FreeBSD Base Install
FreeBSD 7.0 Install
FreeBSD Postfix Guide
FreeBSD Maildrop filter
SQLGrey Greylist on Postfix
FreeBSD Login Graphic
FreeBSD Migrate Users
Uptimize FreeBSD as Guest
cd /usr/ports/www/apache22 make install echo 'apache22_enable="YES"' >> /etc/rc.conf
cd /usr/ports/lang/php4 make install * CLI * CGI * Apache module * Suhosin (?) * IPV6 (?) * FastCGI * Pathinfo * OpenSSL * Zlib
Add the typehandler to apache config.
ee /usr/local/etc/apache22/httpd.conf AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps <IfModule dir_module> DirectoryIndex index.html index.php </IfModule>
cd /usr/ports/databases/mysql50-server make install echo 'mysql_enable="YES"' >> /etc/rc.conf mysqladmin -u root password <the password>
cd /usr/ports/databases/phpmyadmin make install * All except MysqlI (only php5)
Configuration of phpmyadmin:
cd /usr/local/www/phpMyAdmin cp libraries/config.default.php config.inc.php ee config.inc.php $cfg['Servers'][$i]['auth_type'] = 'http'; $cfg['Servers'][$i]['user'] = '';
Add phpmyadmin to the apache config.
ee /usr/local/etc/apache22/httpd.conf Insert: Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/" <Directory "/usr/local/www/phpMyAdmin/"> Options none AllowOverride Limit Order Allow,Deny Allow from all </Directory>
whereis subversion cd make install WITHOUT_BDB=yes
cd /usr/ports/ftp/proftpd make install echo 'proftpd_enable="YES"' >> /etc/rc.conf
Additions to the config file.
ee /usr/local/etc/proftpd.conf AllowRetrieveRestart on AllowStoreRestart on
First I install the postfix
cd /usr/ports/mail/postfix make install * SASL 2 * TLS * MySQL If you not need sendmail anymore, please add in your rc.conf: sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" And you can disable some sendmail specific daily maintenance routines in your /etc/periodic.conf file: daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"
Add the user to the virtual dirs
pw groupadd vmail -g 5001 pw useradd vmail -u 5001 -g 5001 -s/sbin/nologin -d/dev/null mkdir /usr/local/vmail chown -R vmail:vmail /usr/local/vmail chmod -R ug+rwx,o-rwx /usr/local/vmail
The database table layout files
ee /usr/local/etc/postfix/mysql_virtual_alias_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = 1 ee /usr/local/etc/postfix/mysql_virtual_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' #optional query to use when relaying for backup MX #query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' ee /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 ee /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' ee /usr/local/etc/postfix/mysql_relay_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' chown root:postfix /usr/local/etc/postfix/mysql_*.cf chmod 640 /usr/local/etc/postfix/mysql_*.cf
Edit the postfix main.cf config file
ee /usr/local/etc/postfix/main.cf myhostname = teststar.nickit.dk mydomain = nickit.dk inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost local_recipient_maps = proxy:unix:passwd.byname $alias_maps mynetworks = $config_directory/mynetworks relay_domains = mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases header_checks = regexp:/usr/local/etc/postfix/header_checks # Next, add all these to the bottom of the file : # # Virtual Mail Mysql settings # virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_uid_maps = static:5001 virtual_gid_maps = static:5001 virtual_mailbox_base = /usr/local/vmail virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5001 # Who handles the mail delivery? # POSTFIX = virtual # MAILDROP = maildrop # #virtual_transport = virtual virtual_transport = maildrop maildrop_destination_recipient_limit = 1 # Transport map transport_maps = hash:/usr/local/etc/postfix/transport vacation_destination_recipient_limit = 1 # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. ################################################################################### ### ENABLE SASL SUPPORT ( SMTP-AUTH ) # smtpd_sasl_auth_enable = yes # Enable SASL support in postfix # smtpd_sasl_security_options = noanonymous # Anonymous logins will not be permitted # broken_sasl_auth_clients = yes # Allow RFC-broken mail clients like Outlook Express4 to use SMTP AUTH # smtpd_sasl_path = smptd # Tells SASL to get the config from /usr/lib64/sasl2/smptd.conf # smtpd_sasl_local_domain = # If the user fails to nominate a domain, don't auto append one # smtpd_sasl_authenticated_header = yes # Include the authenticated username in the message