Qmail (with SSL), Courier IMAP, vpopmail, SA, and ClamAV

General Information

This guide is designed to help you install FreeBSD and setup qmail with mail filtering abilities. I designed my own qmail guide for a few reasons. First, there really isn’t much out there when you look for this type of install from the ports system. Second, I have a vpopmail patch that allows creation of Custom Maildirs. I have been using a custom Maildir structure for about a year and a half now with no issues. The vpopmail skel patch allows you to patch vpopmail so you can make your own custom directories. If you create a user with just the normal vpopmail install, you get a default Maildir with new, tmp and cur in it which really doesn’t allow you to do too much with filtering and the like. new balance soldes If you create a new user and vpopmail has been patched with the skel patch, the user’s maildir is copied from the ~vpopmail/skel dir. If you really think about it, you can pretty much add your own maildrop recipe into the skel dir along with the .qmail file. If you add the qmailadmin into the mix, you or your users can turn on or off the spam filtering at leisure. If you really know what you’re doing, this can open up a whole new world with vpopmail.


  1. Root access to a FreeBSD machine
  2. FreeBSD Installed with updated source and updated ports
  3. Daemontools
  4. Perl installed with setuid
  5. Bash Shell – You need to have the bash shell installed in order for qmail-scanner to install properly. You can install it using the freebsd port at /usr/ports/shells/bash
  6. Gmake – Please install this using the port – /usr/ports/devel/gmake. If you don’t, compiling vpopmail will give you some issues.


This is a qmailrocks style install with a few modifications:

This documentation will install everything you need virtually from ports. When I say virtually, I mean just a few key components are not ported at the present time of this writing. What I love about ports is that upgradng the software is quite simple by just running the portupgrade command and checking a few conf files and you’re off and running.

The vpopmail skel patch allows you to patch vpopmail so you can make your own custom directories. If you create a user with just the normal vpopmail install, you get a default Maildir with new, tmp and cur in it which really doesn’t allow you to do too much with filtering and the like. If you create a new user and vpopmail has been patched with the skel patch, the user’s maildir is copied from the ~vpopmail/skel dir. If you really think about it, you can pretty much add your own maildrop recipe into the skel dir along with the .qmail file. ugg grise If you add the qmailadmin into the mix, you or your users can turn on or off the spam filtering at leisure. If you really know what you’re doing, this can open up a whole new world with vpopmail. I have been using a custom Maildir structure for about a year and a half now with no issues.

I am dividing up the qmail install into a few separate sections. The first part involves getting qmail running on your box and getting everything working. The second part of it, what I would call “webify” qmail, is adding the options to add users and email lists via qmailadmin and other types of web interfaces like squirrelmail. Lastly, I am working on (this is not documented yet) a way to tell imap to trash emails in the .Spam folder after x days or so. This can become really useful if you have a large ISP with hundreds or thousands of emails.


The qmail program is a secure, reliable, efficient simple message transfer agent. It is meant to be a replacement for the entire sendmail-binmail system that most UNIX hosts use. For more information, Please see the following links:

  1. http://www.lifewithqmail.org
  2. http://www.qmailinfo.org
  3. http://www.goodcleanemail.com

Let’s add some users/groups and also we can create the supervise directories. Here is how to run it:

 # cd ~root # fetch http://freebsdrocks.net/files/users.sh # chmod 755 users.sh # ./users.sh # rm users.sh 

I tried to get the qmail port to install and decided not to use it for a few reasons. The first reason is even if we install qmail via ports, chances are that it will NEVER see an upgrade. UGG Bottes Pas Cher Second, the way the FreeBSD qmail port works is it downloads the qmail tarball and patches and then applies them. If you apply John Simpsons patch to that, you run into quite a mess. Lastly, it is a lot easier to download the qmail source, patch it, and then continue on.

What we want to do is download the qmail source and then extract it. Here is the way we will do this:

 # cd ~root # fetch http://freebsdrocks.net/files/qmail-1.03.tar.gz # tar xvzf qmail-1.03.tar.gz 

We now need to go to John’s site (http://qmail.jms1.net/patches/combined.shtml) and get the current version unless you’re feeling dangerous then you can get the Testing version, but a testing version is almost like a Beta in my opinion. If John wrote it I am sure it works but it may have some bugs in it.

The first command is fetching the actual patch from John’s site. adidas zx Replace VER with the version of the patch that you downloaded. Then we will want to apply the patch so run the following commands:

 # fetch http://qmail.jms1.net/patches/qmail-1.03-jms1.VER.patch # cd ~root/qmail-1.03 # patch < ../name_of_file 

For instance if you downloaded John's Patch named qmail-1.03-jms1.6c.patch, you would apply it like so:

 # patch < ../qmail-1.03-jms1.6c.patch 

You should get a nice output of something like so:

 (Creating file strsalloc.c...) Patching file strsalloc.c using Plan A... Hunk #1 succeeded at 1. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -ruN qmail-1.03-factory/strsalloc.h qmail-1.03-6b/strsalloc.h |--- qmail-1.03-factory/strsalloc.h 1969-12-31 19:00:00.000000000 -0500 |+++ qmail-1.03-6b/strsalloc.h 2005-05-23 15:13:58.000000000 -0400 -------------------------- (Creating file strsalloc.h...) Patching file strsalloc.h using Plan A... Hunk #1 succeeded at 1.  adidas yeezy adidas stan smith Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -ruN qmail-1.03-factory/tcp-env.c qmail-1.03-6b/tcp-env.c |--- qmail-1.03-factory/tcp-env.c 1998-06-15 06:53:16.000000000 -0400 |+++ qmail-1.03-6b/tcp-env.c 2005-05-23 15:13:58.000000000 -0400 -------------------------- Patching file tcp-env.c using Plan A... Hunk #1 succeeded at 10. Hunk #2 succeeded at 35. Hunk #3 succeeded at 76. Hunk #4 succeeded at 102. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -ruN qmail-1.03-factory/timeoutconn.c qmail-1.03-6b/timeoutconn.c |--- qmail-1.03-factory/timeoutconn.c 1998-06-15 06:53:16.000000000 -0400 |+++ qmail-1.03-6b/timeoutconn.c 2005-05-23 15:13:58.000000000 -0400 -------------------------- Patching file timeoutconn.c using Plan A... Hunk #1 succeeded at 10. Hunk #2 succeeded at 79. done 

If you see done at the end, you should be fine and you can continue on. If you don't, you did something wrong.

