Test Qmail functionalities
We first make a basic check thanks to the script qmr_inst_check
/downloads/scripts/qmr_inst_check
You should have such result :
We then check if the server listen to the right ports
You should have at least the bold ones :
tcp 0 0 0.0.0.0:783 0.0.0.0:* LISTEN 2302/spamd.pid
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1901/portmap
tcp 0 0 0.0.0.0:49168 0.0.0.0:* LISTEN 1912/rpc.statd
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 3063/sslserver
tcp 0 0 127.0.0.1:1013 0.0.0.0:* LISTEN 2957/famd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2141/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3056/tcpserver
tcp6 0 0 :::993 :::* LISTEN 2924/couriertcpd
tcp6 0 0 :::995 :::* LISTEN 2942/couriertcpd
tcp6 0 0 :::110 :::* LISTEN 2930/couriertcpd
tcp6 0 0 :::143 :::* LISTEN 2911/couriertcpd
tcp6 0 0 :::80 :::* LISTEN 2999/apache2
In this case, Qmail should now be able to send and receives e-mails.
Receiving e-mails
You should have an answer like this :
Connected to localhost.
Escape character is '^]'.
220 servername.localdomain.tld ESMTP
mail from: <testmail@test.com>
250 ok
rcpt to: <nospam@test.com>
250 ok
data
354 go ahead
From: Test_sender <testmail@test.com>
To: Test_receiver <nospam@test.com>
Subject: Just a stupid SMTP test
Just a test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
This demonstrate a successful SMTP connection !
For our tests, we need to create a dummy account
/home/vpopmail/bin/vadduser test@test.com brol2
qmailctl reload
We also can create a real account
/home/vpopmail/bin/vadduser an_account@your_real_domain.tld your_account_password
qmailctl reload
You can of course do the same thing via vqadmin and qmailadmin web interfaces
"brol" is a belgian idiom that means "something useless"
You can send a test mail to an_account@your_real_domain.tld from you regular mail client. We 'll retrieve it in the next step but if you don't receive a NDR, it's probably already OK
Sending e-mail through an authentificate connection : Testing TLS
You should have an answer like this:
Connected to localhost.
Escape character is '^]'.
220 servername.domain.tld ESMTP
ehlo localhost
250-servername.domain.tld
250-STARTTLS
250-SIZE 0
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.
- Verify that the cert actually exists at /var/qmail/control/servercert.pem. If it's not there, go back to step 2 and repeat the cert creation step.
- Verify that the cert is owned by vpopmail:vchkpw. If it's not, then make it so like this :
chown vpopmail:vchkpw /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem
Now we have verified that the server supports the STARTTLS command, we can use openssl s_client to connect.
This command is equivalent to the previous sequence until the "220 ready for tls" message
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/emailAddress=your@e-mail.tld
verify return:1
250 8BITMIME
ehlo testing
250-fqdn
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-SIZE 0
250-PIPELINING
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <testmail@test.com>
250 ok
rcpt to: <nospam@test.com>
250 ok
data
354 go ahead
From: Test_sender <testmail@test.com>
To: Test_receiver <nospam@test.com>
Subject: Just a simple SMTP TLS test
Just a TLS test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
As you've probably noticed, the login and password are encoded ( "dGVzdEB0ZXN0LmNvbQ==" stands for "test@test.com" and "YnJvbDI=" stands for "brol2")! You can encode yourself with the script base64
Input you string: test@test.com
Base64 encode is : dGVzdEB0ZXN0LmNvbQ==
Input you string: brol2
Base64 encode is : YnJvbDI=
Input you string: ^C (means press CTRL+C)
Test SMTP-SSL
It's nearly the same test. In this case, we use an SSL server where we connect to a different port number. We have to establish an SSL connection before the SMTP conversation even starts :
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/emailAddress=your@e-mail.tld
verify return:1
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <testmail@test.com>
250 ok
rcpt to: <nospam@test.com>
250 ok
data
354 go ahead
From: Test_sender <testmail@test.com>
To: Test_receiver <nospam@test.com>
Subject: Just a simple SMTP-SSL test
Just a SMTP-SSL test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
Users comments
Hi Mauricio,
It seems your permission on mailboxes are wrong :
This is how your /home/vpomail/domains/YOUR_DOMAIN should look like :
root@qmailtest:/home/vpopmail/domains/thibs.be# ls -lah
total 20K
drwx------ 4 vpopmail vchkpw 4.0K Oct 20 03:58 .