headers. # Having this on will make it easier if a spammer cracks one of your user's weak passwords, # and starts using SMTP-AUTH to relay spam through your server smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_path = smtpd smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org ################################################################################## ### ENABLE TLS SUPPORT ( "STARTTLS" ... enables SSL to be negotiated during a SMTP connection ) # smtp_use_tls = no # dont enable TLS for outbound SMTP connections # smtpd_use_tls = yes # announce TLS availability for incoming SMTP connections # smtpd_tls_auth_only = no : # TLS is optional, not enforced # smtpd_tls_key_file : # specify the private key ( must not be encrypted - ie no password) # smtpd_tls_cert_file : # specify the certificate # smtpd_tls_session_cache_database : # nominate a server-side TLS session cache. Improves performance. # smtpd_tls_loglevel = 1 : # log basic TLS handshake and cert info # smtpd_tls_received_header = yes # record some protocol/cipher etc info in the Received header smtp_use_tls = no smtp_use_tls = no smtpd_use_tls = yes smtpd_tls_auth_only = no smtpd_tls_key_file = /usr/local/ssl/mail.yourdomain.com.key smtpd_tls_cert_file = /usr/local/ssl/mail.yourdomain.com.crt smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/tls_smtpd_scache smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes
Populate the mynetworks file
echo '# Localhost' > /usr/local/etc/postfix/mynetworks echo '127.0.0.0/8' >>/usr/local/etc/postfix/mynetworks echo '' >>/usr/local/etc/postfix/mynetworks
Addition to the sasl config
ee /usr/local/lib/sasl2/smtpd.conf pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/run/authdaemond/socket chown root:vmail /usr/local/lib/sasl2/smtpd.conf chmod 640 /usr/local/lib/sasl2/smtpd.conf ee /usr/local/etc/postfix/master.cf smtp inet n - n - - smtpd 567 inet n - n - - smtpd smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
Aliases
ee /etc/aliases root: someone@yourdomain.com newaliases
cd /usr/ports/mail/postfixadmin make install * MySQL
Configuration of the apache
ee /usr/local/etc/apache22/httpd.conf Alias /mailadmin/ "/usr/local/www/postfixadmin/" #AllowOverride AuthConfig <Directory "/usr/local/www/postfixadmin"> Options Indexes AllowOverride ALL Order allow,deny Allow from all </Directory>
Configuration of the database tables
cd /usr/local/www/postfixadmin mysql -u root [-p] < DATABASE_MYSQL.TXT
cd /usr/local/www/postfixadmin chmod 640 *.php *.css cd /usr/local/www/postfixadmin/admin/ chmod 640 *.php .ht* cd /usr/local/www/postfixadmin/images/ chmod 640 *.gif *.png cd /usr/local/www/postfixadmin/languages/ chmod 640 *.lang cd /usr/local/www/postfixadmin/templates/ chmod 640 *.tpl cd /usr/local/www/postfixadmin/users/ chmod 640 *.php ee /usr/local/www/postfixadmin/config.inc.php // Mailboxes // If you want to store the mailboxes per domain set this to 'YES'. // Example: /usr/local/virtual/domain.tld/username@domain.tld $CONF['domain_path'] = 'YES'; // If you don't want to have the domain in your mailbox set this to 'NO'. // Example: /usr/local/virtual/domain.tld/username $CONF['domain_in_mailbox'] = 'NO';
cd /usr/ports/mail/courier-imap make install * Mysql echo 'courier_authdaemond_enable="YES"' >> /etc/rc.conf echo 'courier_imap_imapd_enable="YES"' >> /etc/rc.conf echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf echo 'courier_imap_pop3d_ssl_enable="YES"' >> /etc/rc.conf echo 'courier_imap_imapd_ssl_enable="YES"' >> /etc/rc.conf chmod 755 /var/run/authdaemond/
Configuration
ee /usr/local/etc/authlib/authdaemonrc authmodulelist="authmysql ee /usr/local/etc/authlib/authmysqlrc MYSQL_SERVER localhost MYSQL_USERNAME postfix MYSQL_PASSWORD postfix MYSQL_SOCKET /tmp/mysql.sock MYSQL_PORT 0 MYSQL_OPT 0 MYSQL_DATABASE postfix MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password MYSQL_CLEAR_PWFIELD password #you can optionally enable this next setting if you want #a particular domain to be appended when users haven't #specified a domain during authentication #DEFAULT_DOMAIN yourdomain.com MYSQL_UID_FIELD '5001' MYSQL_GID_FIELD '5001' MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD '/usr/local/vmail' MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD CONCAT("/usr/local/vmail/",maildir) MYSQL_QUOTA_FIELD concat(quota,'S')
cd /usr/ports/mail/maildrop make install WITH_AUTHLIB=yes * Mysql
This is a tool to set vacation messages.
