Guide updated on 29th of February 2016

Install qmail, ucspi-tcp and ucspi-ssl


Here we are ! We 'll proceed with core install !

We 'll use the source package for Qmail itself written by Dan Bernstein. While Qmail is available as Debian source package, it ends up being installed with parts of it in very different places which would render much of the available documentation invalid. Thus, we�re going to stick with the source package instead. It�s a little old by itself but we�re going to supercharge it with John Simpson�s combined patch set shortly.

FYI: A very good visual representation of how Qmail works can be found in �The Big Qmail Picture�

Extract the sources

cd /usr/src/qmail
tar -zxvf /downloads/qmail-1.03.tar.gz

Qmail

Patch it with John M. Simpson's combined patches (includes every patch which is part of netqmail-1.05 ... but also some others as you can see in the details section!)

cd /usr/src/qmail/qmail-1.03
patch < /downloads/patches/qmail-1.03-jms1-7.10.patch

Compile it

make man
make setup check

Make the man pages and config files available like the usual Debian way

echo 'MANDATORY_MANPATH /var/qmail/man' >> /etc/manpath.config
ln -s /var/qmail/control /etc/qmail

Now let's generate a secure certificate that will be used to encrypt your server's TLS encrypted SMTP sessions...

OPTIONAL : Even if you plan to use an officially signed certificate, please do the following and DO NOT use make cert here. You'll have the opportunity to use the same signed certificate for both TLS and courier at this step

sed -i 's/-days 366/-days 3650/' Makefile
make cert

Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Brussels
Locality Name (eg, city) []:Brussels
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company name
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:Your FQDN server
Email Address []:Your e-mail adress

Adapt certificate permissions

cd /var/qmail/control
chmod 640 servercert.pem
chown vpopmail:vchkpw servercert.pem
rm clientcert.pem
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod 640 clientcert.pem

UCSPI-TCP and UCSPI-SSL

UCSPI-TCP (aka tcpserver) is a client/server program that manages TCP connections (like inetd or xinetd but this one has really useful features to work in combinaison with Qmail).

For more information on it, its home page is located here: http://cr.yp.to/ucspi-tcp.html

UCSPI-TCP has already been installed with a Debian package (here) but the SSL version has to be installed manually (it's not in the repository for licensing reason)

mkdir /packages
chmod 1755 /packages
cd /tmp
tar -zxvf /downloads/ucspi-ssl-0.95a.tgz

mv /tmp/host/superscript.com/net/ucspi-ssl-0.95a/ /packages
cd /packages/ucspi-ssl-0.95a/
rm -rf /tmp/host/

sed -i 's/local\///' /packages/ucspi-ssl-0.95a/src/conf-tcpbin
sed -i 's/usr\/local/etc/' /packages/ucspi-ssl-0.95a/src/conf-cadir
sed -i 's/usr\/local\/ssl\/pem/etc\/ssl/' /packages/ucspi-ssl-0.95a/src/conf-dhfile

openssl dhparam -check -text -5 1024 -out /etc/ssl/dh1024.pem (It takes long)

package/compile

package/install
package/man

Install Ezmlm-idx


Users comments