drwx------ 4 vpopmail vchkpw 4.0K Oct 20 04:12 ..
drwx------ 3 vpopmail vchkpw 4.0K Oct 20 03:58 postmaster
-rw------- 1 vpopmail vchkpw 0 Oct 20 03:58 .qmailadmin-limits
-rw------- 1 vpopmail vchkpw 52 Oct 20 03:58 .qmail-default
drwx------ 3 vpopmail vchkpw 4.0K Oct 20 03:58 thibs
This is how your /home/vpomail/domains/YOUR_DOMAIN/MAILBOXE should look like :
root@qmailtest:/home/vpopmail/domains/thibs.be/thibs# ls -lah
total 12K
drwx------ 3 vpopmail vchkpw 4.0K Oct 20 03:58 .
drwx------ 4 vpopmail vchkpw 4.0K Oct 20 03:58 ..
drwx------ 8 vpopmail vchkpw 4.0K Oct 20 05:02 Maildir
This is how your /home/vpomail/domains/YOUR_DOMAIN/MAILBOXE/Maildir should look like :
root@qmailtest:/home/vpopmail/domains/thibs.be/thibs/Maildir# ls -lah
total 40K
drwx------ 8 vpopmail vchkpw 4.0K Oct 20 05:02 .
drwx------ 3 vpopmail vchkpw 4.0K Oct 20 03:58 ..
drwx------ 2 vpopmail vchkpw 4.0K Oct 20 04:02 courierimapkeywords
-rw-r--r-- 1 vpopmail vchkpw 23 Oct 20 05:02 courierimapsubscribed
-rw-r--r-- 1 vpopmail vchkpw 15 Oct 20 05:02 courierimapuiddb
drwx------ 2 vpopmail vchkpw 4.0K Oct 20 05:02 cur
drwx------ 2 vpopmail vchkpw 4.0K Oct 20 04:27 new
drwx------ 6 vpopmail vchkpw 4.0K Oct 20 04:02 .Sent
drwx------ 2 vpopmail vchkpw 4.0K Oct 20 05:44 tmp
drwx------ 6 vpopmail vchkpw 4.0K Oct 20 05:02 .Trash
If all the mailboxes of all domains are wrong, you probably missed something at this step
Hi Thibs, how are you?
I've installed a new server following your guide and i got this error log's message when i send a test email from my account to server's one.
400000004ea2e1ae00496aec starting delivery 48: msg 1838717 to local cosco.com.uy-copia@cosco.com.uy @400000004ea2e1ae00498644 status: local 1/10 remote 0/120 @400000004ea2e1ae00bcc62c delivery 48: deferral: Unable_to_open_.qmail-copia:_access_denied._(#4.3.0)/ @400000004ea2e1ae00bcd5cc status: local 0/10 remote 0/120
Have you any idea what the problem is?
Kind regards!
Hi Hip0,
I've just checked the step qmail-ucspi.php and I mention
cd /var/qmail/control
chmod 640 servercert.pem
chown vpopmail:vchkpw servercert.pem
I've just re-done an entire install and nowhere those ownerships/permissions are destroyed ...
I have however noticed a potential problem on this page if you followed the optionnal tip If you happen to get an error that states "454 TLS not available".
I've just corrected this tip !
Hi Hip0,
Thanks for the tips. I'll try to make a brand new install from scratch to re-check my guide.
Anyway, I 'll mention your tips !
Hi Thibs,
I followed your guide to install a brand new qmail server and I got error caused by:
/service/qmail-smtpdssl/run
in /var/log/qmail/qmail-smtpdssl, there was the following error:
@400000004e9807b10dae2ca4 sslserver: fatal: unable to load certificate
I've posted on my blog an explanation to the issue - http://www.pc-freak.net/blog/how-to-fix-sslserver-fatal-unable-to-load-certificate-qmail-error-on-gnu-linux/
Maybe it's good if you fix it in your install guide as well.
Wish you best!
Georgi
do you .. have a yahoo id ?! .. i could give you access you to my server !
i resolve that problem.. my lo .. wasn`t up.. my mistake.. but i have another problem..
when i close with . here Just a TLS test !