Now run the following commands:

 # make man # make setup check 

Let's get qmail setup for your local hostname. If your local hostname is bsd.localhost, use the following:

 # ./config-fast bsd.localhost 

You will get a output saying it is going to add that hostname to specific qmail control files. If you would like more information as to what these specific files control, please take a look at http://www.lifewithqmail.org/lwq.html#config-files.

At this point I would not recommend deleting any of the qmail files. They really don't take up a lot of room but if you ever delete anything by accident or need to rebuild your queue, you can stop qmail and then run make setup check and then start qmail again. This by any means won't fix everything but leaving the qmail files there won't hurt a bit. One last thing to recommend is going into /var/qmail/control/locals and making sure that file is empty. If you need a good explanation as to why to do this, take a look at How to use rcpthosts and locals.

We are now done getting qmail setup (for now)! WOOT!


UCSPI-tcp is a set of command-line tools for building TCP-based client/server applications. They are compliant to UCSPI, the UNIX Client-Server Program Interface. UCSPI tools are available for several different types of networks. For more information, please see http://cr.yp.to/ucspi-tcp.html.

Installing ucspi-tcp is pretty straighforward:

 # cd /usr/ports/sysutils/ucspi-tcp # make install clean 

When you run that command, you have 4 options. I would highly suggest installing the man pages. If you would like to use rblsmtp with uscpi, that is completely up to you. By experience alone, I can tell you enabling rbls will dramatically decrease the amount of spams you get. If you have or plan to have a large email server, this will definitely help in the long run. adidas nmd The last option SSL is optional so if you plan on adding things like POP or SMTP with SSL, now is the time to do it. You can always install ucspi-ssl later on if you decide not to install it at this time.

Other than that, UCSPI-tcp is installed. Simple, eh?


Ezmlm-idx is a mailing list addon. It is the best (in my opinion) mailing list option out there. It works quite well with qmailadmin, which we will install later in the guide, and works seamlessly with qmail. For more information, Please see http://www.ezmlm.org/.

 # cd /usr/ports/mail/ezmlm-idx # make install clean 

If this runs without errors, we will proceed to the next step.

Before you can use the programs, you should copy the "ezmlmglrc.sample", "ezmlmrc.sample" and "ezmlmsubrc.sample" files in /usr/local/etc/ezmlm to "ezmlmglrc", "ezmlmrc" and "ezmlmsubrc" respectively.

 # cp /usr/local/etc/ezmlm/ezmlmglrc.sample /usr/local/etc/ezmlm/ezmlmglrc # cp /usr/local/etc/ezmlm/ezmlmrc.sample /usr/local/etc/ezmlm/ezmlmrc # cp /usr/local/etc/ezmlm/ezmlmsubrc.sample /usr/local/etc/ezmlm/ezmlmsubrc 

When that is done, ezmlm is installed!


qmail-autoresponder is a program that allows you to setup responders for forwarding and mailing robots in qmailadmin. For more information, please see http://untroubled.org/qmail-autoresponder/. Installing from ports just can't get any easier than this:

 # cd /usr/ports/mail/qmail-autoresponder # make install clean 

If the installation goes fine without erroring out, yet another step is done.


Let's get started! One of the first things we need to do is fetch the tarball which contains the vpopmail skel(eton) files. Why do we need this you say? In laymans terms, rather than having vpopmail make a basic Maildir with new, cur and tmp in it, we are going to replace that with a completely customized Maildir. The next few commands will fetch the tarball, extract it in the correct place and then chown and chmod it.

 # cd ~vpopmail # fetch http://freebsdrocks.net/files/skel.tgz # tar zxvf skel.tgz # chown -R vpopmail:vchkpw skel/ # chmod 700 skel/ # rm skel.tgz 

We need to change where vpopmail is located in FreeBSD. The location where ports will try to install it is /usr/local/vpopmail so we're going to delete that folder and symlink it to ~vpopmail:

 # cd /usr/local # rm -dfr vpopmail # ln -s ~vpopmail /usr/local/vpopmail 

We are now going to change to the /usr/ports/mail/vpopmail/files folder and then download the patch into it so it's applied automagically!

 # cd /usr/ports/mail/vpopmail/files # fetch http://freebsdrocks.net/files/patch-vpopmail-skel.patch 

Now we need to go the main vpopmail ports folder and run the configure command as shown:

 # cd /usr/ports/mail/vpopmail # make CONFIGURE_ARGS="--enable-logging=p" 

You will then get an output with all of the settings that are enabled. Now we will want to run the make commands as follows:

 # make install 

If that runs without errors, vpopmail is configured and installed. At this point I would add a domain and make sure it adds it okay. When you add a domain or a user, you will get an output. Don't worry about it as this is just a debug output.

Your users will be very happy that they will have the ability to turn on or off their spam protection, change their passwords, and all kinda of other fun stuff.


Maildrop is a replacement for your local mail delivery agent and is similar to mail/procmail. For more information, please see http://www.courier-mta.org/maildrop/.

 # cd /usr/ports/mail/maildrop # make install clean 

Before we finish this part of the maildrop install, we need to setup a folder for logging maildrop globally. The .qmail file within the users virtual maildir tells maildrop to log in /var/log/qmail/maildrop using multilog. Let's create the directory and then give it proper ownership:

 # cd /var/log/ # mkdir maildrop # chmod 1755 maildrop # chown vpopmail:vchkpw maildrop 

We do not need to specify any files as they will be created automatically using the .qmail file. Maildrop is completed!

