-------------------------------------------------------------------- EZ QmailToaster Fresh Install on CentOS 4.3 Nick Hemmesch June 08, 2006 -------------------------------------------------------------------- CentOS 4.3: This test install was performed on an P4 3Ghz with 2GB ram on an Intel m/b. -------------------------------------------------------------------- This tutorial is for CentOS 4.3 (cnt40) i386 To install CentOS 4.3 x86_64, replace cnt40 with cnt4064 To install Fedora Core 4 & 5, change download path from centos to fedora & cnt40 to fdr40, fdr4064, fdr50 or fdr5064 per your distro -------------------------------------------------------------------- Notes: You must have either a local dns server or a local caching name server. If you need a caching namserver, we will add one in Step 8. Be sure to replace "your-domain.com" with your real domain name, and "your.fqdn.com" with your server's "Fully Qualified Domain Name". -------------------------------------------------------------------- 1. Download CentOS 4.3 CD iso's or the DVD iso. -------------------------------------------------------------------- Burn iso's to CD, or DVD if you downloded a DVD iso Boot with your CD 1 or the DVD -------------------------------------------------------------------- 2. CentOS Installation (This is the configuration of my test box): -------------------------------------------------------------------- Splash Page: to install in graphical mode CD Found window: Choose "Skip" to bypass media test Welcome to CentOS: Click "Next" Language Selection: Select your language & Click "Next" Keyboard Configuration: Select language type & Click "Next" Installation Type: Select "Server" & Click "Next" Disk Partitioning Setup: Select "Automatically Partition & Click "Next" Warning: Click "Yes" Automatic Partitioning: Select "Remove all partitions" & Click "Next" Warning: Click "Yes" Disk Setup: Click "Next" Boot Loader Configuration: Click "Next" Network Configuration: Click "Edit" Edit Interface eth0: Deselect "Configure using DHCP" Select "Activate on boot" Enter your "IP Address" & "Netmask" Click "OK Set the hostname: Deselect "automatically via DHCP" Select "manually" & enter your "fully qualified domain name" Miscellaneous Settings: Gateway: enter IP address of your gateway Primary DNS: enter IP address of primary dns server Secondary DNS: enter IP address of secondary dns server Click "Next" Firewall Configuration: Select "No firewall" Select "Disabled" mode for SELinux Click "Next" Warning - No Firewall: Click "Proceed" Additional Language Support" Click "Next" Time Zone Selection: Select your time zone & Click "Next" Set Root Password: Enter your root password twice & Click "Next" -------------------------------------------------------------------- 3. Package Group Selection - Select ONLY the following groups: -------------------------------------------------------------------- Server Configuration Tools: Select Web Server: Select Click "Details" and add php-mysql plus the defaults DNS Name Server: Select FTP Server: Select MySQL Database: Select Click "Details" and add mysql-bench, mysql-server plus the defaults Development Tools: Select Click "Details" and add expect to the defaults Administration Tools: Select System Tools: Select Click "Details" and add mrtg to the defaults Click "Next" About to Install: Click "Next" Required Install Media: verify and click "Continue" Installing Packages: Click "Next" & watch the install After installation: remove your media & Click "Reboot" -------------------------------------------------------------------- 4. After reboot, login as root: -------------------------------------------------------------------- mkdir -p /usr/src/qtms-install cd /usr/src/qtms-install This example is CentOS 4.3 i386 so the qmailtoaster switch is cnt40 -------------------------------------------------------------------- 5. Prepare to Install QmailToaster: -------------------------------------------------------------------- wget http://www.qmailtoaster.com/centos/cnt40/cnt40-deps.sh sh cnt40-deps.sh wget http://www.qmailtoaster.com/centos/cnt40/cnt40-perl.sh sh cnt40-perl.sh wget http://www.qmailtoaster.com/centos/cnt40/cnt40-svcs.sh wget http://www.qmailtoaster.com/centos/cnt40/firewall.sh nano -w cnt40-svcs.sh edit MYSQLPW=your-mysql-password ctl-o and enter to save ctl-x to exit nano -w firewall.sh edit MYIP="your-IP-address" ctl-o and enter to save ctl-x to exit sh cnt40-svcs.sh === NOTE === This script turns on or off all necessary services. Then the script sets up your mysql root account, creates and grants privileges for your vpopmail mysql account, makes a symlink so your krb5 is read properly, edits your php.ini, sets inittab to start at runlevel 3, and sets up your firewall. Note: You might see some service errors while the script runs, don't worry about them. ============ Update all your packages: yum -y update REBOOT -------------------------------------------------------------------- 6. Get QmailToaster Packages: -------------------------------------------------------------------- cd /usr/src/qtms-install wget http://www.qmailtoaster.com/info/current-download-script.sh sh current-download-script.sh This script downloads all necessary packages into you current directory (should be /usr/src/qtms-install/). -------------------------------------------------------------------- 7. Install QmailToaster Packages: -------------------------------------------------------------------- wget http://www.qmailtoaster.com/centos/cnt40/cnt40-install-script.sh sh cnt40-install-script.sh Check your services: setup: Select Services See that the following services are selected: acpid anacron atd autofs cpuspeed crond djbdns freshclam haldaemon httpd iptables kudzu messagebus mysqld network ntpd qmail rawdevices smartd sshd syslog xinet Also: irqbalance (w/dual processors) xfs (w/xwindows) -------------------------------------------------------------------- 8. Add djbdns (if you don't want bind) -------------------------------------------------------------------- rpm -e --nodeps bind bind-chroot caching-nameserver rpmbuild --rebuild --with cnt40 djbdns*.src.rpm rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm echo "search your-domain.com" > /etc/resolv.conf echo "nameserver 127.0.0.1" >> /etc/resolv.conf REBOOT -------------------------------------------------------------------- 9. Setup QmailToaster: -------------------------------------------------------------------- qmailctl stat (Should look somewhat like this) [root@gateway ~]# qmailctl stat authlib: up (pid 2425) 65 seconds clamd: up (pid 2425) 65 seconds imap4: up (pid 2421) 65 seconds imap4-ssl: up (pid 2423) 65 seconds pop3: up (pid 2414) 65 seconds pop3-ssl: up (pid 2409) 65 seconds send: up (pid 2416) 65 seconds smtp: up (pid 2418) 65 seconds spamd: up (pid 2407) 65 seconds authlib/log: up (pid 2417) 65 seconds clamd/log: up (pid 2417) 65 seconds imap4/log: up (pid 2422) 65 seconds imap4-ssl/log: up (pid 2424) 65 seconds pop3/log: up (pid 2415) 65 seconds pop3-ssl/log: up (pid 2413) 65 seconds send/log: up (pid 2420) 65 seconds smtp/log: up (pid 2419) 65 seconds spamd/log: up (pid 2408) 65 seconds [root@gateway ~]# Add a domain: /home/vpopmail/bin/vadddomain your-domain.com Add a user: /home/vpopmail/bin/vadduser you@your-domain.com Edit /etc/php.ini and set register_globals = On service httpd restart Bring up your browser and go to: http://www.your-domain.com/admin-toaster/ Username: admin Password: toaster Change your password . . . Edit /etc/php.ini and set register_globals = Off service httpd restart Check your mail server: http://www.your-domain.com/webmail login with your full email address and your password Send yourself an email - should show right away Send an email to yourself if you have another address Go to your other email account and reply to the message you sent If Isoqlog doesn't show right away, do this: sh /usr/share/toaster/isoqlog/bin/cron.sh -------------------------------------------------------------------- 10. Add domainkeys: -------------------------------------------------------------------- Make dir for yourdomain.com: mkdir /var/qmail/control/domainkeys/your-domain.com Make domainkey (Remove the "\"): dknewkey /var/qmail/control/domainkeys/your-domain.com/private > \ your-domain-dk.txt chown root:qmail /var/qmail/control/domainkeys/your-domain.com/private chmod 444 /var/qmail/control/domainkeys/your-domain.com/private Make dns entry: BIND - in the your-domain.com zone file (see yourdomain-dk.txt): private._domainkey IN TXT "k=rsa; p=MEwwDQY . . . to end of key" (NOTE QUOTATION MARKS MUST BE THERE) DJBDNS - in /var/djbdns/tinydns/root/data (make from your-domain-dk.txt): '_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com 'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key Test your mailserver: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net/selectorcheck.html In squirrelmail, send a test email, select View Full Header and you should find something like the following: ----------- snip ------------ DomainKey-Status: good Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL autolearn=no version=3.1.1 Received: from unknown (HELO ns1.ndhsdns.com) (216.221.100.227) by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000 Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 216.221.100.227 as permitted sender) Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=ndhsdns.com; b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ; Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1) by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000 ----------- snip ------------ -------------------------------------------------------------------- 11. Logs for all packages except freshclam are at: -------------------------------------------------------------------- /var/log/qmail/* Freshclam is at /var/log/clamav