Instalasi Qmail LDAP di satu Server Debian Etch

Posted On 19 August 2009

Filed under Linux

Comments Dropped leave a response

1. Install Daemontools

wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/daemontools-0.76.tar.gz
wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/daemontools_errnopatch

mkdir -p /package
chmod 1755 /package
cd /package
tar zxvf /usr/src/djbdnsrocks/daemontools-0.76.tar.gz
cd /package/admin/daemontools/src
patch < /usr/src/djbdnsrocks/daemontools_errnopatch
patching file error.h

cd /package/admin/daemontools-0.76
./package/install

2. Install Ucspi-tcp

wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/ucspi-tcp-0.88.tar.gz
wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/ucspi-tcp_errnopatch

cd /usr/src/djbdnsrocks/ucspi-tcp-0.88
patch < ../ucspi-tcp_errnopatch
patching file error.h

make && make setup check

3. Install Djbdns

cd /usr/src/
wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/djbdns_errnopatch
wget http://www.djbdnsrocks.org/downloads/djbdnsrocks/djbdns-1.05.tar.gz

tar zxvf djbdns-1.05.tar.gz
cd djbdns-1.05
patch < ../djbdns_errnopatch

patching file error.h
Hunk #1 succeeded at 1 with fuzz 2.

make && make setup check

4. Install Qmail-conf

cd /usr/src/
wget http://www.din.or.jp/~ushijima/qmail-conf/qmail-conf-0.60.tar.gz
tar xvfz qmail-conf-0.60.tar.gz
cd qmail-conf-0.60
make -f Makefile.ini djbdns=../djbdns-1.05/
make setup check

5. Install Maildrop

cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/courier/maildrop-1.8.1.tar.bz2
tar xvfj maildrop-1.8.1.tar.bz2
cd maildrop-1.8.1
./configure –enable-maildirquota
make
make install

6. Install LDAP, SpamAssassin dan Qmail

apt-get install slapd libldap2-dev db4.2-util ldap-utils libgdbm-dev
vim /etc/ldap/slapd.conf (Sesuaikan dengan domain anda)

database bdb
suffix “dc=msr,dc=web,dc=id”
rootdn “cn=admin,dc=msr,dc=web,dc=id”
directory /var/lib/ldap
apt-get install clamav clamav-daemon clamav-freshclam clamav-base

apt-get install spamassassin

vim /etc/default/spamassassin

ENABLED=1
OPTIONS=”-x –ldap-config –max-children 5″

/etc/init.d/spamassassin start

groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
groupadd vmail -g 2110
useradd vmail -u 11184 -g vmail -d /home/vmail -s /bin/true

mkdir /home/vmail
chown -R vmail:vmail /home/vmail
groupadd simscan
useradd simscan -g simscan -s /sbin/nologin -d /tmp

Agar yakin bahwa library yang dibutuhkan sudah terinstall
apt-get install libssl-dev zlib1g-dev

Saatnya install
cd /usr/src
http://qmailrocks.org/downloads/qmail-1.03.tar.gz
wget http://www.nrg4u.com/qmail/qmail-ldap-1.03-20060201.patch.gz
tar xvfz qmail-1.03.tar.gz
cd qmail-1.03

zcat ../qmail-ldap-1.03-20060201.patch.gz | patch -p1
vi Makefile
LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
ZLIB=-lz
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/local/include
TLSLIBS=-L/usr/local/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWLIBS=-lcrypt
DEBUG=-DDEBUG

cd /usr/src/qmail-1.03
make setup check
cd /usr/src/qmail-1.03

cp qmail.schema /etc/ldap/schema/

vim /etc/ldap/slapd.conf
include /etc/ldap/schema/qmail.schema
index objectClass eq
index mail,mailAlternateAddress,uid eq,sub
index accountStatus,mailHost,deliveryMode eq
index default sub