Uninstalling Sendmail

Type in the following commands to eliminate sendmail from being called on your box:

 # killall sendmail # mv /usr/sbin/sendmail /usr/sbin/sendmail.old # chmod 0 /usr/sbin/sendmail.old 

To tell FreeBSD not to tell sendmail to start on boot, add this to /etc/rc.conf like so:

 # echo "sendmail_enable=NONE" >> /etc/rc.conf # echo "sendmail_submit_enable=NO" >> /etc/rc.conf # echo "sendmail_outbound_enable=NO" >> /etc/rc.conf # echo "sendmail_msp_queue_enable=NO" >> /etc/rc.conf 

Now to tell sendmail not to interfere with your qmail setup, add this to your /etc/make.conf like so:

 # echo "NO_SENDMAIL=yes" >> /etc/make.conf # echo "NO_MAILWRAPPER=yes" >> /etc/make.conf 

Now let's tell anything that calls sendmail from the common location that we want it to send to qmail instead:

 # ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail # ln -s /var/qmail/bin/sendmail /usr/lib/sendmail 

That is it. Sendmail is uninstalled!



Getting this part of qmail going is, well, going to be a little rough. We need to download the scripts for qmail-smtpd, qmail-send, and qmail-pop3d. We will start with making all the needed directories and stuff like that so let's get to it!

 # cd ~root # mkdir qmail # cd qmail # fetch http://freebsdrocks.net/files/scripts.tgz # tar zxvf scripts.tgz # rm scripts.tgz 

Now, there are a few things we need to do to a few of these files before we copy them and make supervise directories.

There are basically two different ways to set up smtp. There is with TLS and with SSL. I am going to walk you through setting it up with TLS. The file we are going to edit is called smtpd_run. UGG Bottes We are going to want to setup smtp-auth with TLS on port 25 so we will configure it like so:

IP= - Substitute your own IP address. Do not leave this set to 0 without a good reason.

PORT=25 - Set the port number we will be listening on.

SSL=0 - Do not run an SSL-only service.

FORCE_TLS=0 - Refuse to accept mail from clients who have not done STARTTLS.

DENY_TLS=0 - Do not refuse to process the STARTTLS command.

AUTH=1 - Allow the AUTH command after STARTTLS has been completed.

REQUIRE_AUTH=0 - Refuse to accept mail from clients who have not done AUTH.

Now let's make the supervise directory and get everything copied over:

Note: Since there are a lot of commands here, I decided to make a little script for it.
 # fetch http://freebsdrocks.net/files/qmail.sh # chmod 755 qmail.sh # ./qmail.sh # cd ~root # rm -dfr qmail 

Now let's setup some qmail aliases. Soldes Louboutin Replace postmaster@domain.xxx in the next three lines with the address you want the emails to go to:

 # echo postmaster@domain.xxx >/var/qmail/alias/.qmail-root # echo postmaster@domain.xxx >/var/qmail/alias/.qmail-postmaster # echo postmaster@domain.xxx >/var/qmail/alias/.qmail-mailer-daemon 

The worst is over! Now we need to tell the pop3d run file the name of your server. Edit the following file and replace the section mail.domain.xxx with your mail server:

 # vi /var/qmail/supervise/qmail-pop3d/run 

Now we want to setup selective relaying:

 # mkdir /etc/tcp/ # cd /etc/tcp # fetch http://freebsdrocks.net/files/etc-tcp-makefile # mv etc-tcp-makefile Makefile 

Now we need to create the smtp file. timberland femme At this point it should be ready to go- all you need to do is create the "smtp" file, containing the normal access control list. You may want to add the IP of the server you specified in the /var/qmail/supervise/qmail-smtpd/run file in the /etc/tcp/smtp file. Let's say the IP you used was The line should look like this:,RELAYCLIENT="" 

This is what a typical smtp file should look like (Minus your specified IP):

 # vi /etc/tcp/smtp 

Add the following to /etc/tcp/smtp:

 127.:allow,RELAYCLIENT="" :allow 

Now run:

 # gmake 

and you should get an output saying:

 tcprules smtp.cdb smtp.tmp < smtp chmod 644 smtp.cdb smtp 

We need to now make a slight mod to the vchkpw like so to make SMTP with TLS work correctly:

 # cd ~vpopmail/bin # chmod 6711 vchkpw # chown vpopmail:vchkpw vchkpw 

Now on to the second part of qmail!

Qmail with TLS

We need to install ucspi-ssl so qmail will accept smtp connections with ssl. nike air tn We can do that like so:

 # cd /usr/ports/sysutils/ucspi-ssl # make install clean 

If you are setting up an SSL or TLS server, you will need to create a /var/qmail/control/servercert.pem file. This file contains the public and private keys used to set up SSL or TLS encryption. It should be readable to the userid which your "qmail-smtpd" program runs as (which is normally the "qmaild" user).

Part of the file is a "certificate", which is the public key with a signature applied to it. This is the same kind of signature used when you create an SSL key for use with a secure web site- in fact, if you already have such a certificate from an SSL web site, you can use it (with the matching ".key" file) to build this .pem file. As long as the key and the certificate are both stored in PEM-encoded format, you can "cat" the files together and save the result as "servercert.pem", and it will work.

If you don't have such a key, you can create a key and then sign it using itself (also known as a "self-signed" certificate). Clients will complain about the certificate not being signed by a trusted certificate authority, but the encryption is just as secure. nike air max thea soldes The following example shows how to create a self-signed certificate which expires ten years from the date it was created.

Let's start with creating the key:

 # cd /var/qmail/control # openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem 

You are about to be asked to enter information that will be incorporated into your certificate request. nike air presto What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, if you just hit Enter, the field will be left blank.

Note: The common name must be the name of the mail server so make sure you enter it on that line.
 Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:State ocality Name (eg, city) []:City Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: THIS IS YOUR EMAIL SERVER NAME Email Address []:user@domain.xxx 

Now let's give proper ownership to the files:

 # chown root:nofiles servercert.pem 

The "nofiles" group is the group which "qmaild" belongs to. This combination of ownership and permissions allows qmail-smtpd to read the key, but not change or delete it.

 # chmod 640 servercert.pem # cp servercert.pem clientcert.pem # chown root:qmail clientcert.pem 

The "qmail" group is the group with the "qmailr" user belongs to. This user should be able to read, but not write, the "clientcert.pem" file.

