Documents >> FreeBSD >> FreeBSD Postfix Guide

Links

www.FreeBSD.org

Maildrop Filter Guide  

Other FreeBSD Documents

FreeBSD Base Install
FreeBSD 7.0 Install
FreeBSD Postfix Guide
FreeBSD Maildrop filter
SQLGrey Greylist on Postfix
FreeBSD Login Graphic
FreeBSD Migrate Users
Uptimize FreeBSD as Guest

FreeBSD Postfix Guide

Apache22
cd /usr/ports/www/apache22
make install
echo 'apache22_enable="YES"' >> /etc/rc.conf
PHP4
cd /usr/ports/lang/php4
make install
* CLI
* CGI
* Apache module
* Suhosin (?)
* IPV6 (?)
* FastCGI
* Pathinfo
* OpenSSL
* Zlib

Add the typehandler to apache config.

ee /usr/local/etc/apache22/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
Mysql 5.0
cd  /usr/ports/databases/mysql50-server
make install
echo 'mysql_enable="YES"' >> /etc/rc.conf
mysqladmin -u root password <the password>
phpMyAdmin
cd  /usr/ports/databases/phpmyadmin
make install
* All except MysqlI (only php5)

Configuration of phpmyadmin:

cd /usr/local/www/phpMyAdmin
cp libraries/config.default.php config.inc.php
ee config.inc.php
$cfg['Servers'][$i]['auth_type']     = 'http';
$cfg['Servers'][$i]['user']          = '';

Add phpmyadmin to the apache config.

ee /usr/local/etc/apache22/httpd.conf
Insert:
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
Options none
AllowOverride Limit
Order Allow,Deny
Allow from all
</Directory>
Subversion
whereis subversion
cd 
make install WITHOUT_BDB=yes
Proftpd
cd /usr/ports/ftp/proftpd
make install
echo 'proftpd_enable="YES"' >> /etc/rc.conf

Additions to the config file.

ee /usr/local/etc/proftpd.conf
AllowRetrieveRestart    on
AllowStoreRestart       on

Mail server

Postfix

First I install the postfix

cd /usr/ports/mail/postfix
make install
* SASL 2
* TLS
* MySQL
If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Add the user to the virtual dirs

pw groupadd vmail -g 5001 
pw useradd vmail -u 5001 -g 5001 -s/sbin/nologin -d/dev/null
mkdir /usr/local/vmail
chown -R vmail:vmail /usr/local/vmail
chmod -R ug+rwx,o-rwx /usr/local/vmail

The database table layout files

ee /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1
ee /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
ee /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
ee /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'
ee /usr/local/etc/postfix/mysql_relay_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
chown root:postfix /usr/local/etc/postfix/mysql_*.cf
chmod 640 /usr/local/etc/postfix/mysql_*.cf

Edit the postfix main.cf config file

ee /usr/local/etc/postfix/main.cf
myhostname = teststar.nickit.dk
mydomain = nickit.dk
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mynetworks = $config_directory/mynetworks
relay_domains = mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
header_checks = regexp:/usr/local/etc/postfix/header_checks
# Next, add all these to the bottom of the file :
#
# Virtual Mail Mysql settings
#
virtual_alias_maps      = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps        = static:5001
virtual_gid_maps        = static:5001
virtual_mailbox_base    = /usr/local/vmail
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit   = 51200000
virtual_mailbox_maps    = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid     = 5001
# Who handles the mail delivery?
# POSTFIX  = virtual
# MAILDROP = maildrop
#
#virtual_transport = virtual
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
# Transport map
transport_maps = hash:/usr/local/etc/postfix/transport
vacation_destination_recipient_limit = 1
# Additional for quota support
virtual_create_maildirsize     = yes
virtual_mailbox_extended       = yes
virtual_mailbox_limit_maps     = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message  = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
###################################################################################
### ENABLE SASL SUPPORT ( SMTP-AUTH )
# smtpd_sasl_auth_enable  = yes
#   Enable SASL support in postfix
# smtpd_sasl_security_options = noanonymous
#   Anonymous logins will not be permitted
# broken_sasl_auth_clients  = yes
#   Allow RFC-broken mail clients like Outlook Express4 to use SMTP AUTH
# smtpd_sasl_path   = smptd
#   Tells SASL to get the config from /usr/lib64/sasl2/smptd.conf
# smtpd_sasl_local_domain =
#   If the user fails to nominate a domain, don't auto append one
# smtpd_sasl_authenticated_header = yes
#   Include the authenticated username in the message headers.
#   Having this on will make it easier if a spammer cracks one of your user's weak passwords,
#   and starts using SMTP-AUTH to relay spam through your server
smtpd_sasl_auth_enable          = yes
smtpd_sasl_security_options     = noanonymous
broken_sasl_auth_clients        = yes
smtpd_sasl_path                 = smtpd
smtpd_sasl_local_domain         =
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions    =  permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org
##################################################################################
### ENABLE TLS SUPPORT ( "STARTTLS" ... enables SSL to be negotiated during a SMTP connection )
# smtp_use_tls = no
#   dont enable TLS for outbound SMTP connections
# smtpd_use_tls = yes
#   announce TLS availability for incoming SMTP connections
# smtpd_tls_auth_only = no :
#   TLS is optional, not enforced
# smtpd_tls_key_file :
#   specify the private key ( must not be encrypted - ie no password)
# smtpd_tls_cert_file :
#   specify the certificate
# smtpd_tls_session_cache_database :
#   nominate a server-side TLS session cache. Improves performance.
# smtpd_tls_loglevel = 1 :
#   log basic TLS handshake and cert info
# smtpd_tls_received_header = yes
#   record some protocol/cipher etc info in the Received header smtp_use_tls = no
smtp_use_tls                     = no
smtpd_use_tls                    = yes
smtpd_tls_auth_only              = no
smtpd_tls_key_file               = /usr/local/ssl/mail.yourdomain.com.key
smtpd_tls_cert_file              = /usr/local/ssl/mail.yourdomain.com.crt
smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/tls_smtpd_scache
smtpd_tls_loglevel               = 1
smtpd_tls_received_header        = yes