/etc/init.d/slapd restart

Set file-file control untuk Qmail

cd /var/qmail/control
echo “mail.msr.web.id” > me
echo “127.0.0.1” > ldapserver
echo “ou=users,dc=msr,dc=web,dc=id” > ldapbasedn
echo “secret” > ldappassword
chmod 600 ldappassword
echo “cn=admin,dc=msr,dc=web,dc=id” > ldaplogin
echo qmailUser>/var/qmail/control/ldapobjectclass
echo “0”>/var/qmail/control/ldaplocaldelivery
echo “0”>/var/qmail/control/ldapcluster
echo “10000000”>/var/qmail/control/defaultquotasize
echo “10000”>/var/qmail/control/defaultquotacount
echo “The Email Account has Over Quota” > quotawarning
echo “ldaponly”>/var/qmail/control/ldapdefaultdotmode
echo “/home/vmail”>/var/qmail/control/ldapmessagestore
echo “11184”>/var/qmail/control/ldapuid
echo “2110”>/var/qmail/control/ldapgid
echo “30”>/var/qmail/control/ldaptimeout
echo “postmaster@msr.web.id”> /var/qmail/control/custombouncetext

touch /var/qmail/control/rbllist
echo “0.0.0.0”>/var/qmail/control/outgoingip
echo “./Maildir/”>/var/qmail/control/defaultdelivery
echo “msr.web.id” >/var/qmail/control/locals
echo “msr.web.id” >/var/qmail/control/rcpthosts

/var/qmail/rc
vim /var/qmail/rc
#!/bin/sh
# Taken from LWQ by Dave Sill
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env – PATH=”/usr/local/bin:/var/qmail/bin:/bin” \
qmail-start ./Maildir/

chmod 755 /var/qmail/rc

Qmail Delivery Service

/var/qmail/bin/qmail-delivery-conf qmaill /var/qmail/service/qmail

Buat Shortcut ke /service

ln -s /var/qmail/service/qmail /service

Tes apakah sudah running atau belum dengan :

svstat /service/qmail

Qmail Smtpd Service

/var/qmail/bin/qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd

Buat Shortcut ke /service

ln -s /var/qmail/service/smtpd /service

Tes apakah sudah running atau belum dengan :

svstat /service/smtpd

Tentukan memory limit dengan :

echo “8000000” > /var/qmail/service/smtpd/env/DATALIMIT

Relay
vim /service/smtpd/tcp
127.:allow,RELAYCLIENT=””
202.47.64.:allow,RELAYCLIENT=””
202.47.65.:allow,RELAYCLIENT=””
202.47.66.:allow,RELAYCLIENT=””
202.47.67.:allow,RELAYCLIENT=””
202.47.68.:allow,RELAYCLIENT=””
202.47.69.:allow,RELAYCLIENT=””
202.47.70.:allow,RELAYCLIENT=””
202.47.71.:allow,RELAYCLIENT=””
202.47.72.:allow,RELAYCLIENT=””
202.47.73.:allow,RELAYCLIENT=””
202.47.74.:allow,RELAYCLIENT=””
202.47.75.:allow,RELAYCLIENT=””
202.47.76.:allow,RELAYCLIENT=””
202.47.77.:allow,RELAYCLIENT=””
202.47.78.:allow,RELAYCLIENT=””
202.47.79.:allow,RELAYCLIENT=””
:allow

Ket :
– Koneksi dari network IP-IP yang didaftarkan kan diizinkan untuk lewat dan melakukan relay dari server ini.
:allow berarti koneksi port 25 dari IP manapun akan dizinkan, tapi tidak diperbolehkan melakukan relay menggunakan server ini. Ini dibutuhkan untuk penerimaan email dari mail server lain.

cd /service/smtpd
make
Dirmaker

Untuk membuat hirarki direktori secara otomatis pada mailbox.
vim /var/qmail/bin/dirmaker.sh
#!/bin/sh
/bin/mkdir -m 700 -p $1/Maildir
/bin/mkdir -m 700 -p $1/Maildir/new
/bin/mkdir -m 700 -p $1/Maildir/cur
/bin/mkdir -m 700 -p $1/Maildir/tmp
chmod +x /var/qmail/bin/dirmaker.sh
echo /var/qmail/bin/dirmaker.sh > /var/qmail/control/dirmaker
echo “3”> /service/smtpd/env/LOGLEVEL

INPUT DATA KE LDAP
Buat Hirarki User

vim /usr/src/ldif/users.ldif
dn: ou=users,dc=msr,dc=web,dc=id
ou: users
objectclass: top
objectclass: organizationalUnit

ldapadd -x -D “cn=admin,dc=msr,dc=web,dc=id” -W -f users.ldif

Kalau berhasil, akan ada respon :

Enter LDAP Password: > masukkan passwordnya
adding new entry “ou=users,dc=msr,dc=web,dc=id”

Buat Hirarki Group

vim /usr/src/ldif/groups.ldif
dn: ou=groups,dc=msr,dc=web,dc=id
ou: groups
objectclass: top
objectclass: organizationalUnit
ldapadd -x -D “cn=admin,dc=msr,dc=web,dc=id” -W -f groups.ldif

Membuat qmail User secara manual.

