和smtpcheckpasssub,更改smtp验证方法可以不必 修改smtpd启动脚本。
- 增加了tarpit.patch(Chris Johnson cjohnson-qmail@palomine.net),可以对防止垃圾邮件起到一定的作用,相应的增加了两个环境变量tarpitcount和tarpitdelay。
- 结合以上的修改,相应的改动了系统原来的qmail-1.03-showctl.patch,使得qmail-showctl可以显示增加的控制文件。
- 修改了smtpd的启动文件,以使用/etc/qmail/control/smtpcheckpass 和 /etc/qmail/control/smtpcheckpasssub 进行smtp验证。
- 自动建立/etc/skel/Maildir。
- 自动建立系统用户的Maildir并转化(如果存在)已有的mbox格式的邮件。
- 全面支持mutt邮件用户代理(MUA)。
- 使用multilog。
- Add: /etc/qmail/control/lpop3port,/etc/qmail/control/lsmtpport。If use vpopmail-5.x.src.rpm,local host will run it's own pop3d and smtpd,default:lpop3port:9708;lsmtpport:9709。
- qmail-1.03-7:
- Only one patch.
- Some security fix.
- Some script fix.
- mv /var/qmail/service to /etc/qmail/service.
- New convert-and-create Perl script.
制作:Bruce Guenter<bruceg@em.ca> and hleil<hleil@163.com>
下载:此处下载!
Changelog:
* Sun Feb 4 2002 hleil - Ver 1.03-7 Only one patch. Some security fix. mv /var/qmail/service to /etc/qmail/service,put a soft link in /var/qmail. * Thu Jan 31 2002 hleil - Ver 1.03-6 upgade convert-and-create script. Conflicts update. * Fri Dec 14 2001 hleil < hleil@163.com > - Requires update * Sun Dec 9 2001 hleil < hleil@163.com > - Ver qmail-1.03-5 Add: /etc/qmail/control/lpop3port /etc/qmail/control/lsmtpport If use vpopmail-5.x.src.rpm,local host will run it's own pop3d and smtpd,default: lpop3port:9708 lsmtpport:9709 Of course,you can define your own. At this time,you can define very detailed ip address to control your host's connect by /etc/tcpcontrol/lpop-3.rules,lpop-3.cdb /etc/tcpcontrol/lsmtp.rules,lsmtp.cdb Default allow 172.30. - And,vpopmail will running on standard pop3 and smtpd port. This change aimed on security and many virtualdomains,the shell user will be used only for system manage. * Sat Dec 8 2001 hleil < hleil@163.com > - Ver qmail-1.03-4 Fix some bug in smtp-auth. * Wed Sep 19 2001 hleil < hleil@163.com > - Ver qmail-1.03-4 - Fix the Requires Version Use multilog instead of splogger. Use /var/log/qmail as top log dir. - Fix convert-and-create script * Thu Sep 13 2001 hleil < hleil@163.com > - Ver qmail-1.03-3 - Split man package from the binary out for update. rebuild will get two rpm: qmail-1.03-xxx.i386.rpm qmail-1.03-man-xxx.i386.rpm For update,only use rpm -Uvh will be OK! * Wed Sep 12 2001 hleil < hleil@163.com > - Ver qmail-1.03-2 - Add Muttrc for mutt so user can use mutt with Maildir format without additional ~/.muttrc. Add /etc/skel/Maildir so new user will have and own his Maildir. Add create-and-convert action for System User's Maildir make and convert from mbox to Maildir format,just run once after install. * Mon Sep 10 2001 hleil < hleil@163.com > - Ver qmail-1.03-1 - Update smtp-auth patch to latest version:qmail-smtp-auth-0.30 from http://members.elysium.pl/brush/qmail-smtpd-auth/ * Wed Jul 25 2001 hleil < hleil@163.com > - Fix cron.hourly,now it do nothing unless you want! - Add a new patch auth.patch from Eric M. Johnston - Add a new patch tarpit.patch from Chris Johnson - Some fix to patch qmail-1.03-shwoctl.patch Add two environment variable for tarpit.patch - Some fix to qmail-rhinit
install guide(Very Easy)
you need a common account for manage,for example:hleil
Download all src.rpm
Firt,remove any stupid MTA such as Sendmail,if qmail-1.03-3/qmail-1.03-5,read upgrade,if qmail with tar.gz,read qmail with tar.gz.
rpm --rebuild ucspi-tcp-0.88-2.src.rpm
rpm --rebuild ucspi-unix-0.34-1.src.rpm
rpm --rebuild daemontools-0.70-3.src.rpm
rpm --rebuild supervise-scripts-3.3-2.src.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/ucspi-tcp-0.88-2.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/ucspi-unix-0.34-1.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/daemontools-0.70-3.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/noarch/supervise-scripts-3.3-2.noarch.rpm
rpm --rebuild qmail-1.03-7.src.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/qmail-1.03-7.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/qmail-man-1.03-7.i386.rpm
echo hleil>/etc/qmail/alias/.qmail-root
OK!
Upgrade from qmail-1.03-5
svc-remove /service/{qmail,qread,qstat,pop3d,smtpd,lpop3d,lsmtpd,qmqpd,qmtpd}
rm -rf /var/qmail/service
rpm --rebuild qmail-1.03-7.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/qmail-1.03-7.i386.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/qmail-man-1.03-7.i386.rpm
OK!
