Too many connections Howto install of Qmail/vpopmail/courier-imap...

QMAIL + Vpopmail + courier-imap + Qmailadmin + MySql + Spamassassin + clamav + Squirrelmail + stats (Isoqlog, qms-analog, qmailanalog & qmail MRTG) under Linux

0. Misc. informations :
29/07/2003First versionSylvestre Ledru
31/07/2003Compiling issue with D. J. Bernstein
softwares (qmail, tcpserver and daemontools)
02/10/2003Antivirus (clamav) with qmail-scannerS.L.
03/10/2003Now spamassassin uses qmail-scannerS.L.
01/11/2003Few debug and cosmestic changesS.L.
21/12/2003Documentation with the new vpopmail version (4.4.X)
checking informations while the installation
10/01/2004Some unnecessary tools for qmail describe (qmHandle)S.L.
09/02/2004Uses the new version of qmailadmin & vpopmail.
Bugs fixed with feedbacks of users.
Sylvestre Ledru, Deon,
Greg Cope, sam, Scott Hallenbeck
22/04/2004The forum has been splitted in two parts (about the howto and technical questions) and is tree managed.S.L.
04/05/2004Stuff about qmailadmin 1.0.X and vpopmail 4.2.X have been removed.S.L.
28/06/2004Modifications/comments added for redhat/fedora.Robert Bartlett
15/07/20042 patches added for qmail and comments about all of them.S.L.
31/08/2004 Use netqmail instead of qmail
New link to Inter7 (new website)
New tcpserver method (MySQL relay table instead of tcp.smtp)
New features : spamassassin/antivirus preferences per domain/user, auto delete SPAM ...
New versions of vpopmail (5.4.3 -> 5.4.6), maildrop (1.6.3 => 1.7), spamassassin (2.55 -> 2.64), qmailscanner (1.22 -> 1.23)
13/09/2004 Problem fixed in the tcpserver-mysql patch
Table structure added
01/12/2004 New versions of vpopmail (5.4.6 -> 5.4.8), qmailadmin (1.2.0 -> 1.2.3), courier-Imap (3.0.3 -> 3.0.8), squirrelmail (1.4.2 -> 1.4.3a)
Uses qms-analog (for qmail-scanner 1.24) with qmailanalog & qlogtools
20/12/2004 Fix errono errors under Redhat for qlogtools & qmailanalog Alexandr Tvaradze
22/02/2005 Russian version and the news & comments Alexandr Tvaradze
11/03/2005 Forum about this howto has been splited (the size of this document started to be huge).
Stats produced by qmail-scanner & patches. sample
FranÃcois Bayart &S.L.
23/03/2005 Various complement of informations (missing +x for qms-config-monitor, mysql lib dev...)
New versions of vpopmail (5.4.9 -> 5.4.10), authlib (0.54 => 0.55), courier (4.0.1 => 4.0.2)
Problems fixed with courier-imap & authlib (thx Rance and François)
05/09/2005 New version of qmailadmin (1.2.3 -> 1.2.9)
Compilation informations for courier 3.X (in case of problems with 4.X)
09/09/2005 New version of qms-analog (4.2 -> 4.4) Attention, this modification needs to change scanners-per-domain.txt to settings-per-domain.txt (thx Doug)
29/01/2006 New version of maildrop (1.8.0 => 2.0.1) The package "libpcre3-dev" is needed. S.L.
05/06/2006 New version of vpopmail (5.4.10 => 5.4.13), qmail-scanner (1.25 => 2.01), new configuration of spamassassin S.L.
18/07/2007 New version of maildrop (2.0.2 => 2.0.4), vqadmin (2.3.2 => 2.3.7), imap-proxy (1.2.3 => 1.2.4)
Great update of the ucspi-tcp / MySQL patch by Pierre Wieser which add some new features.
A help about a maildrop problem
The vpopmail option --enable-domainquotas has been removed (broken atm)
A few links have been updated (thanks Willi Girard)
20/09/2007 New version of vpopmail (5.4.17 => 5.4.23), authlib (0.55 => 0.59.3), courier-imap
In 11.4 smtp, changed to

If you have any comment, idea (not support) ... Don't hesitate to contact me
I can also provide help on the installation/maintenance on mail servers as a freelance.
If you like this howto and you want to thank me for my work : here is my wishlist on Amazon - France or my Amazon US wishlist :)
If you are a corporation and you make some business thanks to my howto, we'll love to have a present from you (or just tell me who is using my howto).
Thanks to Avence
Thank you very much to Vincent Bataille for his present (a great book) and Laurent Treier, Scott Kinkade & Martin Östlund for the cash donation.
The russian version by Alexandr Tvaradze.
There is also a modified bulgarian version of this howto.
Return to the Linux page

I made this howto to sum up all the stuff necessary to install qmail with module in order to provide an SMTP, POP3, IMAP server providing web administration, monitoring, webmail with proxy, antivirus and spam killer.

To do that, I will use :
- qmail (
- vpopmail as POP3 server (
- courier-imap as IMAP server (
- spamassassin as spam killer (
- tcpserver as inetd remplacement (
- qmail-scanner (
- qmail-scanner st (
- qms-analog (
- tcpserver as inetd remplacement (
- ezmlm as mailing list system (
- qmailadmin as account and mailing list manager (
- vqadmin as domain manager (
- qmailmrtg as activity monitoring (
- isoqlog as detailled activity (
- squirrelmail as webmail (
- IMAP Proxy as IMAP Proxy (

This HOWTO should work without a lot of modifications on almost all Linux distributions or *BSD.