Populate the mynetworks file

echo '# Localhost' > /usr/local/etc/postfix/mynetworks
echo '127.0.0.0/8' >>/usr/local/etc/postfix/mynetworks
echo '' >>/usr/local/etc/postfix/mynetworks

Addition to the sasl config

ee /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
chown root:vmail /usr/local/lib/sasl2/smtpd.conf
chmod 640 /usr/local/lib/sasl2/smtpd.conf
ee /usr/local/etc/postfix/master.cf
smtp      inet  n       -       n       -       -       smtpd
567	    inet  n       -       n       -       -       smtpd
smtps    inet  n       -       n       -       -       smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Aliases

ee /etc/aliases
root:    someone@yourdomain.com
newaliases
PostfixAdmin
cd /usr/ports/mail/postfixadmin
make install
* MySQL

Configuration of the apache

ee /usr/local/etc/apache22/httpd.conf
Alias /mailadmin/ "/usr/local/www/postfixadmin/"
#AllowOverride AuthConfig
<Directory "/usr/local/www/postfixadmin">
Options Indexes
AllowOverride ALL
Order allow,deny
Allow from all
</Directory>

Configuration of the database tables

cd /usr/local/www/postfixadmin
mysql -u root [-p] < DATABASE_MYSQL.TXT
cd /usr/local/www/postfixadmin
chmod 640 *.php *.css
cd /usr/local/www/postfixadmin/admin/
chmod 640 *.php .ht*
cd /usr/local/www/postfixadmin/images/
chmod 640 *.gif *.png
cd /usr/local/www/postfixadmin/languages/
chmod 640 *.lang
cd /usr/local/www/postfixadmin/templates/
chmod 640 *.tpl
cd /usr/local/www/postfixadmin/users/
chmod 640 *.php
ee /usr/local/www/postfixadmin/config.inc.php
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Example: /usr/local/virtual/domain.tld/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Example: /usr/local/virtual/domain.tld/username
$CONF['domain_in_mailbox'] = 'NO';
Courier - Imap
cd /usr/ports/mail/courier-imap
make install
* Mysql
echo 'courier_authdaemond_enable="YES"' >> /etc/rc.conf
echo 'courier_imap_imapd_enable="YES"' >> /etc/rc.conf
echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf
echo 'courier_imap_pop3d_ssl_enable="YES"' >> /etc/rc.conf
echo 'courier_imap_imapd_ssl_enable="YES"' >> /etc/rc.conf
chmod 755 /var/run/authdaemond/

Configuration

ee /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql
ee /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
#you can optionally enable this next setting if you want 
#a particular domain to be appended when users haven't 
#specified a domain during authentication
#DEFAULT_DOMAIN yourdomain.com  
MYSQL_UID_FIELD '5001'
MYSQL_GID_FIELD '5001'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/usr/local/vmail'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD     CONCAT("/usr/local/vmail/",maildir) 
MYSQL_QUOTA_FIELD concat(quota,'S')
Maildrop
cd /usr/ports/mail/maildrop
make install WITH_AUTHLIB=yes
* Mysql
Vacation

