IndiMail has ability to configure various limits for a domain using the vlimit(1) program. You can set password expiry, default quota, allow only POP3 access and even have an expiry date for the domain.One useful feature of setting domain limits is
... [More]
setting the default quota when adding users using the vaddduser(1) command.To turn on domain limits for a domain, you need to run the vmodddomain(1) program% /var/indimail/bin/vmoddomain -l 1 example.comThe compile time default for quota is 5 Mb which may not be what you want. If you want 50 Mb of quota to be assigned by default when adding users, here is what you need to do% sudo /var/indimail/bin/vlimit -q 50000000 example.com% sudo /var/indimail/bin/vadduser [email protected] passname : [email protected] : $1$O9bi66Kf$chrSBpdPDFZh49XrgpUSt0 (MD5)uid : 1gid : 0 -all services availablegecos : user01dir : /home/mail/T2Zsym/example.com/user01quota : 50000000 [47.68 Mb] <============ 50 Mb Quota =========curr quota : 0S,0CMail Store IP : 192.168.1.100 (Clustered - local)Mail Store ID : 1000Sql Database : localhost:indimail:xxxxxxxxTable Name : indimailRelay Allowed : NODays inact : 0 days 00 Hrs 50 Mins 56 SecsAdded On : ( 127.0.0.1) Sun Apr 11 11:24:08 2010last auth : Not yet logged inlast IMAP : Not yet logged inlast POP3 : Not yet logged inPassChange : Not yet ChangedInact Date : Not yet InactivatedActiv Date : ( 127.0.0.1) Sun Apr 11 11:24:08 2010Delivery Time : No Mails Delivered yet / Per Day Limit not configuredNOTE: vlimit(1) program is vmoddolimits(1) in indimail-1.7.2 and earlier [Less]
|
QMQP is faster than SMTP. You can use QMQP to send mails from your relay servers to a server running QMQP service. The QMQP service can deliver mails to your local mailboxes or/and relay mails to the outside world.Client SetupQMQP provides a
... [More]
centralized mail queue within a cluster of hosts. QMQP clients do not require local queue for queueing messages. For a minimal QMQP client installation, you need to have the followingforward, qmail-inject, sendmail, predate, datemail, mailsubj, qmail-showctl, maildirmake, maildir2mbox, maildirwatch, qail, elq, and pinq in /var/indimail/bin;All files in /var/indimail/lib;a symbolic link to qmail-qmqpc from /var/indimail/bin/qmail-queue; symbolic links to /var/indimail/bin/sendmail from /usr/sbin/sendmail and /usr/lib/sendmail; all the manual pages in /var/indimail/man;a list of IP addresses of QMQP servers, one per line, in /var/indimail/control/qmqpservers;a copy of /var/indimail/control/me, /var/indimail/control/defaultdomain, and /var/indimail/control/plusdomain from your central server, so that qmail-inject uses appropriate host names in outgoing mail; and this host's name in /var/indimail/control/idhost, so that qmail-inject generates Message-ID without any risk of collision. Everything can be shared across hosts except for /var/indimail/control/idhost. Remember that users won't be able to send mail if all the QMQP servers are down. Most sites have two or three independent QMQP servers. Note that users can still use all the qmail-inject environment variables to control the appearance of their outgoing messages.If you want to setup a SMTP service, it might be easier to install the entire IndiMail package and remove the services qmail-send.25, indisrvr.4000, proxy-imap*, proxy-pop3*, qmail-imap*, qmail-pop3*, qmail-qm*. You can use svctool to remove the service e.g.% sudo /var/indimail/sbin/svctool --rmsvc qmail-send.25In case the mails generated by the client is to be relayed to the outside world, you should set the SMTP service and have /usr/sbin/sendmail, /usr/lib/sendmail linked to /var/indimail/bin/sendmail.sh. This is to ensure that tasks like virus scanning, dk, dkim signing happen at the client end. You can also choose not to have these tasks done at the client end, but rather have it carried out by the QMQP service.QMQP ServiceIndiMail runs a QMQP service which handles incoming QMQP connections on port 628 using tcpserver. It uses multilog to store log messages under /var/log/indimail/qmqpd.628If you have installed IndiMail using the RPM, QMQP service is installed by default. However, you need to enable it.