Fetchmail
From Qmailtoaster
Note: this is a nice write-up of how to create a separate instance of qmail-smtp. However, there is a much simpler way of implementing fetchmail. I would like to rework this entire page, but don't have the time at the moment. In a nutshell, simply modify your squirrelmail configuration to authenticate, then you can use the 127.: line in tcp.smtp for fetchmail:
127.:allow,RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"
Squirrelmail config_local.php with smtp authentication (and dovecot as well):
<?php #################### # Local configuration for Qmail Toaster # configure to suit your requirements
# these are in toaster config, # changed/removed for stock dovecot (w/out courier compat config) # $imap_server_type = 'courier'; # $optional_delimiter = '.'; # $default_folder_prefix = 'INBOX.'; # $delete_folder = true; # $show_contain_subfolders_option = false;
# these should be added to the toaster config (imho) $org_name = "QmailToaster"; # $org_logo = SM_PATH . 'images/sm_logo.png'; # $org_logo_width = '308'; # $org_logo_height = '111'; # $org_title = "SquirrelMail $version"; $provider_uri = 'http://www.qmailtoaster.org/'; $provider_name = 'QmailToaster';
$smtpServerAddress = 'localhost'; $smtpPort = 587; $smtp_auth_mech = 'login';
$imapServerAddress = 'localhost'; $imap_server_type = 'dovecot'; # squirrelmail doesn't support starttls until v5, so we'll use cram-md5 til then #$use_imap_tls = true; $imap_auth_mech = 'cram-md5';
# these are shubes' preferences $optional_delimiter = 'detect'; $default_folder_prefix = ;
$useSendmail = false; $show_prefix_option = false; $force_username_lowercase = true; $hide_sm_attributions = true; $plugins[] = 'calendar'; $plugins[] = 'notes'; $plugins[] = 'filters'; $plugins[] = 'quota_usage'; $plugins[] = 'unsafe_image_rules'; $plugins[] = 'qmailadmin_login';
?>
This ends the Note by Eric Shubes 6/1/10.
This page describes how to use Fetchmail to collect mail and scan it with SpamAssassin and ClamAV (via simscan) by creating a second smtp listener.
When you use Fetchmail to collect mail from a remote location and beam it into your qmail, it will be connecting to the local tcpserver on port 25 by default. Now the chances are that you have set up /etc/tcprules.d/tcp.smtp to look something like this:
127.:allow,RELAYCLIENT="" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="15",CHKUSER_WRONGRCPTLIMIT="3",QMAILQUEUE="/var/qmail/bin/simscan"
So all mail coming in from 127.0.0.1 will bypass simscan and therefore not get virus checked or spam checked. Simply changing the first line to pass mail to /var/qmail/bin/simscan instead of RELAYCLIENT can have other unfortunate consequences, like Squirrelmail refusing to send email as the default installation doesn't have it authenticating and besides, why would you want to spam and virus scan other locally sent mail?
The solution is to set up a separate TCP listner on another port that will send mail received at 127.0.0.1 through simscan. Here's how:
1) Stop Qmail Services
qmailctl stop
2) Make a copy of the SMTP supervise folder
cp -R /var/qmail/supervise/smtp /var/qmail/supervise/smtp2
3) Go into your new directory
cd /var/qmail/supervise/smtp2
And edit run to look like this:
#!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD="/var/qmail/bin/qmail-smtpd2" TCP_CDB="/etc/tcprules.d/tcp.smtp2.cdb" RBLSMTPD="/usr/bin/rblsmtpd" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw"
exec /usr/bin/softlimit -m 12000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 2525 \
$RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1
Notice that instead of calling tcp.smtp.cdb you're calling tcp.smtp2.cdb and the port is no longer "smtp" but 2525. The SMTPD is now calling qmail-smtpd2 as well.
4) Go into ./supervise and remove the control, lock, ok and status files
cd /var/qmail/supervise/smtp2/supervise rm -f *
5) Go into ./log/supervise and remove the control, lock, ok and status files
cd /var/qmail/supervise/smtp2/log/supervise rm -f *
6) Go into cd /var/qmail/supervise/smtp2/log/ directory edit run so it looks like this:
#!/bin/sh LOGSIZE=`cat /var/qmail/control/logsize` LOGCOUNT=`cat /var/qmail/control/logcount` exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp2 2>&1
Note the smtp2, this is what's different!