cd /usr/ports/databases/p5-DBI make install cd /usr/ports/databases/p5-DBD-mysql make make install pw groupadd vacation -g 5002 pw useradd vacation -u 5002 -g 5002 -s/sbin/nologin -d/dev/null mkdir /var/spool/postfix/vacation cp /usr/local/www/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/postfix/vacation/ chown -R vacation:vacation /var/spool/postfix/vacation/ chmod 700 /var/spool/postfix/vacation/* # # VIRTUAL VACATION # vacation unix - n n - - pipe flags=DRhu user=vacation:vacation argv=/var/spool/postfix/vacation/vacation.pl -f ${sender} -- ${recipient} ee /usr/local/etc/postfix/transport autoreply.yourdomain.com vacation postmap /usr/local/etc/postfix/transport ee /usr/local/www/postfixadmin/config.inc.php $CONF['vacation'] = 'YES'; $CONF['vacation_domain'] = 'autoreply.yourdomain.com';
ee /usr/local/sbin/maildirmake.sh #!/usr/local/bin/bash set -e mail_home="/usr/local/vmail" if [ ! -d $mail_home/$1 ] ; then mkdir $mail_home/$1 chown -R vmail:vmail $mail_home/$1 chmod -R 700 $mail_home/$1 #echo "$mail_home/$1 CREATED" fi if [ -d $mail_home/$1 ] ; then cd "$mail_home/$1" /usr/local/bin/maildirmake $2 #echo "$mail_home/$1/$2 CREATED" /usr/local/bin/maildirmake -q "$3S" $2 #echo "$3S $2 QUOTA CREATED" chown -R vmail:vmail $mail_home/$1/$2 chmod -R 700 $mail_home/$1/$2 fi ee /usr/local/sbin/maildirdel.sh #!/usr/local/bin/bash set -e mail_home="/usr/local/vmail" if [ -d $mail_home/$1/$2 ] ; then rm -Rf mkdir $mail_home/$1/$2 #echo "$mail_home/$1/$2 DELETED" fi chmod +x maildirdel.sh chmod +x maildirmake.sh ee /usr/local/www/postfixadmin/create-mailbox.php system("/usr/local/bin/sudo /usr/local/sbin/maildirmake.sh ".$fDomain." ".$_POST['fUsername']. " ". $quota); db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername"); ee /usr/local/www/postfixadmin/admin/create-mailbox.php system("/usr/local/bin/sudo /usr/local/sbin/maildirmake.sh ".$fDomain." ".$_POST['fUsername']. " ". $quota); db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername"); ee /usr/local/www/postfixadmin/admin/delete.php system("/usr/local/bin/sudo /usr/local/sbin/maildirdel.sh ".$domain." ".$user); db_log ($CONF['admin_email'], $fDomain, "delete mailbox", $fDelete); ee /usr/local/www/postfixadmin/delete.php system("/usr/local/bin/sudo /usr/local/sbin/maildirdel.sh ".$domain." ".$user); db_log ($CONF['admin_email'], $fDomain, "delete mailbox", $fDelete);
cd /usr/ports/security/sudo make install ee /usr/local/etc/sudoers www ALL = NOPASSWD: /usr/local/sbin/maildirmake.sh www ALL = NOPASSWD: /usr/local/sbin/maildirdel.sh
cd /usr/ports/mail/mailscanner make initial-config make install echo 'mailscanner_enable="YES"' >> /etc/rc.conf mkdir /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine mkdir /var/spool/MailScanner/spamassassin chown postfix:postfix /var/spool/MailScanner/spamassassin chown postfix:postfix /var/spool/MailScanner/incoming chown postfix:postfix /var/spool/MailScanner/quarantine cd /usr/local/etc/MailScanner/ cp MailScanner.conf.sample MailScanner.conf ee MailScanner.conf Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Sign Clean Messages = no # Enable Spam Bounce = %rules-dir%/bounce.rules Log Spam = yes SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin #Maximum Message Size = %rules-dir%/max.message.size.rules cd /usr/local/etc/MailScanner/mcp cp mcp.spam.assassin.prefs.conf.sample mcp.spam.assassin.prefs.conf
cd /usr/local/www svn checkout https://svn.roundcube.net/trunk mv trunk/roundcubemail . rm -rf trunk cd roundcubemail chown -R www:www temp logs # mysql > create database 'roundcubemail'; > GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY '$PASSWORD'; > quit cd config cp db.inc.php.dist db.inc.php cp main.inc.php.dist main.inc.php Alias /mail "/usr/local/www/roundcubemail" <Directory "/usr/local/www/roundcubemail"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from All </Directory> 1) As root, change to the webroot of Apache cd /usr/local/www/data-dist 2) Login to the Sourceforge Roundcubemail