QmailtoasterMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

QMT-ISO Manual Guide

From Qmailtoaster

While QMT-ISO if fully integrated and readily to use qmailtoaster and centos but then there are some things that may / must to change to suit your needs.



  1. Get the latest QMT-ISO's iso file from QMT-ISO website
  2. Burn it to CD using your favorits burner
  3. Put the CD on the server you want to install
  4. Boot the server from CD
  5. Step-by-step installation screenshot is available on QMT-ISO Install Screenshots

Primary Configuration

All these section need to re-configure to suits your needs

Change admin-toaster password

Change it so others can't access your qmtiso control panel
Go to http://your.ip.address.com/admin-toaster and use

username: admin
password: toaster
and click the field "Change Admin Password:"

Change mysql root password

Same as above, for security sake
Default password is v2gnu-qmailtoaster
My suggestion is change it, but it is up to you

# mysqladmin -u root -p password NEWPASSWD
enter v2gnu-qmailtoaster if asked oldpassword

Setup localhost name

QMT-ISO now contains a script to change the hostname of the system (set-hostname) that is experimental. If you have an issue or feature request, please email Jake with the details so it can be (hopefully) included in the next release. Otherwise use the below instructions.
If have multiple qmtiso's server in your network (training labs)
you dont want all of them have the same name right?
Use your own machine name not mailsvr.mycompany.com

# vi /etc/sysconfig/network
restart so new hostname can be use
# init 6

Add DNS server

add your DNS server which you want to use

# vi /etc/resolv.conf
nameserver dnssvr.myisp.com

if this qmtiso use for lab or testing purpose
you can use it's IP as nameserver after you setup DNS service on qmtiso
simple setup on brings up DNS service is below

Add /etc/hosts

use your own IP address and machine name

# vi /etc/hosts into               localhost localhost.localdomain            mailsvr mailsvr.mycompany.com

Setting ntpd service

you dont want your mailserver clock missed right?

# chkconfig ntpd on
# vi /etc/ntp.conf (add your ntp server)
# service ntpd start 

Setting smartd

I dont know how to use and configure it.
but everytime the machine boot up it display error, so I am disabling it.
if anyone know how configure smartd on qmtiso please update this section

# chkconfig smartd off
# service smartd stop

[update] edit /etc/smartd.conf like:

/dev/hda -H -m user@host 
/dev/hdb -H -m user@host
/dev/sda -H -m user@host
and you will get mails is there are S.M.A.R.T. errors on your drive(s)

Setting iptables

adding your local network or additional port used by other daemon
QMT-ISO has a firewall included, located at /etc/rc.d/firewall.ruleset that is enabled during startup via the /etc/rc.d/rc.local file.
you can setup your firewall by running
http://www.qmailtoaster.com/centos/cnt40/firewall.sh (for Centos 4)
or see my iptables for refference but still, firewall setting on each machine may difference
note: this firewall setting only for qmailtoaster machine which has Public IP directly, NOT located on DMZ or NATed IP, if you have it there is some IPTables section you need to add

  # vi /etc/sysconfig/iptables
  # Completed on Sat Jun 23 17:57:05 2007
  # Generated by iptables-save v1.2.11 on Sat Jun 23 17:57:05 2007
  :INPUT ACCEPT [1:40]
  :OUTPUT ACCEPT [1915:191237]
  -A INPUT -i lo -j ACCEPT
  -A INPUT -i eth0 -j ACCEPT
  -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p udp -m udp --dport 53 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 110 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 143 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 465 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 587 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 783 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 993 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 995 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 2106:2706 -j ACCEPT
  -A INPUT -m state --state NEW -j REJECT --reject-with icmp-port-unreachable
  -A OUTPUT -o lo -j ACCEPT
  -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
  # service iptables restart

Setting /etc/tcprules.d/tcp.smtp

adding local network, in this example my local network is
so I just copy 127 line and change it into network 10

# vi /etc/tcprules.d/tcp.smtp
# service qmail cdb

tcp enviroments can be different depend on what you need

Disabling domainkeys

disable domainkeys on qmtiso ver 1.2
somehow in this version domainkeys is still link to qmail
need to disable it
Disabling Domain Keys

Setup /var/qmail/control 's files

Details for these section can be found at Control Files by Name
These need to changes because most of them has localhost as it's value
After change these values you might need to restart qmail