0. Misc informations
1. Qmail
1.1 Create users & groups
1.2 Create directories
1.3 Install qmail itself
2. Daemon tools
2.1 Maildrop
3. TcpServer
4. Vpopmail
5. Autorespond
7. Ezmlm
8. Spamassassin
9. Clamav - Antivirus
10. qmail-scanner
11. Scripts and directories
11.1 Alias and default directories
11.2 Supervise/Svscan Startup
11.3 POP scripts
11.4 SMTP scripts
12. QmailAdmin
13. VQAdmin
14. Courier
15. IMAP Proxy
16. Squirrelmail
17. Isoqlog
18. Qmailmrtg
19. Tools
20. With Redhat
21. Files
22. References

1. Qmail install

1.1 Creating Users & Groups for Qmail & Vpopmail
We add groups and users with special gid (group id) and uid (user id). It is necessary for the security.
Group and user should be set to "89" under Redhat.
Group/user 98 is in use by ident

mkdir /var/qmail
groupadd -g 98 vchkpw
useradd -u 98 -g 98 -c Vpopmail-Master -d /home/vpopmail -s /bin/false vpopmail
groupadd -g 91 nofiles
groupadd -g 92 qmail

useradd -u 91 -g 91 -d /var/qmail/alias -s /bin/false alias
useradd -u 92 -g 91 -d /var/qmail -s /bin/false qmaild
useradd -u 93 -g 91 -d /var/qmail -s /bin/false qmaill
useradd -u 94 -g 91 -d /var/qmail -s /bin/false qmailp
useradd -u 95 -g 92 -d /var/qmail -s /bin/false qmailq
useradd -u 96 -g 92 -d /var/qmail -s /bin/false qmailr
useradd -u 97 -g 92 -d /var/qmail -s /bin/false qmails Under redhat/fedora change the uid(97) to 90, because the dovecot programs used it.

echo "/bin/false" >> /etc/shells Only if you don't have this line in /etc/shells

1.2 Make directories for Logging and Special Modules

mkdir /var/log/qmail
mkdir /var/log/qmail/qmail-send
mkdir /var/log/qmail/qmail-smtpd
mkdir /var/log/qmail/qmail-pop3d
chown -R qmaill.root /var/log/qmail
chmod -R 750 /var/log/qmail

1.3 Install of qmail / netqmail
Now, I use netqmail which is a *version* of qmail with a lot of patch (
Why qmail does not include all that stuff ?
Because of the licence used by djb.

tar -zxvf netqmail-1.05.tar.gz
cd netqmail-1.05/
cd netqmail-1.05

You should get something like : You should see 7 lines of text below. If you see anything
else, then something might be wrong.
[1] Extracting qmail-1.03...
tar: Read 1024 bytes from -
[2] Patching qmail-1.03 into netqmail-1.05. Look for errors below:
[4] The previous line should say 24 if you used GNU patch.
[5] Renaming qmail-1.03 to netqmail-1.05...
[6] Continue installing qmail using the instructions found at:
Edit the file conf-split (it will increase the queue subdirectory split) If the queue will be stored on ReiserFS, set conf-split to 1.

;replace 23 with 199

then conf-spawn It is the silent concurrency limit control file

;replace 120 with 255

Compile qmail :

patch -p1 < qmail-1.03-mfcheck.3.patch
patch -p1 < netqmail-maildir++.patch Enable the quota for maildir
make WITH_QMAILQUEUE_PATCH=yes setup check WITH_QMAILQUEUE_PATCH is set to specify that we will use qmail-scanner

./config-fast tractopel.ecranbleu.orgChange it for your host

echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote
echo 1 > /var/qmail/control/mfcheck Only if you want to do a dns check immediatly at the smtp connexion

2. Daemon tools

You may have to patch daemontools in order to compile it with the Glib v. 2.3.1

mkdir /package
chmod 1755 /package
cd /package
tar -zxvf daemontools-0.76.tar.gz
mv admin/daemontools-0.76/ daemontools-0.76
rmdir admin/
patch -p0 < daemontools-0.76.errno.patch
cd daemontools-0.76/
cd ..
rm daemontools-0.76.tar.gz daemontools-0.76.errno.patch

You may want to remove the respawn of qmail (it is a very borring option when you have to shutdown qmail). To do that, you have to edit /etc/inittab andcomment the last line (SV:123456:respawn:/command/svscanboot) and kill -HUP 1. -- remove other smtp if you already have one installed
for example, comment smtp/pop/imap stuff in /etc/inetd.conf or /etc/xinetd.conf
remove exim in /etc/rc2.d/

If you want to check if it works or not, check if you have links in this directory /command/ pointing to /package/daemontools/command/.

2.1 Maildrop

tar -jxvf maildrop-2.0.4.tar.bz2
cd maildrop-2.0.4/
make install
cd ..

You may have to install pcre (apt-get install libpcre3-dev under Debian)
Check :
if the file /usr/local/bin/maildrop exists

If you get /usr/bin/install: cannot stat `makedat/makedatprog': No such file or directory, please install before gdbm and try a 'make distclean' and recompile maildrop again

3. TCPServer

TCPserver is used to manage network connexions and also the roaming (POP/IMAP before SMTP, allow a user to use the SMTP once he checked his emails).
Here, for the roaming, there is two solutions :
- the classical way with the famous ~vpopmail/etc/tcp.smtp
- store all the relay in the Mysql database (more info)
Which one is the best ?
Well, it really depends want you need. If you want to configure a multiserver mail server, the Mysql solution is very good. This solution has also the advantage to be quite easy to maintain (I had a few times troubles with the tcp.smtp file: I had to rehash the file by hand which is a bit borring).

Common part :

tar -zxvf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
patch -p1 < ucspi-tcp-0.88.a_record.patch
patch -p1 < ucspi-tcp-0.88.errno.patch
patch -p1 < ucspi-tcp-0.88.nobase.patch

All the three patches here are used to fix a compilation issue with a recent glibc.

