Monday, September 25, 2006

Setting up tcpserver for qmail

In the previous post I explained how to install a qmail SMTP server in a Red Hat machine. In that post I only got to the point where I could send messages to local users from the local machine using qmail-inject. Now we want to be able to send messages using this qmail server but from remote machines using port 25 on this server. We also want to configure tcpserver to manage start/stop all qmail services at boot time.

Installing tcpserver

As mentioned in the previous post there are several ways to manage tcp connections in a linux machine (i.e. inetd/xinetd, tcpserver). For scalability and security reasons I choose to use tcpserver.

The normal way to install is to download the source code, extract it and run make

# wget
# tar xvfz ../ucspi-tcp-0.88.tar.gz
# cd ucspi-tcp-0.88/
# make setup check

This software also has a compilation problem due to the errno.h header file as with qmail. Before we run the make command we must edit the error.h file and replace the line "extern int errno;" whith the line "#include <errno.h>" as we did with qmail.

After this we must create the access control list that determines who can relay emails with our server. Without this access control our SMTP server could be used by anyone to relay any email to any domain (think SPAM).

To create the access control list we create a text file "tcp.smtp" that will contain our rules and then generate a cdb file from it using the tcprules utility.

Let's create the text file with our rules:

(as root)
# vi /etc/tcp.smtp


Make sure to replace 192.168.0. with the subnet of the server you are installing. Then we run the tcprule command to generate the cdb file:

# /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

With this now we have a cdb file that contains our access control rules. In this example the rules we created allow only machines in the same subnet of the server to and the server itself to relay emails to other domains (i.e. domains that are not locally configured in the rcpthost file of qmail). To learn more about how to create other rules and the tcprules utility refer to the tcprules page and to learn about the cdb file format refer to this page.

Now we can use the tcpserver command to start the qmail service on port 25. The complete command to do this should look like this:

# tcpserver -v -u[qmaild UID] -g[nofiles GID]-x /etc/tcp.smtp.cdb 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &

The details of the command can be found on the tcpserver page or by looking at the man page. The only thing that requires mention is the redirection of the standard/error output to the splogger command. This only redirects the messages of the tcpserver and qmail-smtpd commands to the system logger (i.e. syslog).

To start the qmail services when the machine boots we need a startup script. I have modified the sendmail startup script so it starts qmail instead:

# qmail This shell script takes care of starting and stopping
# qmail MTA.
# chkconfig: 2345 80 30
# description: Qmail is a Mail Transport Agent, which is the program # that moves mail from one machine to another.
# processname: qmail
# config: /var/qmail/control
# pidfile: /var/run/

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network

# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0


start() {
# Start daemons.

echo -n $"Starting $prog: "

csh -cf '/var/qmail/rc &'
/usr/local/bin/tcpserver -H -R -l -v -x /etc/tcp.smtp.cdb -u 92 -g 91 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &

## HERE GOES THE POP3 COMMAND. More on this in latter posts...

touch /var/lock/qmail

return $?

stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
PID=`/bin/ps -aefw | grep qmail | awk '{print $2}'`
if [ ! -z "$PID" ] ; then
/bin/kill ${PID} 1> /dev/null 2>&1
rm -f /var/lock/qmail
return $?

# See how we were called.
case "$1" in
status qmail
echo $"Usage: $0 {start|stop|restart|status}"
exit 1

exit $RETVAL

I am far from an expert on Red Hat init scripts so don't expect this one to be perferct. It works for me but I am not responsible if it burns your machine or something.

Copy this script in a file called qmail inside the /etc/init.d directory and use this command to install the script as a startup script:

# /sbin/chkconfig --add qmail

Then we configure the newly added qmail startup script to be excecuted at boot up:

# /sbin/chkconfig --level 235 qmail on

and we are done!! now we can start/stop the qmail services using the Red Hat service command like:

# service qmail start
# service qmail stop


# /etc/init.d/qmail start
# /etc/init.d/qmail stop

Comming Soon!!
Next post will be about POP3 service so users in this server can download the mails they receive. During this process I will also install vpopmail to manage virtual domains using a MySQL backend.

No comments:

Post a Comment