# service qmail restart


List of domains that qmtiso can sent it for you
No need to edit it manually because vqadmin will added for you
detail info Rcpthosts


type in your hostname
if you still using localhost for smtp server it might get caught by SORBS, like me

# vi /var/qmail/control/me


type in your hostname
if you still using localhost for smtp server it might get caught by SORBS, like me

# vi /var/qmail/control/smtpgreeting
mailsvr.mycompany.com - Welcome to Qmail Toaster Ver. 1.3 SMTP Server

other control files


edit them and replace it with your domain


add your hostname


default vpopmail's domain
type domain name that will be the default for qmtiso
if the domain name is listed here, no domain is needed for user authentication
i.e. w/o /home/vpopmail/etc/defaultdomain users need to authenticate as
but with /home/vpopmail/etc/defaultdomain user only need to authenticate as

# vi /home/vpopmail/etc/defaultdomain

Adding a Domain

You can use vqadmin on admin-toaster control panel to add a domain. But preffered way is to use command that described here Domains

Bulk add users

If you have new domain then you maybe will adding your users one time at the time. But if you have many users waiting to be added into your toaster (say, you are migrating from other servers you can use Bulk User Adding For Qmail Toaster script

Optional Configuration

At this line your QMT-ISO should run smoothly for sending and receving emails. Below are others optional configuration which you may want change, how your qmt-iso behave and might fine tune it.

Configure Bind

On QMT-ISO, Bind (NameServer) is already installed and active, so if you only have 1 server for all purpose (DNS, Web and Mails) QMT-ISO suits for you.

For caching only name server you do not need to configure anything, just make sure bind is active and your /etc/resolv.conf point to it

# chkconfig named on
# service named restart
# vi /etc/resolv.conf
nameserver dnssvr.myISP.com

For authoritative domain name server you might want to configure Bind as follow: Below sample can be use for real domain or labs usage.

First, make sure you have the latest bind softwares version

- bind-chroot
- bind-libs
- bind
- bind-utils
- caching-nameserver

If not yum to install or upgrage it

# yum -y install bind-chroot bind-libs bind bind-utils caching-nameserver

-- or --

# yum -y upgrade bind-chroot bind-libs bind bind-utils caching-nameserver

Add your DNS server IP Address on /etc/resolv.conf. i.e.:

# vi /etc/resolv.conf

Add your domain zone on /etc/named.conf Change mycompany.com with your domain

# vi /etc/named.conf
zone "mycompany.com" IN {
      type master;
      file "mycompany.com";
; these line is optional, for DNS slave updating purpose
;     allow-update { none; };

then create a new file on /var/named/mycompany.com with these lines (note: please change the IP address with yours)

$TTL    86400
@               IN SOA  @       root (
                                       2007            ; serial (d. adams)
                                       3H              ; refresh
                                       15M             ; retry
                                       1W              ; expiry
                                       1D )            ; minimum
@               IN NS           mail.test.com.
@               IN MX 5         mail.test.com.
mail            IN A  
www             IN A  
; if webserver located on same machine
; www           IN CNAME        mail
; to access squirrelmail as subdomain
webmail         IN CNAME        mail

Make sure bind is run when startup and activate now

# chkconfig named on
# service named restart

For email client configuration, you can use mail.mycompany.com for POP3 and SMTP server

Detail info on Bind on CentOS 4 (at current time when this manual written QMT-ISO is using CentOS 4.5), please read here: http://www.centos.org/docs/4/html/rhel-rg-en-4/ch-bind.html

Configure Apache

QMT-ISO is perfect for SOHO, which only has 1 server for all services. If you create a www record on Bind (previous section) and want to deploy your Website on the same server, you can put your Website (HTML, PHP, other scripts) directly on /var/www/html.

