qmail + vpopmail + smtp auth + chkuser via dotdeb packages

Hi there,

qmail has been the MTA of choice for years now and I have to say it worked really great for me. Just after I got involved with postfix myself became quite unhappy with the current qmail setup because of various reasons and I wanted to improve the production system.

So here we are, qmail+smtp auth+vpopmail running but there is one thing that is quite annoying: while accepting emails, qmail is checking if the domain is correct/local but it does not check if the user really exists. So what happens on our MTA is that we have a load of deliveries which need to be bounced since once you have accepted the email and its not deliverable your MTA has to tell that to the source MTA (technically - RFC and of course legal obilagtions too) and here the problem comes: since we have spammers they will just try to deliver by a list of addresses and your MTA will become more and more busy. So either we delete such emails which can be done via .qmail-default file and vdelivermail, but that´s bad in two ways: we are breaking RFCs and of course that might bring up legal problems.

To solve this, we need to reject such emails and for that, we have to patch qmail a bit :)

prerequirements:

a working qmail setup, with vpopmail via the deb packages from dotdeb.org

(Since to keep it easy, we will just replace the qmail-smtpd file - nothing else.)


for that to happen we start with the netqmail packages which has most patches we need, like qmailqueue, etc. (http://www.qmail.org/netqmail/)

 

  • mkdir /usr/src/qmail
  • cd /usr/src/qmail
  • wget "http://www.qmail.org/netqmail-1.05.tar.gz"

so now we need to setup our enviroment so we can begin compiling

  • vi /etc/apt/sources.list
    (add this entry: deb-src http://packages.dotdeb.org stable all)
  • apt-get install build-essential
  • apt-get install libvpopmail-dev libssl-dev vpopmail-bin
  • apt-get build-dep qmail

now lets get back to netqmail

  • tar -zxf netqmail-1.05.tar.gz
  • cd /usr/src/qmail/netqmail-1.05
  • ./collate.sh
    should give output like this:

    [1] Extracting qmail-1.03...
    tar: Read 1024 bytes from -
    [2] Patching qmail-1.03 into netqmail-1.05. Look for errors below:
    24
    [4] The previous line should say 24 if you used GNU patch.
    [5] Renaming qmail-1.03 to netqmail-1.05...
    [6] Continue installing qmail using the instructions found at:
    [7] http://www.lifewithqmail.org/lwq.html#installation

here comes the very tricky part: the smtp-auth-tls and the chkuser patch colide with each other, so you can now grab both of them (http://shupp.org/smtp-auth-tls/ and http://www.interazioni.it/opensource/chkuser/) and fix the collisiions yourself or you can grab the patch attached to this article and be done with it.

  • addgroup nofiles
    (otherwise qmail won´t compile, but can be removed after compiling, since the dotdeb setup already created user/groups for that)
  • wget "http://kb.gosi.at/attachments/qmailpatch"
  • cd netqmail-1.05
  • cat ../qmailpatch | patch
    should give output like this:

    patching file base64.c
    patching file base64.h
    patching file case_startb.c
    patching file CHKUSER.automatic_patching
    patching file chkuser.c
    patching file CHKUSER.changelog
    patching file CHKUSER.copyright
    patching file chkuser.h
    patching file CHKUSER.log_format
    patching file CHKUSER.manual_patching
    patching file CHKUSER.readme
    patching file CHKUSER.running
    patching file chkuser_settings.h
    patching file conf-cc
    patching file conf-cc.orig
    patching file conf-ld
    patching file dns.c
    patching file FILES.auth
    patching file hier.c
    patching file install_auth.sh
    patching file ipalloc.h
    patching file Makefile
    patching file Makefile-cert.mk
    patching file Makefile.orig
    patching file Makefile.rej
    patching file qmail-control.9
    patching file qmail-remote.8
    patching file qmail-remote.c
    patching file qmail-smtpd.8
    patching file qmail-smtpd.c
    patching file qmail-smtpd.c.orig
    patching file README.auth
    patching file ssl_timeoutio.c
    patching file ssl_timeoutio.h
    patching file TARGETS
    patching file TARGETS.orig
    patching file tls.c
    patching file tls.h
    patching file update_tmprsadh.sh

    ( we have added smtp-auth-tls and chkuser patch - of course, fixed all the collisions )
  • make

    should give loads of output and should not end with an or more error message(s), something like this should appear:

    chmod 755 binm3+df
    chmod 755 update_tmprsadh
  • /etc/init.d/qmail stop
  • sleep 10;killall qmail-smtpd
  • mv qmail-smtpd /usr/sbin
  • chown root.qmail /usr/sbin/qmail-smtpd
  • vi /etc/init.d/qmail

    change the line:
    -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp
    to:
    -u `id -u vpopmail` -g `id -g vpopmail` -x /etc/tcp.smtp.cdb 0 smtp
  • /etc/init.d/qmail start

well we are done already (took me some hours to put the patch together, but it was fun), check if your standard things work, like accepting emails, smtp auth and of course if now the chkuser thing works correctly.

enjoy .. if you have troubles, contact us, we are going to help you as much as we can.

You can comment on this FAQ

Gravatar
Oban Lambie (16-08-2010 20:07)
Thank you so much for this combined patch. I was having a heck of a show moretime compiling netqmail with the tls-smtpauth and chkuser patches and this saved me hours of continued grief.<br /><br /> <br /><br /> THIS is why the internet is fantastically great.<br /><br /> <br /><br /> ~ Oban Lambie<br /><br /> Systems Administrator<br /><br /> Brownrice Internet, Inc.