The DynDN.eS Blog

About DynDN.eS, eQmail, Gentoo & some other network stuff

User Tools

Site Tools


eQmail (1.08.1) quick configuration guide

The installation of eQmail isn't different to (net)qmail. But of the additional functionality some more configuration have to be done, especially of the smtp plugins (qmail-spp).

Important: This is not a full featured install guide! Refer to the documentation below too!

You should be familiar wit the following documents or hate it on side:

I also prerequisite the use of daemontools, ucspi-tcp and qmail-chkpw. Other tools will do the job too, but we don't mention it here. Refer to related documentation.

Configuration

After installation the first thing is to create the file  control/smtpplugins :          Important!  This file have to exists in any case!

$ printf "[connection]\n\n[helo]\n\n[mail]\n\n[rcpt]\n\n[data]\n\n#[auth]\n" > /var/qmail/control/smtpplugins
$ chown root:qmail /var/qmail/control/smtpplugins && chmod 644 /var/qmail/control/smtpplugins

(Maybe) this will be done automatically in the future! For plugins refer to the qmail-spp homepage.

SMTP Authentication

Follow the documentation of the checkpassword compatible tool of your choice. Edit your run file (replace  qmail-chkpw  as needed), like:

exec /usr/bin/tcpserver 
     ... <tcpserver stuff> ...
     /var/qmail/bin/qmail-smtpd /bin/qmail-chkpw 2>&1

Remote Authentication

Add user and password to your  control/smtproutes  file, separated by a whitespace (do not use base64 encoding):

<domain>:<relay_host>:25 user password

See  man qmail-remote  for more information of  smtproutes .

Other Settings

The domainbindings patch allows to bind an outgoing domain to an IP address. Refer to  man qmail-remote  to check out how to configure. Be aware that this works with IPv4 only. The badmail-from-wildcard functionality is described in  man qmail-smtpd .

TLS (SSL)

Create a file  control/tlsserverciphers  with the content

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:-SSLv2:-SSLv3

Don't forget to create a server certificate with  mkservercert . I would recommend to use a tool like  stunnel  to do more SSL stuff (e.g. listen on port 465) instead of patching/modifying any code.

IPv6

eQmail-1.08.x doesn't support IPv6 at all. But it is quite easy to use IPv6 for incoming mails by patching ucspi-tcp-0.88 with Felix von Leitner's ucspi-tcp-0.88-ipv6.diff19 patch (maybe some additional patches needed too). I do so, but I apologize to not be able to publish this solution yet. Alternative there is a ucspi-ipv6 package by Erwin Hofmann available.

For outgoing mails it is quite different. Not at all that the domainbindings patch doesn't support IPv6, it conflicts heavily with existing IPv6 patches. The effort to implement it clean is relative high and I'm not sure if it makes sense to do it. As a workaround I suggest to use a relay MTA with native IPv6 functionality or something like a IPv4-IPv6 tunnel.