Part 2 - Installing Qmail Itself
Now that you've downloaded all the needed packages, we can start theinstall. At this point you should have a qmailrocks source directory located at /downloads/qmailrocks. If you don't, go back to step 1. This step involves the setup of the very heart of you new qmail server. In this step, we'll install qmail itself, ucspi-tcp and daemontools. These 3 packages are the core of the qmail server and will be the foundation on which we build everything else. So don't screw it up!

RH 9/RHEL/Fedora/Slackware users:
If you're doing this installation on Redhat 9, RHE, Fedora or Slackware, be prepared to install a bunch of patches for almost everything. Redhat 9 uses a different compiler than previous versions and without the patches, you'll have a headache for days. This is a known issue, fortunately. It's documented on Life With Qmail and Matt Wierdl has kindly put together a site containing most of the needed patches. More on that later on in the installation. You will note that during the install there will be areas marked with "RH 9/RHEL/Fedora/Slackware users". These areas are meant to be used by , obviously, people installing Qmail on Redhat 9. If you are such a person, when you see those addtional notes, simply add whatever the notes instruct you to do directly into the sequence of the installation. For example, if you were to see:

Step A

RH 9/RHEL/Fedora/Slackware users: Step A-1 - you will need to do the following here:


Step B

A Redhat 7.x user would simply do Step A and then Step B. A Redhat 9 user would do Step A, Step A-1 and then Step B.

To start things off, I've created a handy little shell script that takes care of the first portion of getting qmail, ucspi-tcp and daemontools intalled. Simply run this script from the command prompt of your Solaris box and you should be golden. The script will tell you what it's doing along the way.

/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script   (click here to view this script)

If all goes well, you should have all the needed user and groups created as well as all the needed directories, permissions and ownership settings needed for the installation of qmail, ucspi-tcp and daemontools

Before we start to compile and install qmail, ucspi-tcp and daemontools, we're going to apply a group of patches to qmail. These patches will build all sorts of cool functionality directly into qmail before we install it. In total, we're going to add around 15 patches, but fortunately John Simpson has combined all but one of these patches into one giant patch file. But it gets even easier because I've thrown together a shell script that applies ALL the patches in one quick step. I'm making this so easy for you it's almost sickening. :)

Here's the basic gist of these patches: All critical patches included in this bundle will be automatically integrated in your qmail server's functioning. However, there are a few non-critical patches that have to be configured in order to work. These non-critical patches are included merely to give you a few extra little goodies that you can play with on your own time. Some of these "extra little goodies" are new to me too, so as I learn more about them I will certainly go into more detail.

So that you're not completely ignorant as to what theses patches are going to be doing to your qmail server, here's a quick list of what patches are included. I have color coded these patches so that you will know which ones are critical and which ones are not.

red patch = critical patch, as far as the QMR install is concerned, that is automatically integrated into your qmail server and requires no additional work on your part.

blue patch = a non-critical patch that merely adds some cool functionality. Blue asterisk patches also will be automatically integrated and require no additional work.

green patch = a non-critical patch that merely add some cool functionality, but which needs to be configured in order to be active.

maxrcpt patch - Allows the sysadmin to set limits a message's number of recipients. The default for this patch is set to 100.

mfcheck patch - causes qmail-smtpd to reject messages where the domain portion of the envelope sender is not a valid domain

quota patch - Turns "over quota" errors into HARD errors, not soft. A wake up call for those 2 or 3 jackasses on your server who never check their mail.

date-localtime patch - causes qmail to use the local timezone in any headers it generates.

qmailqueue - the classic patch that allows qmail-smtpd to call other programs to process messages. Through qmailqueue, we will later tie in Clam Antivirus and Spamassassin. However, many ofther programs can also be tied in if you so desire.

jms1-antispam patch - An anti-spam patch created by John Simpson, which works within qmail-scanner to trick spam servers into believing a spam message is delivered, when in fact it isn't. This is inactive by default, but you can play around with this if you want.

errno.patch - patches error.h to work correctly with libc-2.3, which is used by RedHat 9 and a few other Linux distributions

smtp-auth patch - good old smtp authentication

STARTTLS/AUTH patch - patch from, modified by John Simpson to not advertise AUTH unless the command line elements are there, AND adding a check to not advertise or support AUTH unless the connection is secure.

forcetls patch - a patch created by Ryan Schlesinger to compensate for mail clients that do not support TLS. Using this patch, your qmail server will always accept an smtp connection encrypted with TLS. However, if any of your users have a mail client that does NOT support TLS, they will still be able to connect with just a plain AUTH connection. This is the default setting that this patch installs with. However, if you're a security nazi, this patch allows you to set your server so it will REQUIRE a TLS smtp connection no matter what. This patch simply gives you some flexibility with your TLS enabled qmail server.