This is a tool to set vacation messages.

cd /usr/ports/databases/p5-DBI
make install
cd /usr/ports/databases/p5-DBD-mysql
make
make install
pw groupadd vacation -g 5002 
pw useradd vacation -u 5002 -g 5002 -s/sbin/nologin -d/dev/null
mkdir /var/spool/postfix/vacation
cp /usr/local/www/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/postfix/vacation/
chown -R vacation:vacation /var/spool/postfix/vacation/
chmod 700 /var/spool/postfix/vacation/*
#
# VIRTUAL VACATION
#
vacation  unix  -       n       n       -       -       pipe
flags=DRhu user=vacation:vacation argv=/var/spool/postfix/vacation/vacation.pl -f ${sender} -- ${recipient}
ee /usr/local/etc/postfix/transport
autoreply.yourdomain.com  vacation
postmap /usr/local/etc/postfix/transport
ee /usr/local/www/postfixadmin/config.inc.php
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.yourdomain.com';
MailDrop - PostfixAdmin maildir creations files
ee /usr/local/sbin/maildirmake.sh
#!/usr/local/bin/bash
set -e
mail_home="/usr/local/vmail"
if [ ! -d $mail_home/$1 ] ; then
mkdir $mail_home/$1
chown -R vmail:vmail $mail_home/$1
chmod -R 700 $mail_home/$1
#echo "$mail_home/$1 CREATED"
fi
if [ -d $mail_home/$1 ] ; then
cd "$mail_home/$1"
/usr/local/bin/maildirmake $2
#echo "$mail_home/$1/$2 CREATED"
/usr/local/bin/maildirmake -q "$3S" $2
#echo "$3S $2 QUOTA CREATED"
chown -R vmail:vmail $mail_home/$1/$2
chmod -R 700 $mail_home/$1/$2
fi
ee /usr/local/sbin/maildirdel.sh
#!/usr/local/bin/bash
set -e
mail_home="/usr/local/vmail"
if [ -d $mail_home/$1/$2 ] ; then
rm -Rf  mkdir $mail_home/$1/$2
#echo "$mail_home/$1/$2 DELETED"
fi
chmod +x maildirdel.sh
chmod +x maildirmake.sh
ee /usr/local/www/postfixadmin/create-mailbox.php
system("/usr/local/bin/sudo /usr/local/sbin/maildirmake.sh ".$fDomain." ".$_POST['fUsername']. " ". $quota);
db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername");
ee /usr/local/www/postfixadmin/admin/create-mailbox.php
system("/usr/local/bin/sudo /usr/local/sbin/maildirmake.sh ".$fDomain." ".$_POST['fUsername']. " ". $quota);
db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername");
ee /usr/local/www/postfixadmin/admin/delete.php
system("/usr/local/bin/sudo /usr/local/sbin/maildirdel.sh ".$domain." ".$user);
db_log ($CONF['admin_email'], $fDomain, "delete mailbox", $fDelete);
ee /usr/local/www/postfixadmin/delete.php
system("/usr/local/bin/sudo /usr/local/sbin/maildirdel.sh ".$domain." ".$user);
db_log ($CONF['admin_email'], $fDomain, "delete mailbox", $fDelete);
Sudo
cd /usr/ports/security/sudo
make install
ee /usr/local/etc/sudoers
www ALL = NOPASSWD: /usr/local/sbin/maildirmake.sh
www ALL = NOPASSWD: /usr/local/sbin/maildirdel.sh
Mailscanner
cd /usr/ports/mail/mailscanner
make initial-config
make install
echo 'mailscanner_enable="YES"' >> /etc/rc.conf
mkdir /var/spool/MailScanner/incoming
mkdir /var/spool/MailScanner/quarantine
mkdir /var/spool/MailScanner/spamassassin
chown postfix:postfix /var/spool/MailScanner/spamassassin
chown postfix:postfix /var/spool/MailScanner/incoming
chown postfix:postfix /var/spool/MailScanner/quarantine
cd /usr/local/etc/MailScanner/
cp MailScanner.conf.sample MailScanner.conf
ee MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Sign Clean Messages = no
# Enable Spam Bounce = %rules-dir%/bounce.rules
Log Spam = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
#Maximum Message Size = %rules-dir%/max.message.size.rules
cd /usr/local/etc/MailScanner/mcp
cp mcp.spam.assassin.prefs.conf.sample mcp.spam.assassin.prefs.conf
cd /usr/local/www
svn checkout https://svn.roundcube.net/trunk
mv trunk/roundcubemail .
rm -rf trunk
cd roundcubemail
chown -R www:www temp logs
# mysql
> create database 'roundcubemail';
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
IDENTIFIED BY '$PASSWORD';
> quit
cd config
cp db.inc.php.dist db.inc.php
cp main.inc.php.dist main.inc.php
Alias /mail "/usr/local/www/roundcubemail"
<Directory "/usr/local/www/roundcubemail">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from All
</Directory>
1) As root, change to the webroot of Apache
cd /usr/local/www/data-dist
2) Login to the Sourceforge Roundcubemail CVS server (when prompted for a password, just press ENTER)
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/roundcubemail login
2) Checkout Roundcubemail from the Sourceforge SVN server (when prompted, choose ‘p’ to accept the encrypted key permanantly)
svn checkout https://svn.roundcube.net/trunk
3) Change into the roundcubemail directory
cd roundcubemail
3) Move the roundcubemail directory to your webroot, remove the ‘trunk’ directory, and then change into the roundcubemail directory
mv trunk/roundcubemail .
rm -rf trunk
cd roundcubemail
4) Set permissions of the temp and logs dir so that the web user can read/write to them
chown -R www:www temp logs
5) Create a database for storage of Roundcubemail data, replace $PASSWORD with the password you want the roundcube user to use to access mySQL
# mysql
> create database 'roundcubemail';
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
IDENTIFIED BY '$PASSWORD';
> quit
6) Import the inital Roundcubemail SQL
# mysql roundcubemail < SQL/mysql.initial.sql
7) Change into the config directory
cd config
8) Copy the config *php.dist files to *.php
cp db.inc.php.dist db.inc.php
cp main.inc.php.dist main.inc.php
9) Modify the config files to suit your environment. In db.inc.php you only need to change the database definition line, add your password in place of $PASSWORD
$rcmail_config['db_dsnw'] = 'mysql://roundcube:PASSWORD@localhost/roundcubemail';
Assuming your mailserver is running on the same physical box as the webserver, disable database caching
$rcmail_config['enable_caching'] = FALSE;
define the host as localhost
$rcmail_config['default_host'] = 'localhost';
define smtp as localhost
$rcmail_config['smtp_server'] = 'localhost';
and increase the session lifetime from 5 to something more reasonable (optional)
$rcmail_config['session_lifetime'] = 30;
Launch a web browser and point it to
http://some.url/roundcubemail
Then login with a valid/existing IMAP username and password.
To debug problems just tail -f (or multitail if you’re cool like me) /var/log/maillog to see what’s happening behind the scenes. Consult the mailing lists for issues and feel free to give feedback below. Since this app is under heavy development I expect this HOWTO to change as the app does.
Debugging

