QMAIL with LDAP

*** This is a basic installation of Qmail-LDAP and does not covers any antivirus/antispam
integration

Download directory :-

# cd /usr/local/src

 Qmail - ftp://ftp.ntnu.no/pub/unix/mail/qmail/qmail-1.03.tar.gz
 Qmail-conf – http://www.din.or.jp/~ushijima/qmail-conf/qmail-conf-
0.60.tar.gz
 Djbdns - http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
 Daemontools - http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
 UCSPI - http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
 Courier-Authlib -
http://nchc.dl.sourceforge.net/sourceforge/courier/courier-authlib-
0.60.2.tar.bz2
 Courier-Imap – http://jaist.dl.sourceforge.net/sourceforge/courier/courier-
imap-4.3.0.tar.bz2

Please check that these RPM’s are installed :-

( You should have a linux system with barebones – basic installation )

1. gcc
2. gcc++
3. openldap
4. openldap-devel
5. openldap-servers
6. httpd
7. httpd-devel
8. gamin
9. gamin-devel
10. postgresql-libs
11. libtool-ltdl
12. libtool-ltdl-devel

Note :- The above RPM’s might be having certain depencies, ensure that you install
each one of them.
UCSPI :-
# cd /usr/local/src

# tar xvfz ucspi-tcp-0.88.tar.gz

# cd ucspi-tcp-0.88

## you can use this or below

[ sed -i '/int errno/{s/^/\/* /;s/$/ *\//;G;s/$/#include <errno.h>/;}' error.h ]

# vi error.h
Find this line: extern int errno;
Comment the line out, and add this new line below it:
/* extern int errno; */
#include <errno.h>
:wq

# make
# make setup check

Daemontools :-
# mkdir -p /package

# chmod 1755 /package

# cd /package

# tar xvfz daemontools-0.76.tar.gz

# cd admin/daemontools-0.76/src

# vi error.h
Find this line: extern int errno;
Comment the line out, and add this new line below it:
/* extern int errno; */
#include <errno.h>
:wq

# cd ..

# package/install
Djbdns :-
# cd /usr/local/src

# tar xvfz djbdns-1.05.tar.gz

# cd djbdns-1.05

# vi error.h
Find this line: extern int errno;
Comment the line out, and add this new line below it:
/* extern int errno; */
#include <errno.h>
:wq

# make setup check

qmail-conf :-
# cd /usr/local/src

# tar xvfz qmail-conf-0.60.tar.gz

# cd qmail-conf-0.60

# make -f Makefile.ini djbdns=../djbdns-1.05/

# make setup check

Qmail Configuration :-
Creating qmail users ~

# groupadd nofiles
# useradd -g nofiles -d
# useradd -g nofiles -d
# useradd -g nofiles -d
# useradd -g nofiles -d
/var/qmail/alias alias
/var/qmail qmaild
/var/qmail qmaill
/var/qmail qmailp

# groupadd qmail
# useradd -g qmail -d /var/qmail qmailq
# useradd -g qmail -d /var/qmail qmailr
# useradd -g qmail -d /var/qmail qmails

Creating user’s mailstore ~

# groupadd vmail -g 2110
# useradd vmail -u 11184 -g vmail -d /home/vmail -s /bin/true

# mkdir /home/vmail
# chown -R vmail:vmail /home/vmail

# cd /usr/local/src

# tar xzvf qmail-1.03.tar.gz

# cd qmail-1.03

Patching Qmail ~

# zcat ../qmail-ldap-1.03-20060201.patch.gz | patch -p1

# vi Makefile

LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT

-DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
ZLIB=-lz
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/local/include
TLSLIBS=-L/usr/local/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl (Check the binary path)
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWOPTS=-DPW_SHADOW
SHADOWLIBS=-lcrypt
DEBUG=-DDEBUG

# vi qmail-ldap.h

REPLACE -> define LDAP_HOMEDIR "homeDirectory"

define LDAP_HOMEDIR "homeDirectoryfake"

# make setup check

# cp qmail.schema /etc/openldap/schema/
Openldap Configuration :-
# slappasswd -h {md5}
New password:
Re-enter new password:
{MD5}72KZyef9rm13WBnOHiYguA==

# vi /etc/openldap/slapd.conf

include /etc/ldap/schema/qmail.schema

database bdb
suffix "dc=wipro,dc=com"
rootdn "cn=Manager,dc=wipro,dc=com"
rootpw {MD5}72KZyef9rm13WBnOHiYguA==
directory /var/lib/ldap

index objectClass eq
index mail,mailAlternateAddress,uid eq,sub
index accountStatus,mailHost,deliveryMode eq
index default sub

