ivo ivo at thecourtofeden.org
Fri Dec 14 18:06:09 PST 2001

Hi Ian,

Well a small note grew to a full hint, I have no one to proof read it
and my english is not 100%. I hope its reliable cource i tested this hint
on one system.

I use this configuration myself and therefor i will maintain it if
insights change. I soon will add stuff to it and post a follow up to you

Let me know if you can use it for your hint collection or if it need
some work to be done.

Any other input is welcome

Greetz Ovis
-------------- next part --------------
TITLE:          Qmail and Cyrus Imap with virtual domains
LFS VERSION:    Tested on LFS-3.0
AUTHOR:         Ivo Schaap <ivo at thecourtofeden.org>

SYNOPSIS:       How to install and configure Qmail and Cyrus Imap from
                source on a lfs system and howto to use virtual domains.

version 1.0 (12/15/2001)


1. Introduction
2. Prerequisites
3. Sources
4. Installation of Qmail
5. Installation of Imap
6. Configuration of Qmail and Mailboxes
7. Interesting readings
8. Legal Blurb

1. Introduction

First of all I wanna thank Gerard and all the others for providing
the platform where we do the stuff we do.

In this hint we setup a mail server that serv two example domains
and have different example users per domain:

   - linuxfromsource.org

      - John the Ripper
      - Susie Summer
      - Dirk Beekmans

   - linuxfrombinary.org

      - Olaf Olsen
      - Jennifer Loopneus
      - Pamela Andersom

This suppose to be a hint on imap and I know there is a pop 
port running to. I have no idea how to use them together
becource pop flush the mail from the server and imap don't.
Maybe someone can fill me in on that.

In the future I want to add instructions on how to implement
a web interface for all the users.
A combination of apache php perl ssl seems logical

Also i like to know howto use imap with Secure Socket Layer
and a self signed certificate.

If any one has an idea mail me and i put it here.

2. Prerequisites

Make sure there is an MX record in DNS to point mail for the virtual domain
to the host running qmail.

3. Sources


Berkeley DB:


4. Installation of Qmail

A. Create a work directory for Qmail and untar sources

mkdir /opt/qmail &&
cd /usr/src &&
tar zxvpf qmail-1.03.tar.gz &&
cd qmail-1.03 &&

B. Change the program parameters. Read the documentation for other

vi conf-qmail

Add :


vi conf-cc

Add: (Use your own architecture)

gcc -O3 -march=i686

C. Create user and group ID's

vi /etc/group

Add: (Use your own ID's if this is conflicting)


vi /etc/passwd

Add: (Use your own ID's if this is conflicting)


D. DNS Hack to use DNS response packets larger than 512 bytes
   Qmail 1.03 chokes on large DNS packets sometimes. 

vi +24 dns.c

And change:

static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response;


static union { HEADER hdr; unsigned char buf[65536]; } response;

E. Final compilation and installation

make setup check

F. Note

Configuration of qmail can happen in many way's, read the documentation
on the different kinds of configurations. At the end of this document i
go into initalization and configuration of qmail

5. Installation of Imap

A. First make sure you have Berkeley DB
   Otherwise use this to install it (Taken from the GNOME-Hint) 

Berzerkeley DB: (3.3.11 specific)
    UCB's database library.
        cd build_unix/
        ../dist/configure \
          --prefix=/usr \
          --enable-compat185 \
          --enable-static \
        make docdir=/usr/doc/Berkeley-DB all install
        cd /usr/lib/ && ln -s libdb-3.3.a libdb.a
        sed 's/^DB185/DB/' /usr/include/db_185.h > /usr/include/db_185.h.new
        mv /usr/include/db_185.h.new /usr/include/db_185.h

B. Compile and install SASL

./configure --prefix=/usr &&
make &&
make install

C. Compile and install IMAP

First find this one and put it in /usr/include
or if you dont have it get it here:


locate com_err.h

cp /usr/include/et/com_err.h /usr/include/

./configure --prefix=/usr --with-auth=unix

vi /etc/group

Add: (Use your own ID's if this is conflicting)


vi /etc/passwd

Add: (Use your own ID's if this is conflicting)


passwd cyrus &&
pwck && pwconv &&
make depend &&
make all CFLAGS=-O &&
make install 

D. Configuring IMAP

Added to /etc/syslog.conf

local6.debug -/var/adm/imapd.log
auth.debug -/var/adm/auth.log

/etc/init.d/sysklogd restart

Added to /etc/imapd.conf

configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
srvtab: /var/imap/srvtab
allowanonymouslogin: no

mkdir /var/adm
touch /var/adm/imapd.log /var/adm/auth.log
mkdir /var/imap /var/spool/imap /var/imap/srvtab
chown cyrus /var/imap /var/spool/imap /var/imap/srvtab
chgrp mail /var/imap /var/spool/imap /var/imap/srvtab
chmod 750 /var/spool/imap /var/imap/srvtab
chmod 755 /var/imap

(in src dir of imap !!)

su cyrus
cd /var/imap
chattr +S . user quota user/* quota/*
chattr +S /var/spool/imap

touch /var/spool/mqueue
chattr +S /var/spool/mqueue

Added to /etc/services

pop3    110/tcp
imap    143/tcp
imsp    406/tcp
kpop    1109/tcp
sieve   2000/tcp

vi /etc/sendmail.mc  (Note: Make Damn sure the last 3 lines contain TABS !!!!)

