| Deletions are marked like this. | Additions are marked like this. |
| Line 14: | Line 14: |
| * [http://shupp.org/smtp-auth-tls/ smtp-auth-tls] | * [http://shupp.org/smtp-auth-tls/ tls-smtpauth] |
| Line 20: | Line 20: |
|
This is the LOG file John left in the qmail source directory, summarizing the changes he made. {{{ netqmail-1.05 apply http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040705.patch apply http://www.saout.de/misc/spf/qmail-spf-rc2.patch apply http://www.ckdhr.com/ckd/qmail-103.patch "big dns reply" patch merge install-var-qmail, install-local, hier mess sendmail path to qmail-inject (hardcode to /usr/local) qmail-lspawn -- hardcode to /usr/local/bin/qmail-local-shim qmail.c -- qmail-queue path qmail-local.c -- link() -> rename()}}} |
* install binaries, documentation, and man pages to /usr/local rather than /var/qmail, call qmail-local-shim * use rename() rather than link() for the Maildir delivery protocol (needed for AFS) * disable CRAM-MD5 authentication (we can't support it, since we don't have the actual text of user passwords lying around) |
| Line 57: | Line 48: |
| Line 62: | Line 54: |
|
=== Building === /!\ ''Currently the infrastructure for building the collection is somewhat broken.'' My vision of automatically patching qmail on build was shattered when I discovered that it ended up changing files in the collection's src directory in AFS. So, yes, the current collection src directory is all wrong, since it is half-patched source. FIXME kbare, please FIXME. Even though the build infrastructure isn't quite right, I did at least try to make what I did clear. See /afs/club/system/src/local/qmail/004/club. |
|
| Line 66: | Line 68: |
|
# rsync -v -a /afs/club/system/dest/@sys/local/qmail/003 /usr/local/stow/qmail-003}}} Compile a qmail-local-shim executable, and copy it to /usr/local/stow/qmail-003/bin. TODO: a compiled qmail-local-shim should exist in the dest directory for future qmail collections. {{{ # cd /tmp # cp /afs/club/system/src/local/qmail/003/qmail-local-shim.c . # gcc -o qmail-local-shim qmail-local-shim.c -lkrb5 -lcrypto # mv qmail-local-shim /usr/local/stow/qmail-003/bin # rm qmail-local-shim.c}}} Stow qmail-003 in /usr/local. |
# rsync -v -a /afs/club/system/dest/@sys/local/qmail/004 /usr/local/stow/qmail-004 }}} It doesn't appear that AFS will store a SUID bit. So, you'll need to manually fix the permissions on the qmail-queue binary. {{{ # chmod u+s /usr/local/stow/qmail-004/bin/qmail-queue }}} Create /var/qmail hierarchy. It is in a tarball, since AFS can't store named pipes. {{{ # cd /var # tar -xvf /usr/local/stow/qmail-004/root.var.tar # rm /usr/local/stow/qmail-004/root.var.tar }}} Stow qmail-004 in /usr/local. |
| Line 77: | Line 86: |
|
# ./stow.pl qmail-003}}} Compile the install-var-qmail executable, and use it to create the /var/qmail hierarchy. TODO: the /var/qmail hierarchy should exist in a root.var/qmail directory in the dest directory for future qmail collections. {{{ # cp -r /afs/club/system/src/local/qmail/003/netqmail-1.05/netqmail-1.05 /tmp # cd /tmp/netqmail-1.05 # make it install-var-qmail # ./install-var-qmail /var/qmail # cd .. # rm -r netqmail-1.05}}} |
# stow qmail-004 }}} |
| Line 89: | Line 92: |
| # mkdir /var/log/smtpd}}} |
# mkdir /var/log/smtpd }}} |
| Line 129: | Line 134: |
| # ln -s /var/qmail/smtpd /var/service}}} |
# ln -s /var/qmail/smtpd /var/service }}} |
| Line 136: | Line 143: |
| # chmod 755 smtpd}}} |
# chmod 755 smtpd }}} |
| Line 140: | Line 149: |
| # update-rc.d smtpd start 21 2 3 4 5 . stop 16 0 1 6 .}}} |
# update-rc.d smtpd start 21 2 3 4 5 . stop 16 0 1 6 . }}} |
| Line 155: | Line 166: |
| # rm /tmp/qmail-crontab}}} |
# rm /tmp/qmail-crontab }}} |
| Line 159: | Line 172: |
| # rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/tcp.smtp /var/qmail}}} |
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/tcp.smtp /var/qmail }}} |
| Line 164: | Line 179: |
| # tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp}}} |
# tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp }}} |
| Line 170: | Line 187: |
| # rsync -e ssh -a locals calcium.club.cc.cmu.edu:/var/qmail/control/locals}}} |
# rsync -e ssh -a locals calcium.club.cc.cmu.edu:/var/qmail/control/locals }}} |
| Line 173: | Line 192: |
| # rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/keys /var}}} |
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/keys /var }}} |
| Line 179: | Line 200: |
| # /etc/init.d/smtpd start}}} |
# /etc/init.d/smtpd start }}} |
Currently our mail servers are [:Infrastructure/Magnesium.club.cc.cmu.edu:magnesium], [:Infrastructure/Calcium.club.cc.cmu.edu:calcium], and [:Infrastructure/Strontium.club.cc.cmu.edu:strontium]. We use the following software: [http://cr.yp.to/qmail.html qmail], [http://www.bincimap.org/ Binc IMAP], [http://dspam.nuclearelephant.com/ DSPAM], and [http://www.procmail.org/ procmail].
1. qmail
We use qmail as our MTA and MDA. It will relay messages from Computer Club IP addresses, and delivers messages to users' mail AFS volume.
