| Deletions are marked like this. | Additions are marked like this. |
| Line 295: | Line 295: |
|
/!\ However, the permissions ''must'' be modified, or strange AFS issues relating to the set ID bits may cause delivery to /var/mail/<user>. This can be fixed in a way that will survive package upgrades as follows: {{{#!highlight sh |
/!\ However, permissions ''must'' be modified, or strange AFS issues relating to the set ID bits may cause delivery to /var/mail/<user>. This can be fixed in a way that will survive package upgrades as follows: {{{#!highlight sh numbers=off |
| Line 298: | Line 298: |
| dpkg-statoverride --update --add root mail 0755 /usr/bin/lockfile | dpkg-statoverride --update --add root mail 0755 /usr/bin/lockfile # Try to avoid any assumptions that -ml / -mu actually work |
| Line 306: | Line 306: |
| {{{#!highlight sh | {{{#!highlight sh numbers=off |
Currently our mail servers are magnesium, calcium, and strontium. We use the following software: qmail, Binc IMAP, Dovecot, DSPAM, and procmail.
Contents
1. qmail
We use qmail as our MTA and MDA. It will relay messages from Computer Club IP addresses, and delivers messages to users' mail AFS volume.
1.1. Patches
We are currently using the following patches to qmail:
Additionally, there are some Computer Club specific hacks.
- install binaries, documentation, and man pages to /usr/local rather than /var/qmail, call qmail-local-shim
- use rename() rather than link() for the Maildir delivery protocol (needed for AFS)
- disable CRAM-MD5 authentication (we can't support it, since we don't have the actual text of user passwords lying around)
1.2. Prerequisites
Qmail requires some other software:
DJB's daemontools
DJB's ucspi-tcpi
Bad things will likely happen if the following software hasn't been installed first:
- DSPAM
- ezmlm
- procmail
- zephyr
Qmail also needs the following users in /etc/passwd.system:
alias:x:1000:1002::/var/qmail/alias: qmaild:x:1001:1002::/var/qmail: qmaill:x:1002:1002::/var/qmail: qmailp:x:1003:1002::/var/qmail: qmailq:x:1004:1003::/var/qmail: qmailr:x:1005:1003::/var/qmail: qmails:x:1006:1003::/var/qmail:
And the following groups in /etc/group:
nofiles:x:1002: qmail:x:1003:
1.3. Building
1.3.1. Set Up Procedure Used for the Collection
This is not a description how to build the collection. For that, see below.
This gives an overview of the procedure I used in preparing the qmail-004 collection.
cd /afs/club/system/src/local/qmail/004 tar -zxvf dist/netqmail-1.05.tar.gz cd netqmail-1.05 ./collate.sh cd .. mv netqmail-1.05/netqmail-1.05/* . rm -r netqmail-1.05
Next, I prepared a club directory, containing most of the magic for the collection. This involved merging patches, including the source for qmail-local-shim, writing a Makefile for qmail-local-shim, and a script to apply the patches and change a couple other files. There is also a note about AFS not supporting named pipes, and instructions on how to generate a /var/qmail hierarchy.
club/setup.sh
Lastly, I wrote a SMakefile. It has a fairly complicated INSTCOMMAND, and no MFCOMMAND. The INSTCOMMAND installs qmail-local-shim into the dest directory, and creates a tarball of the /var/qmail hierarchy (it can't be stored in the dest directory, since AFS can't store named pipes).
1.3.2. Building the Collection
Building qmail should be fairly straightforward. It shouldn't require anything more than:
cd /afs/club/system/src/local/qmail/004 smake init smake mk smake install
1.4. Installation
Copy the qmail dest directory to /usr/local/stow. It is important that the permissions, groups, and users of the files are preserved.
# rsync -v -a /afs/club/system/dest/@sys/local/qmail/004 /usr/local/stow/qmail-004
It doesn't appear that AFS will store a SUID bit. So, you'll need to manually fix the permissions on the qmail-queue binary.
# chmod u+s /usr/local/stow/qmail-004/bin/qmail-queue
Create /var/qmail hierarchy. It is in a tarball, since AFS can't store named pipes.
# cd /var # tar -xvf /usr/local/stow/qmail-004/root.var.tar # rm /usr/local/stow/qmail-004/root.var.tar
Stow qmail-004 in /usr/local.
# cd /usr/local/stow # stow qmail-004
Create the log directories for qmail and smtpd.
# mkdir /var/log/qmail # mkdir /var/log/smtpd
Create the supervise service directories for qmail and smtpd.
# cd /var/qmail # mkdir -p qmail/log # cat > qmail/run << "EOF" > #!/bin/sh > exec /usr/local/bin/qmail-start ./Maildir/ > EOF # chmod 755 qmail/run # touch qmail/down # cat > qmail/log/run << "EOF" > #!/bin/sh > exec multilog t n50 /var/log/qmail > EOF # chmod 755 qmail/log/run # ln -s /var/qmail/qmail /var/service # mkdir -p smtpd/log # cat > smtpd/run << "EOF" > #!/bin/sh > exec /usr/local/bin/tcpserver -v -x /var/qmail/tcp.smtp.cdb -u 1001 -g 1002 \ > 0 smtp /usr/local/bin/qmail-smtpd 2>&1 > EOF # chmod 755 smtpd/run # touch smtpd/down # cat > smtpd/log/run << "EOF" > #!/bin/sh > exec multilog t n50 /var/log/smtpd > EOF # chmod 755 smtpd/log/run # ln -s /var/qmail/smtpd /var/service
Create the qmail startup scripts.
# cd /etc/init.d # svinitd-create qmail > qmail # chmod 755 qmail # svinitd-create smtpd > smtpd # chmod 755 smtpd
Create symbolic links for the qmail startup scripts.
# update-rc.d qmail defaults # update-rc.d smtpd start 21 2 3 4 5 . stop 16 0 1 6 .
Setup qmail cron jobs.
# crontab -l > /tmp/qmail-crontab # cat >> /tmp/qmail-crontab << "EOF" > > # qmail > 0 * * * * /afs/club/system/scripts/perl/mailassign.pl "/afs/club/user" > \ > /var/qmail/users/assign && /usr/local/bin/qmail-newu > 2 * * * * /afs/club/system/scripts/sh/update-alias.sh > 30 * * * * /afs/club.cc.cmu.edu/system/scripts/sh/update-mailtabs.sh > 0 0 * * * /usr/local/bin/update_tmprsadh > /dev/null 2>&1 > EOF # crontab /tmp/qmail-crontab # rm /tmp/qmail-crontab
Copy configuration files from an existing mail server.
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/control/ /var/qmail/control # rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/tcp.smtp /var/qmail
Change /var/qmail/control/me and compile the rules for qmail-smtpd's tcpserver.
# cd /var/qmail # hostname > control/me # tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
Modify /var/qmail/control/locals and copy the new version to all mail servers.
# cd /var/qmail/control # hostname >> locals # rsync -e ssh -a locals magnesium.club.cc.cmu.edu:/var/qmail/control/locals # rsync -e ssh -a locals calcium.club.cc.cmu.edu:/var/qmail/control/locals
Copy key files from an existing mail server. (The update-mailtabs script will keep this updated, but needs to be bootstrapped.)
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/keys /var
Make sure the cron jobs have run at least once.
Start qmail and smtpd.
# /etc/init.d/qmail start # /etc/init.d/smtpd start
1.5. SMTP Auth
Requires a checkpassword-compatible program. http://checkpasswd-pam.sourceforge.net/ is that for PAM (which can use krb5). Install it, make sure it is setuid.
Will need to modify /var/qmail/smtpd/run: append "/usr/bin/checkpasswd-pam -s smtp /bin/true", right after qmail-smtpd.
2. ezmlm
ezmlm is our mailing list manager and is remarkably understandable considering it's from djb. There are extensive manpages, which should be the first place to look. Some questions are only answered by looking at the source, which isn't that ugly.
Currently, we keep most (all?) of our mailing lists under the "ezmlm" user's Maildir.
2.1. Quick tips
Mailing lists are identified by the directory in which the data is stored. In our case, we use directories under /afs/club.cc.cmu.edu/usr/ezmlm/Maildir/, such as /afs/club.cc.cmu.edu/usr/ezmlm/Maildir/announcef07.