R$=N$:			$#local $: $1
R$=N < @ $=w . >	$: $#local $: $1
Rbb + $+ < @ $=w . >	$#cyrusbb $: $1

cd /etc
m4 sendmail.mc > sendmail.cf

/usr/sbin/saslpasswd cyrus
chown cyrus.mail /etc/sasldb

cd usr/src/cyrus-imapd-2.0.16
cp master/conf/small.conf /etc/cyrus.conf

cat << EOF > /etc/init.d/imap 
# Begin /etc/init.d/imap

# Include the functions declared in the /etc/init.d/functions file

source /etc/init.d/functions

case "$1" in
                echo -n "Starting IMAP..."
                /usr/cyrus/bin/master &

                echo -n "Stopping IMAP..."
                killproc /usr/cyrus/bin/master

                echo -n "Reloading IMAP..."
                reloadproc /usr/cyrus/bin/master


                $0 stop
                /usr/bin/sleep 1
                $0 start

                statusproc /usr/cyrus/bin/master

                echo "Usage: $0 {start|stop|reload|restart|status}"
                exit 1


# End /etc/init.d/imap

chmod 700 /etc/init.d/imap

/etc/init.d/imap start

E. Check configuration

su cyrus 
imtest -m login -p imap localhost

Use this to bail out !!
. logout

F. Per User Imap Configuration

There are more things possible but this is the bare minimum
perform this for each user. And understand that there are
two password for a user, the unix one, and the imap one.

su - cyrus 
cyradm localhost
cm user.john
saslpasswd john

6. Configuration of Qmail and Mailboxes

A. First make sure all users have valid unix accounts and
   john is an admin cource root does not suposed to get mail

vi /etc/passwd

john:x:501:500:John the ripper:/home/john:/bin/bash
susie:x:502:500:Susie Summer:/home/susie:/bin/bash
dirk:x:503:500:Dirk Beekmans:/home/dirk:/bin/bash
olaf:x:504:500:Olaf Olsen:/home/olaf:/bin/bash
jennifer:x:505:500:Jennifer Loopneus:/home/jennifer:/bin/bash
pamela:x:506:500:Pamela Andersom:/home/pamela:/bin/bash

vi /etc/group


cd /home 

mkdir john susie dirk olaf jennifer pamela

chown -R <user>.mailuser <userdir>/ (for all users)

passwd <user>

B. Create a master user ID and home directory for the new domain

This is roughly how stuff works.
Mail is comming in for a domain, lets say pamela at linuxformbinary.org
Its first put in a drop box /home/binary/Maildir/ and then furter 
processed via .qmail-xxx files. the file contain a user that supposed
to get the mail. The user has a .qmail file in his or her home dir
which say what to do with it. In this case pipe it to /usr/cyrus/bin/deliver

cd /home

mkdir source binary

vi /etc/passwd

source:x:507:500:Mail account for linuxfromsource.org:/home/source:/bin/bash
binary:x:508:500:Mail account for linuxfrombinary.org:/home/binary:/bin/bash

vi /etc/group


chown -R source.mailuser source/
chown -R binary.mailuser binary/

passwd source
passwd binary

C. Editing the Qmail Control/Config files

Editing the control files is tricky and i'v spent lot's of time 
fiddeling around with it. Key thing to understand is that 
the host and domainname got something to do with the canonicalized
name that is assigned to your link with the internet.
For the people that use a ppp or an adsl connection this is often
something like sdf23-2.dsl.blabla.com Please dont ask me why,
it works and if anyone has a good explanation mail me !!

One way of finding out is with the commands that come with bind
dig or nslookup you can also try to login on an other box, logout,
and than run to that other box login again and read: your last login
was on xxx.xxxx.xxxxx.org or do an chat session on that box. I know
it isn't elegant but it works ;-)