1.1. Patches
We are currently using the following patches to qmail:
[http://www.qmail.org/netqmail/ netqmail]
[http://shupp.org/smtp-auth-tls/ tls-smtpauth]
[http://www.saout.de/misc/spf/ qmail-spf]
[http://www.ckdhr.com/ckd/qmail-103.patch qmail-bigdns]
Additionally, there are some Computer Club specific hacks.
- install binaries, documentation, and man pages to /usr/local rather than /var/qmail, call qmail-local-shim
- use rename() rather than link() for the Maildir delivery protocol (needed for AFS)
- disable CRAM-MD5 authentication (we can't support it, since we don't have the actual text of user passwords lying around)
1.2. Prerequisites
Qmail requires some other software:
DJB's [http://cr.yp.to/daemontools.html daemontools]
DJB's [http://cr.yp.to/ucspi-tcp.html ucspi-tcpi]
Bad things will likely happen if the following software hasn't been installed first:
- DSPAM
- ezmlm
- procmail
- zephyr
Qmail also needs the following users in /etc/passwd.system:
alias:x:1000:1002::/var/qmail/alias: qmaild:x:1001:1002::/var/qmail: qmaill:x:1002:1002::/var/qmail: qmailp:x:1003:1002::/var/qmail: qmailq:x:1004:1003::/var/qmail: qmailr:x:1005:1003::/var/qmail: qmails:x:1006:1003::/var/qmail:
And the following groups in /etc/group:
nofiles:x:1002: qmail:x:1003:
1.3. Building
![/!\](/moin_static%40E4F84B22/org-themes/ccwiki/img/alert.png "/!\"){kind=small}
Currently the infrastructure for building the collection is somewhat broken.
My vision of automatically patching qmail on build was shattered when I discovered that it ended up changing files in the collection's src directory in AFS. So, yes, the current collection src directory is all wrong, since it is half-patched source. FIXME kbare, please FIXME.
Even though the build infrastructure isn't quite right, I did at least try to make what I did clear.
See /afs/club/system/src/local/qmail/004/club.
1.4. Installation
Copy the qmail dest directory to /usr/local/stow. It is important that the permissions, groups, and users of the files are preserved.
# rsync -v -a /afs/club/system/dest/@sys/local/qmail/004 /usr/local/stow/qmail-004
It doesn't appear that AFS will store a SUID bit. So, you'll need to manually fix the permissions on the qmail-queue binary.
# chmod u+s /usr/local/stow/qmail-004/bin/qmail-queue
Create /var/qmail hierarchy. It is in a tarball, since AFS can't store named pipes.
# cd /var # tar -xvf /usr/local/stow/qmail-004/root.var.tar # rm /usr/local/stow/qmail-004/root.var.tar
Stow qmail-004 in /usr/local.
# cd /usr/local/stow # stow qmail-004
Create the log directories for qmail and smtpd.
# mkdir /var/log/qmail # mkdir /var/log/smtpd
Create the supervise service directories for qmail and smtpd.
# cd /var/qmail # mkdir -p qmail/log # cat > qmail/run << "EOF" > #!/bin/sh > exec /usr/local/bin/qmail-start ./Maildir/ > EOF # chmod 755 qmail/run # touch qmail/down # cat > qmail/log/run << "EOF" > #!/bin/sh > exec multilog t n50 /var/log/qmail > EOF # chmod 755 qmail/log/run # ln -s /var/qmail/qmail /var/service # mkdir -p smtpd/log # cat > smtpd/run << "EOF" > #!/bin/sh > exec /usr/local/bin/tcpserver -v -x /var/qmail/tcp.smtp.cdb -u 1001 -g 1002 \ > 0 smtp /usr/local/bin/qmail-smtpd 2>&1 > EOF # chmod 755 smtpd/run # touch smtpd/down # cat > smtpd/log/run << "EOF" > #!/bin/sh > exec multilog t n50 /var/log/smtpd > EOF # chmod 755 smtpd/log/run # ln -s /var/qmail/smtpd /var/service
Create the qmail startup scripts.
# cd /etc/init.d # svinitd-create qmail > qmail # chmod 755 qmail # svinitd-create smtpd > smtpd # chmod 755 smtpd
Create symbolic links for the qmail startup scripts.
# update-rc.d qmail defaults # update-rc.d smtpd start 21 2 3 4 5 . stop 16 0 1 6 .
Setup qmail cron jobs.
# crontab -l > /tmp/qmail-crontab # cat >> /tmp/qmail-crontab << "EOF" > > # qmail > 0 * * * * /afs/club/system/scripts/perl/mailassign.pl "/afs/club/user" > \ > /var/qmail/users/assign && /usr/local/bin/qmail-newu > 2 * * * * /afs/club/system/scripts/sh/update-alias.sh > 0 0 * * * /usr/local/bin/update_tmprsadh > /dev/null 2>&1 > EOF # crontab /tmp/qmail-crontab # rm /tmp/qmail-crontab
Copy configuration files from an existing mail server.
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/control/ /var/qmail/control # rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/qmail/tcp.smtp /var/qmail
Change /var/qmail/control/me and compile the rules for qmail-smtpd's tcpserver.
# cd /var/qmail # hostname > control/me # tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
Modify /var/qmail/control/locals and copy the new version to all mail servers.
# cd /var/qmail/control # hostname >> locals # rsync -e ssh -a locals magnesium.club.cc.cmu.edu:/var/qmail/control/locals # rsync -e ssh -a locals calcium.club.cc.cmu.edu:/var/qmail/control/locals
Copy key files from an existing mail server.
# rsync -e ssh -a magnesium.club.cc.cmu.edu:/var/keys /var
Make sure the cron jobs have run at least once.
Start qmail and smtpd.
# /etc/init.d/qmail start # /etc/init.d/smtpd start