 # chmod 640 clientcert.pem 

Okay, let's start qmail!

 # rehash qmailctl start 

You should get an output like so:

 Starting qmail... Starting qmail-send Starting qmail-smtpd Starting qmail-pop3d 

Let's check to make sure qmail is running okay:

 # qmailctl stat 

You should get the following output:

 /service/qmail-send: up (pid 87953) 344 seconds /service/qmail-send/log: up (pid 87955) 344 seconds /service/qmail-smtpd: up (pid 87957) 344 seconds /service/qmail-smtpd/log: up (pid 87958) 344 seconds /service/qmail-pop3d: up (pid 87954) 344 seconds /service/qmail-pop3d/log: up (pid 87956) 344 seconds messages in queue: 0 messages in queue but not yet preprocessed: 0 

That's it! We are now done finalizing qmail!


SpamAssassin is a mail filter which attempts to identify spam using text analysis and several internet-based realtime blacklists. Additional drop-in rule sets are available at http://wiki.apache.org/spamassassin/CustomRulesets. The official SpamAssassin website is at http://spamassassin.apache.org/.

When we install SpamAssassin from ports, it installs all the required Perl Modules for us which makes installing SpamAssassin really, really easy! Start by doing the following:

 # cd /usr/ports/mail/p5-Mail-SpamAssassin # make install 

When you run this, you will get a pop-up box asking to enable a few things. Let's just make sure the settings below are checked. To check the setting, just hit the spacebar when the cursor is over the selected option:

  1. AS_ROOT
  2. SSL
  3. TOOLS

We will now want to double-check the perl dependancies after SpamAssassin is installed. When you install SpamAssassin via ports, it will check to see if it needs to install any of the required perl dependancies which makes things easy to install and setup. Please change the version of SpamAssassin in the command below. For instance if you are running SpamAssassin 3.1.0, you would substitute 3.1.0 for the 3.x.x in the following command:

 # /usr/ports/mail/p5-Mail-SpamAssassin/work/Mail-SpamAssassin-3.x.x/build/check_dependencies 

You will get a pretty large output. basket nike Don't worry about any optional modules unless you want to install and use them. The optional modules are configured in /usr/local/etc/mail/spamassassin/v310.pre. All you need to do is install the perl module for it and then uncomment it in v310.pre. Pretty easy to do.

After running the above command, let's clean up the install:

 # cd /usr/ports/mail/p5-Mail-SpamAssassin # make clean 

If you cd to /usr/local/etc/mail/spamassassin/, you will see four files. Two of them are .sample files and the two others are your SpamAssassin global options. init.pre and v310.pre have many different options to choose from. Enable them at your leisure. We will not be going over them as they are optional settings.

What we need to do is get local.cf setup so run the following:

 # cd /usr/local/etc/mail/spamassassin/ # cp local.cf.sample local.cf # vi local.cf 

In local.cf we want to set a few options in here. I will list them individually:

rewrite_header Subject - Leave this commented (#). We will configure qmail-scanner to rewrite the subject for us.


- Leave this commented. This just leaves the message as Spam or Ham and does not save it as an attachment.

trusted_networks - Leave this commented. We define this globally in qmail in the /etc/tcp/smtp file.

lock_method flock - Leave this commented.

required_score - Uncomment this and set this to around 4.3 or so. I have mine set at 3.9 right now and seems to be catching a lot of spams.

use_bayes - Leave this commented. We will configure bayes later in the guide.

bayes_auto_learn - Leave this also commented. See use_bayes.

bayes_ignore_header - Leave these commented. I really don't have a clue as to what this is even used for.

Now we need to tell SpamAssassin to run as user qscand. We do this by editing the startup file:

 # cd /usr/local/etc/rc.d # vi sa-spamd 

There are a few ways the next section may look like. What we are doing here is we are going to change the user Spamassassin runs as. Normally it runs as root but we will want to change that so Spamassassin runs as qscand. Find the following line in sa-spamd

 : ${spamd_flags="-c "} 

Change it like so:

 : ${spamd_flags="-c -u qscand "} 

To tell FreeBSD to start SpamAssassin on startup add it to /etc/rc.conf like so:

 # echo 'spamd_enable="YES"' >> /etc/rc.conf 

Now run the following command to check to see if there are any errors with SpamAssassin:

 # spamassassin --lint 

The first time you run it, you might see

 warn: config: created user preferences file: /tmp/.spamassassin/user_prefs 

This error is fine. It's just telling you it's creating a user_prefs file for username qscand. If you don't get any errors, SpamAssassin is configured correctly! We can now start the daemon.

 # /usr/local/etc/rc.d/sa-spamd start 

and you should get an output that says:

 Starting spamd. 

and it will drop back to the prompt after a few seconds. If you run:

# /usr/local/etc/rc.d/sa-spamd status

You should see:

 spamd is running as pid [pid] 

If you continue to get spam and want to combat it, try reading Optimizing SpamAssassin - How to catch more spams.

Thats it! SpamAssassin is installed, configured and also running. We are all done! WOOT!


Clam Antivirus is command line virus scanner written entirely in C and its database is kept up-to-date. For more information, please see: http://www.clamav.net/

Installation is straight forward.

 # cd /usr/ports/security/clamav # make install clean 

When the popup box comes up with options, Just hit Tab and hit Enter.

Now let's configure the conf files:

 # vi /usr/local/etc/clamd.conf 

Edit the following settings as follows:

Example - needs be commented (#)

LogFile - should be uncommented and set to /var/log/clamav/clamd.log

LogTime - should be uncommmented

LogSyslog - should be uncommented

User - should be uncommented and set to qscand

ScanMail - should be uncommented

Now let's edit freshclam.conf:

 # vi /usr/local/etc/freshclam.conf 

Edit the following settings as follows:

Example - needs be commented (#)

DatabaseDirectory - should be uncommented and set to /var/db/clamav/

DatabaseOwner - change from clamav to qscand

Now just a few ownership changes:

 # chown -R qscand:qscand /var/log/clamav # chown -R qscand:qscand /var/run/clamav/ # chown qscand:qscand /var/db/clamav/ 

We're not going to want to run the freshclam daemon but we will want to run it out of cron. Run the following commands to delete the script and then run freshclam manually the first time:

 # rm /usr/local/etc/rc.d/clamav-freshclam # rehash # freshclam 

When you run freshclam you will see an output similar to the following:

 ClamAV update process started at Wed Nov 30 22:49:29 2005 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1198, sigs: 1667, f-level: 6, builder: diego) 

Now let's put freshclam in cron. To enter cron, type crontab -e (as root) and add the following line:

 # crontab -e 

 * 1,12 * * * /usr/local/bin/freshclam --quiet -l /var/log/clamav/clam-update.log 

This will tell freshclam to run at 1AM and 1PM and also log the output to /var/log/clamav/clam-update.log.