% sudo /bin/rm /service/qmail-qmqpd.628/down% sudo /var/indimail/bin/svc -u /service/qmail-qmqpd.628If you have installed IndiMail using the source, you may create the QMQP service using the following command% sudo /var/indimail/sbin/svctool --qmqp=628 --servicedir=/service \ --qbase=/var/indimail/queue --qcount=5 --qstart=1 \ --cntrldir=control --localip=0 --maxdaemons=75 --maxperip=25 \ --fsync --syncdir --memory=104857600 --min-free=52428800The above command will create a supervised service which runs qmail-qmqpd under tcpserver. In case you are setting up this service to relay mails to outside world, you might want to also specify --dkfilter, --qhpsi, --virus-filter, etc arguments to svctool(8) so that tasks like virus scanning, dk, domainkey signing, etc is done by the QMQP service.A QMQP server shouldn't even have to glance at incoming messages; its only job is to queue them for qmail-send(8). Hence you should allow access to QMQP service only from your authorized clients. You can edit the file /var/indimail/etc/tcp.qmqp to grant specific access to clients. If you make changes to tcp.qmqp, don't forget to run the qmailctl command% sudo /var/indimail/bin/qmailctl cdbNote: Some of the tasks like virus/spam filtering, dk, dkim signing, etc can be done either by the client (if QMAILQUEUE=/var/indimail/bin/qmail-multi), or can be performed by QMQP service if QMAILQUEUE is defined as qmail-multi in the service's variable directory. [Less]
|
IndiMail has a feature called CHECKRECIPIENT which allows indimail to check at SMTP, if the recipient to whom the mail is being addressed exists. It is always better to reject such users at SMTP rather than later during the actual delivery to the
... [More]
mailbox. Due to spam, in most of the cases, the Return Path will be forged or undeliverable. Hence you will be left with a condition where plenty of bounces will be left on your system, impacting the performance of your messaging system.CHECKRECIPIENT can be also be used to reject mails for inactive users, overquota users and users who do not have the privilege to receive mails. CHECKRECIPIENT can be enabled by setting the environment variable CHECKRECIPIENT to one of the following valuesReject the user if not present in IndiMail's MySQL databaseReject the user if not present in IndiMail's MySQL database and recipients.cdbReject user if not present in recipients.cdbYou can selectively turn on CHECKRECIPIENT for selective domains by including those domains in the control file /var/indimail/control/chkrcptdomains.If the environment variable MAX_RCPT_ERRCOUNT is set qmail-smtpd will reject an email if in a SMTP session, the number of such recipients who do not exist, exceed MAX_RCPT_ERRCOUNT.CHECKRECIPIENT also causes the RCPT TO command to be delayed by 5 seconds for every non-existent recipient, to make harvesting of email addresses difficult.If you do not have large number of users% su# echo 1 > /service/qmail-smtpd.25/variables/CHECKRECIPIENT# /var/indimail/bin/svc -d /service/qmail-smtpd.25# /var/indimail/bin/svc -u /service/qmail-smtpd.25# exit% [Less]
|
A large fraction of today’s emails is infected by a virus or a worm. It is necessary to recognize those malicious emails as soon as possible already in the DATA phase of the SMTP conversation and to reject them.When you use IndiMail, it is ultimately
... [More]
qmail-queue which is responsible for queueing your messages. qmail-queue stores the message component of queued mails (captured duing DATA phase of the SMTP conversation) under the mess subdirectory.Files under the mess subdirectory are named after their i-node number. Let us look at a typical log sequence for a message received on the local system.@400000004b9da2f03b424bb4 new msg 660188@400000004b9da2f03b426324 info msg 660188: bytes 2794 from [email protected] qp 3223 uid 555@400000004b9da2f03b42c0e4 starting delivery 6: msg 660188 to local [email protected]@400000004b9da2f03b42dc3c status: local 1/10 remote 0/20@400000004b9da2f106a1e234 delivery 6: success: did_1 0 0/@400000004b9da2f1091e676c status: local 0/10 remote 0/20@400000004b9da2f1091fa3d4 end msg 660188The above lines indicates that qmail has received a new message, and its queue ID is 660188. What this means is that is qmail-queue has created a file named /var/qmail/queue/mess/NN/660188. The i-node number of the file is 660188. This is the queue file that contains the message. The queue ID is guaranteed to be unique as long as the message remains in the queue (you can't have two files with the same i-node in a