Building a MySQL Capable Postfix RPM

Build Environment:
CentOS 5 x86_64
Postfix 2.3.3 Sources
gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)

2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

# Get the src
1) wget http://mirror.centos.org/centos/5.3/centosplus/SRPMS/postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm

# Install the src RPM
2) rpm -i postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm

# Install some dependencies I didn’t have
3.1) yum install pcre-devel
3.2) yum install rpm-build
3.3) yum install mysql-devel.x86_64 openldap-devel.x86_64 db4-devel.x86_64
3.4) yum install gcc.x86_64

# Edit SPECS; remove postgres support
4.1) cd /usr/src/redhat/SPECS
4.2) vi postfix.spec and change “%%define PGSQL 1” to “%define PGSQL 0”
# I didn’t want Postgres support
4.3) “%define MYSQL 1” was already defined for me

# Build the new rpm
5) rpmbuild -ba postfix.spec # Ignore warnings

# Install the new rpm
6.1) cd /usr/src/redhat/RPMS
6.2) rpm -i postfix-2.3.3-2.1.centos.mysql_pgsql.x86_64.rpm

Building an RPM build environment: CentOS Wiki

Hits: 21

Spam Bashing

We finally have our spam filtering back in place at kulish.com. We’ve set it to a semi-aggressive filter where pretty much every incoming email is marked with a spam score.

We’re using the postfix+amavis+clamd+spamassassin setup.

While we’ve been doing without it for a few months (using client side stuff until I found time), I still don’t remember it working this well on the last server install.

Here’s a wopper of an email, just after the installation and testing were completed. The receiving parties and server names have been sanitized to protect the marginally innocent (**PROTECTED**).

From ***PRO@TECTED***.com Tue Feb 14 23:02:47 2006
Return-Path:
Delivered-To: spam-quarantine
X-Envelope-From:
X-Envelope-To: **PROTECTED**
X-Quarantine-Id:
Received: from lh (unknown [61.130.156.43])
by **PROTECTED** (Postfix) with SMTP id D90164B92A;
Tue, 14 Feb 2006 23:02:35 -0600 (CST)
Received: from 61.130.156.43 (HELO localhost.localdomain) (61.130.156.43)
by 61.130.156.43 with SMTP; Wed, 15 Feb 2006 07:06:05 +0200
Message-Id:

Hits: 299

Debian: Email Server Build

Another semi-how-to for my old email server build.

1. Partition harddrive:
/boot 150MB Primary hda1 bootable
/ 3000MB Logical hda5
/var 15000MB Logical hda6
/home 6000MB Logical hda7
swap 1024MB Primary hda3 end of drive
/usr Balance Logical hda8

2. Activate swap partition
3. Initialize / first, then the rest (all partitions ext3)
4. Install kernel
5. Configure network
6. Install base system via http
7. Make system bootable
a. Install lilo into the MBR
b. Put all entries into menu
8. Reboot system
9. Remove pcmcia packages
10. Cancel out of all package managers (tasksel and apt)
11. No configuration of email system (exim)
12. Edit /etc/apt/sources.list to run Sarge:
deb http://debian.mirrors.pair.com sarge main non-free contrib
deb http://ftp.uk.debian.org/debian-non-US sarge/non-US main non-free contrib
deb http://security.debian.org/ sarge/updates main contrib non-free
13. apt-get update
14. apt-get dist-upgrade (may have to run multiple times)
15. apt-get install dhcp3-server (use config in cvs)
16. apt-get install bind9 (use namedb files in cvs)
17. apt-get install apache-common (use config in cvs)
18. apt-get install postfix-tls postfix-mysql
a. Internet with smarthost
b. mail.mchsi.com (for relaying)
c. noc@tekengine.net (added to aliases)
19. Configure postfix main.cf
a. useradd virtual (same uid/gid list in main.cf)
b. mkdir /var/virtual (chmod 750, chown virtual)
c. copy virtual dir to current server
d. copy mysql* files to /etc/postfix (use files in cvs)
e. /etc/init.d/postfix restart
f. mailq to check queue status
20. apt-get install libsasl2-modules libsasl2-modules-mysql
a. configure main.cf (check cvs)
b. copy smtpd.conf to /etc/postfix/sasl (file in cvs)
21. Test connectivity
a. telnet mercury 25
b. send email using client on LAN
22. apt-get install amavisd-new clamav-daemon spamassassin
a. accept defaults
23. apt-get install courier-imap-ssl courier-authmysql courier-pop-ssl
a. edit authdaemon
b. edit authmysql
c. /etc/init.d/courier-authdaemon
24. Edit amavis conf file to desired thresholds
25. Edit master.cf and main.cf to use amavisd

conf files:
/etc/courier/authmysqlsrc
/etc/postfix/mysql*
/etc/postfix/sasl/smtpd.conf
squirrelmail config

Hits: 14892

SASL Screws Mail Admins (AGAIN)

It seems that the SASL developers are still hard at work *censored*ing things up. Well, actually, I don’t think they have to work very hard at it. It seems to come natural to them.

After upgrading the SASL libraries on my email server, SMTP authentication is refusing to work.