Classical way (~vpopmail/tcp.smtp) : -- relay permissions
edit /home/vpopmail/etc/tcp.smtp,RELAYCLIENT=""
198.168.1.:allow,RELAYCLIENT="" Change this address to your network

/usr/local/bin/tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp < /home/vpopmail/etc/tcp.smtp
chmod 644 /home/vpopmail/etc/tcp.smtp.cdb

The MySQL way : First, under fedora, you have to edit the conf-ld file in order to add the path to the mysql lib.

patch -p1 <

For this part, you will need the mysql developement library. apt-get install libmysqlclient10-dev (debian)
This patch has been updated by Pierre Wieser. He added some new features : Then, you need to create the configuration in order to access to the mysql database. Edit the /var/qmail/control/sql file and change the values to match your configuration.

port 3306
database vpopmail
table relay
user vpopmail_edit
pass vpass
time 1800
denytable deny_from
denytime 24

The table structures are :

ip_addr char(18) NOT NULL default '',
timestamp char(12) default NULL,
PRIMARY KEY (ip_addr)
CREATE TABLE deny_from (
ip_addr char(18) NOT NULL default '',
timestamp char(12) default NULL,
PRIMARY KEY (ip_addr)

For the mysql configuration, just look few lines under.
If you want to had an "always authorized ip address" for the SMTP, you have to insert an record by hand. For example, you may (will) want to authorized to use the smtp server all the time :

mysql> insert into relay (ip_addr) values ('');

mysql> select * from relay;
| ip_addr | timestamp |
| 62.210.141.XX | 1094032768 |
| 217.167.120. | NULL |
| 80.201.115.XX | 1094032739 |
| 212.239.131.XX | 1094027678 |
| | NULL |
5 rows in set (0.00 sec)

Common :

make setup check
mkdir -p /home/vpopmail/etc/

4. vpopmail

Vpopmail is used as virtual POP server (ie it is not at all linked with the /etc/passwd file).
Create a vpopmail database and two users. The first one who can access and the other one who can modify the database. For example, connect to mysql (mysql -u root -p) and :

mysql> create database vpopmail;
mysql> grant update, create, delete, insert, select on vpopmail.* to vpopmail_edit@localhost identified by "vpass"; Change localhost to the vpopmail host and the password
mysql> flush privileges;

If the following line works, the vpopmail database should work.

[sly@reloaded] ~$ mysql -h localhost -u vpopmail_edit -pvpass vpopmail

If you get problems, you should look the mysql documentation With vpopmail 5.4.X, which is the lastest version of vpopmail (release as stable the 1 february 2004)

tar -zxvf vpopmail-5.4.23.tar.gz
mkdir -p ~vpopmail/etc/
cd vpopmail-5.4.23/
echo "localhost|0|vpopmail_edit|vpass|vpopmail" > ~vpopmail/etc/vpopmail.mysql
Change your informations
chown vpopmail.vchkpw ~vpopmail/etc/vpopmail.mysql
chmod 640 ~vpopmail/etc/vpopmail.mysql
apt-get install libmysqlclient10-dev      If you are under debian, otherwise, you must have the mysql sources available
apt-get install zlib1g-dev     If you are under debian, otherwise, you must have these sources available (Thanks to Ken MacFerrin).
./configure --enable-roaming-users=y --enable-logging=y --enable-ip-alias-domains=y --enable-auth-module=mysql --enable-clear-passwd=n --enable-libdir=/usr/include/mysql/ --enable-tcpserver-path=/home/vpopmail/etc/ --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-logging=e --enable-tcprules-prog=/usr/local/bin/tcprules --enable-rebuild-tcpserver-file For redhat/fedora, change /usr/include/mysql to /usr/lib/mysql
If you use the mysql relay solution for tcpserver, remove --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp
make install-strip

The roaming option means that if a user check his email, it will open the smtp just for this user.
Now, edit the crontab with :

crontab -e

and add this inside :

40 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null

Every time clearopensmtp is run, list of IP's which can relay through the smtp server is checked for time stamps which are older than the --enable-relay-clear-minutes option (The default is 3 hours). And it will delete too old "connections".
If you want to check if it works or not, try /home/vpopmail/bin/vadddomain if you get some "vmysql: sql error[c]: MySQL server has gone away" or "Failed while attempting to add user to auth backend", you may have some trouble with your mysql account configuration. (If you don't get anything, that works !)

5. Autorespond

It is an autoresponder which allows an automatic return email to be sent to the original sender.

tar -zxvf autorespond-2.0.2.tar.gz
cd autorespond-2.0.2
make install

6. gdbm (database routine)

tar -zxvf gdbm-1.8.3.tar.gz
cd gdbm-1.8.3/
make install

7. Ezmlm (Easy Mailing List manager)

Ezmlm is the mailing list manager.


tar -zxvf ezmlm-0.53.tar.gz
tar -zxvf ezmlm-idx-5.1.1.tar.gz
mv ezmlm-idx-5.1.1/* ezmlm-0.53/
cd ezmlm-0.53
patch < idx.patch

edit sub_mysql/conf-sqlld

-L/usr/lib/mysql -lmysqlclient -lnsl -lm
-L/usr/local/lib/mysql -lmysqlclient -lm

make clean
make man
make setup

8. Spamassassin

I wrote some bit about spamassassin with qmail, it is almost the same thing...
Spamassassin is a very powerfull program which checks if the receveid email is a spam or not. The analys is based on a list of mark. If the sum of all the mark exceed a specified amount (for example 5), the email will be tagged (****SPAM**** in the topic).
With this, it is very easy to create a rule which will move all emails into a specific directory (i.e. trash:).

