Configuring Mail
Virtual Mail
This section covers the virtual mail system. The virtual mail system provides IMAP and POP3 and mostly involves qmail and vmailmgr. Other aspects of Qmail are covered elsewhere in this document.
Installation
RPMs Needed:
qmail
vmailmgr
vmailmgr-daemon
ucspi-unix
ucspi-tcp
vmmi
For IMAP support, these extra RPMs are needed:
courier-imap
vmailmgr-courier-imap
Configuring
Files which need to be configured from the default install:
/etc/vmailmgr/socket-file
/var/qmail/control/defaultdomain
/var/qmail/control/virtualdomains
/var/qmail/control/rcpthosts
/var/qmail/control/checkpassword
/etc/httpd/conf/httpd.conf
/etc/squid/squid.conf
/etc/vmailmgr/socket-file should contain the full path to the UNIX-style socket which vmailmgrd listens on. The path should be set to /tmp/.vmailmgrd.
/var/qmail/control/defaultdomain and /var/qmail/control/rcpthosts should contain the client's mail domain(s). e.g.
example.co.uk example.com |
/var/qmail/control/virtualdomains should contain the client's mail domain(s), then the virtual mail user, separated by a colon. e.g.
example.co.uk:vmail example.com:vmail |
/var/qmail/control/checkpassword should contain the password checker for virtual mail:
checkvpw |
As of apache-1.3.23-ECSC4, and web_filter-2.2.0-ECSC2, commented-out lines exist to enable the vmail package to run on port 7000; and as of webfwadmin-1.6.1-ECSC7, the mail button on the webadmin will push the client to a SSL secured port 7000 for vmail configuration. Several files need to be checked and/or changed thusly.
/etc/httpd/conf/httpd.conf contains the apache web server configuration. There are two sections commented out (from lines 134 -> 140, and 275 -> 291) containing Directory and VirtualHost directives to enable /var/www/html/vmail on port 7000 with SSL. You will need to uncomment this first block; changing the "allowed from" line to allow access to the management interface from the client's LAN (or specific IPs). i.e.
allow from 192.168.0.0/24 |
You will also need to uncomment the large second block at the end of the file and change the addresses on the "Listen" and "VirtualHost" lines to reflect the IP address of the administrative interface (normally the firewall's internal address on the client's LAN).
You will need to configure squid to allow SSL through to port 7000 using lines similar to the following, which should be added to /etc/squid/squid.conf
acl vmail_port port 7000 acl vmail_users src 192.168.1.0/255.255.255.0 http_access allow CONNECT vmail_users vmail_port |
Running and Testing
A virtual mail administrator must be added and a password assigned to that account.
 | The user added must be identical to the virtual mailuser added to /var/qmail/control/virtualdomains |
Perform the following commands to setup the user:
adduser vmail passwd vmail su vmail vadduser postmaster |
To start vmailmgr link the vmailmgrd directory to the svcscan monitored /service directory as follows:
cd /service ln -s /var/vmailmgrd |
Checking the output of
ps -aufx |
netstat -an |
To restart apache and squid after re-configuring the configuration files, issue the following commands.
service httpd restart service squid restart |
The final test is to open a browser and connect to the firewall using https on port 7000.
Adding IMAP Mail Support
To enable IMAP support in Vmailmgr you must change the courier-imap authorisation program and set it as the default authorisation program. First perform the following command:
ln -s `which authvmailmgr` /usr/lib/courier-imap/libexec/authlib/authvmailmgr |
Then modify the `AUTHMODULES` statement in /usr/lib/courier-imap/etc/imapd.config and add
authvmailmgr |