451 qq temporary problem (#4.3.0)
try to skip.. and another problem at the next step
Authentication FAILED: Input/output error
@400000004e9468f234e8559c QMAILSMTPD_LOG_RCPT="1"
@400000004e9468f234e8559c REQUIRE_AUTH="0"
@400000004e9468f234e85984 ALLOW_INSECURE_AUTH="0"
@400000004e9468f234e85984 SPFBEHAVIOR="3"
@400000004e9468f234e85984 SPF_LOG="1"
@400000004e9468f234e85d6c SPF_BLOCK_PLUS_ALL="1"
@400000004e9468f234e85d6c QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
@400000004e9468f234e88094 NOP0FCHECK="1"
@400000004e9468f234e88094 command-line: exec tcpserver -vR -l fznet.ro -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 25 rblsmtpd -r zen.spamhaus.org -r dnsbl.njabl. org -r dnsbl.sorbs.net -r bl.spamcop.net qmail-smtpd fznet.ro /home/vpopmail/ bin/vchkpw /bin/true 2>&1
@400000004e9468f234e8847c tcpserver: status: 0/30
@Master :
Try
qmailctl restart
You should have
Restarting qmail: * Stopping qmail-smtpdssl. * Stopping qmail-smtpd. * Sending qmail-send SIGTERM and restarting. * Restarting qmail-smtpd. * Restarting qmail-smtpdssl.
Try then
qmailctl stat
You should have
/service/qmail-send: up (pid 17762) 63 seconds
/service/qmail-send/log: up (pid 17763) 63 seconds
/service/qmail-smtpd: up (pid 18500) 63 seconds
/service/qmail-smtpd/log: up (pid 17767) 63 seconds
/service/qmail-smtpdssl: up (pid 18496) 63 seconds
/service/qmail-smtpdssl/log: up (pid 17773) 63 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
If you still have the problem try this :
tail /var/log/qmail/qmail-smtpd/current
You should then see what's wrong
telnet localhost 25
Trying 127.0.0.1...
Trying ::1...
telnet: Unable to connect to remote host: Network is unreachable
Maru : I've indeed the same as you.
But if you take a look all the "failed test" are not for external adress. So the host cannot be used to send mails outside.
e.g. :
RCPT TO: <relaytest%mailradar.com@[178.32.247.141]>
You 'll suceed most of the tests if you follow the instructions of this optionnal task : http://qmailrocks.thibs.com/validrcptto.php
I checked open relay test at a below site after install qmailrocks successfully.
http://www.mailradar.com/openrelay/
The result is [TEST NOT PASSED] at the method 5, 6, 8, 9, 10, 14, 15, 16.
What's the problem?
Mabiala : It's just because teste.co.ao do not exist (in my sample I used test.com because this domain exists)
Luck that is the error i get
debian:~# perl /downloads/scripts/base64
Press Enter to exit.
Input you string: postmaster@teste.co.ao
Base64 encode is : cG9zdG1hc3RlckB0ZXN0ZS5jby5hbw==
Input you string: 123456
Base64 encode is : MTIzNDU2
Input you string: ^C
debian:~# openssl s_client -crlf -connect localhost:465 -quiet
depth=0 /C=AO/ST=Luanda/L=Luanda/O=Teste/OU=Teste/CN=debian/emailAddress=postmaster@teste.co.ao
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AO/ST=Luanda/L=Luanda/O=Teste/OU=Teste/CN=debian/emailAddress=postmaster@teste.co.ao
verify return:1
220 debian.teste.co.ao ESMTP
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0ZS5jby5hbw==
334 UGFzc3dvcmQ6
MTIzNDU2
235 ok, go ahead (#2.0.0)
mail from: <postmaster@teste.co.ao>
553 sorry, your envelope sender domain must exist (#5.7.1)
You have to write EXACTLY
mail from: <testmail@test.com>
(of course replace by your e-mail adress)
teste:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailadmin.teste.co.ao ESMTP
mail from:
553 sorry, your envelope sender domain must exist (#5.7.1)
I get this error.
Thibs, thanks for your reply!
It looks like permissions are ok.
I'll keep looking where the problem is!!!
Thanks very much.
kind regards,