apt-get install spamassassin If you use debian sarge (ie testing)
tar -zxvf Mail-SpamAssassin-2.64.tar.gz
cd Mail-SpamAssassin-2.64
perl Makefile.PL
make install
cp spamd/ /etc/init.d/spamassassin You can replace debian by redhat, solaris, netbsd, suse ...
chmod +x /etc/init.d/spamassassin

Edit /etc/init.d/spamassassin

change DAEMON=/usr/sbin/spamd to :

Create the file /etc/default/spamassassin with this 2 lines :

OPTIONS="-v -m 50 --auto-whitelist"

With that stuff, you can launch spamd which is bascilly a spamassassin deamon (provides great performances).
-m 50 : 50 childs
-v : vpopmail config
--auto-whitelist : Use auto whitelist (friend list)
Then, edit /etc/mail/spamassassin/ (for more details)

required_hits 5.0
add_header all Report _REPORT_
rewrite_header Subject 1
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
dns_available yes
dcc_add_header 0
skip_rbl_checks 0
bayes_auto_learn 1
use_bayes 1
bayes_path /var/qmail/spamassassin/
auto_whitelist_path /var/qmail/spamassassin/auto_whitelist
use_pyzor 1 (Only if you have installed pyzor)
use_razor2 1 (Only if you have installed razor2)

Then start the spamassassin server and test it :

/etc/init.d/spamassassin start
spamc < sample-spam.txt It will produce the test spam result
spamc < sample-nonspam.txt It should return the original email
For the spam, you should get :
X-Spam-Level: **************************************************
X-Spam-Status: Yes, hits=1000.0 required=6.0 tests=GTUBE autolearn=no version=2.60

This should be enough to use SpamAssassin on the whole system.

9. Clamav - Antivirus

Before the clamav installation, you have to install unzoo, unrar, lha, arj and unzip (in order to unpack email attachements).

Under debian : apt-get install clamav
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

[ Install the source version of clamav ]

In the file /etc/clamav/clamd.conf, change the line :

User clamav


User qscand

Then, change the property of the running directory :

chown -R qscand. /var/run/clamav/

And the restart clamav

10. qmail-scanner, (which already includes :

Qmail-scanner is an email parser (like Amavis) which means that qmail-scanner will parse the email and call spamassassin and/or clamav in order to check what they have to check.
I now use a patched version a qmail-scanner which enabled great features like auto delete/reject/quarantine spam over a specified score but also to select which scanners will be used for a domain and even for a user, then, it is possible to configure the spamassassin / antivirus just for one domain/user.
You need perl-suid. (apt-get install perl-suid)

tar -zxvf qmail-scanner-2.02.tgz If you are updating your system, don't forget to delete the old source tree
gunzip q-s-2.02st-20080119.patch.gz
cd qmail-scanner-2.02
patch -p1 < ../q-s-2.02st-20080119.patch
groupadd qscand
useradd -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand

./configure --domain \
--admin postmaster \
--local-domains "`cat /var/qmail/control/rcpthosts | tr "\n" ","`" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-ecranbleu" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--admin-fromname "Mail admin" \
--settings-per-domain yes \ In a recent version qmail-scanner st, the name of this parameter changed from scanners-per-domain to settings-per-domain. You have also to rename your scanners_per_domain.txt file to settings-per-domain.txt
--sa-delete 5 \
--sa-reject no \
--sa-subject "*****SPAM*****" \
--sa-alt no \
--sa-debug no \
--notify sender,recips \
--redundant yes\
cp /var/qmail/bin/

If you are updating qmail-scanner, rename /var/spool/qmailscan to /var/spool/qscan/
If you want to enable/disable some scanners, edit the /var/spool/qmailscan/settings_per_domain.txt
To rehash the scanner per domain file : /var/qmail/bin/ -p
To rehash the quarantine attachement file : /var/qmail/bin/ -g
Since the version 4.4 of qms-analog, this file can be customise more deeply. It is possible to change sa_subject, sa_delete... for each address/domain which can be very useful and avoid "global configuration".
Here is the syntax of this file (for more information : have a look to this url):,ps,clamdscan_scanner,ps'** SPAM **'2.5''3.9'0,ps,ps

# sa = spamassassin
# ps = perl scanner
# clamdscan_scanner

Thanks to this solution, it is possible to produce daily/weekly/monthly total stats about the email traffic. In order to use it,edit this two line in this file : /var/qmail/bin/qmailstats

echo "To:" > $EMAILMSG echo "From:" >> $EMAILMSG

Uncomment the echo/cat lines if you want to display weekly/mothly stats. be carreful, the mail can be huge :

#### Last 7 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 7 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 168 >> $EMAILMSG

#### Last 30 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 3 0 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 5040 >> $EMAILMSG

If you want to launch it every night (5:00) :
crontab -e

0 5 * * * /var/qmail/bin/qmailstats &>/dev/null

It will produce this kind of stats : mailstats.txt

11. Scripts and directories

11.1 Alias and default directories

mkdir ~alias
chown alias.qmail ~alias
echo "" > /var/qmail/alias/.qmail-root
echo "" > /var/qmail/alias/.qmail-postmaster
echo "" > /var/qmail/alias/.qmail-mailer-daemon
chmod 2755 ~alias
chmod 644 ~alias/.qmail*

edit /var/qmail/users/assign Change the domain here

Don't forget the final .
11.2 Supervise/Svscan Startup

mkdir /service
chmod 755 /service
mkdir /var/qmail/supervise
chmod 755 /var/qmail/supervise

mkdir /var/qmail/supervise/qmail-smtpd
mkdir /var/qmail/supervise/qmail-smtpd/log
chmod +t /var/qmail/supervise/qmail-smtpd

mkdir /var/qmail/supervise/qmail-send
mkdir /var/qmail/supervise/qmail-send/log
chmod +t /var/qmail/supervise/qmail-send

mkdir /var/qmail/supervise/qmail-pop3d
mkdir /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-pop3d

ln -s /var/qmail/supervise/* /service/

edit /var/qmail/rc

exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/

then :

chmod 700 /var/qmail/rc

11.3 pop3
edit /var/qmail/supervise/qmail-pop3d/run

exec /usr/local/bin/tcpserver -H -R -v -c100 0 pop3 /var/qmail/bin/qmail-popup /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Change your server