filesystem).To perform virus scanning, it would be trivial to do virus scanning on the mess file above, in qmail-queue itself and that is what IndiMail does by using a feature called Qmail High Performance Virus Scanner (QHPSI). QHPSI was conceptualized by Erwin Hoffman. You can read here for more details.IndiMail takes QHPSI forward by adding ability to add plugins.The QHPSI extension for qmail-queue allows to call an arbitary virus scanner directly, scanning the incoming data-stream on STDIN or it allows plugins to be loaded from the /var/indimail/plugins directory. This directory can be changed by defining PLUGINDIR environment variable. QHPSI can be advised to pass multiple arguments to the virus scanner for customization. To run external scanner or load scanner plugins, qmail-queue calls qhpsi, a program setuid to qscand. By default, qhpsi looks for the symbol virusscan to invoke the scanner. The symbol can be changed by setting the environment variable QUEUE_PLUGIN to the desired symbol.Today’s virus scanner -- in particluar Clam AV -- work in resource efficient client/server mode (clamd/clamdscan) and include the feature to detect virii/worms in the base64 encoded data stream. Thus, there is no necessity to call additional programs (like reformime or ripmime) except for the virus scanner itself.To enable virus scanning in IndiMail during the SMTP data phase, you can implement either of the two methods below1. Using tcprulesDefine QHPSI in tcp.smtp and rebuild tcp.smtp.cdb using tcprules.:allow,QHPSI=’/var/indimail/bin/clamdscan %s --quiet --no-summary’ 2. Using envdir for SMTP service under supervise(8)Define QHPSI in SMTP service's variable directory# echo /var/indimail/bin/clamdscan %s --quiet --no-summary> /service/qmail-smtpd.25/variables/QHPSIIf you have installed IndiMail using RPM available here or here, QHPSI is enabled by default by defining it in the qmail-smtpd.25 variables directory. The rpm installation also installs two services under supervise.freshclam - service to update the clamd virus databasesclamd - service to run the clamd scanner% tail -f /var/log/indimail/freshclam/current@400000004b9da034170f6394 cdiff_apply: Parsed 17 lines and executed 17 commands@400000004b9da03417103e54 Retrieving http://database.clamav.net/daily-10574.cdiff@400000004b9da0342261b83c Trying to download http://database.clamav.net/daily-10574.cdiff (IP: 130.59.10.36)Downloading daily-10574.cdiff [100%]g daily-10574.cdiff [ 13%]@400000004b9da03509c39c64 cdiff_apply: Parsed 436 lines and executed 436 commands@400000004b9da03510c3485c daily.cld updated (version: 10574, sigs: 24611, f-level: 44, builder: ccordes)@400000004b9da03510c4d2e4 bytecode.cvd version from DNS: 2@400000004b9da03510c4de9c bytecode.cvd is up to date (version: 2, sigs: 2, f-level: 44, builder: nervous)@400000004b9da03510c82e44 Database updated (729340 signatures) from database.clamav.net (IP: 130.59.10.36)% cat /var/log/indimail/clamd/current@400000004b9da0260d6c1a94 Limits: Global size limit set to 104857600 bytes.@400000004b9da0260d6c264c Limits: File size limit set to 26214400 bytes.@400000004b9da0260d6c3204 Limits: Recursion level limit set to 16.@400000004b9da0260d6c3dbc Limits: Files limit set to 10000.@400000004b9da0260d6c4974 Archive support enabled.@400000004b9da0260d6c5144 Algorithmic detection enabled.@400000004b9da0260d6c5cfc Portable Executable support enabled.@400000004b9da0260d6c68b4 ELF support enabled.@400000004b9da0260d6c7084 Detection of broken executables enabled.@400000004b9da0260e7abfbc Mail files support enabled.@400000004b9da0260e7acb74 OLE2 support enabled.@400000004b9da0260e7ad344 PDF support enabled.@400000004b9da0260e7adefc HTML support enabled.@400000004b9da0260e7ae6cc Self checking every 600 seconds.@400000004b9da2a3116a177c No stats for Database check - forcing reload@400000004b9da2a3206deb04 Reading databases from /var/indimail/share/clamd@400000004b9da2a70489facc Database correctly reloaded (728651 signatures)@400000004b9da2a7061e372c /var/indimail/queue/queue2/mess/16/660188: OKIf you implement different method than explained above, let me know. [Less]
|
IndiMail supports three AUTH methods. LOGIN, PLAIN and CRAM-MD5. Most email clients like thunderbird, outlook, outlook express, evolution support these methods. These methods are provided using checkpassword compatible modules vchkpass(8) and
... [More]