# vi /etc/openldap/create_dn.ldif

dn: dc=wipro,dc=com
objectclass: dcObject
objectclass: organization
o: wipro
dc: wipro

dn: cn=Manager,dc=wipro,dc=com
objectClass: organizationalRole
cn: Manager

# ldapadd -x -D "cn=Manager,dc=wipro,dc=com" -W -f create_dn.ldif

{provide rootpw }

# ldapsearch -x -b "dc=wipro,dc=com" '(objectclass=*)'

# vi /etc/openldap/users.ldif

dn: ou=users,dc=wipro,dc=com
ou: users
objectclass: top
objectclass: organizationalUnit

# ldapadd -x -D "cn=Manager,dc=wipro,dc=com" -W -f users.ldif

# ldapsearch -x -s one -b 'dc=wipro,dc=com' '(ou=users)'

# vi /etc/openldap/groups.ldif

dn: ou=groups,dc=wipro,dc=com
ou: groups
objectclass: top
objectclass: organizationalUnit

# ldapadd -x -D "cn=Manager,dc=wipro,dc=com" -W -f groups.ldif

# ldapsearch -x -s one -b 'dc=wipro,dc=com' '(ou=groups)'

# vi /etc/openldap/postmaster-Abuse.ldif

dn: cn=Postmaster,ou=users,dc=wipro,dc=com
cn: Postmaster
ou: users
sn: Postmaster
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: postmaster@wipro.com
mailHost: server.wipro.com
mailQuotaSize: 0
mailQuotaCount: 0
uid: postmaster
accountStatus: active
mailMessageStore: postmaster
userPassword: {MD5}JQ9g7OhNwTK81ciA0aS3KQ==

dn: cn=Abuse,ou=users,dc=wipro,dc=com
cn: Abuse
ou: users
sn: Abuse
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: abuse@wipro.com
mailHost: server.wipro.com
mailQuotaSize: 0
mailQuotaCount: 0
uid: abuse
accountStatus: active
mailMessageStore: abuse
userPassword: {MD5}JQ9g7OhNwTK81ciA0aS3KQ==

# ldapadd -x -D "cn=Manager,dc=wipro,dc=com" -W -f postmaster-Abuse.ldif

Qmail Control Files ~

# echo "mail.wipro.com">/var/qmail/control/me

# echo "127.0.0.1" >/var/qmail/control/ldapserver

# echo "ou=users,dc=wipro,dc=com" > /var/qmail/control/ldapbasedn

# echo "secret" >/var/qmail/control/ldappassword

# echo "cn=Manager,dc=wipro,dc=com" >/var/qmail/control/ldaplogin

# echo qmailUser >/var/qmail/control/ldapobjectclass

# echo "0">/var/qmail/control/ldaplocaldelivery

# echo "0">/var/qmail/control/ldapcluster

# echo "10000000">/var/qmail/control/defaultquotasize

# echo "10000">/var/qmail/control/defaultquotacount

# echo "you have exceeded your mailquota"> /var/qmail/control/quotawarning

# echo "ldaponly">/var/qmail/control/ldapdefaultdotmode

# echo "/home/vmail">/var/qmail/control/ldapmessagestore

# echo "11184">/var/qmail/control/ldapuid

# echo "2110">/var/qmail/control/ldapgid

# echo "30">/var/qmail/control/ldaptimeout

# echo "Please contact support@wipro.com for more details">

/var/qmail/control/custombouncetext

# touch /var/qmail/control/rbllist

# echo "0.0.0.0">/var/qmail/control/outgoingip

# echo "./Maildir/">/var/qmail/control/defaultdelivery

# echo "wipro.com" >/var/qmail/control/locals

# echo "wipro.com" >/var/qmail/control/rcpthosts

# vi /var/qmail/rc

#!/bin/sh
# Taken from LWQ by Dave Sill
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by
default
exec env - PATH="/usr/local/bin:/var/qmail/bin:/bin" \
qmail-start ./Maildir/

# chmod 755 /var/qmail/rc

# chown -R root:qmail /var/qmail/control

# netstat -vatn| grep 25

# service sendmail off

# chkconfig --del sendmail

qmail-delivery service ~

# /var/qmail/bin/qmail-delivery-conf qmaill /var/qmail/service/qmail

# ln -s /var/qmail/service/qmail /service

# svstat /service/qmail

qmail-smtpd service ~

# /var/qmail/bin/qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd

# ln -s /var/qmail/service/smtpd /service

# svstat /service/smtpd

# echo "8000000" > /var/qmail/service/smtpd/env/DATALIMIT

# cd /service/smtpd/

# vi tcp

127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT=""
:allow

# make
# vi /var/qmail/bin/dirmaker.sh

#!/bin/sh
/bin/mkdir -m 700 -p $1/Maildir
/bin/mkdir -m 700 -p $1/Maildir/new
/bin/mkdir -m 700 -p $1/Maildir/cur
/bin/mkdir -m 700 -p $1/Maildir/tmp