To tell FreeBSD to start ClamAV on startup:

 # echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf 

Now let's start clamav and then check to see if it's running:

 # /usr/local/etc/rc.d/clamav-clamd start # /usr/local/etc/rc.d/clamav-clamd status 

You should get an output like:

 clamav_clamd is running as pid [pid] 

If you don't get any errors, ClamAV is installed!


Qmail-Scanner is e-mail content scanner that enables a qmail server to scan all messages it receives for certain characteristics (normally viruses), and react accordingly. For more information see http://qmail-scanner.sourceforge.net/.

When installing qmail-scanner it will install all dependancies for you. So let's go ahead and install it!

 # cd /usr/ports/mail/qmail-scanner/ # make extract 

This is the second tarball we will need to download to get reporting out of qmail-scanner so let's get started!

 # cd work # fetch http://freebsdrocks.net/files/qms-analog-0.4.2.tar.gz # tar zxvf qms-analog-0.4.2.tar.gz # cd qms-analog-0.4.2 # gmake all # cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch ../qmail-scanner-1.25 

Now we need to change to the qmail-scanner source, patch it, and then run the configure scripts:

 # cd ../qmail-scanner-1.25 # patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch 

You should get a pretty large output. When it is done it will say done at the bottom if it installed the patch correctly. We now need to change the qms-config to match your settings. Please remember the sections in bold need to be changed to your domain specific settings:

 # vi qms-config 

 ./configure --domain domain.com --admin postmaster --local-domains "yourdomain.com,yourotherdomain.com" --add-dscr-hdrs yes --dscr-hdrs-text "X-Antivirus-MYDOMAIN" --ignore-eol-check yes --sa-quarantine 0 --sa-delete 0 --sa-reject no --sa-subject ":SPAM:" --sa-delta 0 --sa-alt yes --sa-debug no --notify admin "$INSTALL" 

Now we need to chmod the qms-config and give it a test run:

 # chmod 755 qms-config # ./qms-config 

When it asks you to continue, go ahead and hit Y. It will ask you the same thing twice to verfy the installation. If all goes well you will see this at the end:

 Finished. Please read README(.html) and then go over the script to check paths/etc, and then install as you see fit. timberland homme Remember to copy quarantine-attachments.txt to /usr/local/qmailscan and then run "qmail-scanner-queue.pl -g" to generate DB version. 

Please log into an unpriviledged account and run

 # /usr/local/bin/qmail-scanner-queue.pl -g 

Note: If you see an error saying "CANNOT EVEN RUN A SIMPLE SETUID SCRIPT" that means you did not enable Perl with Setuid. Bad news: You will have to make deinstall SpamAssassin, Clamav, and qmail-scanner and start those steps all over again.

Now let's install it providing the above worked flawlessly:

 # ./qms-config install 

It should run through almost the exact same thing that qms-config ran through the time you ran it without the install flag only it will ask you if you want to install qmail-scanner-queue.pl in /var/qmail/bin. Go ahead and hit enter on the keyboard when it asks.

Updating the qmail-scanner version files

The first one is the command that updates your version files. Asics gel nimbus pas cher It updates your headers when you upgrade ClamAV or SpamAssassin. It also helps keep the /var/spool/qmailscan folder clear when SMTP sessions are dropped. chaussures timberland soldes I would HIGHLY suggest putting this in cron and running it once a day. If you don't, you'll see an error pop up frequestly in /var/log/maillog.

 # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z 

Anytime you update qmail-scanner, you should run this command also so let's run this now:

 # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g 

You will get the following output:

 perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 81 entries. 

Now one final ownership check:

 # chown -R qscand:qscand /var/spool/qmailscan 

Now before we tell qmail to use qmail-scanner, we want to give it a test. Run the following command:

 # /usr/ports/mail/qmail-scanner/work/qmail-scanner-1.25/contrib/test_installation.sh -doit 

When you run this, it is going to send four messages. Two with viruses, one standard message, and a piece of junk mail. So when this runs you should have two in your /var/spool/qmailscan/quarantine, one message in ~vpopmail/domains/domain.xxx/postmaster/Maildir/new and one in your ~vpopmail/domains/domain.xxx/postmaster/Maildir/.Spam/new folder.

If you get any errors like "451 qq temporary problem", you did something wrong and will want to troubleshoot the 451 qq temporary problem.

We basically don't need to do anything to qmail-smtpd/run to implement it. The qmail-scanner variable is automatically in the qmail-smtpd/run script as an if ... then statement. If you check your headers, you should now have qmail-scanner working on your system!

E-Mail Client Setup


Click File, click New and click Account

Select Email account and click Next

Your name: Type in your name as you'd like it to appear in your recipient's "From" field.

Email address: Enter your E-mail address

Click Next

Server information:

Incoming Server: Enter the name or IP address of your server.

Global Inbox: Untick this unless you'd like all your Thunderbird Email accounts to store messages in one set of mailboxes

Click Next

Incoming User Name: Enter your full E-mail address

Click Next

Account Name: Enter the name by which you'll refer to this account, this is only for display purposes within Thunderbird

Click Next

Check your settings and click Finish

Click Tools, click Account Settings

In the menu on the left-hand side, Click Outgoing Server (SMTP). Click the Edit tab on the right-hand side.