For now lets hack some qmail

cat << EOF > /opt/qmail/rc 

# Using splogger to send the log through syslog.
# Using qmail-local to deliver messages to Maildir by default.

exec env - PATH="/opt/qmail/bin:$PATH" \
   qmail-start ./Maildir/ splogger qmail &

chmod 700 /opt/qmail/rc

cd /opt/qmail/control

vi me


<hostname> (example adsl32.net.xs4all.nl)


vi virtualdomains



vi locals 

Add: and whatever domain name should be treated as local


vi defaultdomain


<domainname> (example net.xs4all.nl)

vi smtpgreeting

Hi and welcom to this smpt server

chmod 644 *

Make the aliasses, john is a mortal user on the system that get
adminitrative email eg for root and for bounced or failed messages
these are nessesary

cd /opt/qmail/alias

echo john > .qmail-mailer-daemon
echo john > .qmail-postmaster
echo john > .qmail-root

and furter for all users:

echo <user> > .qmail-<user>


echo john > .qmail-john

So and now the init scripts 

cat << EOF > /etc/init.d/qmail
# Begin /etc/init.d/qmail

source /etc/init.d/functions

test -x /opt/qmail/rc || exit 0

case "$1" in
  echo -n "Starting Qmail...  "
  sh -cf '/opt/qmail/rc &'
  echo -n "Stopping Qmail... "
  killall -9 qmail-send
  echo -n "Restarting Qmail... "
  killall -HUP qmail-lspawn
  killall -ALRM qmail-lspawn
  echo "Usage: /etc/init.d/qmail {start|stop|restart}"
 exit 1

exit 0

# End /etc/init.d/qmail

chmod 700 /etc/init.d/qmail

Now we gonna setup the smtp port

cat << EOF > /etc/inetd.conf
# See "man 8 inetd" for more information.
# If you make changes to this file, either reboot your machine or send the
# inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a
# "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>

smtp    stream  tcp     nowait  qmaild  /opt/qmail/bin/tcp-env tcp-env /opt/qmail/bin/qmail-smtpd

# End

An other init script

cat << EOF > /etc/init.d/inetd
# Begin /etc/init.d/inetd

source /etc/init.d/functions

  case "$1" in
   echo -n "Starting Internet Server daemon..."
   echo -n "Stopping Internet Server daemon..."
   killall -9 inetd
   echo -n "Reloading Internet Server daemon..."
   killall -HUP inetd
   echo "Usage: $0 {start|stop}"

# End /etc/init.d/inetd

chmod 700 /etc/init.d/inetd

D. Per user virual domain config 

cd /home/source
/opt/qmail/bin/maildirmake Maildir
echo './Maildir/'  > .qmail-default
echo '&john'       > .qmail-postmaster
echo '&john'       > .qmail-webmaster
echo '&john'       > .qmail-root
echo '&john'       > .qmail-john
echo '&susie'      > .qmail-susie
echo '&dirk'       > .qmail-dirk
chown -R source.mailuser .
chmod 640 .qmail-*

cd /home/binary
/opt/qmail/bin/maildirmake Maildir
echo './Maildir/'  > .qmail-default
echo '&john'       > .qmail-postmaster
echo '&john'       > .qmail-webmaster
echo '&john'       > .qmail-root
echo '&olaf'       > .qmail-olaf
echo '&jennifer'   > .qmail-jennifer
echo '&pamela'     > .qmail-pamela
chown -R binary.mailuser .
chmod 640 .qmail-*

And now for all users substitude <user> for the login name

cd /home/<user>

echo '|/usr/cyrus/bin/deliver <user>' > .qmail

E. Starting up all processes and test if we got things running 

/etc/init.d/qmail start
/etc/init.d/inetd start
/etc/init.d/imap  start

You should know howto make the links for the differend runlevels
Otherwise Gerard Beekmans has a guide where this issue is adressed

Oke just start mailing everyone from localhost and remote and
have a terminal running with the following command:

tail -f /var/log/mail.log
tail -f /var/log/sys.log
tail -f /var/adm/imapd.log

if you wanna know WTF Qmail is doing:

for reading the que

for statistics

for information

netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:pop3                  *:*                     LISTEN      
tcp        0      0 *:imap                  *:*                     LISTEN      
tcp        0      0 *:ssh                   *:*                     LISTEN      
tcp        0      0 *:smtp                  *:*                     LISTEN      
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16068  /var/imap/socket/lmtp

If you want a hint on reading a imap box with fetchmail, compile fetchmail
and procmail and put the following in a .fetchmailrc in your home dir and do 
fetchmail -v

poll "linuxfromsource.org"
protocol imap
no envelope
no dns
username "john"
password "xxxx"
mda "/usr/bin/procmail -d john"

7. Interesting readings

All this information does not have come to me in a dream, Its a combination of 
sources that i used. A little file that i used to log thing has grown into
this hint and hopfully its usefull for others as well. Understanding e-mail
by this hint is not gonna help you enoug, you have to RTFM A LOT

The Big HOWTO:


Source documentation:


A nice Article:


And another one:


Google, Some guys on #lfs, a friend enz

Running Qmail - ISBN 0-672-31945-4 - Richard Blum - Sams Publishing 2000

8. Legal Blurb

The the author does not feel responsibe for loss or destruction of data and
mail due to typos and bad language. So if you wipe out you system or get your
dog killed don't come and cry on my shoulder. Be a man/woman and take 
responsibility for your own actions. On the other hand if your are succesfull
and want to contribute, throw a BIG bag of mony to Gerard Beekmans, he diserv
it. This is mine contribution to LFS and inprovements are welcome.

More information about the blfs-support mailing list