Then you can access your Webmail via http://www.mycompany.com/webmail

But if you have another server function as Webserver, you might want to configure QMT-ISO to serve webmail as http://webmail.mycompany.com

In this case, you must create a webmail record in your domain zone on you DNS server: (which may look like this -- change with QMT-ISO IP address)

webmail             IN A  

Then on QMT-ISO box add below lines in /etc/httpd/conf/httpd.conf :

NameVirtualHost *:80
<VirtualHost *:80>
   ServerAdmin admin@mycompany.com
   DocumentRoot /usr/share/squirrelmail
   ServerName webmail.mycompany.com
   ErrorLog logs/webmail.mycompany.com-error_log
   CustomLog logs/webmail.mycompany.com-access_log common
       <Directory /usr/share/squirrelmail>
         Options None
          Order allow,deny
          allow from all

Save the file, and reload apache

service httpd reload


Modifying SquirrelMail, a webmail to suits your need by adding plugins and changing template. By default not much squirrelmail plugins available nor activate.

To change squirrelmail options /usr/share/squirrelmail/config/conf.pl

Press 1 (change your Squirrelmail display name and logo) - press R to return to Main menu

Press 5 (change default Squirrelmail color theme) - press R to return to Main menu

Press 6 (add a Global Address to your webmail -- discussed on next section) - press R to return to Main menu

Press 8 (Plugins) lets play with it

You may want to activate these available plugins

- quota_usage : to display current quota infomation
- qmailadmin_login : change user password directly to vpopmail database 
- calendar : display a calendar
- filters : so users can create their own filter rule
- notes : users can leave a notes on his webmail
- unsafe_image_rules : prevent a hotlink images displayed

just press the corresponding number on the left side to activate it - press R to return to Main menu

Other than above plugins there are more plugins available on SquirrelMail Website

For instances:

- msg_flags : users can flags their messages
- todo : put a to do list on webmail
- abook_import_export : users can import/export address book from/into webmail
- vlogin : a must installed plugins if your QMT-ISO, so your users wont have to login using full emailaddress (user1@mycompany.com) instead he can login only using user1. 
- spam_buttons : see Spamassassin section.

Read documentation along with the plugin to install and configure the plugins.

Press S to save it, or Press Q di quit and discard (if make mistake)

Or if want your webmail to look like Outlook Web Access you can download and install SquirrelOutlook

note: squirrelmail is a web application using PHP, a bug fixes may found in the way to prevent hack, so you should monitor Qmailtoaster Mainsite and/or Develsite incase any update.

As per this manual made QMT-ISO 1.2 is still using squirrelmail ver 1.4.9a but on Develsite available ver 1.4.11.

Simple steps to upgrade Squirrelmail

# links http://devel.qmailtoaster.com/download/develop/squirrelmail-toaster-1.4.11-1.3.8.src.rpm
# rpmbuild --rebuild --with cnt40 squirrelmail-toaster-1.4.11-1.3.8.src.rpm
# rpm -Uvh /usr/src/redhat/RPMS/i386/quirrelmail-toaster-1.4.11-1.3.8.i386.rpm

Install Qmailtoaster-Plus

On QMT-ISO 1.2, If at your QMT-ISO installation time you didn't have Internet connection, you may not have QmailToaster-Plus (QTP) installed. With QTP installed you can have easily QMT administrating.

Download latest version of QTP here

On your QMT box you can download QTP by using links

# links http://qtp.qmailtoaster.com/download/qtp/qmailtoaster-plus-current.noarch.rpm

For detail info visit QmailToaster-Plus

Fighting SPAM

You can found more info about Spamassassin on Qmailtoaster

Adding RBL Servers

The more Realtime Black Server scanning incoming smtp connection to your mailserver, the less spam you might get. But it also taking more time to check what IP is listed on what RBL server.

I use RBL servers which listed on qtp-set-rbls moderate. Here's how to activate it: (I assume qtp is installed)

# qtp-set-rbls -moderate

If you don't have qtp edit /var/qmail/control/blacklists

# vi /var/qmail/control/blacklists
-r zen.spamhaus.org -r bl.spamcop.net -r list.dsbl.org -r cbl.abuseat.org
# qmailctl restart

More info about RBLs

Configure Domain's SPF

You can add SPF record for your domain, so other mailserver can recognize which email was sent using your mailserver. Visit SPF page for detail info about it.

For your information, there are some admin that may provide SPF record for their domain is wrong syntax. Or DNS server that provide SPF record down. So it may reject emails to your server.