Under the last section under Use secure connection, click TLS and click Ok twice

Microsoft Outlook

Click Tools and click E-mail Accounts

Select Add a new E-mail Account and click on Next

Select POP3 from the list and click Next

User Information:

Your Name: Enter your name -> this is the name your recipients will see in the "From" field of your E-mails

E-mail Address: Enter your E-mail address

Logon Information:

Username: Enter your email address

Password: Enter the password you entered into vpopmail or qmailadmin

Server Information:

POP3: enter then name ip of your server

SMTP: enter then name ip of your server

Click "More Settings"

Click the "Outgoing Server" tab

Place a tick in the "My outgoing server (SMTP) requires authenticaion" box

Select "Use same settings as my incoming mail server

Click Next

Click Finish

Outlook Express

Click "Tools" and then click on "Accounts"

Select the "Mail" tab

Click "Add" towards the top right

Select "Mail"

Display Name:

For the Display Name Type in your Name - This is the name people will see in the "From" field of your Emails

Click Next

Email Address:

Type in your E-mail address - user@domain.com

Click Next


POP: type in the name or IP address of your server

SMTP: type in the name or IP address of your server

Click Next

Account Name: user@domain.com <- must be the entire E-mail address

Password <- whatever password you configured through vpopmail or qmailadmin

Keep "Logon using Secure Password Authentication (SPA) unchecked

Click Finish on the Next screen

Now you should see your account in the white box, select your account and click "Properties"

Click on the "Servers" tab at the box and check the box at the bottom under Outgoing Mail Server "My server requires Authentication" and click "Settings"

Make sure under Logon Information that "Use sam settins as my incoming mail server" is checked.

Optional Configuration

This next section is optional. If you want to have web based interfaces for adding users and domains, please continue on.

If you don't already have a webserver set up, following http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php.


Courier-IMAP is a server that provides IMAP access to Maildir mailboxes. nike air max pas cher This IMAP server does not handle traditional mailbox files (/var/spool/mail, and derivatives). It was written for the specific purpose of providing IMAP access to Maildirs. For more information, please visit http://www.courier-mta.org/imap/.

Let's start with installing the port and configuring the options for it:

 # echo "WITHOUT_X11=yes" >> /etc/make.conf # echo "NO_X=yes" >> /etc/make.conf # cd /usr/ports/lang/expect # make install clean # cd /usr/ports/mail/courier-imap # make install clean 

When you run make install clean on courier-imapd, be sure to make sure the following boxes are checked:

  2. IPV6
 # cd /usr/ports/security/courierpassd # make install clean 

Now we will want to delete the startup file in the /usr/local/etc/rc.d folder:

 # rm /usr/local/etc/rc.d/courier-authdaemond 

and make sure that the following line is not in /etc/rc.conf


Next we need to set up the daemontools directory structure for the courierpasswd service. I use /var/qmail/supervise as the physical location for my service directories, you can use whatever you like except that it cannot be /service itself. The examples below will assume you are using /var/service like I did- if you are using something different, adjust the paths where appropriate.

 # cd /var/qmail/supervise # mkdir -m 1755 courier-passwd # cd courier-passwd # fetch http://freebsdrocks.net/files/service-courierpassd-run # mv service-courierpassd-run run # chmod 755 run # mkdir -m 755 log # cd log # fetch http://freebsdrocks.net/files/service-any-log-run # mv service-any-log-run run # chmod 755 run 

The last step, of course, is to start the service running.

 # ln -s /var/qmail/supervise/courier-passwd /service/courier-passwd 

You can verify the service is running by typing:

 # svstat /service/courier-passwd/ 

Now we want to setup a few files:

 # cd /usr/local/etc/courier-imap # cp imapd.cnf.dist imapd.cnf # cp imapd-ssl.dist imapd-ssl 

Now we need to make the imap cert:

 # /usr/local/share/courier-imap/mkimapdcert 

Now edit the following file:

 # vi /usr/local/etc/authlib/authdaemonrc 

And change the following section:


Save and exit.

 # cd /var/qmail/supervise # mkdir -m 1755 courier-authdaemond # cd courier-authdaemond # fetch http://freebsdrocks.net/files/courier-authdaemond-run # mv courier-authdaemond-run run # chmod 755 run # mkdir -m 755 log # cd log # fetch http://freebsdrocks.net/files/service-any-log-run # mv service-any-log-run run # chmod 755 run 

and finally link authdaemond to /service

 # ln -s /var/qmail/supervise/courier-authdaemond /service/courier-authdaemond 

Now, before we start to work on getting courier running via daemontools rather than using the scripts, we are going to want to delete the scripts in /usr/local/etc/rc.d:

 # rm /usr/local/etc/rc.d/courier-imap-imapd.sh # rm /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh 

Make sure the following two lines are deleted from /etc/rc.conf

 enable_courer-imap-imapd=”YES” enable_courer-imap-imapd-ssl=”YES” 

This last bit is very important. We don't want courier-imap trying to start twice with the next reboot so be sure and take the command to start the service out of /etc/rc.conf. Now we want to make service directories for courier-imap just like you did for courierpassd

 # cd /var/qmail/supervise # mkdir -m 1755 courier-imap # cd courier-imap # fetch http://freebsdrocks.net/files/courier-imap-run # mv courier-imap-run run # chmod 755 run # mkdir -m 755 log # cd log # fetch http://freebsdrocks.net/files/service-any-log-run # mv service-any-log-run run # chmod 755 run 

Now we link the courier-imap to service:

 # ln -s /var/qmail/supervise/courier-imap /service/courier-imap 

Check the service by running svstat /service/courier-imap and make sure its running for more than 1 or 2 seconds.

If you want to run an imap ssl service you can, but you need to set that up separately from the stock imap service. I use both, I set up the plain imap service bound to the localhost address only, that way only my web mail (and any local service) can access it. The ssl service is for all your public interfaces.

 # cd /var/qmail/supervise # mkdir -m 1755 courier-imap-ssl # cd courier-imap-ssl # fetch http://freebsdrocks.net/files/courier-imap-ssl-run # mv courier-imap-ssl-run run # chmod 755 run # mkdir -m 755 log # cd log # fetch http://freebsdrocks.net/files/service-any-log-run # mv service-any-log-run run # chmod 755 run 

Now link your imap-ssl service so daemontools will start it.

