-------------------------------------------------------------------- EZ QmailToaster Fresh Install on CentOS 4.3 Nick Hemmesch -------------------------------------------------------------------- Corrected November 1, 2005 by Brent Dacus Updated May 23, 2006 by Nick Test machine: ASUS Pundit, 2.6ghz celeron, 512mb ram, 60gig IDE drive, and a dvd burner for mondorescue backups. -------------------------------------------------------------------- Build QmailToaster with, or without, GUI Support -------------------------------------------------------------------- This tutorial is for CentOS 4 (cnt40), you can use it for any distro by substituting your supported distro in place of CentOS 4, such as: Fedora Core 4 (fdr40), SuSE 10.1 (sus101), Mandriva 2006 (mdk103) . . . -------------------------------------------------------------------- 1. Download CentOS 4 CD iso's 1 thru 4, or the DVD iso. -------------------------------------------------------------------- Burn iso's to CD, or DVD if you downloded a DVD iso -------------------------------------------------------------------- 2. Use the install option, Custom -------------------------------------------------------------------- Disk partitioning: (120gig) /home gets 80 gig and / gets the rest. SELinux: disabled -------------------------------------------------------------------- 3. Packages, select only the following groups: -------------------------------------------------------------------- X Windows (With GUI support) KDE - unselect graphics, artwork, pim (With GUI support) Graphical Internet - select only Firefox and Thunderbird (With GUI support) Sound & Video: select only cdrecord, dvd-rw-tools, and mkisofs (With GUI support, also select k3b) Server Configuration Tools Web Server: add php-mysql to the defaults DNS Name Server FTP Server MySQL Database: add mysql-bench, mysql-server to the defaults Development Tools: add expect to the defaults Compatibility Arch Development Support: Administration Tools: System Tools: add mrtg to the defaults -------------------------------------------------------------------- 4. After the package installation: -------------------------------------------------------------------- mkdir /usr/src/qtms-install cd /usr/src/qtms-install wget http://www.qmailtoaster.com/centos/cnt40/cnt40-perl.sh sh cnt40-perl.sh wget http://www.qmailtoaster.com/centos/cnt40/cnt40-deps.sh sh cnt40-deps.sh (this will take a while) After cnt40-deps.sh is finished: yum -y update (this will take a while too) REBOOT -------------------------------------------------------------------- 5. Prepare to Install QmailToaster: -------------------------------------------------------------------- cd /usr/src/qtms-install/ wget http://www.qmailtoaster.com/centos/cnt40/cnt40-svcs.sh wget http://www.qmailtoaster.com/centos/cnt40/firewall.sh nano -w cnt40-svcs.sh edit MYSQLPW=your-mysql-password ctl-o and enter to save ctl-x to exit nano -w firewall.sh edit MYIP="your-IP-address" ctl-o and enter to save ctl-x to exit sh cnt40-svcs.sh This script turns on or off all necessary services. Then the script sets up your mysql root account, creates and grants privileges for your vpopmail mysql account, makes a symlink so your krb5 is read properly, edits your php.ini, sets inittab to start at runlevel 3, and sets up your firewall. Note: You might see some service errors while the script runs, don't worry about them. -------------------------------------------------------------------- 6. Get QmailToaster Packages: -------------------------------------------------------------------- wget http://www.qmailtoaster.com/info/current-download-script.sh sh current-dowmload-script.sh This script downloads all necessary packages into you current directory (should be /usr/src/qtms-install/). -------------------------------------------------------------------- 7. Install QmailToaster Packages: -------------------------------------------------------------------- wget http://www.qmailtoaster.com/centos/cnt40/cnt40-install-script.sh sh cnt40-install-script.sh This script installs the latest zlib and the qmailtoaster packages (This will take quite a while) -------------------------------------------------------------------- 8. Make a self signed certificate: -------------------------------------------------------------------- cd /usr/share/ssl/certs/ Note - if Fedora Core: cd /etc/pki/tls/certs/ make stunnel.pem Note: common