I found a few tidbits of information, but no fixes.

I found this email that says I have to grab a cvs snapshot. They have GOT TO BE KIDDING! Sadly, they are not. Time to replace some project managers and developers here. They obviously haven’t a clue what they are doing.

Over here, I found another clue as to what is going on. A poor email server admin trying to un*censored* the SASL team’s problems.

But for now, we wait, watch, and hope a fix is forthcoming from these bozos.

UPDATE:

Here’s the smtpd.conf I used to get the lastest (2.1.18) SASL working!

pwcheck_method: auxprop
#auxprop_plugin: mysql
sql_engine: mysql
sql_user: sqlusername
sql_passwd: sqlpassword
sql_hostnames: sqlserver
sql_database: sqldatabase
sql_statement: select password from mailbox where username = ‘%u@%r’
sql_verbose: true
mech_list: plain login

Hits: 2

qmail Toaster Recovery

Ok, here is another one that was specifically geared to my setup, but I thought it may help someone else out in a pinch. I lost the motherboard for my web/email server due to that “capacitor problem”. What follows is how I got everything back up and functional. The server consisted of Apache and qmail, plus various other odds and ends. Another item to note is that this is a FreeBSD 5.1-RELEASE system, linux admins change settings accordingly.

First, I get the basics on there so I have network connectivity and the tools I use to make everything go smoothly, not to mention there are some security issues involved.

1. install cvsup-without-gui

2. create /usr/src/sup-ports
*default host=cvsup8.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=.
# date=2003.03.25.23.00.00
*default delete use-rel-suffix
*default compress
ports-all

3. cvsup ports

4. install portsupgrade

5. install apache2

6. install mod_php4 (sockets and bcmath)

7. install bind9

8. configure DHCPd
isc-dhcp3 port

Did I forget to mention that this server was also my DHCPd server for the LAN?

9. install irssi

10. install lynx

11. install ntp

12. install openssl (overwrite_base)

13. install opensshportable (point rc.conf to new binary)

14. install screen

15. install mget

16. install zsh (it’s just my preference, thanks stibnite)

Now, we’ll get into the qmail (and vpopmail) install so I can start spooling email locally instead of letting my secondary take care of all the work. As I mentioned before, I use qmail… again, thanks stib. Some of the following items were taken verbatim from Flattie’s qmail toaster howto. I could provide a link, but thats why you have google bookmarked.

1. create users and groups for qmail and vpopmail (this may not be required when using the freebsd port but I did it before hand anyway)

mkdir /var/qmail
pw groupadd -n vchkpw -g 98
pw useradd -n vpopmail -u 98 -g 98 -c Vpopmail-Master -d /home/vpopmail -s /nonexistent (all on one line)
pw groupadd -n nofiles -g 91
pw groupadd -n qmail -g 92
pw useradd -n alias -u 91 -g 91 -d /var/qmail/alias -s /nonexistent
pw useradd -n qmaild -u 92 -g 91 -d /var/qmail -s /nonexistent
pw useradd -n qmaill -u 93 -g 91 -d /var/qmail -s /nonexistent
pw useradd -n qmailp -u 94 -g 91 -d /var/qmail -s /nonexistent
pw useradd -n qmailq -u 95 -g 92 -d /var/qmail -s /nonexistent
pw useradd -n qmailr -u 96 -g 92 -d /var/qmail -s /nonexistent
pw useradd -n qmails -u 97 -g 92 -d /var/qmail -s /nonexistent

2. make directories

mkdir /var/log/qmail
mkdir /var/log/qmail/qmail-send
mkdir /var/log/qmail/qmail-smtpd
mkdir /var/log/qmail/qmail-pop3d
chown -R qmaill.wheel /var/log/qmail
chmod -R 750 /var/log/qmail

3. cd /usr/ports/mail/qmail

make fetch
make patch
download eric johnstons smtpd-auth patch
patch according to the included INSTALL document
vi ./work/qmail*/conf-split change 23 > 199
vi ./work/qmail*/conf-spawn change 120 > 255
make install clean
echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote

4. cd /usr/ports/sysutils/daemontools
make install clean

5. cd /usr/ports/sysutils/ucspi-tcp
make install clean

6. vi /etc/tcp.smtp

127.0.0.1:allow,RELAYCLIENT=””
10.1.1.1-252:allow,RELAYCLIENT=””
:allow

/usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp &1 > /dev/null

11. cd /usr/ports/mail/autorespond
make install clean

12. install gdbm /usr/ports/databases/gdbm
make install clean

13. check for files in /var/qmail/control
(restore rcpthosts, virtualdomains, /home/vpopmail/domains and users dir)
(remember to re-chmod if necessary)
If you are actually using this document to help you do a restore and didn’t do a backup, yer fooked.