Upgrade from qmail-1.03-3
rpm -e --nodeps supervise-scripts
cat /etc/inittab | egrep -v '^SV:.*svscan-start' | egrep -v '^SX:.*svscan-stopall' >/etc/inittab
killall -HUP init
rpm --rebuild supervise-scripts-3.3-2.src.rpm
rpm -ivh /usr/src/redhat/RPMS/noarch/supervise-scripts-3.3-2.noarch.rpm
(Thanks alan@smartdotweb.com report this bug!)
svc-remove /service/{qmail,qread,qstat,pop3d,smtpd,lpop3d,lsmtpd,qmqpd,qmtpd}
rm -rf /var/qmail/service
rpm --rebuild qmail-1.03-7.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/qmail-1.03-7.i386.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/qmail-man-1.03-7.i386.rpm
OK!
In qmail-1.03-7,the log will be leave in /var/log/qmail/* instead of /var/log/maillog. this is the directory structure of log:
# ls -l /var/log/qmail total 7 drwxr-xr-x 2 qmaillog qmail 1024 Dec 20 15:02 lpop3d drwxr-xr-x 2 qmaillog qmail 1024 Dec 20 15:02 lsmtpd drwxr-xr-x 2 qmaillog qmail 1024 Dec 20 15:02 pop3d drwxr-xr-x 2 qmaillog qmail 1024 Dec 20 15:02 qmail drwxr-xr-x 2 qmaillog qmail 1024 Dec 14 04:56 qmqpd drwxr-xr-x 2 qmaillog qmail 1024 Dec 14 04:56 qmtpd drwxr-xr-x 2 qmaillog qmail 1024 Dec 20 15:02 smtpd #
you can view log by more /var/log/qmail/*/current(replace * with qmail,qmqpd,qmtpd,smtpd,pop3d,lsmtpd,lpop3d)
Upgrade from other
If the early qmail NOT qmail-1.03-3;i'm sorry,you MUST remove it and install qmail as the first time.
Any question about this,please DO NOT ask me for a solving.
qmail with tar.gz
If the early qmail is qmail with tar.gz,you MUST remove it and all files、all scripts、all packet used by it.That is to say,your need a clean system environment in order to use qmail-1.03-5.
Any question about this,please DO NOT ask me for a solving.
mini FAQ
- 如何使用lpop3d,lsmtpd?
lpop3d,lsmtpd主要目的是解决SMTP-AUTH问题,使用lpop3d,lsmtpd将使得SMTP-AUTH更加安全。 由于qmail-smtpd-auth-0.30 patch的固有问题,使得统一系统用户和vpopmail用户的SMTP-AUTH变得 不现实,于是决定分离系统用户的SMTP-AUTH和vpopmail用户的SMTP-AUTH。
在此体系中,系统用户使用/bin/checkpasswd验证lsmtpd/lpop3d,vpopmail用户使用~vpopmail/bin/vchkpw 验证smtpd/pop3d。lsmtpd/lpop3d运行于非标准端口,使用自己的tcpcontrol文件,可以进行非常严格的 ip控制,在一个拥有防火墙的网络,入侵者几乎没有可能通过qmail进入系统(如果是其他包或者qmailpowertools有问题, 当然,怪不得qmail,比如臭名昭著的sina.com.cn cgi 漏洞)这样保证安全:
- 非标准端口
此端口可自定义,只需修改/etc/qmail/control/lpop3port,/etc/qmail/control/lsmtpport换成 你想用的端口号码(如果没有这两个文件,你就自己创建嘛,不要老是ask stupid question),默认 是lpop3port:9708,lsmtpport:9709。在firewall屏蔽此端口,你的/etc/passwd就很安全了。 (此时,标准pop3/smtp是开放的,它们由vpopmail负责,所以,你的vpopmail的enable-passwd一定要选择n, 不让vchkpw读取/etc/vpasswd和/etc/shadow,否则,所有努力都付诸东流了)
- 独立tcpcontrol
/etc/tcpcontrol/lpop-3.rules,lpop-3.cdb,/etc/tcpcontrol/lsmtp.rules,lsmtp.cdb只用于 lpop3d/lsmtpd,你可以进行主机级的ip控制。如果firewall被突破,借助于此,可以防止入侵者 肆意扫描你的/etc/passwd。当然,如果入侵者实在厉害,不仅突破了firewall,还伪装了ip包, 那我估计他已经是你的root的,没有必要再通过lpop3d/lsmtpd来得到你的user list.
使用方法:
svc-add /var/qmail/service/lpop3d svc-add /var/qmail/service/lsmtpd svc-start lpop3d svc-start lsmtpd
相关控制文件:
/etc/qmail/control/lpop3port
/etc/qmail/control/lsmtpport
/etc/tcpcontrol/lpop-3.rules,lpop-3.cdb
/etc/tcpcontrol/lsmtp.rules,lsmtp.cdb
如果你不清楚/etc/tcpcontrol/*.cdb的生成、作用问题,自己看有关文档
- 非标准端口
- vpopmail如何使用SMTP-AUTH
首先声明,从qmail-1.03-3开始,SMTP-AUTH已经完全没有问题,如果你不清楚一些基本问题, 请到http://members.elysium.pl/brush/qmail-smtpd-auth/ 自己去看。
如果你使用我打包的vpopmail-5.x.src.rpm,则所有设定都已做好。(今后将不再支持vpopmail,但是,vpopmail-5.1.3-1.src.rpm仍然可以在qmail-1.03-7使用)
usermod -G vchkpw qmailq usermod -G vchkpw qmailr usermod -G vchkpw qmails chmod 6711 ~vpopmail/bin/vchkpw OK!