2.1.1. Creating a mailing list
To create an announcement-style mailing list, the following will usually work (swapping the name of the list for announcef07):
# ezmlm-make -5 gripe@club.cc.cmu.edu -m /afs/club.cc.cmu.edu/usr/ezmlm/Maildir/announcef07 /afs/club.cc.cmu.edu/usr/ezmlm/.qmail-announcef07 announcef07 club.cc.cmu.edu
After this, one needs to add this list to /afs/club/service/mail/subusers to add this as subuser of ezmlm. An (currently) hourly cronjob then uses this to update /var/qmail/users/assign and regenerate the corresponding cdb with qmail-newu.
2.1.2. Adding someone to a mailing list
To add someone to a mailing list, run:
# ezmlm-sub <mailing list directory> <email address>
3. Wheezy
Everything here and below is a work-in-progress.
3.1. Packages
3.1.1. daemontools
In Debian, no modifications required.
3.1.2. daemontools-run
In Debian, no modifications required.
Sets up svscan to run at boot and handle supervised daemons.
3.1.3. svtools
In Debian, no modifications required.
Convenience wrappers for for daemontools. Used for init.d scripts that wrap starting and stopping supervised daemons.
3.1.4. ucspi-tcp
In Debian, no modifications required.
3.1.5. procmail
In Debian, and no package modifications are required, AFAICT (old collection didn't appear to have any patches for AFS Maildir delivery).
![/!\](/moin_static%40E4F84B22/org-themes/ccwiki/img/alert.png "/!\"){kind=small}
However, permissions must be modified, or strange AFS issues relating to the set ID bits may cause delivery to /var/mail/<user>. This can be fixed in a way that will survive package upgrades as follows:
dpkg-statoverride --update --add root mail 0755 /usr/bin/procmail
dpkg-statoverride --update --add root mail 0755 /usr/bin/lockfile # Try to avoid any assumptions that -ml / -mu actually work
3.1.6. dspam; libdspam7-drv-mysql
In Debian, but had to manually rebuild packages for club.
This was to turn off the virtual users feature. However, no changes to the source package were needed.
dch --local +cclub. # Identify as cclub build in package version; adjust club revision appropriately
env DEB_BUILD_OPTIONS=disable_virtual_users dpkg-buildpackage -b
3.1.7. qmail; qmail-uids-gids
In Debian, but made significant changes.
3.1.8. qmail-mail-transport-agent
Glue package of our own invention. It is similar in spirit to qmail-run, but it doesn't pull in as much cruft.
This does some simple things so that Debian is aware that qmail is serving as the system's mail-transport-agent and that system-generated mail is correctly handled.
3.1.9. ezmlm-idx
NOT in Debian. We made a package.
There were some patches required to the source itself in order to handle the Debian qmail package putting binaries in /usr/{s,}bin instead of /var/qmail/bin.
3.2. Blerf
I (kbare) am building debs for mail services under Debian Wheezy.
- qmail, qmail-uids-gids (src: netqmail)
- Lots of tinkering was involved; see debian/cclub-patches and debian/patches in the source package for more details
- qmail-mail-transport-agent
- Homegrown; tells Debian that qmail is our mail-transport-agent on MX hosts and sets up sendmail symlinks
- ezmlm-idx
- Homegrown Debian packaging; our mailing list manager
Some standard packages are also required:
- daemontools, daemontools-run
- ucspi-tcp
- procmail
- dspam
3.3. Setup
3.3.1. /var/qmail/control
Copy from one of the existing mail servers.
Edit me --> local FQDN.
Edit locals --> add local FQDN to the list.
3.3.2. /var/keys
Create the directory.
Extract the "mailtabs" keytab to /var/keys/mailtabs. Something was kind of strange when I did those though. It appeared there were duplicated keys for some of the keys types. I was able to remove them with ktutil, and things worked swimmingly after that.
3.3.3. Cron jobs
These all run as root. Probably a good idea to run all of them first manually.
# Mail stuff 00 * * * * /afs/club.cc.cmu.edu/system/scripts/perl/mailassign.pl /afs/club/user > /var/qmail/users/assign && /usr/sbin/qmail-newu 02 * * * * /afs/club.cc.cmu.edu/system/scripts/sh/update-alias.sh 30 * * * * /afs/club.cc.cmu.edu/system/scripts/sh/update-mailtabs.sh 00 0 * * * /usr/sbin/update_tmprsadh > /dev/null 2>&1