# chmod +x /var/qmail/bin/dirmaker.sh

# echo /var/qmail/bin/dirmaker.sh > /var/qmail/control/dirmaker

# chown -R root:qmail /var/qmail/control/dirmaker

# echo "3"> /service/smtpd/env/LOGLEVEL

POP Service ~

# /var/qmail/bin/qmail-pop3d-conf /var/qmail/bin/auth_pop qmaill

/var/qmail/service/pop3d

# cd /var/qmail/service/pop3d/

# vi tcp
127.:allow

OR

# ./add-client 172.16.1.24 192.168.

# make

# ln -s /var/qmail/service/pop3d /service

# echo "3"> /service/pop3d/env/POP3_LOGLEVEL

# svstat /service/pop3d /service/pop3d/log

# tail -f /service/pop3d/log/main/current
COURIER-IMAP ~

It requires installation of courier-authlib prior to installation of courier-imap and we

are going to generate RPM for our Arch to get more stability and ease of managing.

Create a local user account :

# useradd Wipro

# su - Wipro

$ mkdir rpmbuild

$ cd rpmbuild

$ mkdir BUILD RPMS SOURCES SPECS SRPMS

$ cd RPMS

$ mkdir i386 i586 i686

$ cd ../SRPMS

$ mkdir i386 i586 i686

$ cd $HOME

$ vi .rpmmacros

%_topdir %(echo $HOME)/rpmbuild

%debug_package %{nil}

$ cd rpmbuild/SOURCES

# cp /usr/local/src/courier-authlib-0.60.2.tar.bz2 .
# cp /usr/local/src/courier-imap-4.3.0.tar.bz2 .

$ rpmbuild -ta courier-authlib-0.60.2.tar.bz2

This will create the binary RPM in the respective Arch, become ROOT before installing
them ( 3 packages )

$ exit

# rpm –ivh /path/to/ courier-authlib*.rpm

# rpm –ivh /path/to/ courier-authlib-devel*.rpm
# rpm –ivh /path/to/ courier-authlib-ldap*.rpm

Again go back to $wipro for courier-imap compilation

# su - Wipro

$ cd rpmbuild/SOURCES
$ rpmbuild -ta courier-imap-4.3.0.tar.bz2

This might give dependency error such as , please identify and install them

postgresql-libs
libtool-ltdl-devel
gamin-devel

You have to become ROOT before installing

$ exit

# rpm –ivh –ivh /path/to/ courier-imap*.rpm

After the installation is complete, you have to configure 4 Files

# vi /etc/authlib/authdaemonrc
authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=20
DEBUG_LOGIN=2

# /etc/authlib/authldaprc
LDAP_URI ldap://127.0.0.1 ldaps://127.0.0.1
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN dc=wipro, dc=com
LDAP_BINDDN cn=Manager, dc=wipro, dc=com
LDAP_BINDPW <secret>
LDAP_TIMEOUT 15
LDAP_MAIL mail
LDAP_FILTER (objectClass=qmailUser)(accountStatus=active)
LDAP_DOMAIN wipro.com
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR mailMessageStore
LDAP_MAILROOT /home/vmail
LDAP_DEFAULTDELIVERY defaultDelivery
LDAP_MAILDIRQUOTA quota
LDAP_FULLNAME cn
LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
LDAP_DEREF never
# vi /usr/lib/courier-imap/etc/imapd
MAXDAEMONS=40
MAXPERIP=20
DEFDOMAIN="@wipro.com"
##IMAP_EMPTYTRASH=Trash:7
IMAPDSTART=YES
MAILDIRPATH=Maildir

# vi /usr/lib/courier-imap/etc/imapd-ssl
<< Same as above >>

DISABLE POP3 services in the below files :-

# vi /usr/lib/courier-imap/etc/pop3d
POP3DSTART=NO

# vi /usr/lib/courier-imap/etc/pop3d-ssl
POP3DSSLSTART=NO

Start the IMAP Services :-

# /etc/init.d/courier-authlib restart

# /etc/init.d/courier-imap restart

Check for open SMTP/POP/IMAP ports

# netstat –vatn

# telnet localhost 25
# telnet localhost 110
# telnet localhost 143

You should be able to authenticate yourselves properly.

Note :- You are free to use PHP interface such as phpldapadmin etc. to manage
LDAP users or you can use shell script to add them. Use whatever way you are
comfortable.