 # ln -s /var/qmail/supervise/courier-imap-ssl /service/courier-imap-ssl 

I have modified the existing qmailctl and called it imapctl. This script will control the imap files. It works quite well and I have been using it for a month now. Here it is:

 # cd /var/qmail/bin # fetch http://freebsdrocks.net/files/imapctl # chmod 755 imapctl 

If you run imapctl stat, you should get a output for imap related services. Very cool, huh? Once the courier daemons are started, we are all done here! WOOT!


QmailAdmin is a cgi program for administering Qmail with vchkpw. It provides a web interface to create users, aliases, install ezmlm lists, and also configure mailing robots. For more information, please see http://www.inter7.com/qmailadmin/.

First we want to cd to the port and then run the configure command for qmailadmin. Please change the htmldir and cgibindir to your html and cgi-bin paths on your system:

 # cd /usr/ports/mail/qmailadmin # make CONFIGURE_ARGS="--enable-modify-spam=Y \ # --enable-spam-command='|preline /usr/local/bin/maildrop mailfilter | \ # multilog t s1000000 n20 /var/log/maildrop' --enable-cgibindir=/path/to/cgi-bin --enable-htmldir=/path/to/www \ # --enable-imagedir --enable-help --enable-autoresponder-path=/usr/local/bin/qmail-autoresponder" 

Run the following to install qmailadmin:

 # make install 

If that compiles with no errors, qmailadmin is installed. When we add new users via qmailadmin, we want Spam Fighting turned on by default. Edit the following:

 # vi /usr/local/share/qmailadmin/html/add_user.html 

and then do a search for


and change it to


This allows the "Spam Detection" box in the users email-account to automatically be checked when each user in qmailadmin is created. Now we want to clean up the install:

 # cd /usr/ports/mail/qmailadmin # make clean 

That is it for configuring qmailadmin! If you go to http://www.domain.xxx/cgi-bin/qmailadmin you should see the logon screen. nike air huarache pas cher You can create some mailboxes for your domain if you like. basket air jordan soldes If you need to add a domain, I would use the command line tool at ~vpopmail/bin/vadddomain.


vqadmin is a web based cgi program. It allows system administrators to perform actions which require root access. The cgi is authenticated using Apache style htpasswd files. Root access is required for adding and deleting domains. A user based ACL provides control over what actions can be performed, such as adding/deleting a domain. Accessing user email account information to allow modification of user passwords and quotas. Account service restrictions include enabling or disabling of pop access, authentication based smtp relay control, courier-imap access and sqwebmail access.

vqadmin and qmailadmin can work together. qmailadmin can be used to allow users to administer their own domains but not create new domains. Creation or deletion of domains is normally associated with the owner/admins of the machine. vqadmin is for owner/admins or their technical support staff.

Let's start by changing to the vqadmin folder and then running the following make commands. Please change the cgi-bin and htmldir paths as required:

 # cd /usr/ports/mail/vqadmin # make CONFIGURE_ARGS="--enable-cgibindir=/usr/local/www/cgi-bin --enable-htmldir=/usr/local/www" # make install clean 

Now we will want to setup the .htaccess/.htpasswd files. This will allow only the people you choose to add/delete email addresses and control quotas, etc.

 # cd /path/to/your/cgi-bin/vqadmin # vi .htaccess 

The following is what you will want to include in the .htaccess file. asics pas cher Please change the path for the AuthUserFile to the path where you will put the .htpasswd file. You can put this file anywhere on your system but I do not recommend that you put it into your www or cgi-bin folders. This is very insecure if you do that.

 AuthType Basic AuthUserFile /path/to/where/you/want/to/store/the/password/file/.htpasswd AuthName vQadmin require valid-user satisfy any 

We will now want to chown the .htaccess file so only the Apache user can read it. nike sb You may need to change the chown to either "nobody", "apache", or "www" etc., depending on what user your installation of Apache is running as:

 # chown www .htaccess 

The following is the section where we create the .htpasswd. Again, you can put this file anywhere on your system but I would not recommend that you put it in your www or cgi-bin folders. This is very insecure if you do that. Please change the admin_password below to a password you choose to use to login to the site.

 # htpasswd -bc /path/to/where/you/want/to/store/the/password/file/.htpasswd admin admin_password 

Now you will need to add the following to your server's Apache configuration file (usually called httpd.conf):

  deny from all Options ExecCGI AllowOverride AuthConfig Order deny,allow  

Then let's restart apache!

 # apachectl restart # chmod 644 /path/to/where/you/want/to/store/the/password/file/.htpasswd 

To test vqadmin, browse to http://www.domain.com/cgi-bin/vqadmin/vqadmin.cgi and login with username admin and the password you created with the htpasswd command. From within vqadmin you can add and configure your domains and e-mail user accounts.


SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. ugg boot outlet For more information, please see http://www.squirrelmail.org.

To install squirrelmail port, run the following command:

 # cd /usr/ports/mail/squirrelmail # make install clean 

This will install Squirrelmail in /usr/local/www and install all required modules. timberland soldes hommes chaussure asics Now what we will want to do is symlink the webmail location. The reason why we are doing it this way is because we won't want to move the squirrelmail folder to your webmail location as that will make portupgrading harder for you. If we symlink it, it's kinda like an alias.

 # ln -s /usr/local/www/squirrelmail/ /path/to/your/www/webmail 

Now we need to configure squirrelmail. Run the following commands to get into setup mode:

 # cd /path/to/webmail/config # ./conf.pl 

You will be presented with a menu. Under 1 - Organization Preferences, any one of the settings inside this window are optional. nike roshe run When you are done, hit S to save and then hit Enter and then hit R to go back to the Main Menu.

Now we want to go to 2 - Server settings. Hit 1 for Domain and hit Enter on the keyboard. You can type the name of the server, the local IP, or public IP, whichever you prefer. If your mailserver is behind a router/firewall, I use the local IP. If you are on the public side of things, the hostname or the static IP will work fine. If you are using a dyndns service like dyndns.org, I would highly suggest using the local IP and putting your qmail server behind a router/firewall.

