Blue Flower

Monday, 06 July 2015 01:02

Setting up a secondary qmail server

Written by
Rate this item
(0 votes)

The purpose of this document is to provide information for the user to make a decision about creating a backup mail server. The first question should be how many messages will be arriving on a daily basis? The next question is how important are my messages to my company or organization? Managing servers can be hard but if your messages are lost or bouncing when your server is down than a secondary or queuing server is the answer. The purpose of this is to have the secondary
server sitting in front of your qmail server just passing the messages along. When (and if) you are having a problem with the qmail server the secondary server will queue the messages.

Ensuring the setup of the secondary server is quite simple; Just a very minimal qmail setup on a freebsd will work fine. All you need to do is install FreeBSD 10.2 and make sure ports are updated. Then run the following steps for just the secondary server:

Preinstall Checklist (Excluding Apache and Mysql)
Installing Qmail
Installing Daemontools 
Installing UCSPI-TCP 
Installing Autorespond 
Disabling Sendmail
Configuring Qmail 

Additions to Configuring Qmail:

When you edit the smtpd_run file please adjust following settings:

This is to announce your hostname This is optional.

SMTPGREETING="$LOCAL NO UCE"

You can turn on GREETDELAY. GREETDELAY will not only save you for spam mails, but unlike Greylisting and/or filtering a la SpamAssassin, this is the only mean to really reduce the overall amount of spam because the timeslot required for the spam sender to deliver messages (whether successfully or unsuccessfully) is raised from typically one second to (<=) GREETDELAY seconds. I typically have good luck with a value of 15.

GREETDELAY=15

You can disable mfcheck:

MFCHECK=0

Disable validrcptto by commenting the following lines:

#VALIDRCPTTO_CDB="$VQ/control/validrcptto.cdb"
#VALIDRCPTTO_LIMIT=10
#VALIDRCPTTO_LOG=2

NOTE: If you would like your queuing server to filter valid emails, You could setup a cronjob to fetch the validrcptto.cdb file to your secondary server and then restart qmail-smtpd. You would need to enable validrcptto in the qmail guide.

I typically turn off the 3 following SPF settings:

#SPFBEHAVIOR=0
#SPF_LOG=1
#SPF_BLOCK_PLUS_ALL=1

Disable qmail-scanner

#QMAILQUEUE="$VQ/bin/qmail-scanner-queue.pl"

You will also need to run through the Setting up SSL Certs and starting Qmail guide as well. Even though you're not relaying mail you still need to have a certificate setup for qmail. You can skip the sections for creating the qmail-smtpd-ssl service.

We need to do a few things first to make sure messages arrive correctly:

Make sure /var/qmail/control/rcpthosts has a list of your qmail domains

Now setup the correct routing with /var/qmail/control/smtproutes per the examples below:

If you want to route mail from one domain to another, you would do it like so:

domain_you_want_to_route:primary-server.domain.com
another_domain_you_want_to_route:another-server.domain.com

If you want to route all mail and then you should have the line like:

:primary-server.domain.com

At this point qmail will be installed. I have created a new qmailtcl that just controls qmail-send and qmail-smtpd. You can download it here:

# cd /var/qmail/bin
# mv qmailctl bak_qmailctl
# fetch http://freebsdrocks.net/qmail2/qmailctlqueueonly.tgz
# tar zxvf qmailctlqueueonly.tgz
# rm qmailctlqueueonly.tgz

Now we can restart qmail

# qmailctl restart

Once this is done you can change your MX record to the secondary server and then it should pass the messages directly to your qmail server.

Read 4104 times Last modified on Thursday, 09 June 2016 20:17

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.