name should be your FQDN server.your-domain.com mv stunnel.pem /var/qmail/control/servercert.pem chown root:qmail /var/qmail/control/servercert.pem chmod 644 /var/qmail/control/servercert.pem /ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem -------------------------------------------------------------------- 9. Add djbdns (if you don't want bind) -------------------------------------------------------------------- rpm -e bind caching-nameserver rpmbuild --rebuild djbdns*.src.rpm rpm -Uvh ../redhat/RPMS/i386/djbdns-localcache*.rpm echo "nameserver 127.0.0.1" > /etc/resolv.conf REBOOT -------------------------------------------------------------------- 10. Setup QmailToaster: -------------------------------------------------------------------- qmailctl stat (Should look somewhat like this) [root@gateway ~]# qmailctl stat clamd: up (pid 2425) 65 seconds imap4: up (pid 2421) 65 seconds imap4-ssl: up (pid 2423) 65 seconds pop3: up (pid 2414) 65 seconds pop3-ssl: up (pid 2409) 65 seconds send: up (pid 2416) 65 seconds smtp: up (pid 2418) 65 seconds spamd: up (pid 2407) 65 seconds clamd/log: up (pid 2417) 65 seconds imap4/log: up (pid 2422) 65 seconds imap4-ssl/log: up (pid 2424) 65 seconds pop3/log: up (pid 2415) 65 seconds pop3-ssl/log: up (pid 2413) 65 seconds send/log: up (pid 2420) 65 seconds smtp/log: up (pid 2419) 65 seconds spamd/log: up (pid 2408) 65 seconds [root@gateway ~]# Add a domain: /home/vpopmail/bin/vadddomain your-domain.com Add a user: /home/vpopmail/bin/vadduser you@your-domain.com Bring up your browser and go to: http://www.your-domain.com/admin-toaster/ Username: admin Password: toaster Change your password . . . If you do not have a specific reason to have register_globals = On: Edit /etc/php.ini to set register_globals = Off Restart httpd Check your mail server: http://www.your-domain.com/webmail login with your full email address and your password Send yourself an email - should show right away Send an email to yourself if you have another address Go to your other email account and reply to the message you sent If Isoqlog doesn't show right away, do this: sh /usr/share/toaster/isoqlog/bin/cron.sh -------------------------------------------------------------------- 10. Add domainkeys: -------------------------------------------------------------------- Make dir for yourdomain.com: mkdir /var/qmail/control/domainkeys/your-domain.com Make domainkey: dknewkey /var/qmail/control/domainkeys/your-domain.com/private > your-domain-dk.txt chown root:qmail /var/qmail/control/domainkeys/your-domain.com/private chmod 444 /var/qmail/control/domainkeys/your-domain.com/private Make dns entry: BIND - in the your-domain.com zone file (see yourdomain-dk.txt): private._domainkey IN TXT "k=rsa; p=MEwwDQY . . . to end of key" (NOTE QUOTATION MARKS MUST BE THERE) DJBDNS - in /var/djbdns/tinydns/root/data (make from your-domain-dk.txt): '_domainkey.your-domain.com:o=-; r=postmaster@your-domain.com 'private._domainkey.your-domain.com:k=rsa; p=MEwwDQY . . . to end of key Test your mailserver: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net/selectorcheck.html In squirrelmail, select a test email, select View Full Header and you should find something like the following: ----------- snip ------------ DomainKey-Status: good Received: by simscan 1.2.0 ppid: 22641, pid: 22644, t: 0.8416s scanners: clamav: 0.88.2/m:38/d:1476 spam: 3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ndh1.whatgives.org X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=FROM_DOMAIN_NOVOWEL autolearn=no version=3.1.1 Received: from unknown (HELO ns1.ndhsdns.com) (216.221.100.227) by ndh1.whatgives.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 May 2006 20:03:36 -0000 Received-SPF: pass (ndh1.whatgives.org: SPF record at ndhsdns.com designates 216.221.100.227 as permitted sender) Received: (qmail 28034 invoked by uid 89); 22 May 2006 20:03:36 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=ndhsdns.com; b=XVKQZe446BXMnSoQKvgchf0DRx4v8YQYZn5KVLj5O8XYf7V1dX7ETaJ1VGWGp5Bf ; Received: from unknown (HELO www.ndhsdns.com) (127.0.0.1) by ns1.ndhsdns.com with SMTP; 22 May 2006 20:03:36 -0000 ----------- snip ------------ -------------------------------------------------------------------- 11. Logs for all packages except freshclam are at: -------------------------------------------------------------------- /var/log/qmail/* Freshclam is at /var/log/clamav