Call the pop server throught tcpserver with username/password check (with qmail-popup and vchkpw).
-R : don't try to get $TCPREMOTEINFO
-H : don't look up the hostname
-v : verbose
-c : number of simultaneous handled connections
0 : the ip address of the server (0 means allow connections to any local IP address)
pop3 : the port used (here, defined in /etc/services but can be an integer ie 110)
qmail-popup : this program reads a POP username and password and call a program (here vchkpw)
vchkpw : this program authenticates a POP user and grant him access to his pop directory
qmail-pop3d : this program distributes email via POP3

then :

chmod 755 /var/qmail/supervise/qmail-pop3d/run

edit /var/qmail/supervise/qmail-pop3d/log/run

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1

Call the multilog program under the uid (user id) and gid (group id) which will call the qmail-pop3d program.
The t option means that the log file will have a timestamp on the beginning of the line (tai64n format).
s100000 : is the size of a log file (here 100 000 bytes). It is between 4096 and 16777215.
n20 : is the number of log file (here 20). At least 2.
then :

chmod 755 /var/qmail/supervise/qmail-pop3d/log
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run

11.4 smtp
edit /var/qmail/supervise/qmail-smtpd/run

export QMAILQUEUE="/var/qmail/bin/" If you use the TCP server mysql solution
exec /usr/local/bin/tcpserver -p -R -x /home/vpopmail/etc/tcp.smtp.cdb -u92 -g91 -v -c100 0 smtp /usr/local/bin/rblsmtpd -r /var/qmail/bin/qmail-smtpd 2>&1
If you use the mysql relay solution for tcpserver, replace -x /home/vpopmail/etc/tcp.smtp.cdb by -S /var/qmail/control/sql

Call the smtp server throught tcpserver with a rbl check.
-u : user id which will be used by qmail-smtpd
-g : group id which will be used by qmail-smtpd
-p : paranoid mode (check if the remote host in the DNS matches with the client address)
-R : don't try to get $TCPREMOTEINFO
-v : verbose
-c : number of simultaneous handled connections
0 : the ip address of the server (0 means allow connections to any local IP address)
smtp : the port used (here, defined in /etc/services but can be an integer)
rblsmtpd : this program blocks mail from RBL-listed sites (I use now since is down) and call a program (here qmail-smtpd)

chmod 755 /var/qmail/supervise/qmail-smtpd/run

edit /var/qmail/supervise/qmail-smtpd/log/run

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1

Call the multilog program under the uid (user id) and gid (group id) which will call the qmail-smtpd program.
The t option means that the log file will have a timestamp on the beginning of the line (tai64n format).
s100000 : is the size of a log file (here 100 000 bytes). It is between 4096 and 16777215.
n20 : is the number of log file (here 20). At least 2.
then :

chmod 755 /var/qmail/supervise/qmail-smtpd/log
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run

edit /var/qmail/supervise/qmail-send/run

exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/

then :

chmod 755 /var/qmail/supervise/qmail-send/run

edit /var/qmail/supervise/qmail-send/log/run

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1

then :

chmod 755 /var/qmail/supervise/qmail-send/log
chmod 755 /var/qmail/supervise/qmail-send/log/run

With the command, you can generate a generic Maildir (ie when you create a new user, it will copy the Maildir dir automatically) :

/var/qmail/bin/maildirmake /etc/skel/Maildir This can depend the linux distribution

Finally, you must create a startup script.
Under debian, it will be in the /etc/init.d/. So, it will be /etc/init.d/qmail.


case "$1" in
echo -n "Starting qmail: svscan"
if cd /var/qmail/supervise; then
env - PATH="/var/qmail/bin:/usr/local/bin:/usr/bin:/bin" svscan &
echo $! > /var/run/
echo "."
echo -n "Stopping qmail: svscan"
kill `cat /var/run/`
echo -n " qmail"
svc -dx /var/qmail/supervise/*
echo -n " logging"
svc -dx /var/qmail/supervise/*/log
echo "."
cd /var/qmail/supervise
svstat * */log
echo "Sending ALRM signal to qmail-send."
svc -a /var/qmail/supervise/qmail-send
echo "Sending HUP signal to qmail-send."
svc -h /var/qmail/supervise/qmail-send
echo "Sending HUP signal to qmail-pop3d."
svc -h /var/qmail/supervise/qmail-pop3d
echo "Pausing qmail-send"
svc -p /var/qmail/supervise/qmail-send
echo "Pausing qmail-smtpd"
svc -p /var/qmail/supervise/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /var/qmail/supervise/qmail-pop3d
echo "Continuing qmail-send"
svc -c /var/qmail/supervise/qmail-send
echo "Continuing qmail-smtpd"
svc -c /var/qmail/supervise/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /var/qmail/supervise/qmail-pop3d
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /var/qmail/supervise/qmail-smtpd
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /var/qmail/supervise/qmail-send
echo "* Restarting qmail-smtpd."
svc -u /var/qmail/supervise/qmail-smtpd
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /var/qmail/supervise/qmail-pop3d
tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp < /home/vpopmail/etc/tcp.smtp
chmod 644 /home/vpopmail/etc/tcp.smtp*
echo "Reloaded /home/vpopmail/etc/tcp.smtp."
echo "Usage: $0
exit 1
exit 0

chmod 750 /etc/init.d/qmail
rm -f /usr/lib/sendmail
rm -f /usr/sbin/sendmail
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