Courier authtest

/usr/local/sbin/authtest someuser@yourdomain.com somepassword
ee /usr/local/etc/authlib/authdaemonrc
DEBUG_LOGIN=1    # turn on authentication debugging
DEBUG_LOGIN=2    # turn on authentication debugging AND show passwords

Debug Maildrop

maildrop -V9 -d someone@yourdomain.com
maildrop: authlib: groupid=1001
maildrop: authlib: userid=1001
maildrop: authlib: logname=someone@yourdomain.com, home=/var/vmail, mail=yourdomain.com/s/someone/Maildir/
maildrop: Changing to /opt/mail
<press CTRL-D here>
make install
Cacti is now installed. If you intall it for the first time,
you may have to follow this steps to make it work correctly:
1. Create the MySQL database:
# mysqladmin --user=root create cacti
2. Create a mysql user/password for cacti:
(change user and/or password if requered)
# echo "GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser'; FLUSH PRIVILEGES;" | mysql
3. Import the default cacti database:
# mysql cacti < /usr/local/share/cacti/cacti.sql
4. Edit /usr/local/share/cacti/include/db-settings.php.
5. Add a line to your /etc/crontab file similar to:
*/5 * * * * cacti /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1
6. Add alias in apache config for the cacti dir:
Alias /cacti "/usr/local/share/cacti/"
7. Be sure apache gives an access to the directory ('Allow from' keywords).
8. Open a cacti login page in your web browser and login with admin/admin.
If you update cacti, open a login page, an updating process
will start automatically.
If you are using PLUGIN option set, in file
/usr/local/share/cacti/include/config.php
change the follow line
$config["url_path"] = '/';
with location where your cacti is available. E.g.:
$config["url_path"] = '/cacti/';
if your URL is http://yoursite.com/cacti

 


^ Top | Copyright © 2007 Afterschool.dk| css | xhtml