14. edit rc.conf
sendmail_enable=”NONE”

15. edit /etc/mail/mailer.conf
sendmail /var/qmail/bin/sendmail
send-mail /var/qmail/bin/sendmail

Create the file structure for daemontools to run its qmail scripts:

mkdir /service
chmod 755 /service
mkdir /var/qmail/supervise
chmod 755 /var/qmail/supervise

mkdir /var/qmail/supervise/qmail-smtpd
mkdir /var/qmail/supervise/qmail-smtpd/log
chmod +t /var/qmail/supervise/qmail-smtpd

mkdir /var/qmail/supervise/qmail-send
mkdir /var/qmail/supervise/qmail-send/log
chmod +t /var/qmail/supervise/qmail-send

mkdir /var/qmail/supervise/qmail-pop3d
mkdir /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-pop3d

ln -s /var/qmail/supervise/* /service/

ls -la /service/

OUTPUT:
lrwx—— 1 root wheel 32 Jan 01 00:00 qmail-pop3d@ -> /var/qmail/supervise/qmail-pop3d
lrwx—— 1 root wheel 31 Sep 01 00:00 qmail-send@ -> /var/qmail/supervise/qmail-send
lrwx—— 1 root wheel 32 Sep 01 00:00 qmail-smtpd@ -> /var/qmail/supervise/qmail-smtpd

SUPERVISION SCRIPTS

Create the supervision scripts that keep everything from dying.

1. vi /var/qmail/rc

#!/bin/sh
env env – PATH=”/var/qmail/bin:/usr/local/bin” \
qmail-start ./Maildir/

chmod 700 /var/qmail/rc

2. vi /var/qmail/supervise/qmail-pop3d/run

#!/bin/sh
exec /usr/local/bin/tcpserver -H -R -v -c100 0 110 /var/qmail/bin/qmail-popup mail-host1.domain.org \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1

chmod 755 /var/qmail/supervise/qmail-pop3d/run

3. vi /var/qmail/supervise/qmail-pop3d/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1

chmod 755 /var/qmail/supervise/qmail-pop3d/log
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run

4. vi /var/qmail/supervise/qmail-smtpd/run

#!/bin/sh
exec /usr/local/bin/tcpserver -p -R -x /etc/tcp.smtp.cdb -u92 -g91 -v -c100 0 smtp rblsmtpd /var/qmail/bin/qmail-smtpd 2>&1

chmod 755 /var/qmail/supervise/qmail-smtpd/run

5. vi /var/qmail/supervise/qmail-smtpd/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1

chmod 755 /var/qmail/supervise/qmail-smtpd/log
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run

6. vi /var/qmail/supervise/qmail-send/run

#!/bin/sh
exec /var/qmail/rc

chmod 755 /var/qmail/supervise/qmail-send/run

7. vi /var/qmail/supervise/qmail-send/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1

chmod 755 /var/qmail/supervise/qmail-send/log
chmod 755 /var/qmail/supervise/qmail-send/log/run

QMAIL RC SCRIPT

Create the qmail rc script if its not already present due to the port install

1. vi /usr/local/etc/rc.d/qmail

#!/bin/sh
case “$1” in
start)
echo -n “Starting qmail: svscan”
if cd /var/qmail/supervise; then
env – PATH=”/var/qmail/bin:/usr/local/bin:/usr/bin:/bin” svscan &
echo $! > /var/run/svscan.pid
fi
echo “.”
;;
stop)
echo -n “Stopping qmail: svscan”
kill `cat /var/run/svscan.pid`
echo -n ” qmail”
svc -dx /var/qmail/supervise/*
echo -n ” logging”
svc -dx /var/qmail/supervise/*/log
echo “.”
;;
stat)
cd /var/qmail/supervise
svstat * */log
;;
doqueue|alrm)
echo “Sending ALRM signal to qmail-send.”
svc -a /var/qmail/supervise/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo “Sending HUP signal to qmail-send.”
svc -h /var/qmail/supervise/qmail-send
echo “Sending HUP signal to qmail-pop3d.”
svc -h /var/qmail/supervise/qmail-pop3d
;;
pause)
echo “Pausing qmail-send”
svc -p /var/qmail/supervise/qmail-send
echo “Pausing qmail-smtpd”
svc -p /var/qmail/supervise/qmail-smtpd
echo “Pausing qmail-pop3d”
svc -p /var/qmail/supervise/qmail-pop3d
;;
cont)
echo “Continuing qmail-send”
svc -c /var/qmail/supervise/qmail-send
echo “Continuing qmail-smtpd”
svc -c /var/qmail/supervise/qmail-smtpd
echo “Continuing qmail-pop3d”
svc -c /var/qmail/supervise/qmail-pop3d
;;
restart)
echo “Restarting qmail:”
echo “* Stopping qmail-smtpd.”
svc -d /var/qmail/supervise/qmail-smtpd
echo “* Sending qmail-send SIGTERM and restarting.”
svc -t /var/qmail/supervise/qmail-send
echo “* Restarting qmail-smtpd.”
svc -u /var/qmail/supervise/qmail-smtpd
echo “* Sending qmail-pop3d SIGTERM and restarting.”
svc -t /var/qmail/supervise/qmail-pop3d
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp &1 > /dev/null

That should do it.

I’m sure I missed a few steps or software installs in there somewhere. If I did, don’t come crying to me, that’s what your mamma is for. After you’re done crying, feel free to drop me a line and tell me what I missed, thanks.

Hits: 18