12. Qmailadmin

QmailAdmin is the web administration which enables the management of a domain by an lambda user.

tar -zxvf qmailadmin-1.2.9.tar.gz
cd qmailadmin-1.2.9/
./configure --enable-htmldir=/var/www/qmailadminhtml --enable-imagedir=/var/www/images --enable-imageurl=/images --enable-cgibindir=/var/www/cgi-bin/ --enable-autoresponder-bin=/usr/local/bin --enable-vpopuser=vpopmail --enable-ezmlmdir=/usr/local/bin/ezmlm/ --enable-ezmlmidx=y --enable-modify-quota --disable-ipauth --enable-help
Change directories to adapt to your webserver configuration
make install-strip

If you get that stuff when you compile qmailadmin :
gcc -I. -g -O2 -c qmailadmin.c
qmailadmin.c:29:22: vpopmail.h: No such file or directory
qmailadmin.c:30:19: vauth.h: No such file or directory
Try this command :

echo "-I/home/vpopmail/include" >> /home/vpopmail/etc/inc_deps

If you get qmailadmin.o(.text+0xc6): In function `main':
/package/qmailadmin-1.0.6/qmailadmin.c:240: undefined reference to `vclose'
qmailadmin.o(.text+0x17b):/package/qmailadmin-1.0.6/qmailadmin.c:199: undefined reference to `vget_assign'
qmailadmin.o(.text+0x1cd):/package/qmailadmin-1.0.6/qmailadmin.c:210: undefined reference to `vauth_user'
Check if /home/vpopmail/etc/lib_deps contains :
-L/home/vpopmail/lib -lvpopmail -L/usr/include/mysql/ -lmysqlclient -lz
Now, configure your webserver in order to activate cgi-bin for qmailadmin. For example, for Apache :

    DocumentRoot /var/www/
    ErrorLog logs/
    CustomLog logs/ combined
    <Directory /var/www/>
         AllowOverride AuthConfig Limit
         Options SymLinksIfOwnerMatch Includes
    ScriptAlias /cgi-bin/ /var/www/cgi-bin/
    ScriptAlias /global-cgi/ /usr/lib/cgi-bin/

If you get an error like : [Tue Aug 10 18:10:23 2004] [error] [client xx.xx.xx.xx] Premature end of script headers: /var/www/cgi-bin/qmailadmin in the apache error logfile, it should be linked with your apache configuration. I met some problems with suexec which was enabled : comment the User/Group lines should be enough (Thanks Julien Lefevre).
By default, the apache configuration file (httpd.conf) includes an alias directory which is images/. This directory overrides the default of qmailadmin. Don't forget to comment it is you want images.

13. Vqadmin

Vqadmin a virtual domains manager. Basically, with this program, it is possible to manage email domains.

tar -zxvf vqadmin-2.3.7.tar.gz
cd vqadmin-2.3.7
./configure --enable-cgibindir=/var/www/cgi-bin
make install-strip

Add the following directives to the apache configuration, httpd.conf (for example, the qmailadmin virtualhost) :

<Directory "/var/www/cgi-bin/vqadmin">
    deny from all
    Options ExecCGI
    AllowOverride AuthConfig
    Order deny,allow

You must add a htaccess in order to securise these pages.
Edit /var/www/cgi-bin/vqadmin/.htaccess

AuthType Basic
AuthUserFile /etc/apache/vqadmin.passwd
AuthName vQadmin
require valid-user
satisfy any

chown www-data:www-data /var/www/cgi-bin/vqadmin/.htaccess The user/group will be nobody/nogroup under Redhat
chmod 600 /var/www/cgi-bin/vqadmin/.htaccess
htpasswd -bc /etc/apache/vqadmin.passwd admin adminpass

14. Courier

courier is used here for the IMAP server. Since the version 4.X, they split courier to a thirdparty library called authlib which contains authentication stuffs.
But it may cause some issue with the pop-before-smtp system. If it the case, don't hesitate to switch to the version 3.X. (however, don't hesitate to send me a fix for this issue).
PROCEDURE FOR COURIER 3.X (only use if courier 4.X is not working)

tar -jxvf courier-imap-3.0.8.tar.bz2
cd courier-imap-3.0.8
./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl [ Go for a walk ]
make install
make install-configure
cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 744 /etc/init.d/courier-authlib
/etc/init.d/courier-authlib start
update-rc.d courier-authlib defaults


tar -jxvf courier-authlib-0.59.3.tar.bz2
cd courier-authlib-0.59.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib
make install
make install-configure

tar -jxvf courier-imap-4.1.3.tar.bz2
cd courier-imap-4.1.3
export COURIERAUTHCONFIG=/usr/local/courier-authlib/bin/courierauthconfig
export CPPFLAGS=-I/usr/local/courier-authlib/include
./configure --prefix=/usr/local/courier-imap --disable-root-check --with-ssl [ Go grab a pizza/beer, this will take some time ]
make install
make install-configure

Check if you have the file /usr/local/courier-imap/bin/couriertls, if not, it is probably because you don't have the openssl-dev library (courier's compilation doesn't stop) Common part :

cp courier-imap.sysvinit /etc/init.d/courier-imap
chmod +x /etc/init.d/courier-imap
mkdir -p /var/lock/subsys/

Once the server is launched :

chown vpopmail:vchkpw /usr/local/courier-imap/share/imapd.pem

If you get this error :
tlspasswordcache.c:9:25: openssl/ssl.h: No such file or directory
tlspasswordcache.c:10:25: openssl/err.h: No such file or directory
tlspasswordcache.c:11:26: openssl/rand.h: No such file or directory
install the ssl development library (apt-get install libssl-dev under Debian)