pam-checkpwd(8)To understand how these methods work is to use telnet and the base64 encoding/decoding utility /var/indimail/bin/base64For illustration purpose, let's say we have a user '[email protected]' with the password 'pass'1. AUTH LOGIN% echo [email protected] | /var/indimail/bin/base64 -icG9zdG1hc3RlckBleGFtcGxlLmNvbQ==% echo pass | /var/indimail/bin/base64 -icGFzcw==% telent 0 smtp220 Laptop (NO UCE) ESMTP IndiMail 1.28 21 Jun 2003 22:35:24 0530auth login334 VXNlcm5hbWU6cG9zdG1hc3RlckBleGFtcGxlLmNvbQ==334 UGFzc3dvcmQ6cGFzcw==235 ok, go ahead (#2.0.0)2. AUTH PLAIN% printf "\[email protected]\0pass" | /var/indimail/bin/base64AHBvc3RtYXN0ZXJAZXhhbXBsZS5jb20AcGFzcw==% telnet 0 smtpTrying 0.0.0.0...Connected to 0.Escape character is '^]'.220 Laptop (NO UCE) ESMTP IndiMail 1.28 21 Jun 2003 23:08:33 0530auth plain AHBvc3RtYXN0ZXJAZXhhbXBsZS5jb20AcGFzcw==235 ok, go ahead (#2.0.0)3. AUTH CRAM-MD5The CRAM-MD5 is a challenge-response method where the password is not sent over the network. It is expected that the password is stored in the clear in IndiMail's backend database MySQL.% sudo /var/indimail/bin/vpasswd [email protected] -e passNext step is to write a script named cram-md5% cat > cram-md5 <<>" sys.exit(1)str=cram_md5_response(sys.argv[1], sys.argv[2], sys.argv[3]);print "%s" %strEOF% sudo chmod x ./cram-md5Now when you do (see below) auth cram-md5, the server will issue a challengee.g. in the below example, the challenge isPDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==if you decode this, i.e.% echo PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg== | base64 -d<[email protected]>The response for the challenge can be generated using the cram-md5 shell script which we created above. i.e.% ./cram-md5 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ==% telnet 0 smtpTrying 0.0.0.0...Connected to 0.Escape character is '^]'.220 indimail.org (NO UCE) ESMTP IndiMail 1.137 3 Mar 2010 08:28:17 0530auth cram-md5334 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ==235 ok, go ahead (#2.0.0)Please do take a look at Erwin Hoffman's excellent tutorial on the same subject athttp://www.fehcom.de/qmail/smtpauth.html [Less]
|
|
|
In my experience of setting up mail servers in the corporate world, often it is required that users be added to external databases which could be part of some strange enterprise applications. It could be as simple as adding users to your ldap server
... [More]
when creating a mailbox on IndiMail. Sometimes it could be as bad as adding users to ADS (ugh).IndiMail (release 1.6.9 onwards) provides you a hook to execute any program after successful completion of the programs vadddomain, vdeldomain, vadduser and vdeluser, vrenamedomain, vrenameuser, vmovuser, vpasswd.A hook can be defined by creating a script or an executable in /var/indimail/libexec with the name of the program being executed. e.g. if you create a script named vadduser in the directory /var/indimail/libexec, the script will get executed whenever the program vadduser is used to add a user to indimail. The execution happens only if the program completes successfully. Depending on what you need to do, you can customize the scripts in a jiffy.The hook script name can be overriden by setting the POST_HOOK environment variable.See the man pages of vadddomain, vdeldomain, vadduser, vdeluser for more details.Let me know if you create an interesting script. [Less]
|
You can now configure MRTG Graphs to show statistics for IndiMail with the upcoming IndiMail 1.6.5 release. You need to have mrtg installed on your system. If you do not have mrtg, you can execute yum.% sudo yum install mrtgYou need to execute the
... [More]
following steps (assuming your web server document root is /var/www/html)sudo mkdir /var/www/html/mailmrtgsudo cp /var/indimail/etc/indimail.mrtg.cfg /var/www/html/mailmrtgsudo indexmaker --title="IndiMail Statistics" --section=title --output=/var/www/html/mailmrtg/index.html /var/indimail/etc/indimail.mrtg.cfgEnsure the following entry in cron -*/5 * * * * /usr/bin/mrtg /var/www/html/mailmrtg/indimail.mrtg.cfg 2>&1 > /dev/nullAfter carrying out the above four steps, you can manually execute the command installed in crontab three times. Point your browser to your web server document_root/mailmrtg and you will start getting graphs. Each of the graphs can be clicked to show further details. [Less]
