VectorStar Networks
Build specification for Qmail


Provisions:
Qmail (1)
SMTP (no relay at all. only local delivery.)
SMTP-AUTH (2) (10)
 SMTP-AUTH only allows relay of specific allowed domains (optional)
SMTP-SSL (without auth, no access)
SMTP-SSL-AUTH (2) (10)
POP3-SSL (10) (11)
IMAP (no SSL) only for webmail (12)
IMAP-SSL for the world (10) (12)
Local Sendmail wrapper that supports SMTP AUTH (for webmail deliveries)
Local Sendmail wrapper that sends std. SMTP (for users' web CGI's)

Block emails coming from blatantly invalid senders (no real hostname) (3)
Only allow single recipients on bounce messages - antispam measure (4)

------- Stuff needed.

(1) http://cr.yp.to/software/qmail-1.03.tar.gz
(2) http://students.imsa.edu/~ngroot/qmail-1.03-starttls-smtp-auth.patch
(3) http://www.qmail.org/qmail-1.03-mfcheck.3.patch 
 *  (modified to smtpssl-mfcheck.patch)
(4) http://www.qcc.sk.ca/~charlesc/software/misc/nullenvsender-recipcount.patch
 *  (modified to smtpssl-nullenvsender.patch)

(10) checkpasswd (http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz)
(11) stunnel  (http://www.stunnel.org/download/stunnel/src/stunnel-3.22.tar.gz)
     (modify to remove insane logging)
(12) imapd and imap libs (ftp://ftp.cac.washington.edu/imap.tar.Z)
 *   VectorStar installs these with its build of Apache.

mkdir temp
cd temp

tar zxf ../original/qmail-1.03.tar.gz
ln -s qmail-1.03 qmail-1.03-tls-auth
patch -p0 < ../original/qmail-1.03-starttls-smtp-auth.patch
patch -p0 < ../modified/smtpssl-mfcheck.patch
patch -p0 < ../modified/smtpssl-nullenvsender.patch


To build:
  cd qmail-1.03/  
  mkdir /var/qmail
# Create some ID's
  groupdel console # Slackware 8.1 comes with unused group "console" on 101
  groupadd -g 101 nofiles
  useradd -u 100 -g nofiles -d /var/qmail/alias alias
  useradd -u 101 -g nofiles -d /var/qmail qmaild
  useradd -u 102 -g nofiles -d /var/qmail qmaill
  useradd -u 103 -g nofiles -d /var/qmail qmailp
  groupadd -g 102 qmail
  useradd -u 104 -g qmail -d /var/qmail qmailq
  useradd -u 105 -g qmail -d /var/qmail qmailr
  useradd -u 106 -g qmail -d /var/qmail qmails
# Done making ID's
# Finish building qmail
  make setup check
  ./config-fast mail.vectorstar.net
# Make cert
  make cert
  make cert-req  ### optional
# Done making cert
  cd ~alias
  touch .qmail-postmaster .qmail-mailer-daemon .qmail-root
  cd /var/qmail/boot
  cp home ../rc
add "sh -cf '/var/qmail/rc &'" to end of /etc/rc.d/rc.local
  rm /usr/*/sendmail
  cd ..

add this line to inetd.conf:
 smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd mail.vectorstar.net /bin/checkpassword /bin/true
 killall -HUP inetd

compile checkpassword:
  tar zxf ../original/checkpassword-0.90.tar.gz
  cd checkpassword-0.90
  make
  ./install
  chmod 4755 /bin/checkpassword
  cd ..

compile stunnel:
  tar zxf ../original/stunnel-3.22.tar.gz
  cd stunnel-3.22
  PEM_DIR=/etc/stunnel ./configure --prefix=/usr
   edit Makefile and change piddir to "/var/run/"
  mkdir /etc/stunnel
  make
  make install

Setting up stunnel:
  create a shell script for every service that you will call from stunnel:
  /usr/sbin/ssl-pop3d:
   #!/bin/sh
   /usr/sbin/stunnel -D 4 -l /usr/sbin/gnu-pop3d

  chmod /usr/sbin/ssl-pop3d
  then add a line to inetd.conf for the service:
   pop3s stream tcp nowait root /usr/sbin/ssl-pop3d
  Use a similar setup for IMAP and any other services you desire

Compile imap:
  tar zxf imap.tar.Z
  cd imap-*
  make slx
  cp -R c-client /usr/local/lib/
  cp imapd/imapd /usr/sbin/
  ldconfig
  cd ..