If you get some errors about vpopmail libs, type this 2 commands : [ thank to Alberto Manzoni ]

echo "-I/home/vpopmail/include/" > /home/vpopmail/etc/inc_deps
echo "-L/home/vpopmail/lib -lvpopmail" > /home/vpopmail/etc/lib_deps

But if you get errors about include with vpopmail and stuff like :
/home/vpopmail/lib/libvpopmail.a(vauth.o) in function `vauth_open_update': check if the /home/vpopmail/etc/lib_deps file looks like :

-L/home/vpopmail/lib -lvpopmail -L/usr/include/mysql/ -lmysqlclient -lz -lcrypt

After the installation, you must edit some configuration files.
Rename /usr/local/courier-imap/etc/imapd.dist to /usr/local/courier-imap/etc/imapd and in /usr/local/courier-imap/etc/imapd, change the TCPDOPTS / AUTHMODULES lines to :

TCPDOPTS="-nodnslookup -noidentlookup -user=vpopmail -group=vchkpw"

Finally, don't forget to change this line (at the end of the file)



For the imap-ssl, rename /usr/local/courier-imap/etc/imapd-ssl.dist to /usr/local/courier-imap/etc/imapd-ssl and in /usr/local/courier-imap/etc/imapd-ssl


and /usr/local/courier-imap/etc/imapd.cnf for the ssl certificat :

[ req_dn ]
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key

For the pop3d-ssl, rename /usr/local/courier-imap/etc/pop3d-ssl.dist to /usr/local/courier-imap/etc/pop3d-ssl and in /usr/local/courier-imap/etc/pop3d-ssl


If you want to start the IMAP server :

/etc/init.d/courier-imap start Can take a little while the first time

After the first start, you may get stuff like :
Dec 23 13:01:59 nw-tel2-mail-2 imapd: couriertls: /usr/local/courier-imap/var/couriersslcache: Permission denied
Dec 23 13:01:59 nw-tel2-mail-2 imapd: couriertls: /usr/local/courier-imap/share/imapd.pem: error:0200100D:system library:fopen:Permission denied

chown vpopmail:vchkpw /usr/local/courier-imap/var/
chown vpopmail:vchkpw /usr/local/courier-imap/share/imapd.pem
chown vpopmail:vchkpw /usr/local/courier-imap/share/pop3d.pem

If you want to rebuild the certificat, you have to use the commands (after deleting the pem file) :


You may need the package openssl

15. IMAP Proxy

We use an imapproxy in order to decrease the time of the connection between the imap client and the server (IMAP Proxy)

tar -zxvf up-imapproxy-1.2.4.tar.gz
cd up-imapproxy-1.2.4
make install
make install-conf
make install-init

To compile imapproxy, you need the lib ncurses 5 dev (apt-get install libncurses5-dev).
If you get the error message error: 'MD5_DIGEST_LENGTH' undeclared (first use in this function) add into src/imapcommon.c #include <openssl/md5.h>.
If you try to start the program and if you get this :
/etc/init.d/imapproxy: line 1: /bin/basename: No such file or directory
: Starting IMAP proxy server.
Edit /etc/init.d/imapproxy and change the line 58 (Pgm=`/bin/basename $0`) to Pgm=`/usr/bin/basename $0` (maybe it is only necessary under debian)
Edit /etc/imapproxy.conf to adapt everything to your configuration. Most of the time, change only this :

server_hostname Change it to your host
proc_groupname nobody Under debian, it is "nogroup"
listen_port 144 If the proxy is running on the same server as courier-imap, change this line (ie not 143, the IMAP port) otherwise the proxy won't work

16. Squirrelmail

tar xzvf squirrelmail-1.4.3a.tar.gz
cd squirrelmail-1.4.3a
mkdir attachments
chown -R www-data data attachments
chmod go-w data attachments
chgrp www-data data attachments
cd config

Change the following options (you can also add great plugins to squirremail with the program):
   Change name.
   Change Domain
   Change IMAP server Don't forget to set the ip/port of the IMAP Proxy set before (otherwise the proxy will lose his interest)
   Change SMTP server
   Change Data Directory, (optional).
   Change Attachment Directory
Set pre-defined settings for specific IMAP servers
   Select courier = Courier IMAP server

Add a virtual host to your webserver configuration and restart it :

   DocumentRoot /var/www/
   ErrorLog logs/
   CustomLog logs/ combined

The webmail install should be ok. Test it on

17. Isoqlog Here is a sample result

tar -zxvf isoqlog-2.2.1.tar.gz
cd isoqlog-2.2.1
make install
ln -s /var/qmail/control/rcpthosts /usr/local/etc/
mkdir -p /var/www/qmail-stats/isoqlog

Here is my /usr/local/etc/isoqlog.conf file :

logtype = "qmail-multilog"
logstore = "/var/log/qmail/qmail-send"
domainsfile = "/usr/local/etc/"
outputdir = "/var/www/qmail-stats/isoqlog"
htmldir = "/usr/local/share/isoqlog/htmltemp"
langfile = "/usr/local/share/isoqlog/lang/french"
hostname = "" Change this to your host

maxsender = 100
maxreceiver = 100
maxtotal = 100

maxbyte = 100

Edit your crontab and put the following line in it (it will run the isoqlog stat generation every 58 minutes) :

58 * * * * /usr/local/bin/isoqlog 1>/dev/null 2>/dev/null

Check out the graphs : http://yourhost/qmail-stats/isoqlog/

18. QmailMrtg Here is a sample result

First, you have to install mrtg if you don't have it.