|
Quite often I find people doing a google search on IndiMail Installation Steps. I am not happy with the result which comes up in the search.If you have learnt the art of being patient the read the file INSTALL-version. You can read the file
... [More]
INSTALL-RPM-version in case you want to install from RPM (version is the version of IndiMail you want to install).If you are in a hurry to install and setup IndiMail, download the RPM and read the file Quick-INSTALL-version.IndiMail RPM for various linux distros can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/The top level directory for current indimail source being maintained can be found athttps://sourceforge.net/projects/indimail/files/indimailI do have a debian package, but have not released because I don't have a single volunteer to test it.If you are installing from source, apart from downloading indimail-version.tar.gz, you need to download the following additionallyMandatory Downloads http://cr.yp.to/software/qmail-1.03.tar.gzhttp://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gzhttp://downloads.sourceforge.net/indimail/libdkim-1.3.tar.gzhttp://downloads.sourceforge.net/clamav/clamav-0.96.tar.gzhttp://downloads.sourceforge.net/indimail/courier-imap-3.0.8.tar.bz2Highly Recommended Downloads http://downloads.sourceforge.net/indimail/pam-multi-1.1.tar.gzhttp://downloads.sourceforge.net/indimail/nssd-1.1.tar.gzOptional Downloads http://downloads.sourceforge.net/indimail/flash-0.9.4.tar.gzhttp://downloads.sourceforge.net/indimail/altermime-0.3.10.tar.gzhttp://downloads.sourceforge.net/indimail/ripmime-1.4.0.9.tar.gzhttp://downloads.sourceforge.net/indimail/mpack-1.6.tar.gzhttp://downloads.sourceforge.net/indimail/fortune-1.1.tar.gzhttp://download.berlios.de/fetchmail/fetchmail-6.3.16.tar.bz2If you are a newbie, you can drop me a note or request a free help on installing and setting up a mail server using IndiMail. I will be glad to help. [Less]
|
Just few days back a user asked me whether spamassassin can be used with IndiMail.IndiMail uses environment variables SPAMFILTER, SPAMEXITCODE to configure any spam filter to be used. All that is required for the spam filter is to read a mail message
... [More]
on stdin, output the message back on stdout and exit with a number which indicates whether the message is ham or spam.The default installation of IndiMail creates a configuration where mails get scanned by bogofilter for spam filtering. bogofilter exits with value '0' in case the message is spam and with value '1' when message is ham. The settings for SPAMFILTER, SPAMEXITCODE is as belowSPAMFILTER="/var/indimail/bin/bogofilter -p -u -d /var/indimail/etc"SPAMEXITCODE=0Assuming that you have installed, setup and trained spamassassin, you can follow the instructions below to have IndiMail use spamassassin.spamassasin has a client spamc which exits 1 when message is spam and exits 0 if the message is ham. To use spamassassin, just use the following for SPAMFILTER, SPAMEXITCODESPAMFILTER="path_to_spamassassin_spamc_program -E -U socket -d host -p port -u user"SPAMEXITCODE=1(see the documentation on spamc for description of arguments to spamc program)If you are a lazy person like me then you can execute the following command to have the above environment variables set for qmail-smtpd to use spamassassin% su# /var/indimail/sbin/svctool --smtp=25 --servicedir=/service --qbase=/var/indimail/queue --qcount=5 --qstart=1 \ --cntrldir=control --localip=0 --maxdaemons=75 --maxperip=25 \ --persistdb --starttls --fsync --syncdir --memory=52428800 \ --chkrecipient --chkrelay --masquerade --min-free=52428800 \ --content-filter --virus-filter \ --qhpsi="/var/indimail/bin/clamdscan %s --quiet --disable-summary" \ --spamfilter="path_to_spamassassin_spamc_program -E -U socket -d host -p port -u user" \ --rejectspam=0 --spamexitcode=1 \ --localfilter --remotefilter --remote-authsmtp=plain --dmasquerade \ --dkverify=both --dksign=both --private_key=/var/indimail/control/domainkeys/indimail \ --rbl="-rzen.spamhaus.org -rdnsbl-1.uceprotect.net"Since IndiMail uses envdir program to set environment variable, a simpler way would be to do the following% su# echo "path_to_spamassassin_spamc_program -E -U sock -d host -p port \ -u user" > /service/qmail-smtpd.25/variables/SPAMFILTER# echo 1 > /service/qmail-smtpd.25/variables/SPAMEXITCODE [Less]
|