Sebelumnya kita perlu melakukan enkripsi terhadap password yang akan kita gunakan untuk user ini.

slappasswd -h {md5}
New password:
Re-enter new password:

{MD5}72KZyef9rm13WBnOHiYguA==

vim /usr/src/ldif/postmaster.ldif
dn: cn=Postmaster,ou=users,dc=msr,dc=web,dc=id
cn: Postmaster
ou: users
sn: Postmaster
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: postmaster@msr.web.id
mailHost: mail.msr.web.id
mailQuotaSize: 0
mailQuotaCount: 0
uid: postmaster
accountStatus: active
mailMessageStore: $domain/postmaster
userPassword: {MD5}72KZyef9rm13WBnOHiYguA==
ldapadd -x -D “cn=admin,dc=msr,dc=web,dc=id” -W -f postmaster.ldif

POP Server

/var/qmail/bin/qmail-pop3d-conf /var/qmail/bin/auth_pop qmaill /var/qmail/service/pop3d
vim /var/qmail/service/pop3d/tcp
:allow

cd /var/qmail/service/pop3d
make
ln -s /var/qmail/service/pop3d /service
echo “3”> /service/pop3d/env/POP3_LOGLEVEL
svstat /service/pop3d /service/pop3d/log

IMAP Server

cd /usr/src
wget http://osdn.dl.sourceforge.net/sourceforge/courier/courier-imap-3.0.8.tar.bz2

Courier-IMAP harus di-compiled BUKAN oleh root, tapi dengan privileged user lain.

chown -R rahman courier* >>>>>>>>> misalnya user saya rahman

su rahman
export CPPFLAGS=-I/usr/local/include/
export LDFLAGS=-L/usr/local/lib
cd courier-imap-3.0.8
./configure –enable-unicode=iso-8859-1,utf-8
make
make check

Setelah di-compile, install courier sebagai root:

cd courier-imap-3.0.8
make install
make install-configure

Konfigurasi

cp /usr/lib/courier-imap/etc/imapd.dist /etc/imapd.config
vim /etc/imapd.config
MAXPERIP=20
mkdir /usr/lib/courier-imap/runscript
vim /usr/lib/courier-imap/runscript/run
#!/bin/sh
IPADDR=”0.0.0.0″
exec_prefix=/usr/lib/courier-imap
. /etc/imapd.config
exec tcpserver -c 100 -l 0 -v -R $IPADDR imap \
${exec_prefix}/sbin/imaplogin \
/var/qmail/bin/auth_imap \
${exec_prefix}/bin/imapd Maildir 2>&1
chmod +x /usr/lib/courier-imap/runscript/run
ln -s /usr/lib/courier-imap/runscript /service/imapd
svstat /service/imapd
Install Simscan
wget http://www.inter7.com/simscan/simscan-1.2.tar.gz
wget http://switch.dl.sourceforge.net/sourceforge/pcre/pcre-6.3.tar.gz
wget http://www.pldaniels.com/ripmime/ripmime-1.4.0.5.tar.gz

tar -xvzf pcre-6.3.tar.gz
cd pcre-6.3
./configure
make && make install

tar zxvf ripmime-1.4.0.5.tar.gz
cd ripmime-1.4.0.5
make && make install

cd simscan-1.2
./configure –enable-user=simscan –enable-clamav=y –enable-clamdscan=/usr/bin/clamdscan –enable-custom-smtp-reject=n –enable-per-domain=y –enable-attach=y –enable-spam=y –enable-spamc-user=y –enable-dropmsg=y –enable-ripmime=/usr/local/bin/ripmime –enable-clamavdb-path=/var/lib/clamav –enable-sigtool-path=/usr/bin/sigtool –enable-received=y –enable-attach=y –enable-quarantinedir=/var/qmail/quarantine –enable-qmail-queue=/var/qmail/bin/qmail-queue –enable-regex=y –enable-clamavdb-path=/var/lib/clamav

Jika anda menggunakan Simscan versi 1.2 dan Clamav versi 0.9X, kemungkinan akan da error saat proses di atas dijalankan. Error tersebut menyatakan bahwa database clamav tidak diketahui lokasinya. File database clamav yang lama memiliki extension .cvd sedangkan yang baru .cld. Jadi saat instalasi kita bisa melakukan symlink ajah.

