qmail

qmail is a fast, popular Mail Transfer Agent (MTA).

Pre-installation

As only one MTA can be installed at the same time on a system, it might be required to deselect an installed MTA. The package manager will report a block when another MTA is still installed. For example, a previously selected mail-mta/ssmtp can be marked as removable with this command:

Installation

mail-mta/netqmail has several USE flags that may be desired for certain bigger setups. As this article aims at installing and configuring a basic netqmail setup, adding qmail plugin support with qmail-spp and ucspi-tcp support is necessary.

Configuration

The default 16 MiB of memory for qmail is a little sparse. Update the memory to 32 MiB to avoid memory related errors.

Setting up non-root account for mail

The design of qmail has been completely around the focus of security. To this end, e-mail is never sent to the user root. Select a user on the machine to receive mail that would normally be destined for root. The remainder of this guide will that user as myusername.

myusername

myusername

myusername

Or to send this email elsewhere, simply put the full address in:

myusername@gmail.com

myusername@gmail.com

myusername@gmail.com

Fully Qualified Domain Name (FQDN)

Though not entirely related, for an MTA to function properly, it is imperative that its hostname is set up correctly. Under Gentoo /etc/conf.d/hostname and /etc/conf.d/net are the files responsible for this. In this example, the mail server is named foo on the domain example.com.

dns_domain_lo="example.com"

hostname="foo"

Verifying that the FQDN is setup properly for the domain.

Files for a 2nd level domain

Files for a 3rd level domain

Creating Properly Signed Certificates

Move to the qmail control directory:

Upgrade the Cert Info to create a 2048bit key:

Update the Cert Info with information pertinent to this host. CN is the fully qualified domain name ie. foo.domain.com:

CN=foo.domain.com

create the pem files and key:

Get the contents of the request pem file:

Send req.pem to a CA(ie godaddy/Starfield, Versign, etc.) to obtain signed_req.pem:

Alternatively, obtain a key from Let's_Encrypt

Start qmail and add it to the default run level

Run the init scripts and setup supervisor links for qmail:

start and add netqmail to the default run level:

vpopmail

vpopmail will handle virtual domains, adding, deleting mail domains, accounts, storing passwords etc. vpopmail uses mysql in this setup. Please configure MariaDB or MySQL to follow these instructions.

First we need to tell qmail to use vpopmail when checking smtp passwords:

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

Let's install and setup net-mail/vpopmail:

Create the vpopmail database:

mysql> create database vpopmail;
mysql> create user vpopmail@localhost identified by 'mypassword';
mysql> grant select, insert, update, delete, create, drop on vpopmail.* to vpopmail@localhost;
mysql> flush privileges; 
mysql> quit

Edit /etc/vpopmail.conf and update the mysql password for the vpopmail user:

# Read-only DB
localhost|0|vpopmail|mypassword|vpopmail
# Write DB
localhost|0|vpopmail|mypassword|vpopmail

dovecot

Finally add net-mail/dovecot to talk to the email clients:

Add vpopmail UID info to the default dovecot config:

Edit dovecot SSL configs to pass the SSL certificate to email clients when the login to get mail securely:

ssl_cert = </var/qmail/control/servercert.pem
ssl_key = </var/qmail/control/myserver.domain.com.key

disable_plaintext_auth = no
auth_mechanisms = plain cram-md5

#!include auth-system.conf.ext  comment this out, don't need it
!include auth-vpopmail.conf.ext

# [quota_template=<template>] - %q expands to Maildir++ quota
#  args = quota_template=quota_rule=*:backend=%q}}

Start dovecot and add to the default runlevel: