Update #3 on Installing qpsmtpd on Bionic Beaver (Ubuntu 18.04 LTS) and Plesk Obsidian with Postfix

[2008-11: New installation on 10.3/8.6.0]
[2007-04: Implementing SMTP Authorization with qpsmtpd running under SuSE 10.0 and Plesk 8.0
[2014-01: Here's an update to these instructions.]
[2018-09: Update #2 on Installing qpsmtpd on Xenial, completely replaces 2014-01]
[2020-11: Update #3 on Installing qpsmtpd on Bionic, completely replaces 2018-09]

This is yet another update to my instructions for installing qpsmtpd on a Linux system running under Plesk, this time for Postfix, rather than Qmail.

qpsmtpd is on GitHub, but we need some preliminaries first:

Just in case you don't have cc yet:
apt-get install build-essential

apt-get install libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl
apt-get install libssl-dev
perl -MCPAN -e 'install Crypt::OpenSSL::Random'
# ^ This will install CPAN if you haven't done that already! I chose the automatic configuration.
perl -MCPAN -e 'install Crypt::OpenSSL::RSA'
apt-get install libidn2-dev
# ^ On xenial (16.04) try libidn2-0-dev instead.
perl -MCPAN -e 'install Net::LibIDN2'
perl -MCPAN -e 'install Mail::DKIM'
# ^ This installs a lot of packages and runs lots of tests; be patient, you've seen nothing yet...
apt-get install libxml2-dev
perl -MCPAN -e 'install XML::LibXML'
perl -MCPAN -e 'install Mail::DMARC'

After these preliminaries we can install qpsmtpd according to its README: Install the following "required Perl modules:
perl -MCPAN -e 'install Net::DNS'
perl -MCPAN -e 'install MIME::Base64'
perl -MCPAN -e 'install Mail::Header'

In addition the default plugins require some additional modules.

Fix "'YAML' not installed, will not store persistent state":
cpan 'YAML'

Unfortunately, the following fails — see and follow Failed test 'POD test for blib/lib/Mail/SPF/Util.pm' at /usr/local/share/perl/5.24.1/Test/Pod.pm line 187.
perl -MCPAN -e 'install Mail::SPF'

If you want to use the ident/geoip plugin, install
perl -MCPAN -e 'install GeoIP2'
perl -MCPAN -e 'install Math::Complex'
(huge install!) and use the following script to download and extract the MaxMind GeoLite2 databases:

#!/usr/bin/env bash
cd /usr/local/share/GeoIP
for DB in GeoLite2-ASN GeoLite2-City # GeoLite2-Country
do
    echo $DB
    wget 'https://download.maxmind.com/app/geoip_download?edition_id='${DB}'&license_key=MY_LICENSE_KEY&suffix=tar.gz' --output-document=${DB}.dat.tar.gz
    tar -xvzf ${DB}.dat.tar.gz --strip-components=1 --wildcards "*.mmdb"
done
rm GeoLite2*.dat.tar.gz

For the auth_imap plugin, install
perl -MCPAN -e 'install Net::IMAP::Simple'

Running the watch and summarize utilities recommended in the FAQ requires yet another dependency:
perl -MCPAN -e 'install File::Tail'

Installing qpsmtpd

Read the README file.

Test Drive

Add a group and user called smtpd, and expand qpsmtpd in his home directory:

groupadd smtpd
useradd -d /home/smtpd -s /sbin/nologin -g smtpd -m smtpd
cd ~smtpd
# remove all skeleton files

Get qpsmtpd. I take the latest development version from GitHub — you may want to use the stable version instead):

git clone https://github.com/smtpd/qpsmtpd.git

I prefer to create the config directory above the qpsmtpd tree and create a soft link where qpsmptd expects it:

mkdir config
cp -r qpsmtpd/config.sample/* config
ln -s ../config qpsmtpd/config

You may need to customize config/IP, and possibly remove config/rcpthosts to get qpsmtpd to use the existing /var/qmail/control/rcpthosts.

If you can't wait to try out qpsmtpd, then it's possible to run it under the current acount at this point, but the following steps will allow you to run it more safely under the new smtpd user: smtpd needs write access to ~smtpd/tmp/ and ~smtpd/log/ but no other directory, so do something like this:

echo /home/smtpd/tmp >~smtpd/qpsmtpd/config/spool_dir
chown -R root.smtpd ~smtpd
find ~smtpd -type d -exec chmod 750 {} \;
mkdir ~smtpd/tmp
chown smtpd ~smtpd/tmp
chmod 700 ~smtpd/tmp
mkdir /var/log/qpsmtpd
chown smtpd /var/log/qpsmtpd
chmod 700 /var/log/qpsmtpd
ln -s /var/log/qpsmtpd ~smtpd/log

Setting spool_dir is essential for running qpsmtpd — I had to ask the friendly specialists on the qpsmtpd mailing list to get this piece of the puzzle.

Now you can test drive qpsmtpd — this is an essential step because it allows you to see any error messages due to installation problems that you need to solve before you can proceed.

cd qpsmtpd
./qpsmtpd-forkserver -u smtpd

Connect through a second terminal (or telnet remotely, if your firewall allows accessing port 2525):

telnet localhost 2525

qpsmtpd greets you and you can try an interactive SMTP session if you like:

220 example.com ESMTP qpsmtpd 0.3x ready; send us your mail, but not your spam.
ehlo dude
250-example.com Hi Unknown [127.0.0.1]
250-PIPELINING
250-8BITMIME
250 STARTTLS
quit
221 example.com closing connection. Have a wonderful day.
Connection closed by foreign host.

Now proceed to running qpsmtpd. The following relies heavily on hjp's qpsmtpd with postfix - a tutorial (WayBackMachine).

Another good source:
http://blog.infinitylimited.net/running-qpsmtpd-with-postfix-on-gentoo/

# queue the mail to postfix
queue/postfix-queue

Couldn't open "/var/spool/postfix/public/cleanup": Permission denied at lib/Qpsmtpd/Postfix.pm line 115.
16510 FATAL PLUGIN ERROR [queue::postfix_2dqueue]: Unable to open any cleanup sockets! at lib/Qpsmtpd/Postfix.pm line 187.

usermod -a -G postdrop smtpd