Now we need to change the SMTP server settings. Hit B for Update SMTP Settings and hit Enter. Please verify the following settings:

 SMTP Settings ------------- 4. SMTP Server : hostname 5. SMTP Port : 25 6. POP before SMTP : false 7. SMTP Authentication : none 8. Secure SMTP (TLS) : false 9. Header encryption key : 

Hit Y and then hit Enter. Hit S to save and then hit Enter again. Hit Q to quit and exit the menu.

Just to make sure Squirrelmail is working okay, we will want to run the config test. Do this by going to http://your-squirrelmail-location/src/configtest.php. Replace the your-squirrelmail-location with your ip or your hostname. This will tell you if squirrelmail is setup correctly. nike air max pas cher If you see this:

 ERROR: Error connecting to SMTP server "localhost:25".Server error: (0) Unknown error: 0 

This is okay. The server is able to accept messages on port 25 for anything in locals or rcpthosts or relaying via TLS. When you are done with installing squirrelmail you should install the change_pass-2.7-1.4.x plugin so you can change passwords with courier. See http://squirrelmail.org/plugin_download.php?id=21&rev=1072 for reference.

Upgrading and Maintaining the Qmail System

Upgrading your ports and maintaining them are pretty easy. The first thing I would recommend is installing portupgrade from /usr/ports/sysutils/portupgrade. Once that is installed, you can run man portupgrade or just run portupgrade -r name. The -r switch means to upgrade everything recursively. Recurvisly meaning all of it's dependancies, or more simply, anything the program requires. You can do this for anything else not related to qmail or any of its programs. So for instance portupgrade -r kde, it will upgrade kde and all it's dependancies. Another thing I would recommend using is portaudit. If you have your system setup correctly, you will get portaudit reports in your daily security logs. This will give you any warnings about any obsolete packages and/or any security warnings in regards to anything being installed.

The following is the recommended way to upgrade programs from ports. Mostly we will be running through backing up .conf files and running portupgrade and then making sure everything is chmodded or chowned correctly.


Qmail doesn't require any type of upgrades. Qmail hasn't been upgraded since 1997 or 1998 but it is very stable and very secure.


Pretty much the same as qmail. I don't think has changed at all. Quite honestly, I have never upgraded it and I haven't ever had a problem with running any old/previous versions.


Again, Pretty much the same as qmail or UCSPI-TCP.


This can change from time to time. louboutin femme I would first backup your list which resides in ~vpopmail/domains/domain.xxx/listname before upgrading the port. Then upgrade it.

 # portupgrade -r ezmlm-idx 

Now check to make sure your list is intact before deleting your backup.


This can be upgraded when new versions come out. In most cases the following works fine:

 # portupgrade -r qmail-autoresponder 


Portupgrading this can go great or it can really screw up your system. Before running a portupgrade I would highly recommend backing up the entire ~vpopmail folder. If you have the patch file inside /usr/ports/mail/vpopmail/files, things should go okay. I have yet to have run a portupgrade -r vpopmail on my box as I have the latest version. Vpopmail doesn't change too frequently but check it for any Vulnerabilites.

Please make sure to run the following after upgrading vpopmail to make sure it works ok with TLS:

 # cd ~vpopmail/bin # chmod 6711 vchkpw # chown vpopmail:vchkpw vchkpw 


When I have run portupgrades with Spamassassin in the past, I usually don't run into any issues except the upgrade from 2.6x to 3.0.1. There were quite a few changes from version to version including some of the required modules that were new, like the SPF addon for it and such. If you do run a portupgrade on Spamassassin, I would go to Spamassassins website (http://www.spamassassin.org) and read the README files under the download section of the site. ugg chaussons There it will tell you any changes/modifications that have been done since the previous version. I would also check the rules under /usr/local/etc/mail/spamassassin file, specifically local.cf, to see if any additions or deletions were made.

Restart Spamassassin and then we will need to update the qmail-scanner database by running the following commands:

 # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g 

This will update the header info and the qmail-scanner database and keep everything up to date.


ClamAV is probably the worst one out of all of them all but I make it easy for you. ClamAV changes almost every three months, possibly sooner. I would recommend backing up the clamd.conf and freshclam.conf in /usr/local/etc, upgrade, and then change the ownerships.

 # cp /usr/local/etc/clamd.conf ~ # cp /usr/local/etc/freshclam.conf ~ # portupgrade -r clamav # chown -R qscand:qscand /var/log/clamav # chown -R qscand:qscand /var/run/clamav/ # chown qscand:qscand /var/db/clamav/ 

I would then copy the backups of clamd.conf and freshclam.conf back to /usr/local/etc and then run freshclam to make sure everything is working perfectly. Restart clamd and then we will need to update the qmail-scanner database.

 # cp ~/clamd.conf /usr/local/etc # cp ~/freshclam.conf /usr/local/etc # freshclam # /usr/local/etc/rc.d/clamav-clamd restart # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z # setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g 

This will update the header info and the qmail-scanner database and keep everything up to date.


At the time of this writing, I would not recommend doing a portupgrade of qmail-scanner. There are a few reasons why. First, it does not even register with the packages system as we run the configure commands manually. bottes ugg pas cher Second, we manually patch it with the qms-analog patch to get the nifty qmail-analog reports. ugg pour homme So if a new vesion of qmail-scanner is released, I will update the documentation within a few days of it being released.


Upgrading this shouldn't be too bad. nike flyknit lunar What I would suggest doing is backing up the files, upgrade courier-imap, and copy the backup files back over.

 # cp -R /usr/local/etc/courier-imap ~ # portupgrade -r courier-imap # cp -R ~/courier-imap /usr/local/etc 

Courier-imap versions don't change too often but again, it still doesn't hurt to double-check.


This is something else I wouldn't recommend doing a portupgrade on. When the new version comes out just run through the guide as normal only using the newest version from ports after running the following command. It just can't get any easier than that!

 # cd /usr/ports/mail/qmailadmin # make deinstall 


Nothing needs to be backed up here.

Speak Your Mind