CVS server (when prompted for a password, just press ENTER) cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/roundcubemail login 2) Checkout Roundcubemail from the Sourceforge SVN server (when prompted, choose ‘p’ to accept the encrypted key permanantly) svn checkout https://svn.roundcube.net/trunk 3) Change into the roundcubemail directory cd roundcubemail 3) Move the roundcubemail directory to your webroot, remove the ‘trunk’ directory, and then change into the roundcubemail directory mv trunk/roundcubemail . rm -rf trunk cd roundcubemail 4) Set permissions of the temp and logs dir so that the web user can read/write to them chown -R www:www temp logs 5) Create a database for storage of Roundcubemail data, replace $PASSWORD with the password you want the roundcube user to use to access mySQL # mysql > create database 'roundcubemail'; > GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY '$PASSWORD'; > quit 6) Import the inital Roundcubemail SQL # mysql roundcubemail < SQL/mysql.initial.sql 7) Change into the config directory cd config 8) Copy the config *php.dist files to *.php cp db.inc.php.dist db.inc.php cp main.inc.php.dist main.inc.php 9) Modify the config files to suit your environment. In db.inc.php you only need to change the database definition line, add your password in place of $PASSWORD $rcmail_config['db_dsnw'] = 'mysql://roundcube:PASSWORD@localhost/roundcubemail'; Assuming your mailserver is running on the same physical box as the webserver, disable database caching $rcmail_config['enable_caching'] = FALSE; define the host as localhost $rcmail_config['default_host'] = 'localhost'; define smtp as localhost $rcmail_config['smtp_server'] = 'localhost'; and increase the session lifetime from 5 to something more reasonable (optional) $rcmail_config['session_lifetime'] = 30; Launch a web browser and point it to http://some.url/roundcubemail Then login with a valid/existing IMAP username and password. To debug problems just tail -f (or multitail if you’re cool like me) /var/log/maillog to see what’s happening behind the scenes. Consult the mailing lists for issues and feel free to give feedback below. Since this app is under heavy development I expect this HOWTO to change as the app does.
Courier authtest
/usr/local/sbin/authtest someuser@yourdomain.com somepassword ee /usr/local/etc/authlib/authdaemonrc DEBUG_LOGIN=1 # turn on authentication debugging DEBUG_LOGIN=2 # turn on authentication debugging AND show passwords
Debug Maildrop
maildrop -V9 -d someone@yourdomain.com maildrop: authlib: groupid=1001 maildrop: authlib: userid=1001 maildrop: authlib: logname=someone@yourdomain.com, home=/var/vmail, mail=yourdomain.com/s/someone/Maildir/ maildrop: Changing to /opt/mail <press CTRL-D here>
make install Cacti is now installed. If you intall it for the first time, you may have to follow this steps to make it work correctly: 1. Create the MySQL database: # mysqladmin --user=root create cacti 2. Create a mysql user/password for cacti: (change user and/or password if requered) # echo "GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser'; FLUSH PRIVILEGES;" | mysql 3. Import the default cacti database: # mysql cacti < /usr/local/share/cacti/cacti.sql 4. Edit /usr/local/share/cacti/include/db-settings.php. 5. Add a line to your /etc/crontab file similar to: */5 * * * * cacti /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1 6. Add alias in apache config for the cacti dir: Alias /cacti "/usr/local/share/cacti/" 7. Be sure apache gives an access to the directory ('Allow from' keywords). 8. Open a cacti login page in your web browser and login with admin/admin. If you update cacti, open a login page, an updating process will start automatically. If you are using PLUGIN option set, in file /usr/local/share/cacti/include/config.php change the follow line $config["url_path"] = '/'; with location where your cacti is available. E.g.: $config["url_path"] = '/cacti/'; if your URL is http://yoursite.com/cacti