What I do is change the value into 1

# vi /var/qmail/control/spfbehavior
# qmailctl restart

Then add these SA rules, so it can prevent bad emails

# vi /etc/mail/spamassassin/local.cf
# add score to softfail SPF
header spf_softfail Received-SPF =~ /\bsoftfail\b/
score spf_softfail 1.0
# add score to fail SPF
header spf_fail Received-SPF =~ /\bfail\b/
score spf_fail 2.0
# qmail-spam restart

Setup greylisting

Greylisting will likely to be available on QMT ver 1.4 using Spamdyke, an antispam utility that has many features other than just greylisting. Currently QMT-ISO is still using QMT ver 1.3, so I am not going to show how to install and configure Spamdyke.

But if you want to use Greylisting for your current QMT 1.3, you can visit

Basic QmailToaster Greylisting

Thomas' ramblings This drops you on a link not found page. If you enter "greylisting" in the search box on the right you'll get the desired page.

or my greyd install note

Add greylisting to qmailtoaster

Setup SA learning account and script

For detail info look at Spamassassin#Bayesian_Statistical_Scoring

Setup SA URI Plugin

For detail info visit SURBL

Setup FuzzyOCR

FuzzyOCR is an excellent tools to fight Spam Image.

Manny has created simple how to install FuzzyOCR on QMailToaster. Visit Archive Message.

My FuzzyOCR install on QMailToaster log is available on my site

But some said using FuzzyOCR is CPU intensive, and prefer to use SARE's ImageInfo

note: as per this section made. SA is version 3.2.x and FuzzyOCR 3.5.1 which incompatible to each other until further notice

ps: on QMT-ISO 1.3.1 is using SA 3.1.x, so if you want to use FuzzyOCR make sure you didn't upgrade it

Add Pyzor check

For detail info visit Install Pyzor

Updates SA Rules

QmailToaster-Plus has provided and easy way to configure your QMT to updating SA rules and additional rules from SAUpdates.OpenProtect.com, so to use command below, make sure QmailToaster-Plus is installed (qmailtoaster-plus-0.2.12-1.3.15 known has qtp-sa-update)

# qtp-sa-updates

Adding a Spambox option

So messages which tagged with ***SPAM*** wont delivered on INBOX folder but stayed on SPAM folder. Users can see it when they using webmail (SquirrelMail). To enable it, you need to reinstall qmailadmin-toaster:

See FAQs#I upgraded my QmailToaster to the latest and I no longer have the "Spam Detection" box in Qmailadmin.

Adding SaneSecurity's ClamAV signature

SaneSecurity's ClamAV signature is a great addition to QMT-ISO to prevent Scam/Spam Emails.

You can download it using Bill Landry's download scripts -- preferred because it has additional signature from SecurityInfo

# wget http://www.sanesecurity.co.uk/clamav/unofficial-sigs.txt
# mv unofficial-sigs.txt ss-clamdsig.sh
# chmod +x ss-clamdsig.sh
# vi ss-clamdsig.sh
# crontab -e 
53 03 * * * /root/ss-clamdsig.sh &> /dev/null

Adding SARE's PDFInfo and ImageInfo plugin

Plugins available from RulesEmporium to prevent PDF and Image Spam

# cd /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/
# wget http://www.rulesemporium.com/plugins/ImageInfo.pm
# wget http://www.rulesemporium.com/plugins/PDFInfo.pm
# cd /etc/mail/spamassassin/
# wget http://www.rulesemporium.com/plugins/imageinfo.cf
# wget http://www.rulesemporium.com/plugins/pdfinfo.cf
# vi v310.pre
and insert (at the bottom):
loadplugin Mail::SpamAssassin::Plugin::ImageInfo 
loadplugin Mail::SpamAssassin::Plugin::PDFInfo 
# qmail-spam restart (utility from QTP)

Write your own SA rules

Why? because everybody spam is different. For me softwares, contract, shipping and stocks are not spam. But for you it might. So, write your own SA rules to suits your need.

Try Googling with "how to write SA rule" or visit this links

A Guide to Writing your own Add-On Rules for SpamAssassin

SA rules howto

Limiting type of files sent to your QMailToaster

By default only files with extension exe, pif and scr are blocked to your mailserver on /var/qmail/control/simcontrol


But you can have additional file extensions to minimalist SPAM or virus-email sent to you with attached files. Edit /var/qmail/control/simcontrol

# service qmail cdb 

For detail info visit Simscan

Email Server Test

To test you Email Server for HELO Greeting, Reverse DNS, DNSBL (RBL), SPF, Domain Keys, SPAMAssassin Content Checks, BATV (Bounce Address Tag Validation), Greylisting, URIBL

You can send email to: test [at] allaboutspam [dot] com Then you will get bounce message, with URL on it Visit the url to know the results.