tar -zxvf qmailmrtg7-4.2.tar.gz
cd qmailmrtg7-4.2
make install
mkdir -p /var/www/qmail-stats/mrtg/
cp index.html /var/www/qmail-stats/mrtg/

Get this file and save it into /etc/ It is the modified configuration file with the good path to the log files. Change paths to your configuration.
Run this command 3 times:

/usr/bin/mrtg /etc/qmail.mrtg.cfg

You should get some error messages. Don't worry. Anyway, you can check if the new files exist in /var/www/qmail-stats/mrtg/
Edit your crontab and put that into

2-57/5 * * * * /usr/bin/mrtg /etc/qmail.mrtg.cfg > /dev/null

Check out the graphs : http://yourhost/qmail-stats/mrtg/

19. Tools

Here is a tool which can read the qmail queue to see who send the email to who. It is called qmhandle

tar -zxvf qmhandle-1.2.0.tar.gz

It produces this kind of result when you call the program with the -l parameter (qmHandle -l) :

109816 (167, R)
From: "Johnny Champion" <>
Subject: *****SPAM***** A platinum card who cares? dpplo
Date: Sun, 04 Jan 04 08:41:16 GMT
Size: 8009 bytes

You can also alter the queue with this program :

-a : try to send queued messages now (qmail must be running)
-l : list message queues
-L : list local message queue
-R : list remote message queue
-s : show some statistics
-mN : display message number N
-dN : delete message number N
-Stext : delete all messages that have/contain text as Subject
-D : delete all messages in the queue (local and remote)

A small trick if you want to watch the activity of your mail server :

ln -s /package/daemontools/compile/tai64nlocal /usr/bin/
alias logqmail='(cd /var/log/qmail; tail -f qmail-*/current ../mail.log|tai64nlocal)'

And just type "logqmail" if you want to watch the activity of the server.

20. Redhat

With redhat/fedora, you have to install these packages :

yum update
yum upgrade
yum install mysql
yum install mysql-server
yum install mysql-devel
yum install php-mysql
yum install expect
yum install perl-Time-HiRes
yum install perl-suidperl

Then, don't forget to edit this file : /etc/sysconfig/network in order to specify the right hostname.
It is also important to :
- Change the user id (uid) of the user qmails to 90 (instead of 97).
- Change the mysql dir from /usr/include/mysql/ to /usr/lib/mysql

21. Files

/etc/tcp.smtp [ Tcpserver ]
/etc/mail/spamassassin/ [ Spamassassin ]
/etc/default/spamassassin [ Spamassassin ]
/var/qmail/supervise/qmail-pop3d/run [ qmai ]
/var/qmail/supervise/qmail-pop3d/log/run [ qmail ]
/var/qmail/supervise/qmail-smtpd/run [ qmail ]
/var/qmail/supervise/qmail-smtpd/log/run [ qmail ]
/var/qmail/supervise/qmail-send/run[ qmail ]
/var/qmail/supervise/qmail-send/log/run[ qmail ]
/usr/local/courier-imap/etc/imapd [ courier-imap ]
/etc/init.d/qmail [ qmail ]
/usr/local/etc/isoqlog.conf [ isoqlog ]
/etc/qmail.mrtg.cfg [ qmailmrtg ]

Here is a list of the most important files :
ControlDefaultUsed byPurpose
badmailfromnoneqmail-smtpdblacklisted From addresses
bouncefromMAILER-DAEMONqmail-sendusername of bounce sender
bouncehostmeqmail-sendhostname of bounce sender
concurrencyincomingnone/service/qmail-smtpd/runmax simultaneous incoming SMTP connections
concurrencylocal10qmail-sendmax simultaneous local deliveries
concurrencyremote20qmail-sendmax simultaneous remote deliveries
defaultdeliverynone/var/qmail/rcdefault .qmail file
defaultdomainmeqmail-injectdefault domain name
defaulthostmeqmail-injectdefault host name
databytes0qmail-smtpdmax number of bytes in message (0=no limit)
doublebouncehostmeqmail-sendhost name of double bounce sender
doublebouncetopostmasterqmail-senduser to receive double bounces
envnoathostmeqmail-senddefault domain for addresses without "@"
helohostmeqmail-remotehost name used in SMTP HELO command
idhostmeqmail-injecthost name for Message-ID's
localiphostmeqmail-smtpdname substituted for local IP address
localsmeqmail-senddomains that we deliver locally
meFQDN of systemvariousdefault for many control files
morercpthostsnoneqmail-smtpdsecondary rcpthosts database
percenthacknoneqmail-senddomains that can use "%"-style relaying
plusdomainmeqmail-injectdomain substituted for trailing "+"
qmqpserversnoneqmail-qmqpcIP addresses of QMQP servers
queuelifetime604800qmail-sendseconds a message can remain in queue
rcpthostsnoneqmail-smtpddomains that we accept mail for
smtpgreetingmeqmail-smtpdSMTP greeting message
smtproutesnoneqmail-remoteartificial SMTP routes
timeoutconnect60qmail-remotehow long, in seconds, to wait for SMTP connection
timeoutremote1200qmail-remotehow long, in seconds, to wait for remote server
timeoutsmtpd1200qmail-smtpdhow long, in seconds, to wait for SMTP client
virtualdomainsnoneqmail-sendvirtual domains and users

22. References

QMAIL + Vpopmail + Sqwebmail + Qmailadmin + MySql : How-To for FreeBSD 4.x (v2.0) By Flattie McGee (ZA) 2001 Globelinks Communications.
Life with qmail
Howto Qmail met vpopmail, qmailadmin, imapcourier, squirrelmail + vele extra's for the stat system


If you need a technical help : Forum

If you have a comment/bug about this howto : Forum