The SPF patch - adds SPF checking to qmail-smtpd. SPF is a system where the owners of domain names can "publish" the list of IP addresses from which their users send mail. If another mail server sees an incoming message claiming to be "From" that domain, but not coming from an IP on their SPF list, that server can reliably reject the message as spam. More info can be found here.

qmail- patch - fixes a difference between how Linux interprets the IP address "" and how the *BSD systems handle it. According to RFC 1122, the IP address should always be treated as an address for "this host, this network". Part of qmail's loop-detection logic is determining whether or not a given IP address "is" the current machine. This patch "teaches" qmail that is always the local machine.

qmail_local patch - fixes a possible bug in qmail-local having to do with how the first line of a .qmail file is interpreted, when it starts with whitespace.

sendmail-flagf patch - fixes how the "-f" option to /var/qmail/bin/sendmail is handled, so that it more closely matches how the original "sendmail" program's "-f" option worked.

bind-interface patch - a patch that lets you control the "source IP" from which outgoing connections appear from a machine with multiple IP addresses. This page on describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses.

8k-buffer-patch - increases the size of the memory buffer that qmail uses when querying the system for a list of all local IP addresses.

Ok, so enough talk. Let's apply these mega-patches and get this patching business out of the way...

/downloads/qmailrocks/scripts/util/qmail_big_patches.script   (click here to view this script)

Now we build Qmail...

cd /usr/src/qmail/qmail-1.03

make man && make setup check

./config-fast your_fqdn_hostname (ex: ./config-fast

OK, qmail itself is now built and installed. Now let's generate a secure certificate that will be used to encrypt your server's TLS encrypted SMTP sessions...

make cert

When you run the above command you will be asked a series of questions regarding the generation of your certificate. They are non-technical questions...such as your location, business name, organaization name, common name and so forth. If you've ever generated an SSL cert before, this should be familiar stuff to you. If you haven't, simply follow the directions. It's easy. If you have trouble following the directions, you might as well give up now because you're a RETARD. Since the cert you are generating is already NOT from a trusted authority such as Verisign or Thawte, the information you provide here is not really THAT important, so don't sweat it.

Here's a sample of my cert cert configs. Don't be an idiot. Substitute in your own information.

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []
Email Address []

If the cert is successfully generated it will be automatically installed at /var/qmail/control/servercert.pem, along with a symlink to that cert at /var/qmail/control/clientcert.pem

Now we set the right ownership for the newly create cert...

chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem

Now we build ucspi-tcp...

cd /usr/src/qmail/ucspi-tcp-0.88/

RH 9/RHEL/Fedora/Slackware users: You will need to patch ucspi-tcp with an additional errno patch:

patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch

make && make setup check

If you don't get any errors, that's it for ucspi-tcp!

Now we build the daemontools....

cd /package/admin/daemontools-0.76

RH 9/RHEL/Fedora/Slackware users:You will need to patch daemontools with an additional errno patch:

cd /package/admin/daemontools-0.76/src

patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch

cd /package/admin/daemontools-0.76


If no errors are reported, you've successfully compiled the daemontools package!

All done for now...

If you run take a look at the running processes on your server at this point, you should see the daemon "svscanboot" running. You can usually do this with a "ps aux" command. Here's a screenshot of it. If you see "svscanboot" running, you're in good shape.

OK, Qmail is almost totally installed but we're going to pause right here and install a bunch of handy tools and features that will make Qmail pretty and fun! After that, we'll make some final changes to Qmail and then crank it up!

Page Compile Time: 0.00022196769714355 Seconds.