Categories
Documentation Mail

Calculate statistics from your Qmail logfiles using Awstats

Awstats is a commonly used program to calculate web statistics from your webserver logfiles. It can detect useragents, referers, unique visitors… But one of its another feature is to build usage reports from your mail server’s logfiles, as seen on this demo.

Here is how to quickly configure Awstats to take profit of your Qmail log files…

 

mailboxes

 

Categories
Mail

Qmailadmin 1.2.11 updated

I just updated Qmailadmin 1.2.11 for Etch amd64/i386 to include some changes :

  • instead of a checkbox to enable/disable spam filtering on pop accounts, there is now a list to chose what to do (no filtering, marking spams, deleting spams, learn spam, learn ham). This allow anyone to easily train your bayesian filters.
  • Spamassassin is now recommanded and will replace bogofilter in a near future
  • Clamassassin replaces clamfilter.pl due to performance issues. Please DO update the /etc/procmailrc-* files during the upgrade to ensure virus are scanned.
Categories
Documentation Mail

How to bind your Qmail server to a specific IP address

Just a little tip :

By default, Qmail listens to all the available IP address on the machine (0.0.0.0). It is possible to change this behaviour to bind Qmail to a specific IP.

We suppose that you are using Qmail from Dotdeb and launching it using the provided init script, /etc/init.d/qmail. Just edit it and change these lines :

          sh -c "start-stop-daemon --start --quiet --user qmaild \
          --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
          --exec /usr/bin/tcpserver -- -H -P -R -l 0 \
          -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \
          $rblsmtpd /usr/sbin/qmail-smtpd 2>&1 \
          | $logger &"

by those ones :

          sh -c "start-stop-daemon --start --quiet --user qmaild \
          --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
          --exec /usr/bin/tcpserver -- -H -P -R -l 0 \
          -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb xxx.xxx.xxx.xxx smtp \
          $rblsmtpd /usr/sbin/qmail-smtpd 2>&1 \
          | $logger &"

(Just replace xxx.xxx.xxx.xxx by your IP address)

Now, when you list your listening dameon, you should see tcpserver listening to xxx.xxx.xxx.xxx:25 instead of 0.0.0.0:25.

machine# netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 xxx.xxx.xxx.xxx:25      0.0.0.0:*               LISTEN      21175/tcpserver
Categories
Documentation Mail

How to enable greylisting on your Qmail server

Greylisting is very useful to avoid most of the incoming spam on your mail server. The Qmail packages shipped on Dotdeb have built-in MySQL-based greylisting. Here is how to enable it…

Installation

First of all, be sure to have Qmail installed from Dotdeb with a version number greater than 1.03-37.dotdeb.1.
Then, since we’ll use a MySQL backend to share the greylisting database between several servers, be sure to have MySQL installed somewhere on your boxes.

In our example, we’ll create the database (we’ll name it relaydelay) and grant access to user@host with the password “password“. You’re free to change these values to fit your needs…

CREATE DATABASE relaydelay;
GRANT ALL PRIVILEGES ON `relaydelay`.* TO 'user'@'localhost' IDENTIFIED BY 'password';

Then, we create the needed tables :

CREATE TABLE relaytofrom
(
  id              bigint          NOT NULL        auto_increment,
  relay_ip        char(16),
  mail_from       varchar(255),
  rcpt_to         varchar(255),
  block_expires   datetime        NOT NULL,
 
  record_expires  datetime        NOT NULL,
  blocked_count   bigint          default 0 NOT NULL,
  passed_count    bigint          default 0 NOT NULL,
  aborted_count   bigint          default 0 NOT NULL,
  origin_type     enum("MANUAL","AUTO") NOT NULL,
  create_time     datetime        NOT NULL,
  last_update     timestamp       NOT NULL,
 
  primary key(id),
  key(relay_ip),
  key(mail_from(20)),
  key(rcpt_to(20))
);
 
CREATE TABLE dns_name
(
  relay_ip      varchar(18)       NOT NULL,
  relay_name    varchar(255)      NOT NULL,
  last_update   timestamp         NOT NULL,
  primary key(relay_ip),
  key(relay_name(20))
);
 
CREATE TABLE mail_log
(
  id              bigint          NOT NULL        auto_increment,
  relay_ip        varchar(16)     NOT NULL,
  relay_name      varchar(255),
  dns_mismatch    bool            NOT NULL,
  mail_from       varchar(255)    NOT NULL,
  rcpt_to         varchar(255)    NOT NULL,
  rcpt_host       varchar(80)     NOT NULL,
  create_time     datetime        NOT NULL,
 
  primary key(id),
  key(relay_ip),
  key(mail_from(20)),
  key(rcpt_to(20))
);

We now have to put the appropriate settings in the /etc/init.d/qmail init script…

export MYSQLHOST="localhost"
export MYSQLUSER="user"
export MYSQLPASS="password"
export MYSQLDB="relaydelay"
export BLOCK_EXPIRE=5           # minutes until email is accepted
export RECORD_EXPIRE=600        # minutes until record expires
export RECORD_EXPIRE_GOOD=36
export LOCAL_SCAN_DEBUG=0

and in the /usr/sbin/greylisting-delete-expired :

MYSQLHOST="localhost"
MYSQLUSER="user"
MYSQLPASS="password"
MYSQLDB="relaydelay"

We can now relaunch Qmail and enable or disable the greylisting with a simple symbolic link :

/etc/init.d/qmail
ln -s /usr/bin/qmail-envelope-scanner /usr/sbin/qmail-envelope-scanner

Usage

Example wildcard whitelists for subnets :

INSERT INTO relaytofrom VALUES (0,"127.0.0.1"   ,NULL,NULL,"0000-00-00 00:00:00","9999-12-31 23:59:59",0,0,0,"MANUAL",NOW(),NOW());
INSERT INTO relaytofrom VALUES (0,"192.168"     ,NULL,NULL,"0000-00-00 00:00:00","9999-12-31 23:59:59",0,0,0,"MANUAL",NOW(),NOW());

Example wildcard whitelist entry for a recieved domain or subdomain

INSERT INTO relaytofrom VALUES (0,NULL,NULL,"sub.domain.com","0000-00-00 00:00:00","9999-12-31 23:59:59",0,0,0,"MANUAL",NOW(),NOW());
Categories
Documentation Mail

How to enable the SMTP authentification on your Qmail server

The Qmail package from Dotdeb has been built with SMTP-auth features (but disabled by default). Here is the way to use them…

Installation

First of all, we suppose that :

  • you installed the last Qmail and Vpopmail packages from Dotdeb
  • you’re launching them using the bundled init scripts (with tcpserver)

Configuration

To enable SMTP-auth, you just have to edit the /etc/init.d/qmail init script and replace these lines :

sh -c "start-stop-daemon --start --quiet --user qmaild
  --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile
  --exec /usr/bin/tcpserver -- -R
  -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp
  $rblsmtpd /usr/sbin/qmail-smtpd 2>&1
  | $logger &"

by these ones :

sh -c "start-stop-daemon --start --quiet --user qmaild
    --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile
    --exec /usr/bin/tcpserver -- -R
    -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp
    $rblsmtpd /usr/sbin/qmail-smtpd /usr/sbin/vchkpw /bin/true 2>&1
    | $logger &"

Then, we have to setuid /usr/sbin/vchkpw :

chmod u+s /usr/sbin/vchkpw

and restart Qmail :

/etc/init.d/qmail stop
/etc/init.d/qmail start

The result

You will now be able to use the SMTP PLAINTEXT authentification. You just have to configure your favorite mail transport agent…