[Qvcs-CVS] qvcs-guide qvcs-guide.xml,1.3,1.4
Brought to you by:
graf25
Menu
▾
▴
[Qvcs-CVS] qvcs-guide qvcs-guide.xml,1.3,1.4
|
From: <gr...@us...> - 2003-06-27 02:26:04
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv1637 Modified Files: qvcs-guide.xml Log Message: Night's work. Index: qvcs-guide.xml =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** qvcs-guide.xml 26 Jun 2003 21:55:46 -0000 1.3 --- qvcs-guide.xml 27 Jun 2003 02:26:01 -0000 1.4 *************** *** 10,17 **** --- 10,19 ---- <!ENTITY qvcsbase "http://mirror.mricon.com/qvcs-guide"> <!ENTITY prompt "<prompt>[root@mail root]#</prompt>"> + <!ENTITY gtprompt "<prompt>></prompt>"> ]> <book> <bookinfo> + <!-- $Id$ --> <title> POP-Toaster using Qmail, Vmailmgr, Courier, and Squirrelmail *************** *** 25,30 **** </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>$Date$</pubdate> ! <releaseinfo>$Revision$</releaseinfo> <copyright> <year>2001-2003</year> --- 27,32 ---- </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>TBA</pubdate> ! <releaseinfo>1.90</releaseinfo> <copyright> <year>2001-2003</year> *************** *** 732,736 **** </sect1> <sect1> ! <title>Admins and Admins</title> <para> There are three levels of admins in Vadmin. There is a --- 734,738 ---- </sect1> <sect1> ! <title>Elvises, Admins, Cross-Admins, Oh My!</title> <para> There are three levels of admins in Vadmin. There is a *************** *** 805,808 **** --- 807,994 ---- </sect1> </chapter> + <chapter> + <title>Advanced Configuration</title> + <para> + At this point you have a system that provides the skeleton of a + full email solution. However, you will probably want to take + this further and add some features useful for a modern email + service. + </para> + <sect1> + <title>Life with Qmail</title> + <para> + <application>Qmail</application>, although an open-source + piece of software, is not entirely free in terms of freedom of + use. It comes with a fairly restrictive license, which in part + prohibits me from distributing modified versions. Due to this + restriction I am unable to ship a binary package that enables + most of the advanced features that are mentioned in this + section. There is no solution, only a workaround. + </para> + <sect2> + <title>Rebuilding the Source RPM</title> + <para> + Thankfully, I am not prohibited from shipping a source RPM, + so you will need to perform the following steps in order to + get yourself a nice qmail package with useful features + enabled. + </para> + <para> + The process of rebuilding the RPM involves the following + steps: + </para> + <note> + <para> + I am using backslashes in the following set of commands to + make them fit sanely on a printed page. When you perform + these steps, it is not necessary to use the backslashes, + just continue typing everything on one line. + </para> + </note> + <programlisting> + &prompt; <userinput>wget &qvcsbase;/qmail.src.rpm</userinput> + &prompt; <userinput>yum install rpm-build gcc openssl-devel</userinput> + &prompt; <userinput>rpmbuild --rebuild --define 'qmailq 1' \</userinput> + >prompt; <userinput>--define 'smtpauth 1' --define 'bigdns 1' \</userinput> + >prompt; <userinput>qmail.src.rpm</userinput> + &prompt; <userinput>cd /usr/src/redhat/RPMS/i386</userinput> + &prompt; <userinput>rpm -Uvh --replacepkgs --replacefiles \</userinput> + >prompt; <userinput>qmail-1.03*.rpm qmail-initscripts*.rpm</userinput> + </programlisting> + <para> + "Yum install" step is going to be a bit of a + download, so prepare to be patient. Once all these steps are + complete, you have successfully installed a modified version + of qmail, necessary for the advanced configurations. + </para> + </sect2> + <sect2> + <title>Disabling automated qmail updates in yum</title> + <para> + You will want to disable automatic updates of qmail in yum, + otherwise the next time I push out a newer version of qmail, + it will override your custom-built binary. To do that, open + <filename>/etc/yum.conf</filename> in your editor, and add + the following line in the <varname>[main]</varname> section + right under "distroverpkg=redhat-release": + </para> + <programlisting> + ... + distroverpkg=redhat-release + <userinput>exclude=qmail qmail-initscripts</userinput> + </programlisting> + <para> + Once this step is done, you are ready to configure the + advanced features of &qvcs; + </para> + </sect2> + </sect1> + + <sect1> + <title>Encrypted Communication (SSL)</title> + <para> + I AM HERE + </para> + </sect1> + + <sect1> + <title>Selective Relaying</title> + <para> + Selective relaying is a method of allowing certain + "trusted" incoming email messages to be sent further + along to their final destination. You don't want + <emphasis>ALL</emphasis> messages to be relayed, as that would + quickly make your server the target for relaying spam, but you + might want to enable this for your clients. If you want your + users to be able to use your mailserver when they send + outgoing email (not just via the webmail interface, that is), + read this part. + </para> + <sect2> + <title>Origin-based relaying</title> + <para> + Let's say you have a certain range of IP addresses that your + users send email from. This range of addresses is therefore + a "trusted subnet" and we can configure our + mailserver to accept email from this origin without any + further questioning and relay the messages to wherever they + need to go. + </para> + <para> + We will use tcp wrappers for selective relaying. Open the + <filename>/etc/hosts.allow</filename> file in your editor: it + should currently have the following entries: + </para> + <programlisting> + tcp-env: 127.0.0.1 : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + Let's say that we want everyone from our trusted network to + send their outgoing e-mail through our mailserver. If our + trusted network is <varname>192.168.1.0/24</varname>, then + we would change <filename>/etc/hosts.allow</filename> as + follows: + </para> + <programlisting> + tcp-env: 127.0.0.1 192.168.1. : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + If we only had a fraction of class C, we could change it as + follows: + </para> + <programlisting> + tcp-env: 127.0.0.1 192.168.1.0/255.255.255.128 : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + or, we could limit it by domain name, like so: + </para> + <programlisting> + tcp-env: 127.0.0.1 .hogwarts.jk : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + This would mean that any host with IP address resolving to + "somehost.hogwarts.jk" would be allowed to relay + e-mail. + </para> + <para> + If you have a lot of relaying rules, keeping them all on one + line might get tedious. In this case you may create a + separate file with all the allowed hosts and networks in + it. For example, put all your rules in the file + <filename>/etc/relay.rules</filename>, so it contains + something like this: + </para> + <programlisting> + 127.0.0.1 + .hogwarts.jk + 192.168.1.0/255.255.255.128 + rosmerta.hogsmeade.jk + </programlisting> + <para> + and change <filename>/etc/hosts.allow</filename> to contain + the following entries: + </para> + <programlisting> + tcp-env: /etc/relay.rules : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + For more information about various patterns read the manual + page for tcp wrappers. You can view it by executing: + </para> + <programlisting> + &prompt; <userinput>man hosts.allow</userinput> + </programlisting> + </sect2> + </sect1> + </chapter> + + + + |
