Author: Laird Bedore Date: 7/26/05 Requirements: SMTP Auth. Only allow local delivery unless AUTH is used. Native SSL for SMTP, POP3, IMAP4. RBL check ability at system-wide level A system-wide spam filter that catches >50% of spam. spamassassin, working with mbox-format, working at two levels: 1. System wide: complete test, inc global bayesian (very high scores are not delivered to recipient, but to special spam-only mailbox used for the generation of system-wide scoring. Only keep last 1000 msgs) 2. Per-user: bayesian filter ONLY (scores are tagged and delivered to folders) Automatic "spam" folder pruning script - runs on cron, users can configure how many messages to keep in their spam folder References: NetQmail 1.05: http://www.qmail.org/netqmail/ checkpasswd 0.90: http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz The following 3 packages have been merged into a single patch: SMTP-auth/TLS: http://shupp.org/smtp-auth-tls/ mfcheck: http://js.hu/package/qmail/index.html Truncate bounce messages to a number of bytes: http://www.qmail.org/www.jedi.claranet.fr/qmail-bounce.patch qrblcheck (simple configurable RBL checker): http://jon.rusts.net/qrblcheck.c tools - qmail-remove (queue cleaner): http://www.linuxmagic.com/opensource/qmail/qmail-remove/ tools - qmhandle: ############################################################################## Build instructions: ############################################################################## mkdir -p /usr/src/netqmail cd /usr/src/netqmail wget ftp://ftp.vectorstar.net/pub/netqmail/original/netqmail-1.05.tar.gz wget ftp://ftp.vectorstar.net/pub/netqmail/original/checkpassword-0.90.tar.gz wget ftp://ftp.vectorstar.net/pub/netqmail/original/qrblcheck.c wget ftp://ftp.vectorstar.net/pub/netqmail/modified/netqmail-1.05+tls+smtpauth+mfcheck+bounce.patch tar zxf netqmail-1.05.tar.gz tar zxf checkpassword-0.90.tar.gz cd netqmail-1.05 ./collate.sh patch -p0 < ../netqmail-1.05+tls+smtpauth+mfcheck+bounce.patch cd netqmail-1.05 mkdir /var/qmail # Create some ID's groupdel console groupadd -g 101 nofiles useradd -u 100 -g nofiles -d /var/qmail/alias alias useradd -u 101 -g nofiles -d /var/qmail qmaild useradd -u 102 -g nofiles -d /var/qmail qmaill useradd -u 103 -g nofiles -d /var/qmail qmailp groupadd -g 102 qmail useradd -u 104 -g qmail -d /var/qmail qmailq useradd -u 105 -g qmail -d /var/qmail qmailr useradd -u 106 -g qmail -d /var/qmail qmails # Done making ID's # Finish building qmail make setup check ./config-fast mail.vectorstar.net # Make certificate make cert make cert-req ### optional # Make Temporary RSA diffie-helman keys make tmprsadh echo "0 * * * * /var/qmail/bin/update_tmprsadh >/dev/null 2>\&1" >> /var/spool/cron/crontabs/root killall -HUP crond # Set up basic aliases cd ~alias touch .qmail-postmaster .qmail-mailer-daemon .qmail-root chmod 644 ~alias/.qmail* cd /var/qmail/boot # edit /var/qmail/rc: change Mailbox to .mail/INBOX cat home | sed -e "s/.\/Mailbox/.mail\/INBOX/g" > ../rc # add "sh -cf '/var/qmail/rc &'" to end of /etc/rc.d/rc.local echo "sh -cf '/var/qmail/rc \&'" >> /etc/rc.d/rc.local # Remove sendmail binaries and symlinks to sendmail emulators rm /usr/*/sendmail # Link non-qmail mail daemons to the SSL Cert ln -s /var/qmail/control/servercert.pem /etc/ssl/certs/ipop3d.pem ln -s /var/qmail/control/servercert.pem /etc/ssl/certs/imapd.pem # Set up inetd to listen for SMTP. ####### ******** ####### ********* ######### ## NOTE THIS IS EXTREMELY IMPORTANT!! ## ## ## ## The syntax for qmail-smtpd has changed. ## ## the hostname portion has been removed ## ## from the command line syntax. Make sure## ## yours is executed similarly to the ## ## example below, otherwise you will ## ## have mysterious and hard-to-resolve ## ## errors when trying to SMTP AUTH. ## ####### ******** ####### ********* ######### echo "# Qmail to the rescue smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd /bin/checkpassword /bin/true smtps stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd /bin/checkpassword /bin/true pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d pop3s stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd " >> /etc/inetd.conf killall -HUP inetd # Compile checkpasswd #### As of Slackware 10.2 (tho not in 10.1), We get an error during #### compilation, regarding an undefined reference to 'errno'. cd /usr/src/netqmail/checkpassword-0.90 make ./install chmod 4755 /bin/checkpassword # Compile qrblcheck and set it up for use cd .. gcc -o qrblcheck -lresolv qrblcheck.c cp qrblcheck /var/qmail/bin/ ############## # DO SOMETHING MANUALLY TO MAKE QRBLCHECK RUN FOR ALL INCOMING MSGS ############## ############################################################################## # Notes from the TLS patch: Also, MAKE SURE you run "make tmprsadh", and setup the cron job for update_tmprsadh (per the TLS instructions) so that you don't saturate your CPU with temp key generations.