Details please visit AllAboutSpam

Setup Global Address Book

A Global Address Book for your Domain account which available throughout WebMail (SquirrelMail)

Please see my scripts on Qmailtoaster Archive


  1. Creation of address book is not automatic so you need to add the scripts on crontab
  2. These scripts only create an address book only for 1 domain specified on the configuration.
  3. It will create 1 file for 1 domain specified, so if use squirrelmail for multiple domain, it wont suits you. (later revision may available on next version)
  4. Users can't update his information on Global Address book
  5. For users who use Email client and want to access Global Address he can export Address book from SquirrelMail and import in on Outlook Express / Ms. Outlook (tested OK, no -mapping- changes need to make)

Simple installation how to:

# cd ~
# wget http://am3n.profusehost.net/files/sqweb_gabook.tar.gz
# tar xzvf sqweb_gabook.tar.gz
# cd scripts
# vi sqweb_gabook.sh (edit the variables there)
# vi sqweb_gabook.php (edit the variables there)
# crontab -e (weekly update, you can change if you want daily update)
0 12 * * 3 /root/scripts/sqweb_gabook.sh >/dev/null

Provide MailingList Archiving

If you want to setup Mailinglist Archiving system like Mail-Archive.com, you may want to install MHonArc and mharc. But for simplity I have create a scripts to install them which can be directly run at QMailToaster or QMT-ISO box

Install how to:

# wget http://am3n.profusehost.net/files/install-mailarchive.sh
# chmod +x install-mailarchive.sh
# vi install-mailarchive.sh
# ./install-mailarchive.sh

More info about the script you visit my blog about it and read the script description

For customizing your Mailinglist Archiving system visit MHonArc and mharc website

Other Options

Colorfull QMail Logging

Color can make our eyes easily catch what lines came out when we monitoring QMT log files. It'll display something like this Multitail but with more than 1 color.

Follow steps on this link to enable it Colorfull QMail Logging

Note: if you install the latest qtplus, you can execute it by typing "cwatchall" from console after you install it from qtp-menu

Maintain Trash and Spam folder

This script will maintain users' Trash and Spam folder within the period you define. (Default 28 days) So no users will experience his mailbox full because he forgot to maintain his Trash and / or Spam folder

Maintain Trash and Spam folder

Some said, he also need to maintain users' Draft and Sent folder. So I modified the script a little bit. You can copy the script and save it with new file name under /etc/cron.daily and dont forget 'chmod +x'

Maintain Drafts, Sent, Spam and Trash folder on mailserver (Qmailtoaster)

Backup QMail Log files

If you were out of office for a week you may can't monitor qmail log files then if some error happen and you need to see the log file to trace what happen, the log files maybe already replace with current log. So what this qmail log backup script do is backup your qmail log files and keep it for number of days you specified.

- Copy the script from  here 
- Paste it into file backupqmaillog.sh
- chmod +x backupqmaillog.sh
- add to crontab
  55 23 * * * /root/scripts/backupqmaillog.sh 

Even so, you still can keep of your qmail log by increase the number in Logcount and Logsize

Adding VI editor color-syntax highlighting

VI Editor which included on QMT-ISO only include vim-minimal package. I think this is for reducing the size of ISO file. I often use VI to edit all configuration and script in the server, so I need syntax color highlight enabled VI. To enable it just type:

# yum -y install vim-common vim-enhanced

re-login and open your script using VI, it should be color-highlighted

Providing WapMail

Yes, nowadays new handphone provided with email client (IMAP n POP3) plus hi-end Webbrowser. so you dont need to provide a wapmail access. But if sure there is someone will using it you can install a wapmail client scripts I have put on Wapmail or asking Google. Dont forget to read documentation along with it how to install and configure.

Retrieved from "http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide"

This page has been accessed 71,389 times. This page was last modified on 7 January 2012, at 10:48. Content is available under GNU Free Documentation License 1.2.


Main page
Community portal
Current events
Recent changes
Random page
View source
Editing help
This page
Discuss this page
New section
Printable version
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list