cd /var/lib/clamav
ln -s main.cld main.cvd
ln -s daily.cld daily.cvd

kemudian jalankan kembali command configure diatas. Jika sukses, akan ada keterangan konfigurasi simscan hasil config tadi :

Current settings
—————————————
user = simscan
qmail directory = /var/qmail
work directory = /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program = /var/qmail/bin/qmail-queue
clamdscan program = /usr/bin/clamdscan
clamav scan = ON
trophie scanning = OFF
attachement scan = ON
ripmime program = /usr/local/bin/ripmime
custom smtp reject = OFF
drop message = ON
regex scanner = ON
quarantine processing = ON
quarantine directory = /var/qmail/quarantine
domain based checking = ON
add received header = ON
spam scanning = ON
spamc program = /usr/bin/spamc
spamc arguments =
spamc user = ON
authenticated users scanned = OFF
spam passthru = OFF

make && make install-strip

Setelah instalasi selesai, hapus symlink yang tadi kita buat.

cd /var/lib/clamav
rm main.cvd
rm daily.cvd
/etc/init.d/clamav-daemon restart

Lalu, kita ubah owner dari proses clamd (Clamav AV) dari yang awalnya clamav menjadi simscan agar email yang masuk bisa discan.

chown -R simscan.simscan /var/run/clamav/
chown -R simscan.simscan /var/log/clamav/
vim /etc/clamav/clamd.conf
user clamav >>> ganti menjadi :

user simscan

vim /etc/logrotate.d/clamav-daemon
ganti juga clamav menjadi simscan

/etc/init.d/clamav-daemon restart

Agar spam dan virus yang lewat melalui proses scaning, edit file tcp di /service/smtp/

vim /service/smtp/tcp
127.:allow,RELAYCLIENT=””
202.47.64.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.65.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.66.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.67.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.68.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.69.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.70.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.71.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.72.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.73.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.74.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.75.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.76.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.77.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.78.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
202.47.79.:allow,RELAYCLIENT=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”
:allow,RCPTCHECK=””,RBL=””,QMAILQUEUE=”/var/qmail/bin/simscan”

Tambahkan line berikut ini di baris atas /service/smtp/run

vim /service/smtp/run
QMAILQUEUE=”/var/qmail/bin/simscan”; export QMAILQUEUE

Coba kirimkan spam dan virus ke email account yang ada di sever tersebut. Kemudian cek log nya di /service/smtp/log/main/current.

2009-05-20 17:02:20.351758500 tcpserver: pid 2586 from 202.47.78.51
2009-05-20 17:02:20.361180500 tcpserver: ok 2586 mail.msr.web.id:202.47.77.248:25 :202.47.78.51::56392
2009-05-20 17:02:20.405674500 qmail-smtpd 2586: connection from 202.47.78.51 (unknown) to mail.msr.web.id
2009-05-20 17:02:20.405948500 qmail-smtpd 2586: enabled options: relayclient rblcheck qmailqueue /var/qmail/bin/simscan
2009-05-20 17:02:20.449026500 qmail-smtpd 2586: mail from: viril@jetcoms.net
2009-05-20 17:02:20.458679500 qmail-smtpd 2586: rcpt to: rahman@dc-eight.web.id
2009-05-20 17:02:21.173820500 simscan:[2586]:VIRUS DROPPED:0.6659s:Worm.Mytob.GZ:202.47.78.51:viril@jetcoms.net:rahman@dc-eight.web.id

2009-05-20 17:02:21.173825500 qmail-smtpd 2586: message queued: 1242813741 qp 2589 size 110510 bytes
2009-05-20 17:02:21.177357500 tcpserver: end 2586 status 0
2009-05-20 17:02:21.177361500 tcpserver: status: 0/40
2009-05-20 17:18:55.725385500 tcpserver: status: 1/40

cek juga log di clamav-nya, /var/log/clamav/clamav.log

Wed May 20 17:02:21 2009 -> /var/qmail/simscan/1242813740.515132.2589/msg.1242813740.515132.2589: Worm.Mytob.GZ FOUND
Wed May 20 17:02:21 2009 -> /var/qmail/simscan/1242813740.515132.2589/file.zip: Worm.Mytob.GZ FOUND

Untuk virus dan spam yang terdeteksi server ini akan di qurantine di /var/simscan/quarantine.

….Sekian…..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s