7) Go back to /var/qmail/supervise/ and change the ownership of the new smtp2 folder:
cd /var/qmail/supervise/ chown -R qmaill:qmail smtp2
8) Next we need the new tcp.smtp2 file
cd /etc/tcprules.d cp tcp.smtp tcp.smtp2
9) Edit tcp.smtp2 removing the RELAYCLIENT="" from the first line. You might want to refer to this mailing list item for more details on tcp.smtp you want this one to send all local mail through simscan.
At the simplist level this is all you need in your new tcp.smtp2 file:
127.:allow,QMAILQUEUE="/var/qmail/bin/simscan"
10) Next we need to edit /usr/bin/qmailctl to build tcp.smtp2.cdb and ensure that smtp2 is stopped, started and restarted along with everything else.
First find the bit that starts with restart) and edit it to add an equivalen smtp2 line wherever you see an smtp one! Like so:
restart) echo "Restarting qmail:" echo "* Stopping qmail-smtpd." svc -d /var/qmail/supervise/smtp svc -d /var/qmail/supervise/smtp2 echo "* Sending qmail-send SIGTERM and restarting." svc -t /var/qmail/supervise/send echo "* Restarting qmail-smtpd." svc -u /var/qmail/supervise/smtp svc -u /var/qmail/supervise/smtp2 ;;
Next find the bit that starts with cdb) and edit do the same like so:
cdb) tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp tcprules /etc/tcprules.d/tcp.smtp2.cdb /etc/tcprules.d/tcp.smtp2.tmp < /etc/tcprules.d/tcp.smtp2 chmod 644 /etc/tcprules.d/tcp.smtp* echo "Reloaded /etc/tcprules.d/tcp.smtp and tcp.smtp2"
11) Check your new file builds tcp.smtp2.cdb:
qmailctl cdb ls /etc/tcprules.d/*.cdb
You should see tcp.smtp.cdb and tcp.smtp2.cdb
12) Great, now we need to set up the logging files for the new smtp service. Go to /var/log/qmail and make a copy of the smtp folder:
cd /var/log/qmail cp -R smtp smtp2
13) Go into your new smtp2 directory and remove the existing files then create a new current file:
cd /var/log/qmail/smtp2 rm -f * touch current
14) Back up to the /var/log/qmail level and change the ownership of your new logging area:
cd /var/log/qmail chown -R qmaill:qmail smtp2
15) Almost there! We now need to make a duplicate qmail-smtp for the new socket to call:
cd /var/qmail/bin cp qmail-smtpd qmail-smtpd2 chown root:qmail qmail-smtpd2
16) Before we start our new listener service we'd better make sure that it is reachable through the firewall:
iptables -A INPUT -p tcp -m tcp --syn --dport 2525 -j ACCEPT service iptables save
Or, if you're using the RH firewall, run setup and add 2525:tcp to the allowed ports.
17) When you next start qmail you should have another smtp listener running on port 2525 which will obey the rules set up in your tcp.smtp2 file. Let's try it:
qmailctl start telnet localhost 2525 quit
If you saw the "Welcome to Qmail Toaster" SMTP message then you're fine.
18) Finally get fetchmail to send mail to the new port by calling it with "-S 127.0.0.1/2525". Also add the "-Z 554" - if simscan rejects a mail because it is too spammy (over the limit you've set in /var/qmail/simcontrol) or has a virus this is the error code it returns, fetchmail needs to know that so it can drop the mail.
Here's a sample of how to do it
fetchmail -v -f /root/fetchctl -a --ssl -Z 554 -t 20 -S 127.0.0.1/2525
The /root/fetchctl file should look something like this:
poll yourpop3host.com proto pop3: user "your_pop3_username" with password "yourpassword", is "myaddress@myqmailtoasterdomain.com" here; user "someoneelse" with password "theirpassword", is "whoever@myqmailtoasterdomain.com" here;
You must chmod 600 the fetchctl file before fetchmail will use it.
If it all works you might want to change that -v to a -s (verbose to silent), pop it in a script and use cron to call it every fifteen minutes. Alternatively you can run it as a deamon that polls intermitently, man fetchmail for lots more options.
The author is indebted to this Qmailrocks post by Donboy.